CVE-2008-4307

2009-01-13T00:00:00

Description

Race condition in the do_setlk function in fs/nfs/file.c in the Linux kernel before 2.6.26 allows local users to cause a denial of service (crash) via vectors resulting in an interrupted RPC call that leads to a stray FL_POSIX lock, related to improper handling of a race between fcntl and close in the EINTR case.

Affected Package

OS	OS Version	Package Name	Package Version
ubuntu	08.04	linux	2.6.24-23.52
ubuntu	upstream	linux	2.6.26~rc1
ubuntu	upstream	linux-source-2.6.15	2.6.26~rc1
ubuntu	07.10	linux-source-2.6.22	2.6.22-16.62
ubuntu	upstream	linux-source-2.6.22	2.6.26~rc1

{"id": "UB:CVE-2008-4307", "vendorId": null, "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2008-4307", "description": "Race condition in the do_setlk function in fs/nfs/file.c in the Linux\nkernel before 2.6.26 allows local users to cause a denial of service\n(crash) via vectors resulting in an interrupted RPC call that leads to a\nstray FL_POSIX lock, related to improper handling of a race between fcntl\nand close in the EINTR case.", "published": "2009-01-13T00:00:00", "modified": "2009-01-13T00:00:00", "cvss": {"score": 4.0, "vector": "AV:L/AC:H/Au:N/C:N/I:N/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:H/Au:N/C:N/I:N/A:C", "accessVector": "LOCAL", "accessComplexity": "HIGH", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.0}, "severity": "MEDIUM", "exploitabilityScore": 1.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {}, "href": "https://ubuntu.com/security/CVE-2008-4307", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4307", "https://bugzilla.redhat.com/show_bug.cgi?id=456282", "https://ubuntu.com/security/notices/USN-751-1", "https://ubuntu.com/security/notices/USN-752-1", "https://nvd.nist.gov/vuln/detail/CVE-2008-4307", "https://launchpad.net/bugs/cve/CVE-2008-4307", "https://security-tracker.debian.org/tracker/CVE-2008-4307"], "cvelist": ["CVE-2008-4307"], "immutableFields": [], "lastseen": "2023-02-15T16:36:21", "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "centos", "idList": ["CESA-2009:0459", "CESA-2009:0473"]}, {"type": "cve", "idList": ["CVE-2008-4307"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1787-1:1654D", "DEBIAN:DSA-1794-1:CF19C"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2009-0459.NASL", "CENTOS_RHSA-2009-0473.NASL", "DEBIAN_DSA-1787.NASL", "DEBIAN_DSA-1794.NASL", "ORACLELINUX_ELSA-2009-0459.NASL", "ORACLELINUX_ELSA-2009-0473.NASL", "ORACLEVM_OVMSA-2009-0009.NASL", "REDHAT-RHSA-2009-0459.NASL", "REDHAT-RHSA-2009-0473.NASL", "SL_20090430_KERNEL_ON_SL4_X.NASL", "SL_20090507_KERNEL_ON_SL5_X.NASL", "UBUNTU_USN-751-1.NASL", "UBUNTU_USN-752-1.NASL", "VMWARE_VMSA-2009-0016.NASL", "VMWARE_VMSA-2009-0016_REMOTE.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310122489", "OPENVAS:136141256231063908", "OPENVAS:136141256231063911", "OPENVAS:136141256231063939", "OPENVAS:136141256231063946", "OPENVAS:136141256231063947", "OPENVAS:136141256231063959", "OPENVAS:136141256231063970", "OPENVAS:1361412562310880841", "OPENVAS:1361412562310880941", "OPENVAS:63811", "OPENVAS:63812", "OPENVAS:63908", "OPENVAS:63911", "OPENVAS:63939", "OPENVAS:63946", "OPENVAS:63947", "OPENVAS:63959", "OPENVAS:63970", "OPENVAS:880841", "OPENVAS:880941"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-0459", "ELSA-2009-0473", "ELSA-2009-1024"]}, {"type": "osv", "idList": ["OSV:DSA-1787-1", "OSV:DSA-1794-1"]}, {"type": "redhat", "idList": ["RHSA-2009:0451", "RHSA-2009:0459", "RHSA-2009:0473"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:21767"]}, {"type": "seebug", "idList": ["SSV:4661"]}, {"type": "ubuntu", "idList": ["USN-751-1", "USN-752-1"]}, {"type": "veracode", "idList": ["VERACODE:23610"]}, {"type": "vmware", "idList": ["VMSA-2009-0016", "VMSA-2009-0016.6"]}]}, "score": {"value": 3.5, "vector": "NONE"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2009:0459", "CESA-2009:0473"]}, {"type": "cve", "idList": ["CVE-2008-4307"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1787-1:1654D"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/LINUXRPM-RHSA-2009-0451/"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1794.NASL", "ORACLEVM_OVMSA-2009-0009.NASL", "UBUNTU_USN-752-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310880941"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-0459"]}, {"type": "redhat", "idList": ["RHSA-2009:0451"]}, {"type": "seebug", "idList": ["SSV:4661"]}, {"type": "ubuntu", "idList": ["USN-751-1"]}, {"type": "vmware", "idList": ["VMSA-2009-0016"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2008-4307", "epss": "0.000440000", "percentile": "0.081930000", "modified": "2023-03-17"}], "vulnersScore": 3.5}, "_state": {"dependencies": 1676479190, "score": 1676479224, "epss": 1679098904}, "_internal": {"score_hash": "8e20928606f1bd8f8b64239c14130c30"}, "affectedPackage": [{"OS": "ubuntu", "OSVersion": "08.04", "arch": "noarch", "packageVersion": "2.6.24-23.52", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "linux"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "2.6.26~rc1", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "linux"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "2.6.26~rc1", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "linux-source-2.6.15"}, {"OS": "ubuntu", "OSVersion": "07.10", "arch": "noarch", "packageVersion": "2.6.22-16.62", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "linux-source-2.6.22"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "2.6.26~rc1", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "linux-source-2.6.22"}], "bugs": []}

{"seebug": [{"lastseen": "2017-11-19T19:01:55", "description": "BUGTRAQ ID: 33237\r\nCVE(CAN) ID: CVE-2008-4307\r\n\r\nLinux Kernel\u662f\u5f00\u653e\u6e90\u7801\u64cd\u4f5c\u7cfb\u7edfLinux\u6240\u4f7f\u7528\u7684\u5185\u6838\u3002\r\n\r\nRHEL4/5\u5185\u6838\u5904\u7406POSIX\u9501\u5b9a\u65f6fcntl\u8c03\u7528\u53ef\u80fd\u4e0e\u5173\u95ed\u76f8\u540c\u6587\u4ef6\u63cf\u8ff0\u7b26\u51fa\u73b0\u7ade\u4e89\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8fd9\u4e2a\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6216\u83b7\u5f97\u6743\u9650\u63d0\u5347\u3002\r\n\r\nfcntl\u4ee5\u5982\u4e0b\u65b9\u5f0f\u83b7\u5f97POSIX\u9501\u5b9a\uff1a\r\n\r\nsys_fcntl()\r\n fget()\r\n do_fcntl()\r\n fcntl_setlk()\r\n fput()\r\n if(!count) __fput()\r\n locks_remove_flock()\r\n\r\nfcntl_setlk()\u8c03\u7528\u53ef\u80fd\u963b\u585e\u5f88\u957f\u65f6\u95f4\uff0c\u5141\u8bb8\u540c\u4e00\u8fdb\u7a0b\u4e2d\u7684\u5176\u4ed6\u7ebf\u7a0b\u5173\u95ed\u6587\u4ef6\u63cf\u8ff0\u7b26\uff1a\r\n\r\nsys_close()\r\n filp_close()\r\n locks_remove_posix()\r\n fput()\r\n if(!count) __fput()\r\n locks_remove_flock()\r\n\r\n\u5982\u679c\u5176\u4e2d\u4e00\u4e2a\u7ebf\u7a0b\u4ecd\u5728fcntl_setlk\u4e2d\u963b\u65ad\u671f\u95f4\u4f46\u5728\u8bb8\u53ef\u9501\u5b9a\u4e4b\u524d\uff08\u5728\u5c06file_lock\u7ed3\u6784\u653e\u7f6e\u5230inode\u7684i_lock\u5217\u8868\u4e4b\u524d\uff09\u4ece\u53e6\u4e00\u4e2a\u7ebf\u7a0b\u5173\u95ed\u4e86\u6587\u4ef6\u63cf\u8ff0\u7b26\uff0c\u5173\u95ed\u8def\u5f84\u4e2d\u7684locks_remove_posix\u8c03\u7528\u5c31\u4f1a\u9519\u8fc7POSIX\u9501\u5b9a\u3002\u6b64\u65f6\u8fd8\u65e0\u6cd5\u8c03\u7528locks_remove_flock\uff0c\u56e0\u4e3afcntl_setlk\u4e2d\u7ebf\u7a0b\u4ecd\u6301\u6709\u5bf9\u6587\u4ef6\u7684\u5f15\u7528\u3002\r\n\r\n\u5f53__fput\u8c03\u7528locks_remove_flock\u65f6\uff0csys_fcntl\u8fd4\u56de\u8def\u5f84\u7684\u6700\u7ec8fput\u53ef\u4ee5\u89e6\u53d1\u6f0f\u6d1e\uff1a\r\n\r\n/*\r\n* This function is called on the last close of an open file.\r\n*/\r\nvoid locks_remove_flock(struct file *filp)\r\n{\r\n[...]\r\n while ((fl = *before) != NULL) {\r\n if (fl->fl_file == filp) {\r\n if (IS_FLOCK(fl)) {\r\n locks_delete_lock(before);\r\n continue;\r\n }\r\n if (IS_LEASE(fl)) {\r\n lease_modify(before, F_UNLCK);\r\n continue;\r\n }\r\n if (IS_POSIX(fl))\r\n continue;\r\n /* What? */\r\n BUG(); <----\r\n }\r\n before = &fl->fl_next;\r\n }\r\n unlock_kernel();\r\n}\r\n\n\nLinux kernel 2.6.x\n \u5382\u5546\u8865\u4e01\uff1a\r\n\r\nLinux\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/old/patch-2.6.25-git6.log target=_blank rel=external nofollow>http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/old/patch-2.6.25-git6.log</a>", "published": "2009-01-15T00:00:00", "type": "seebug", "title": "Linux Kernel locks_remove_flock()\u672c\u5730\u7ade\u4e89\u6761\u4ef6\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-4307"], "modified": "2009-01-15T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-4661", "id": "SSV:4661", "sourceData": "", "sourceHref": "", "cvss": {"score": 4.0, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "veracode": [{"lastseen": "2022-07-27T10:52:33", "description": "kernel is vulnerable to denial of service. A logic error was found in the do_setlk() function of the Linux kernel Network File System (NFS) implementation. If a signal interrupted a lock request, the local POSIX lock was incorrectly created. This could cause a denial of service on the NFS server if a file descriptor was closed before its corresponding lock request returned.\n", "cvss3": {}, "published": "2020-04-10T00:31:48", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:L/AC:H/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4307"], "modified": "2022-04-19T18:27:42", "id": "VERACODE:23610", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-23610/summary", "cvss": {"score": 4.0, "vector": "AV:L/AC:H/Au:N/C:N/I:N/A:C"}}], "cve": [{"lastseen": "2023-02-13T06:40:03", "description": "Race condition in the do_setlk function in fs/nfs/file.c in the Linux kernel before 2.6.26 allows local users to cause a denial of service (crash) via vectors resulting in an interrupted RPC call that leads to a stray FL_POSIX lock, related to improper handling of a race between fcntl and close in the EINTR case.", "cvss3": {}, "published": "2009-01-13T17:00:00", "type": "cve", "title": "CVE-2008-4307", "cwe": ["CWE-362"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:L/AC:H/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4307"], "modified": "2023-02-13T02:19:00", "cpe": ["cpe:/o:linux:linux_kernel:2.6.20.17", "cpe:/o:linux:linux_kernel:2.6.24_rc4", "cpe:/o:linux:linux_kernel:2.6.25", "cpe:/o:linux:linux_kernel:2.4.36.2", "cpe:/o:linux:linux_kernel:2.6.23.10", "cpe:/o:linux:linux_kernel:2.6.24.5", "cpe:/o:linux:linux_kernel:2.6.23_rc1", "cpe:/o:linux:linux_kernel:2.6.25.4", "cpe:/o:linux:linux_kernel:2.6.23.16", "cpe:/o:linux:linux_kernel:2.6.25.2", "cpe:/o:linux:linux_kernel:2.6.25.6", "cpe:/o:linux:linux_kernel:2.6.20.16", "cpe:/o:linux:linux_kernel:2.6.25.3", "cpe:/o:linux:linux_kernel:2.6.24.2", "cpe:/o:linux:linux_kernel:2.6.22.18", "cpe:/o:linux:linux_kernel:2.6.19.5", "cpe:/o:linux:linux_kernel:2.6.22.14", "cpe:/o:linux:linux_kernel:2.6.25.9", "cpe:/o:linux:linux_kernel:2.4.36.3", "cpe:/o:linux:linux_kernel:2.6.22.10", "cpe:/o:linux:linux_kernel:2.4.36", "cpe:/o:linux:linux_kernel:2.6.24.4", "cpe:/o:linux:linux_kernel:2.6.22.19", "cpe:/o:linux:linux_kernel:2.6.22_rc7", "cpe:/o:linux:linux_kernel:2.6.25.14", "cpe:/o:linux:linux_kernel:2.6.24.3", "cpe:/o:linux:linux_kernel:2.6.21.5", "cpe:/o:linux:linux_kernel:2.6.25.8", "cpe:/o:linux:linux_kernel:2.6.23.17", "cpe:/o:linux:linux_kernel:2.6.22.12", "cpe:/o:linux:linux_kernel:2.6.22.8", "cpe:/o:linux:linux_kernel:2.6.19.4", "cpe:/o:linux:linux_kernel:2.6.22.1", "cpe:/o:linux:linux_kernel:2.6.21.6", "cpe:/o:linux:linux_kernel:2.6.22.21", "cpe:/o:linux:linux_kernel:2.6.20.19", "cpe:/o:linux:linux_kernel:2.6.22.15", "cpe:/o:linux:linux_kernel:2.6", "cpe:/o:linux:linux_kernel:2.6.20.18", "cpe:/o:linux:linux_kernel:2.4.36.5", "cpe:/o:linux:linux_kernel:2.6.21.7", "cpe:/o:linux:linux_kernel:2.6.25.10", "cpe:/o:linux:linux_kernel:2.4.36.1", "cpe:/o:linux:linux_kernel:2.4.36.4", "cpe:/o:linux:linux_kernel:2.6.22.22", "cpe:/o:linux:linux_kernel:2.2.27", "cpe:/o:linux:linux_kernel:2.6.24_rc5", "cpe:/o:linux:linux_kernel:2.6.22.9", "cpe:/o:linux:linux_kernel:2.6.25.12", "cpe:/o:linux:linux_kernel:2.6.24.1", "cpe:/o:linux:linux_kernel:2.6.20.20", "cpe:/o:linux:linux_kernel:2.6.18", "cpe:/o:linux:linux_kernel:2.6.25.13", "cpe:/o:linux:linux_kernel:2.6.22", "cpe:/o:linux:linux_kernel:2.6.22.2", "cpe:/o:linux:linux_kernel:2.6.23.11", "cpe:/o:linux:linux_kernel:2.4.36.6", "cpe:/o:linux:linux_kernel:2.6.19.6", "cpe:/o:linux:linux_kernel:2.6.25.11", "cpe:/o:linux:linux_kernel:2.6.23.8", "cpe:/o:linux:linux_kernel:2.6.24.7", "cpe:/o:linux:linux_kernel:2.6.23.12", "cpe:/o:linux:linux_kernel:2.6.24_rc1", "cpe:/o:linux:linux_kernel:2.6.22.13", "cpe:/o:linux:linux_kernel:2.6.25.16", "cpe:/o:linux:linux_kernel:2.6.23.15", "cpe:/o:linux:linux_kernel:2.6.25.7", "cpe:/o:linux:linux_kernel:2.6.22.11", "cpe:/o:linux:linux_kernel:2.6.23.13", "cpe:/o:linux:linux_kernel:2.6.22.20", "cpe:/o:linux:linux_kernel:2.6.23", "cpe:/o:linux:linux_kernel:2.6.25.15", "cpe:/o:linux:linux_kernel:2.6.25.1", "cpe:/o:linux:linux_kernel:2.6.19.7", "cpe:/o:linux:linux_kernel:2.6.20.21", "cpe:/o:linux:linux_kernel:2.6.22.17", "cpe:/o:linux:linux_kernel:2.6.24", "cpe:/o:linux:linux_kernel:2.6.25.17", "cpe:/o:linux:linux_kernel:2.6.23.9", "cpe:/o:linux:linux_kernel:2.6.24.6", "cpe:/o:linux:linux_kernel:2.6.22_rc1", "cpe:/o:linux:linux_kernel:2.6.25.5"], "id": "CVE-2008-4307", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4307", "cvss": {"score": 4.0, "vector": "AV:L/AC:H/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:2.6.20.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.4.36:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.24_rc4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.23.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.4.36.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.18:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.5:*:x86_64:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.24.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22_rc7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.23.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.23.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.4.36.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.24_rc1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.8:*:x86_64:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.23.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.18:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.10:*:x86_64:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.24.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.4.36.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.24.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.6:*:x86_64:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.18:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.24.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.21.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.9:*:x86_64:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.4.36.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25:*:x86_64:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.23_rc1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.12:*:x86_64:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.18:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.24.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.2:*:x86_64:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.4.36.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.3:*:x86_64:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.4:*:x86_64:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.24_rc5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.19.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.24.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.4.36.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.21.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.24.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22_rc1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.23.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.18:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.21.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.19.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.23.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.23.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.18:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.23.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.7:*:x86_64:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.23.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.11:*:x86_64:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.18:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.19.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.2.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.1:*:x86_64:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.19.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25.13:*:*:*:*:*:*:*"]}], "centos": [{"lastseen": "2023-01-01T04:50:58", "description": "**CentOS Errata and Security Advisory** CESA-2009:0459\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes:\n\n* a logic error was found in the do_setlk() function of the Linux kernel\nNetwork File System (NFS) implementation. If a signal interrupted a lock\nrequest, the local POSIX lock was incorrectly created. This could cause a\ndenial of service on the NFS server if a file descriptor was closed before\nits corresponding lock request returned. (CVE-2008-4307, Important)\n\n* a deficiency was found in the Linux kernel system call auditing\nimplementation on 64-bit systems. This could allow a local, unprivileged\nuser to circumvent a system call audit configuration, if that configuration\nfiltered based on the \"syscall\" number or arguments.\n(CVE-2009-0834, Important)\n\n* Chris Evans reported a deficiency in the Linux kernel signals\nimplementation. The clone() system call permits the caller to indicate the\nsignal it wants to receive when its child exits. When clone() is called\nwith the CLONE_PARENT flag, it permits the caller to clone a new child that\nshares the same parent as itself, enabling the indicated signal to be sent\nto the caller's parent (instead of the caller), even if the caller's parent\nhas different real and effective user IDs. This could lead to a denial of\nservice of the parent. (CVE-2009-0028, Moderate)\n\n* the sock_getsockopt() function in the Linux kernel did not properly\ninitialize a data structure that can be directly returned to user-space\nwhen the getsockopt() function is called with SO_BSDCOMPAT optname set.\nThis flaw could possibly lead to memory disclosure.\n(CVE-2009-0676, Moderate)\n\nBug fixes:\n\n* a kernel crash may have occurred for Red Hat Enterprise Linux 4.7 guests\nif their guest configuration file specified \"vif = [ \"type=ioemu\" ]\". This\ncrash only occurred when starting guests via the \"xm create\" command.\n(BZ#477146)\n\n* a bug in IO-APIC NMI watchdog may have prevented Red Hat Enterprise Linux\n4.7 from being installed on HP ProLiant DL580 G5 systems. Hangs during\ninstallation and \"NMI received for unknown reason [xx]\" errors may have\noccurred. (BZ#479184)\n\n* a kernel deadlock on some systems when using netdump through a network\ninterface that uses the igb driver. (BZ#480579)\n\n* a possible kernel hang in sys_ptrace() on the Itanium\u00ae architecture,\npossibly triggered by tracing a threaded process with strace. (BZ#484904)\n\n* the RHSA-2008:0665 errata only fixed the known problem with the LSI Logic\nLSI53C1030 Ultra320 SCSI controller, for tape devices. Read commands sent\nto tape devices may have received incorrect data. This issue may have led\nto data corruption. This update includes a fix for all types of devices.\n(BZ#487399)\n\n* a missing memory barrier caused a race condition in the AIO subsystem\nbetween the read_events() and aio_complete() functions. This may have\ncaused a thread in read_events() to sleep indefinitely, possibly causing an\napplication hang. (BZ#489935)\n\n* due to a lack of synchronization in the NFS client code, modifications\nto some pages (for files on an NFS mounted file system) made through a\nregion of memory mapped by mmap() may be lost if the NFS client invalidates\nits page cache for particular files. (BZ#490119)\n\n* a NULL pointer dereference in the megaraid_mbox driver caused a system\ncrash on some systems. (BZ#493420)\n\n* the ext3_symlink() function in the ext3 file system code used an\nillegal __GFP_FS allocation inside some transactions. This may have\nresulted in a kernel panic and \"Assertion failure\" errors. (BZ#493422)\n\n* do_machine_check() cleared all Machine Check Exception (MCE) status\nregisters, preventing the BIOS from using them to determine the cause of\ncertain panics and errors. (BZ#494915)\n\n* a bug prevented NMI watchdog from initializing on HP ProLiant DL580 G5\nsystems. (BZ#497330)\n\nThis update contains backported patches to fix these issues. The system\nmust be rebooted for this update to take effect.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2009-May/065313.html\nhttps://lists.centos.org/pipermail/centos-announce/2009-May/065314.html\n\n**Affected packages:**\nkernel\nkernel-devel\nkernel-doc\nkernel-hugemem\nkernel-hugemem-devel\nkernel-largesmp\nkernel-largesmp-devel\nkernel-smp\nkernel-smp-devel\nkernel-xenU\nkernel-xenU-devel\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2009:0459", "cvss3": {}, "published": "2009-05-01T10:39:17", "type": "centos", "title": "kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:L/AC:H/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4307", "CVE-2009-0028", "CVE-2009-0676", "CVE-2009-0834"], "modified": "2009-05-01T10:39:18", "id": "CESA-2009:0459", "href": "https://lists.centos.org/pipermail/centos-announce/2009-May/065314.html", "cvss": {"score": 4.0, "vector": "AV:L/AC:H/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-01T04:51:00", "description": "**CentOS Errata and Security Advisory** CESA-2009:0473\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* a logic error was found in the do_setlk() function of the Linux kernel\nNetwork File System (NFS) implementation. If a signal interrupted a lock\nrequest, the local POSIX lock was incorrectly created. This could cause a\ndenial of service on the NFS server if a file descriptor was closed before\nits corresponding lock request returned. (CVE-2008-4307, Important)\n\n* a deficiency was found in the Linux kernel system call auditing\nimplementation on 64-bit systems. This could allow a local, unprivileged\nuser to circumvent a system call audit configuration, if that configuration\nfiltered based on the \"syscall\" number or arguments.\n(CVE-2009-0834, Important)\n\n* the exit_notify() function in the Linux kernel did not properly reset the\nexit signal if a process executed a set user ID (setuid) application before\nexiting. This could allow a local, unprivileged user to elevate their\nprivileges. (CVE-2009-1337, Important)\n\n* a flaw was found in the ecryptfs_write_metadata_to_contents() function of\nthe Linux kernel eCryptfs implementation. On systems with a 4096 byte\npage-size, this flaw may have caused 4096 bytes of uninitialized kernel\nmemory to be written into the eCryptfs file headers, leading to an\ninformation leak. Note: Encrypted files created on systems running the\nvulnerable version of eCryptfs may contain leaked data in the eCryptfs file\nheaders. This update does not remove any leaked data. Refer to the\nKnowledgebase article in the References section for further information.\n(CVE-2009-0787, Moderate)\n\n* the Linux kernel implementation of the Network File System (NFS) did not\nproperly initialize the file name limit in the nfs_server data structure.\nThis flaw could possibly lead to a denial of service on a client mounting\nan NFS share. (CVE-2009-1336, Moderate)\n\nThis update also fixes the following bugs:\n\n* the enic driver (Cisco 10G Ethernet) did not operate under\nvirtualization. (BZ#472474)\n\n* network interfaces using the IBM eHEA Ethernet device driver could not be\nsuccessfully configured under low-memory conditions. (BZ#487035)\n\n* bonding with the \"arp_validate=3\" option may have prevented fail overs.\n(BZ#488064)\n\n* when running under virtualization, the acpi-cpufreq module wrote \"Domain\nattempted WRMSR\" errors to the dmesg log. (BZ#488928)\n\n* NFS clients may have experienced deadlocks during unmount. (BZ#488929)\n\n* the ixgbe driver double counted the number of received bytes and packets.\n(BZ#489459)\n\n* the Wacom Intuos3 Lens Cursor device did not work correctly with the\nWacom Intuos3 12x12 tablet. (BZ#489460)\n\n* on the Itanium(r) architecture, nanosleep() caused commands which used it,\nsuch as sleep and usleep, to sleep for one second more than expected.\n(BZ#490434)\n\n* a panic and corruption of slab cache data structures occurred on 64-bit\nPowerPC systems when clvmd was running. (BZ#491677)\n\n* the NONSTOP_TSC feature did not perform correctly on the Intel(r)\nmicroarchitecture (Nehalem) when running in 32-bit mode. (BZ#493356)\n\n* keyboards may not have functioned on IBM eServer System p machines after\na certain point during installation or afterward. (BZ#494293)\n\n* using Device Mapper Multipathing with the qla2xxx driver resulted in\nfrequent path failures. (BZ#495635)\n\n* if the hypervisor was booted with the dom0_max_vcpus parameter set to\nless than the actual number of CPUs in the system, and the cpuspeed service\nwas started, the hypervisor could crash. (BZ#495931)\n\n* using Openswan to provide an IPsec virtual private network eventually\nresulted in a CPU soft lockup and a system crash. (BZ#496044)\n\n* it was possible for posix_locks_deadlock() to enter an infinite loop\n(under the BKL), causing a system hang. (BZ#496842)\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. The system must be rebooted for this\nupdate to take effect.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2009-May/065319.html\nhttps://lists.centos.org/pipermail/centos-announce/2009-May/065320.html\n\n**Affected packages:**\nkernel\nkernel-PAE\nkernel-PAE-devel\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-xen\nkernel-xen-devel\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2009:0473", "cvss3": {}, "published": "2009-05-07T18:35:31", "type": "centos", "title": "kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4307", "CVE-2009-0787", "CVE-2009-0834", "CVE-2009-1336", "CVE-2009-1337"], "modified": "2009-05-07T18:35:31", "id": "CESA-2009:0473", "href": "https://lists.centos.org/pipermail/centos-announce/2009-May/065319.html", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}], "nessus": [{"lastseen": "2023-01-11T14:28:06", "description": "Security fixes :\n\n - a logic error was found in the do_setlk() function of the Linux kernel Network File System (NFS) implementation. If a signal interrupted a lock request, the local POSIX lock was incorrectly created. This could cause a denial of service on the NFS server if a file descriptor was closed before its corresponding lock request returned. (CVE-2008-4307, Important)\n\n - a deficiency was found in the Linux kernel system call auditing implementation on 64-bit systems. This could allow a local, unprivileged user to circumvent a system call audit configuration, if that configuration filtered based on the 'syscall' number or arguments.\n (CVE-2009-0834, Important)\n\n - Chris Evans reported a deficiency in the Linux kernel signals implementation. The clone() system call permits the caller to indicate the signal it wants to receive when its child exits. When clone() is called with the CLONE_PARENT flag, it permits the caller to clone a new child that shares the same parent as itself, enabling the indicated signal to be sent to the caller's parent (instead of the caller), even if the caller's parent has different real and effective user IDs. This could lead to a denial of service of the parent. (CVE-2009-0028, Moderate)\n\n - the sock_getsockopt() function in the Linux kernel did not properly initialize a data structure that can be directly returned to user-space when the getsockopt() function is called with SO_BSDCOMPAT optname set. This flaw could possibly lead to memory disclosure.\n (CVE-2009-0676, Moderate)\n\nBug fixes :\n\n - a kernel crash may have occurred for Scientific Linux 4.7 guests if their guest configuration file specified 'vif = [ 'type=ioemu' ]'. This crash only occurred when starting guests via the 'xm create' command. (BZ#477146)\n\n - a bug in IO-APIC NMI watchdog may have prevented Scientific Linux 4.7 from being installed on HP ProLiant DL580 G5 systems. Hangs during installation and 'NMI received for unknown reason [xx]' errors may have occurred. (BZ#479184)\n\n - a kernel deadlock on some systems when using netdump through a network interface that uses the igb driver.\n (BZ#480579)\n\n - a possible kernel hang in sys_ptrace() on the Itanium® architecture, possibly triggered by tracing a threaded process with strace. (BZ#484904)\n\n - the RHSA-2008:0665 errata only fixed the known problem with the LSI Logic LSI53C1030 Ultra320 SCSI controller, for tape devices. Read commands sent to tape devices may have received incorrect data. This issue may have led to data corruption. This update includes a fix for all types of devices. (BZ#487399)\n\n - a missing memory barrier caused a race condition in the AIO subsystem between the read_events() and aio_complete() functions. This may have caused a thread in read_events() to sleep indefinitely, possibly causing an application hang. (BZ#489935)\n\n - due to a lack of synchronization in the NFS client code, modifications to some pages (for files on an NFS mounted file system) made through a region of memory mapped by mmap() may be lost if the NFS client invalidates its page cache for particular files. (BZ#490119)\n\n - a NULL pointer dereference in the megaraid_mbox driver caused a system crash on some systems. (BZ#493420)\n\n - the ext3_symlink() function in the ext3 file system code used an illegal __GFP_FS allocation inside some transactions. This may have resulted in a kernel panic and 'Assertion failure' errors. (BZ#493422)\n\n - do_machine_check() cleared all Machine Check Exception (MCE) status registers, preventing the BIOS from using them to determine the cause of certain panics and errors. (BZ#494915)\n\n - a bug prevented NMI watchdog from initializing on HP ProLiant DL580 G5 systems. (BZ#497330)", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL4.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:L/AC:H/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4307", "CVE-2009-0028", "CVE-2009-0676", "CVE-2009-0834"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20090430_KERNEL_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60577", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60577);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-4307\", \"CVE-2009-0028\", \"CVE-2009-0676\", \"CVE-2009-0834\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fixes :\n\n - a logic error was found in the do_setlk() function of\n the Linux kernel Network File System (NFS)\n implementation. If a signal interrupted a lock request,\n the local POSIX lock was incorrectly created. This could\n cause a denial of service on the NFS server if a file\n descriptor was closed before its corresponding lock\n request returned. (CVE-2008-4307, Important)\n\n - a deficiency was found in the Linux kernel system call\n auditing implementation on 64-bit systems. This could\n allow a local, unprivileged user to circumvent a system\n call audit configuration, if that configuration filtered\n based on the 'syscall' number or arguments.\n (CVE-2009-0834, Important)\n\n - Chris Evans reported a deficiency in the Linux kernel\n signals implementation. The clone() system call permits\n the caller to indicate the signal it wants to receive\n when its child exits. When clone() is called with the\n CLONE_PARENT flag, it permits the caller to clone a new\n child that shares the same parent as itself, enabling\n the indicated signal to be sent to the caller's parent\n (instead of the caller), even if the caller's parent has\n different real and effective user IDs. This could lead\n to a denial of service of the parent. (CVE-2009-0028,\n Moderate)\n\n - the sock_getsockopt() function in the Linux kernel did\n not properly initialize a data structure that can be\n directly returned to user-space when the getsockopt()\n function is called with SO_BSDCOMPAT optname set. This\n flaw could possibly lead to memory disclosure.\n (CVE-2009-0676, Moderate)\n\nBug fixes :\n\n - a kernel crash may have occurred for Scientific Linux\n 4.7 guests if their guest configuration file specified\n 'vif = [ 'type=ioemu' ]'. This crash only occurred when\n starting guests via the 'xm create' command. (BZ#477146)\n\n - a bug in IO-APIC NMI watchdog may have prevented\n Scientific Linux 4.7 from being installed on HP ProLiant\n DL580 G5 systems. Hangs during installation and 'NMI\n received for unknown reason [xx]' errors may have\n occurred. (BZ#479184)\n\n - a kernel deadlock on some systems when using netdump\n through a network interface that uses the igb driver.\n (BZ#480579)\n\n - a possible kernel hang in sys_ptrace() on the\n Itanium® architecture, possibly triggered by tracing\n a threaded process with strace. (BZ#484904)\n\n - the RHSA-2008:0665 errata only fixed the known problem\n with the LSI Logic LSI53C1030 Ultra320 SCSI controller,\n for tape devices. Read commands sent to tape devices may\n have received incorrect data. This issue may have led to\n data corruption. This update includes a fix for all\n types of devices. (BZ#487399)\n\n - a missing memory barrier caused a race condition in the\n AIO subsystem between the read_events() and\n aio_complete() functions. This may have caused a thread\n in read_events() to sleep indefinitely, possibly causing\n an application hang. (BZ#489935)\n\n - due to a lack of synchronization in the NFS client code,\n modifications to some pages (for files on an NFS mounted\n file system) made through a region of memory mapped by\n mmap() may be lost if the NFS client invalidates its\n page cache for particular files. (BZ#490119)\n\n - a NULL pointer dereference in the megaraid_mbox driver\n caused a system crash on some systems. (BZ#493420)\n\n - the ext3_symlink() function in the ext3 file system code\n used an illegal __GFP_FS allocation inside some\n transactions. This may have resulted in a kernel panic\n and 'Assertion failure' errors. (BZ#493422)\n\n - do_machine_check() cleared all Machine Check Exception\n (MCE) status registers, preventing the BIOS from using\n them to determine the cause of certain panics and\n errors. (BZ#494915)\n\n - a bug prevented NMI watchdog from initializing on HP\n ProLiant DL580 G5 systems. (BZ#497330)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=477146\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=479184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=480579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=484904\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=487399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=489935\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=490119\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=493420\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=493422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=494915\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=497330\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0905&L=scientific-linux-errata&T=0&P=319\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?93c098ce\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:N/I:N/A:C\");\n script_cwe_id(264, 362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"kernel-2.6.9-78.0.22.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-devel-2.6.9-78.0.22.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-doc-2.6.9-78.0.22.EL\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"kernel-hugemem-2.6.9-78.0.22.EL\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"kernel-hugemem-devel-2.6.9-78.0.22.EL\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-2.6.9-78.0.22.EL\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-devel-2.6.9-78.0.22.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-smp-2.6.9-78.0.22.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-smp-devel-2.6.9-78.0.22.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-xenU-2.6.9-78.0.22.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-xenU-devel-2.6.9-78.0.22.EL\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.0, "vector": "AV:L/AC:H/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T15:01:54", "description": "Updated kernel packages that fix several security issues and various bugs are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity fixes :\n\n* a logic error was found in the do_setlk() function of the Linux kernel Network File System (NFS) implementation. If a signal interrupted a lock request, the local POSIX lock was incorrectly created. This could cause a denial of service on the NFS server if a file descriptor was closed before its corresponding lock request returned. (CVE-2008-4307, Important)\n\n* a deficiency was found in the Linux kernel system call auditing implementation on 64-bit systems. This could allow a local, unprivileged user to circumvent a system call audit configuration, if that configuration filtered based on the 'syscall' number or arguments. (CVE-2009-0834, Important)\n\n* Chris Evans reported a deficiency in the Linux kernel signals implementation. The clone() system call permits the caller to indicate the signal it wants to receive when its child exits. When clone() is called with the CLONE_PARENT flag, it permits the caller to clone a new child that shares the same parent as itself, enabling the indicated signal to be sent to the caller's parent (instead of the caller), even if the caller's parent has different real and effective user IDs. This could lead to a denial of service of the parent.\n(CVE-2009-0028, Moderate)\n\n* the sock_getsockopt() function in the Linux kernel did not properly initialize a data structure that can be directly returned to user-space when the getsockopt() function is called with SO_BSDCOMPAT optname set. This flaw could possibly lead to memory disclosure.\n(CVE-2009-0676, Moderate)\n\nBug fixes :\n\n* a kernel crash may have occurred for Red Hat Enterprise Linux 4.7 guests if their guest configuration file specified 'vif = [ 'type=ioemu' ]'. This crash only occurred when starting guests via the 'xm create' command. (BZ#477146)\n\n* a bug in IO-APIC NMI watchdog may have prevented Red Hat Enterprise Linux 4.7 from being installed on HP ProLiant DL580 G5 systems. Hangs during installation and 'NMI received for unknown reason [xx]' errors may have occurred. (BZ#479184)\n\n* a kernel deadlock on some systems when using netdump through a network interface that uses the igb driver. (BZ#480579)\n\n* a possible kernel hang in sys_ptrace() on the Itanium(r) architecture, possibly triggered by tracing a threaded process with strace. (BZ#484904)\n\n* the RHSA-2008:0665 errata only fixed the known problem with the LSI Logic LSI53C1030 Ultra320 SCSI controller, for tape devices. Read commands sent to tape devices may have received incorrect data. This issue may have led to data corruption. This update includes a fix for all types of devices. (BZ#487399)\n\n* a missing memory barrier caused a race condition in the AIO subsystem between the read_events() and aio_complete() functions. This may have caused a thread in read_events() to sleep indefinitely, possibly causing an application hang. (BZ#489935)\n\n* due to a lack of synchronization in the NFS client code, modifications to some pages (for files on an NFS mounted file system) made through a region of memory mapped by mmap() may be lost if the NFS client invalidates its page cache for particular files.\n(BZ#490119)\n\n* a NULL pointer dereference in the megaraid_mbox driver caused a system crash on some systems. (BZ#493420)\n\n* the ext3_symlink() function in the ext3 file system code used an illegal __GFP_FS allocation inside some transactions. This may have resulted in a kernel panic and 'Assertion failure' errors. (BZ#493422)\n\n* do_machine_check() cleared all Machine Check Exception (MCE) status registers, preventing the BIOS from using them to determine the cause of certain panics and errors. (BZ#494915)\n\n* a bug prevented NMI watchdog from initializing on HP ProLiant DL580 G5 systems. (BZ#497330)\n\nThis update contains backported patches to fix these issues. The system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2009-05-26T00:00:00", "type": "nessus", "title": "CentOS 4 : kernel (CESA-2009:0459)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:L/AC:H/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4307", "CVE-2009-0028", "CVE-2009-0676", "CVE-2009-0834"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-hugemem", "p-cpe:/a:centos:centos:kernel-hugemem-devel", "p-cpe:/a:centos:centos:kernel-largesmp", "p-cpe:/a:centos:centos:kernel-largesmp-devel", "p-cpe:/a:centos:centos:kernel-smp", "p-cpe:/a:centos:centos:kernel-smp-devel", "p-cpe:/a:centos:centos:kernel-xenU", "p-cpe:/a:centos:centos:kernel-xenU-devel", "cpe:/o:centos:centos:4"], "id": "CENTOS_RHSA-2009-0459.NASL", "href": "https://www.tenable.com/plugins/nessus/38902", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0459 and \n# CentOS Errata and Security Advisory 2009:0459 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(38902);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-4307\", \"CVE-2009-0028\", \"CVE-2009-0676\", \"CVE-2009-0834\");\n script_bugtraq_id(33846, 33951);\n script_xref(name:\"RHSA\", value:\"2009:0459\");\n\n script_name(english:\"CentOS 4 : kernel (CESA-2009:0459)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix several security issues and various\nbugs are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes :\n\n* a logic error was found in the do_setlk() function of the Linux\nkernel Network File System (NFS) implementation. If a signal\ninterrupted a lock request, the local POSIX lock was incorrectly\ncreated. This could cause a denial of service on the NFS server if a\nfile descriptor was closed before its corresponding lock request\nreturned. (CVE-2008-4307, Important)\n\n* a deficiency was found in the Linux kernel system call auditing\nimplementation on 64-bit systems. This could allow a local,\nunprivileged user to circumvent a system call audit configuration, if\nthat configuration filtered based on the 'syscall' number or\narguments. (CVE-2009-0834, Important)\n\n* Chris Evans reported a deficiency in the Linux kernel signals\nimplementation. The clone() system call permits the caller to indicate\nthe signal it wants to receive when its child exits. When clone() is\ncalled with the CLONE_PARENT flag, it permits the caller to clone a\nnew child that shares the same parent as itself, enabling the\nindicated signal to be sent to the caller's parent (instead of the\ncaller), even if the caller's parent has different real and effective\nuser IDs. This could lead to a denial of service of the parent.\n(CVE-2009-0028, Moderate)\n\n* the sock_getsockopt() function in the Linux kernel did not properly\ninitialize a data structure that can be directly returned to\nuser-space when the getsockopt() function is called with SO_BSDCOMPAT\noptname set. This flaw could possibly lead to memory disclosure.\n(CVE-2009-0676, Moderate)\n\nBug fixes :\n\n* a kernel crash may have occurred for Red Hat Enterprise Linux 4.7\nguests if their guest configuration file specified 'vif = [\n'type=ioemu' ]'. This crash only occurred when starting guests via the\n'xm create' command. (BZ#477146)\n\n* a bug in IO-APIC NMI watchdog may have prevented Red Hat Enterprise\nLinux 4.7 from being installed on HP ProLiant DL580 G5 systems. Hangs\nduring installation and 'NMI received for unknown reason [xx]' errors\nmay have occurred. (BZ#479184)\n\n* a kernel deadlock on some systems when using netdump through a\nnetwork interface that uses the igb driver. (BZ#480579)\n\n* a possible kernel hang in sys_ptrace() on the Itanium(r)\narchitecture, possibly triggered by tracing a threaded process with\nstrace. (BZ#484904)\n\n* the RHSA-2008:0665 errata only fixed the known problem with the LSI\nLogic LSI53C1030 Ultra320 SCSI controller, for tape devices. Read\ncommands sent to tape devices may have received incorrect data. This\nissue may have led to data corruption. This update includes a fix for\nall types of devices. (BZ#487399)\n\n* a missing memory barrier caused a race condition in the AIO\nsubsystem between the read_events() and aio_complete() functions. This\nmay have caused a thread in read_events() to sleep indefinitely,\npossibly causing an application hang. (BZ#489935)\n\n* due to a lack of synchronization in the NFS client code,\nmodifications to some pages (for files on an NFS mounted file system)\nmade through a region of memory mapped by mmap() may be lost if the\nNFS client invalidates its page cache for particular files.\n(BZ#490119)\n\n* a NULL pointer dereference in the megaraid_mbox driver caused a\nsystem crash on some systems. (BZ#493420)\n\n* the ext3_symlink() function in the ext3 file system code used an\nillegal __GFP_FS allocation inside some transactions. This may have\nresulted in a kernel panic and 'Assertion failure' errors. (BZ#493422)\n\n* do_machine_check() cleared all Machine Check Exception (MCE) status\nregisters, preventing the BIOS from using them to determine the cause\nof certain panics and errors. (BZ#494915)\n\n* a bug prevented NMI watchdog from initializing on HP ProLiant DL580\nG5 systems. (BZ#497330)\n\nThis update contains backported patches to fix these issues. The\nsystem must be rebooted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-May/015838.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?065c1c0d\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-May/015839.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6b07d768\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(264, 362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-hugemem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-hugemem-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-largesmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-largesmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-smp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xenU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xenU-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/05/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-2.6.9-78.0.22.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-2.6.9-78.0.22.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-devel-2.6.9-78.0.22.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.9-78.0.22.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-doc-2.6.9-78.0.22.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-doc-2.6.9-78.0.22.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-hugemem-2.6.9-78.0.22.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-hugemem-devel-2.6.9-78.0.22.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-largesmp-2.6.9-78.0.22.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-largesmp-devel-2.6.9-78.0.22.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-smp-2.6.9-78.0.22.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-smp-2.6.9-78.0.22.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-smp-devel-2.6.9-78.0.22.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-smp-devel-2.6.9-78.0.22.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-xenU-2.6.9-78.0.22.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-xenU-2.6.9-78.0.22.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-xenU-devel-2.6.9-78.0.22.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-xenU-devel-2.6.9-78.0.22.EL\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-devel / kernel-doc / kernel-hugemem / etc\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:L/AC:H/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:56:21", "description": "From Red Hat Security Advisory 2009:0459 :\n\nUpdated kernel packages that fix several security issues and various bugs are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity fixes :\n\n* a logic error was found in the do_setlk() function of the Linux kernel Network File System (NFS) implementation. If a signal interrupted a lock request, the local POSIX lock was incorrectly created. This could cause a denial of service on the NFS server if a file descriptor was closed before its corresponding lock request returned. (CVE-2008-4307, Important)\n\n* a deficiency was found in the Linux kernel system call auditing implementation on 64-bit systems. This could allow a local, unprivileged user to circumvent a system call audit configuration, if that configuration filtered based on the 'syscall' number or arguments. (CVE-2009-0834, Important)\n\n* Chris Evans reported a deficiency in the Linux kernel signals implementation. The clone() system call permits the caller to indicate the signal it wants to receive when its child exits. When clone() is called with the CLONE_PARENT flag, it permits the caller to clone a new child that shares the same parent as itself, enabling the indicated signal to be sent to the caller's parent (instead of the caller), even if the caller's parent has different real and effective user IDs. This could lead to a denial of service of the parent.\n(CVE-2009-0028, Moderate)\n\n* the sock_getsockopt() function in the Linux kernel did not properly initialize a data structure that can be directly returned to user-space when the getsockopt() function is called with SO_BSDCOMPAT optname set. This flaw could possibly lead to memory disclosure.\n(CVE-2009-0676, Moderate)\n\nBug fixes :\n\n* a kernel crash may have occurred for Red Hat Enterprise Linux 4.7 guests if their guest configuration file specified 'vif = [ 'type=ioemu' ]'. This crash only occurred when starting guests via the 'xm create' command. (BZ#477146)\n\n* a bug in IO-APIC NMI watchdog may have prevented Red Hat Enterprise Linux 4.7 from being installed on HP ProLiant DL580 G5 systems. Hangs during installation and 'NMI received for unknown reason [xx]' errors may have occurred. (BZ#479184)\n\n* a kernel deadlock on some systems when using netdump through a network interface that uses the igb driver. (BZ#480579)\n\n* a possible kernel hang in sys_ptrace() on the Itanium(r) architecture, possibly triggered by tracing a threaded process with strace. (BZ#484904)\n\n* the RHSA-2008:0665 errata only fixed the known problem with the LSI Logic LSI53C1030 Ultra320 SCSI controller, for tape devices. Read commands sent to tape devices may have received incorrect data. This issue may have led to data corruption. This update includes a fix for all types of devices. (BZ#487399)\n\n* a missing memory barrier caused a race condition in the AIO subsystem between the read_events() and aio_complete() functions. This may have caused a thread in read_events() to sleep indefinitely, possibly causing an application hang. (BZ#489935)\n\n* due to a lack of synchronization in the NFS client code, modifications to some pages (for files on an NFS mounted file system) made through a region of memory mapped by mmap() may be lost if the NFS client invalidates its page cache for particular files.\n(BZ#490119)\n\n* a NULL pointer dereference in the megaraid_mbox driver caused a system crash on some systems. (BZ#493420)\n\n* the ext3_symlink() function in the ext3 file system code used an illegal __GFP_FS allocation inside some transactions. This may have resulted in a kernel panic and 'Assertion failure' errors. (BZ#493422)\n\n* do_machine_check() cleared all Machine Check Exception (MCE) status registers, preventing the BIOS from using them to determine the cause of certain panics and errors. (BZ#494915)\n\n* a bug prevented NMI watchdog from initializing on HP ProLiant DL580 G5 systems. (BZ#497330)\n\nThis update contains backported patches to fix these issues. The system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 4 : kernel (ELSA-2009-0459)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:L/AC:H/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4307", "CVE-2009-0028", "CVE-2009-0676", "CVE-2009-0834"], "modified": "2021-08-24T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-doc", "p-cpe:/a:oracle:linux:kernel-hugemem", "p-cpe:/a:oracle:linux:kernel-hugemem-devel", "p-cpe:/a:oracle:linux:kernel-largesmp", "p-cpe:/a:oracle:linux:kernel-largesmp-devel", "p-cpe:/a:oracle:linux:kernel-smp", "p-cpe:/a:oracle:linux:kernel-smp-devel", "p-cpe:/a:oracle:linux:kernel-xenU", "p-cpe:/a:oracle:linux:kernel-xenU-devel", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2009-0459.NASL", "href": "https://www.tenable.com/plugins/nessus/67853", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2009:0459 and \n# Oracle Linux Security Advisory ELSA-2009-0459 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67853);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/24\");\n\n script_cve_id(\"CVE-2008-4307\", \"CVE-2009-0028\", \"CVE-2009-0676\", \"CVE-2009-0834\");\n script_bugtraq_id(33846, 33951);\n script_xref(name:\"RHSA\", value:\"2009:0459\");\n\n script_name(english:\"Oracle Linux 4 : kernel (ELSA-2009-0459)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2009:0459 :\n\nUpdated kernel packages that fix several security issues and various\nbugs are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes :\n\n* a logic error was found in the do_setlk() function of the Linux\nkernel Network File System (NFS) implementation. If a signal\ninterrupted a lock request, the local POSIX lock was incorrectly\ncreated. This could cause a denial of service on the NFS server if a\nfile descriptor was closed before its corresponding lock request\nreturned. (CVE-2008-4307, Important)\n\n* a deficiency was found in the Linux kernel system call auditing\nimplementation on 64-bit systems. This could allow a local,\nunprivileged user to circumvent a system call audit configuration, if\nthat configuration filtered based on the 'syscall' number or\narguments. (CVE-2009-0834, Important)\n\n* Chris Evans reported a deficiency in the Linux kernel signals\nimplementation. The clone() system call permits the caller to indicate\nthe signal it wants to receive when its child exits. When clone() is\ncalled with the CLONE_PARENT flag, it permits the caller to clone a\nnew child that shares the same parent as itself, enabling the\nindicated signal to be sent to the caller's parent (instead of the\ncaller), even if the caller's parent has different real and effective\nuser IDs. This could lead to a denial of service of the parent.\n(CVE-2009-0028, Moderate)\n\n* the sock_getsockopt() function in the Linux kernel did not properly\ninitialize a data structure that can be directly returned to\nuser-space when the getsockopt() function is called with SO_BSDCOMPAT\noptname set. This flaw could possibly lead to memory disclosure.\n(CVE-2009-0676, Moderate)\n\nBug fixes :\n\n* a kernel crash may have occurred for Red Hat Enterprise Linux 4.7\nguests if their guest configuration file specified 'vif = [\n'type=ioemu' ]'. This crash only occurred when starting guests via the\n'xm create' command. (BZ#477146)\n\n* a bug in IO-APIC NMI watchdog may have prevented Red Hat Enterprise\nLinux 4.7 from being installed on HP ProLiant DL580 G5 systems. Hangs\nduring installation and 'NMI received for unknown reason [xx]' errors\nmay have occurred. (BZ#479184)\n\n* a kernel deadlock on some systems when using netdump through a\nnetwork interface that uses the igb driver. (BZ#480579)\n\n* a possible kernel hang in sys_ptrace() on the Itanium(r)\narchitecture, possibly triggered by tracing a threaded process with\nstrace. (BZ#484904)\n\n* the RHSA-2008:0665 errata only fixed the known problem with the LSI\nLogic LSI53C1030 Ultra320 SCSI controller, for tape devices. Read\ncommands sent to tape devices may have received incorrect data. This\nissue may have led to data corruption. This update includes a fix for\nall types of devices. (BZ#487399)\n\n* a missing memory barrier caused a race condition in the AIO\nsubsystem between the read_events() and aio_complete() functions. This\nmay have caused a thread in read_events() to sleep indefinitely,\npossibly causing an application hang. (BZ#489935)\n\n* due to a lack of synchronization in the NFS client code,\nmodifications to some pages (for files on an NFS mounted file system)\nmade through a region of memory mapped by mmap() may be lost if the\nNFS client invalidates its page cache for particular files.\n(BZ#490119)\n\n* a NULL pointer dereference in the megaraid_mbox driver caused a\nsystem crash on some systems. (BZ#493420)\n\n* the ext3_symlink() function in the ext3 file system code used an\nillegal __GFP_FS allocation inside some transactions. This may have\nresulted in a kernel panic and 'Assertion failure' errors. (BZ#493422)\n\n* do_machine_check() cleared all Machine Check Exception (MCE) status\nregisters, preventing the BIOS from using them to determine the cause\nof certain panics and errors. (BZ#494915)\n\n* a bug prevented NMI watchdog from initializing on HP ProLiant DL580\nG5 systems. (BZ#497330)\n\nThis update contains backported patches to fix these issues. The\nsystem must be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-May/000993.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(264, 362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-hugemem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-hugemem-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-largesmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-largesmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-smp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xenU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xenU-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n cve_list = make_list(\"CVE-2008-4307\", \"CVE-2009-0028\", \"CVE-2009-0676\", \"CVE-2009-0834\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2009-0459\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-2.6.9\") && rpm_check(release:\"EL4\", reference:\"kernel-2.6.9-78.0.22.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-devel-2.6.9\") && rpm_check(release:\"EL4\", reference:\"kernel-devel-2.6.9-78.0.22.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-doc-2.6.9\") && rpm_check(release:\"EL4\", reference:\"kernel-doc-2.6.9-78.0.22.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-hugemem-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-hugemem-2.6.9-78.0.22.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-hugemem-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-hugemem-devel-2.6.9-78.0.22.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-largesmp-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"ia64\", reference:\"kernel-largesmp-2.6.9-78.0.22.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-largesmp-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-2.6.9-78.0.22.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-largesmp-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"ia64\", reference:\"kernel-largesmp-devel-2.6.9-78.0.22.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-largesmp-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-devel-2.6.9-78.0.22.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-smp-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-smp-2.6.9-78.0.22.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-smp-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-smp-2.6.9-78.0.22.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-smp-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-smp-devel-2.6.9-78.0.22.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-smp-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-smp-devel-2.6.9-78.0.22.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-xenU-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-xenU-2.6.9-78.0.22.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-xenU-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-xenU-2.6.9-78.0.22.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-xenU-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-xenU-devel-2.6.9-78.0.22.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-xenU-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-xenU-devel-2.6.9-78.0.22.0.1.EL\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:L/AC:H/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:59:20", "description": "Updated kernel packages that fix several security issues and various bugs are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity fixes :\n\n* a logic error was found in the do_setlk() function of the Linux kernel Network File System (NFS) implementation. If a signal interrupted a lock request, the local POSIX lock was incorrectly created. This could cause a denial of service on the NFS server if a file descriptor was closed before its corresponding lock request returned. (CVE-2008-4307, Important)\n\n* a deficiency was found in the Linux kernel system call auditing implementation on 64-bit systems. This could allow a local, unprivileged user to circumvent a system call audit configuration, if that configuration filtered based on the 'syscall' number or arguments. (CVE-2009-0834, Important)\n\n* Chris Evans reported a deficiency in the Linux kernel signals implementation. The clone() system call permits the caller to indicate the signal it wants to receive when its child exits. When clone() is called with the CLONE_PARENT flag, it permits the caller to clone a new child that shares the same parent as itself, enabling the indicated signal to be sent to the caller's parent (instead of the caller), even if the caller's parent has different real and effective user IDs. This could lead to a denial of service of the parent.\n(CVE-2009-0028, Moderate)\n\n* the sock_getsockopt() function in the Linux kernel did not properly initialize a data structure that can be directly returned to user-space when the getsockopt() function is called with SO_BSDCOMPAT optname set. This flaw could possibly lead to memory disclosure.\n(CVE-2009-0676, Moderate)\n\nBug fixes :\n\n* a kernel crash may have occurred for Red Hat Enterprise Linux 4.7 guests if their guest configuration file specified 'vif = [ 'type=ioemu' ]'. This crash only occurred when starting guests via the 'xm create' command. (BZ#477146)\n\n* a bug in IO-APIC NMI watchdog may have prevented Red Hat Enterprise Linux 4.7 from being installed on HP ProLiant DL580 G5 systems. Hangs during installation and 'NMI received for unknown reason [xx]' errors may have occurred. (BZ#479184)\n\n* a kernel deadlock on some systems when using netdump through a network interface that uses the igb driver. (BZ#480579)\n\n* a possible kernel hang in sys_ptrace() on the Itanium(r) architecture, possibly triggered by tracing a threaded process with strace. (BZ#484904)\n\n* the RHSA-2008:0665 errata only fixed the known problem with the LSI Logic LSI53C1030 Ultra320 SCSI controller, for tape devices. Read commands sent to tape devices may have received incorrect data. This issue may have led to data corruption. This update includes a fix for all types of devices. (BZ#487399)\n\n* a missing memory barrier caused a race condition in the AIO subsystem between the read_events() and aio_complete() functions. This may have caused a thread in read_events() to sleep indefinitely, possibly causing an application hang. (BZ#489935)\n\n* due to a lack of synchronization in the NFS client code, modifications to some pages (for files on an NFS mounted file system) made through a region of memory mapped by mmap() may be lost if the NFS client invalidates its page cache for particular files.\n(BZ#490119)\n\n* a NULL pointer dereference in the megaraid_mbox driver caused a system crash on some systems. (BZ#493420)\n\n* the ext3_symlink() function in the ext3 file system code used an illegal __GFP_FS allocation inside some transactions. This may have resulted in a kernel panic and 'Assertion failure' errors. (BZ#493422)\n\n* do_machine_check() cleared all Machine Check Exception (MCE) status registers, preventing the BIOS from using them to determine the cause of certain panics and errors. (BZ#494915)\n\n* a bug prevented NMI watchdog from initializing on HP ProLiant DL580 G5 systems. (BZ#497330)\n\nThis update contains backported patches to fix these issues. The system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2009-05-01T00:00:00", "type": "nessus", "title": "RHEL 4 : kernel (RHSA-2009:0459)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:L/AC:H/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4307", "CVE-2009-0028", "CVE-2009-0676", "CVE-2009-0834"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-hugemem", "p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-largesmp", "p-cpe:/a:redhat:enterprise_linux:kernel-largesmp-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-smp", "p-cpe:/a:redhat:enterprise_linux:kernel-smp-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-xenU", "p-cpe:/a:redhat:enterprise_linux:kernel-xenU-devel", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.7"], "id": "REDHAT-RHSA-2009-0459.NASL", "href": "https://www.tenable.com/plugins/nessus/38661", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0459. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(38661);\n script_version(\"1.31\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-4307\", \"CVE-2009-0028\", \"CVE-2009-0676\", \"CVE-2009-0834\");\n script_bugtraq_id(33846, 33951);\n script_xref(name:\"RHSA\", value:\"2009:0459\");\n\n script_name(english:\"RHEL 4 : kernel (RHSA-2009:0459)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix several security issues and various\nbugs are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes :\n\n* a logic error was found in the do_setlk() function of the Linux\nkernel Network File System (NFS) implementation. If a signal\ninterrupted a lock request, the local POSIX lock was incorrectly\ncreated. This could cause a denial of service on the NFS server if a\nfile descriptor was closed before its corresponding lock request\nreturned. (CVE-2008-4307, Important)\n\n* a deficiency was found in the Linux kernel system call auditing\nimplementation on 64-bit systems. This could allow a local,\nunprivileged user to circumvent a system call audit configuration, if\nthat configuration filtered based on the 'syscall' number or\narguments. (CVE-2009-0834, Important)\n\n* Chris Evans reported a deficiency in the Linux kernel signals\nimplementation. The clone() system call permits the caller to indicate\nthe signal it wants to receive when its child exits. When clone() is\ncalled with the CLONE_PARENT flag, it permits the caller to clone a\nnew child that shares the same parent as itself, enabling the\nindicated signal to be sent to the caller's parent (instead of the\ncaller), even if the caller's parent has different real and effective\nuser IDs. This could lead to a denial of service of the parent.\n(CVE-2009-0028, Moderate)\n\n* the sock_getsockopt() function in the Linux kernel did not properly\ninitialize a data structure that can be directly returned to\nuser-space when the getsockopt() function is called with SO_BSDCOMPAT\noptname set. This flaw could possibly lead to memory disclosure.\n(CVE-2009-0676, Moderate)\n\nBug fixes :\n\n* a kernel crash may have occurred for Red Hat Enterprise Linux 4.7\nguests if their guest configuration file specified 'vif = [\n'type=ioemu' ]'. This crash only occurred when starting guests via the\n'xm create' command. (BZ#477146)\n\n* a bug in IO-APIC NMI watchdog may have prevented Red Hat Enterprise\nLinux 4.7 from being installed on HP ProLiant DL580 G5 systems. Hangs\nduring installation and 'NMI received for unknown reason [xx]' errors\nmay have occurred. (BZ#479184)\n\n* a kernel deadlock on some systems when using netdump through a\nnetwork interface that uses the igb driver. (BZ#480579)\n\n* a possible kernel hang in sys_ptrace() on the Itanium(r)\narchitecture, possibly triggered by tracing a threaded process with\nstrace. (BZ#484904)\n\n* the RHSA-2008:0665 errata only fixed the known problem with the LSI\nLogic LSI53C1030 Ultra320 SCSI controller, for tape devices. Read\ncommands sent to tape devices may have received incorrect data. This\nissue may have led to data corruption. This update includes a fix for\nall types of devices. (BZ#487399)\n\n* a missing memory barrier caused a race condition in the AIO\nsubsystem between the read_events() and aio_complete() functions. This\nmay have caused a thread in read_events() to sleep indefinitely,\npossibly causing an application hang. (BZ#489935)\n\n* due to a lack of synchronization in the NFS client code,\nmodifications to some pages (for files on an NFS mounted file system)\nmade through a region of memory mapped by mmap() may be lost if the\nNFS client invalidates its page cache for particular files.\n(BZ#490119)\n\n* a NULL pointer dereference in the megaraid_mbox driver caused a\nsystem crash on some systems. (BZ#493420)\n\n* the ext3_symlink() function in the ext3 file system code used an\nillegal __GFP_FS allocation inside some transactions. This may have\nresulted in a kernel panic and 'Assertion failure' errors. (BZ#493422)\n\n* do_machine_check() cleared all Machine Check Exception (MCE) status\nregisters, preventing the BIOS from using them to determine the cause\nof certain panics and errors. (BZ#494915)\n\n* a bug prevented NMI watchdog from initializing on HP ProLiant DL580\nG5 systems. (BZ#497330)\n\nThis update contains backported patches to fix these issues. The\nsystem must be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-4307\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0028\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0676\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0834\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:0459\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(264, 362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-largesmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-largesmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-smp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xenU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xenU-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/05/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2008-4307\", \"CVE-2009-0028\", \"CVE-2009-0676\", \"CVE-2009-0834\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2009:0459\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:0459\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"kernel-2.6.9-78.0.22.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"kernel-devel-2.6.9-78.0.22.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"kernel-doc-2.6.9-78.0.22.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-hugemem-2.6.9-78.0.22.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-hugemem-devel-2.6.9-78.0.22.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-2.6.9-78.0.22.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-devel-2.6.9-78.0.22.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-smp-2.6.9-78.0.22.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-smp-2.6.9-78.0.22.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-smp-devel-2.6.9-78.0.22.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-smp-devel-2.6.9-78.0.22.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-xenU-2.6.9-78.0.22.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-xenU-2.6.9-78.0.22.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-xenU-devel-2.6.9-78.0.22.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-xenU-devel-2.6.9-78.0.22.EL\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-devel / kernel-doc / kernel-hugemem / etc\");\n }\n}\n", "cvss": {"score": 4.0, "vector": "AV:L/AC:H/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T15:01:34", "description": "Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* a logic error was found in the do_setlk() function of the Linux kernel Network File System (NFS) implementation. If a signal interrupted a lock request, the local POSIX lock was incorrectly created. This could cause a denial of service on the NFS server if a file descriptor was closed before its corresponding lock request returned. (CVE-2008-4307, Important)\n\n* a deficiency was found in the Linux kernel system call auditing implementation on 64-bit systems. This could allow a local, unprivileged user to circumvent a system call audit configuration, if that configuration filtered based on the 'syscall' number or arguments. (CVE-2009-0834, Important)\n\n* the exit_notify() function in the Linux kernel did not properly reset the exit signal if a process executed a set user ID (setuid) application before exiting. This could allow a local, unprivileged user to elevate their privileges. (CVE-2009-1337, Important)\n\n* a flaw was found in the ecryptfs_write_metadata_to_contents() function of the Linux kernel eCryptfs implementation. On systems with a 4096 byte page-size, this flaw may have caused 4096 bytes of uninitialized kernel memory to be written into the eCryptfs file headers, leading to an information leak. Note: Encrypted files created on systems running the vulnerable version of eCryptfs may contain leaked data in the eCryptfs file headers. This update does not remove any leaked data. Refer to the Knowledgebase article in the References section for further information. (CVE-2009-0787, Moderate)\n\n* the Linux kernel implementation of the Network File System (NFS) did not properly initialize the file name limit in the nfs_server data structure. This flaw could possibly lead to a denial of service on a client mounting an NFS share. (CVE-2009-1336, Moderate)\n\nThis update also fixes the following bugs :\n\n* the enic driver (Cisco 10G Ethernet) did not operate under virtualization. (BZ#472474)\n\n* network interfaces using the IBM eHEA Ethernet device driver could not be successfully configured under low-memory conditions.\n(BZ#487035)\n\n* bonding with the 'arp_validate=3' option may have prevented fail overs. (BZ#488064)\n\n* when running under virtualization, the acpi-cpufreq module wrote 'Domain attempted WRMSR' errors to the dmesg log. (BZ#488928)\n\n* NFS clients may have experienced deadlocks during unmount.\n(BZ#488929)\n\n* the ixgbe driver double counted the number of received bytes and packets. (BZ#489459)\n\n* the Wacom Intuos3 Lens Cursor device did not work correctly with the Wacom Intuos3 12x12 tablet. (BZ#489460)\n\n* on the Itanium(r) architecture, nanosleep() caused commands which used it, such as sleep and usleep, to sleep for one second more than expected. (BZ#490434)\n\n* a panic and corruption of slab cache data structures occurred on 64-bit PowerPC systems when clvmd was running. (BZ#491677)\n\n* the NONSTOP_TSC feature did not perform correctly on the Intel(r) microarchitecture (Nehalem) when running in 32-bit mode. (BZ#493356)\n\n* keyboards may not have functioned on IBM eServer System p machines after a certain point during installation or afterward. (BZ#494293)\n\n* using Device Mapper Multipathing with the qla2xxx driver resulted in frequent path failures. (BZ#495635)\n\n* if the hypervisor was booted with the dom0_max_vcpus parameter set to less than the actual number of CPUs in the system, and the cpuspeed service was started, the hypervisor could crash. (BZ#495931)\n\n* using Openswan to provide an IPsec virtual private network eventually resulted in a CPU soft lockup and a system crash.\n(BZ#496044)\n\n* it was possible for posix_locks_deadlock() to enter an infinite loop (under the BKL), causing a system hang. (BZ#496842)\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2009-05-08T00:00:00", "type": "nessus", "title": "RHEL 5 : kernel (RHSA-2009:0473)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4307", "CVE-2009-0787", "CVE-2009-0834", "CVE-2009-1336", "CVE-2009-1337"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-xen", "p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.3"], "id": "REDHAT-RHSA-2009-0473.NASL", "href": "https://www.tenable.com/plugins/nessus/38709", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0473. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(38709);\n script_version(\"1.30\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-4307\", \"CVE-2009-0787\", \"CVE-2009-0834\", \"CVE-2009-1336\", \"CVE-2009-1337\");\n script_bugtraq_id(33951, 34405);\n script_xref(name:\"RHSA\", value:\"2009:0473\");\n\n script_name(english:\"RHEL 5 : kernel (RHSA-2009:0473)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix several security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* a logic error was found in the do_setlk() function of the Linux\nkernel Network File System (NFS) implementation. If a signal\ninterrupted a lock request, the local POSIX lock was incorrectly\ncreated. This could cause a denial of service on the NFS server if a\nfile descriptor was closed before its corresponding lock request\nreturned. (CVE-2008-4307, Important)\n\n* a deficiency was found in the Linux kernel system call auditing\nimplementation on 64-bit systems. This could allow a local,\nunprivileged user to circumvent a system call audit configuration, if\nthat configuration filtered based on the 'syscall' number or\narguments. (CVE-2009-0834, Important)\n\n* the exit_notify() function in the Linux kernel did not properly\nreset the exit signal if a process executed a set user ID (setuid)\napplication before exiting. This could allow a local, unprivileged\nuser to elevate their privileges. (CVE-2009-1337, Important)\n\n* a flaw was found in the ecryptfs_write_metadata_to_contents()\nfunction of the Linux kernel eCryptfs implementation. On systems with\na 4096 byte page-size, this flaw may have caused 4096 bytes of\nuninitialized kernel memory to be written into the eCryptfs file\nheaders, leading to an information leak. Note: Encrypted files created\non systems running the vulnerable version of eCryptfs may contain\nleaked data in the eCryptfs file headers. This update does not remove\nany leaked data. Refer to the Knowledgebase article in the References\nsection for further information. (CVE-2009-0787, Moderate)\n\n* the Linux kernel implementation of the Network File System (NFS) did\nnot properly initialize the file name limit in the nfs_server data\nstructure. This flaw could possibly lead to a denial of service on a\nclient mounting an NFS share. (CVE-2009-1336, Moderate)\n\nThis update also fixes the following bugs :\n\n* the enic driver (Cisco 10G Ethernet) did not operate under\nvirtualization. (BZ#472474)\n\n* network interfaces using the IBM eHEA Ethernet device driver could\nnot be successfully configured under low-memory conditions.\n(BZ#487035)\n\n* bonding with the 'arp_validate=3' option may have prevented fail\novers. (BZ#488064)\n\n* when running under virtualization, the acpi-cpufreq module wrote\n'Domain attempted WRMSR' errors to the dmesg log. (BZ#488928)\n\n* NFS clients may have experienced deadlocks during unmount.\n(BZ#488929)\n\n* the ixgbe driver double counted the number of received bytes and\npackets. (BZ#489459)\n\n* the Wacom Intuos3 Lens Cursor device did not work correctly with the\nWacom Intuos3 12x12 tablet. (BZ#489460)\n\n* on the Itanium(r) architecture, nanosleep() caused commands which\nused it, such as sleep and usleep, to sleep for one second more than\nexpected. (BZ#490434)\n\n* a panic and corruption of slab cache data structures occurred on\n64-bit PowerPC systems when clvmd was running. (BZ#491677)\n\n* the NONSTOP_TSC feature did not perform correctly on the Intel(r)\nmicroarchitecture (Nehalem) when running in 32-bit mode. (BZ#493356)\n\n* keyboards may not have functioned on IBM eServer System p machines\nafter a certain point during installation or afterward. (BZ#494293)\n\n* using Device Mapper Multipathing with the qla2xxx driver resulted in\nfrequent path failures. (BZ#495635)\n\n* if the hypervisor was booted with the dom0_max_vcpus parameter set\nto less than the actual number of CPUs in the system, and the cpuspeed\nservice was started, the hypervisor could crash. (BZ#495931)\n\n* using Openswan to provide an IPsec virtual private network\neventually resulted in a CPU soft lockup and a system crash.\n(BZ#496044)\n\n* it was possible for posix_locks_deadlock() to enter an infinite loop\n(under the BKL), causing a system hang. (BZ#496842)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-4307\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0834\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1336\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1337\"\n );\n # http://kbase.redhat.com/faq/docs/DOC-16748\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/16734\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:0473\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 189, 264, 362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/05/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2008-4307\", \"CVE-2009-0787\", \"CVE-2009-0834\", \"CVE-2009-1336\", \"CVE-2009-1337\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2009:0473\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:0473\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-2.6.18-128.1.10.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-2.6.18-128.1.10.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-2.6.18-128.1.10.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-2.6.18-128.1.10.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-devel-2.6.18-128.1.10.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-2.6.18-128.1.10.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-2.6.18-128.1.10.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.18-128.1.10.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.18-128.1.10.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.18-128.1.10.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.18-128.1.10.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-devel-2.6.18-128.1.10.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-devel-2.6.18-128.1.10.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.18-128.1.10.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"kernel-doc-2.6.18-128.1.10.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"kernel-headers-2.6.18-128.1.10.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-headers-2.6.18-128.1.10.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.18-128.1.10.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.18-128.1.10.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.18-128.1.10.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-2.6.18-128.1.10.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-2.6.18-128.1.10.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-devel-2.6.18-128.1.10.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.18-128.1.10.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-01-11T14:59:32", "description": "Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* a logic error was found in the do_setlk() function of the Linux kernel Network File System (NFS) implementation. If a signal interrupted a lock request, the local POSIX lock was incorrectly created. This could cause a denial of service on the NFS server if a file descriptor was closed before its corresponding lock request returned. (CVE-2008-4307, Important)\n\n* a deficiency was found in the Linux kernel system call auditing implementation on 64-bit systems. This could allow a local, unprivileged user to circumvent a system call audit configuration, if that configuration filtered based on the 'syscall' number or arguments. (CVE-2009-0834, Important)\n\n* the exit_notify() function in the Linux kernel did not properly reset the exit signal if a process executed a set user ID (setuid) application before exiting. This could allow a local, unprivileged user to elevate their privileges. (CVE-2009-1337, Important)\n\n* a flaw was found in the ecryptfs_write_metadata_to_contents() function of the Linux kernel eCryptfs implementation. On systems with a 4096 byte page-size, this flaw may have caused 4096 bytes of uninitialized kernel memory to be written into the eCryptfs file headers, leading to an information leak. Note: Encrypted files created on systems running the vulnerable version of eCryptfs may contain leaked data in the eCryptfs file headers. This update does not remove any leaked data. Refer to the Knowledgebase article in the References section for further information. (CVE-2009-0787, Moderate)\n\n* the Linux kernel implementation of the Network File System (NFS) did not properly initialize the file name limit in the nfs_server data structure. This flaw could possibly lead to a denial of service on a client mounting an NFS share. (CVE-2009-1336, Moderate)\n\nThis update also fixes the following bugs :\n\n* the enic driver (Cisco 10G Ethernet) did not operate under virtualization. (BZ#472474)\n\n* network interfaces using the IBM eHEA Ethernet device driver could not be successfully configured under low-memory conditions.\n(BZ#487035)\n\n* bonding with the 'arp_validate=3' option may have prevented fail overs. (BZ#488064)\n\n* when running under virtualization, the acpi-cpufreq module wrote 'Domain attempted WRMSR' errors to the dmesg log. (BZ#488928)\n\n* NFS clients may have experienced deadlocks during unmount.\n(BZ#488929)\n\n* the ixgbe driver double counted the number of received bytes and packets. (BZ#489459)\n\n* the Wacom Intuos3 Lens Cursor device did not work correctly with the Wacom Intuos3 12x12 tablet. (BZ#489460)\n\n* on the Itanium(r) architecture, nanosleep() caused commands which used it, such as sleep and usleep, to sleep for one second more than expected. (BZ#490434)\n\n* a panic and corruption of slab cache data structures occurred on 64-bit PowerPC systems when clvmd was running. (BZ#491677)\n\n* the NONSTOP_TSC feature did not perform correctly on the Intel(r) microarchitecture (Nehalem) when running in 32-bit mode. (BZ#493356)\n\n* keyboards may not have functioned on IBM eServer System p machines after a certain point during installation or afterward. (BZ#494293)\n\n* using Device Mapper Multipathing with the qla2xxx driver resulted in frequent path failures. (BZ#495635)\n\n* if the hypervisor was booted with the dom0_max_vcpus parameter set to less than the actual number of CPUs in the system, and the cpuspeed service was started, the hypervisor could crash. (BZ#495931)\n\n* using Openswan to provide an IPsec virtual private network eventually resulted in a CPU soft lockup and a system crash.\n(BZ#496044)\n\n* it was possible for posix_locks_deadlock() to enter an infinite loop (under the BKL), causing a system hang. (BZ#496842)\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2010-01-06T00:00:00", "type": "nessus", "title": "CentOS 5 : kernel (CESA-2009:0473)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4307", "CVE-2009-0787", "CVE-2009-0834", "CVE-2009-1336", "CVE-2009-1337"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-PAE", "p-cpe:/a:centos:centos:kernel-PAE-devel", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-xen", "p-cpe:/a:centos:centos:kernel-xen-devel", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2009-0473.NASL", "href": "https://www.tenable.com/plugins/nessus/43746", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0473 and \n# CentOS Errata and Security Advisory 2009:0473 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43746);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-4307\", \"CVE-2009-0787\", \"CVE-2009-0834\", \"CVE-2009-1336\", \"CVE-2009-1337\");\n script_bugtraq_id(33951, 34405);\n script_xref(name:\"RHSA\", value:\"2009:0473\");\n\n script_name(english:\"CentOS 5 : kernel (CESA-2009:0473)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix several security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* a logic error was found in the do_setlk() function of the Linux\nkernel Network File System (NFS) implementation. If a signal\ninterrupted a lock request, the local POSIX lock was incorrectly\ncreated. This could cause a denial of service on the NFS server if a\nfile descriptor was closed before its corresponding lock request\nreturned. (CVE-2008-4307, Important)\n\n* a deficiency was found in the Linux kernel system call auditing\nimplementation on 64-bit systems. This could allow a local,\nunprivileged user to circumvent a system call audit configuration, if\nthat configuration filtered based on the 'syscall' number or\narguments. (CVE-2009-0834, Important)\n\n* the exit_notify() function in the Linux kernel did not properly\nreset the exit signal if a process executed a set user ID (setuid)\napplication before exiting. This could allow a local, unprivileged\nuser to elevate their privileges. (CVE-2009-1337, Important)\n\n* a flaw was found in the ecryptfs_write_metadata_to_contents()\nfunction of the Linux kernel eCryptfs implementation. On systems with\na 4096 byte page-size, this flaw may have caused 4096 bytes of\nuninitialized kernel memory to be written into the eCryptfs file\nheaders, leading to an information leak. Note: Encrypted files created\non systems running the vulnerable version of eCryptfs may contain\nleaked data in the eCryptfs file headers. This update does not remove\nany leaked data. Refer to the Knowledgebase article in the References\nsection for further information. (CVE-2009-0787, Moderate)\n\n* the Linux kernel implementation of the Network File System (NFS) did\nnot properly initialize the file name limit in the nfs_server data\nstructure. This flaw could possibly lead to a denial of service on a\nclient mounting an NFS share. (CVE-2009-1336, Moderate)\n\nThis update also fixes the following bugs :\n\n* the enic driver (Cisco 10G Ethernet) did not operate under\nvirtualization. (BZ#472474)\n\n* network interfaces using the IBM eHEA Ethernet device driver could\nnot be successfully configured under low-memory conditions.\n(BZ#487035)\n\n* bonding with the 'arp_validate=3' option may have prevented fail\novers. (BZ#488064)\n\n* when running under virtualization, the acpi-cpufreq module wrote\n'Domain attempted WRMSR' errors to the dmesg log. (BZ#488928)\n\n* NFS clients may have experienced deadlocks during unmount.\n(BZ#488929)\n\n* the ixgbe driver double counted the number of received bytes and\npackets. (BZ#489459)\n\n* the Wacom Intuos3 Lens Cursor device did not work correctly with the\nWacom Intuos3 12x12 tablet. (BZ#489460)\n\n* on the Itanium(r) architecture, nanosleep() caused commands which\nused it, such as sleep and usleep, to sleep for one second more than\nexpected. (BZ#490434)\n\n* a panic and corruption of slab cache data structures occurred on\n64-bit PowerPC systems when clvmd was running. (BZ#491677)\n\n* the NONSTOP_TSC feature did not perform correctly on the Intel(r)\nmicroarchitecture (Nehalem) when running in 32-bit mode. (BZ#493356)\n\n* keyboards may not have functioned on IBM eServer System p machines\nafter a certain point during installation or afterward. (BZ#494293)\n\n* using Device Mapper Multipathing with the qla2xxx driver resulted in\nfrequent path failures. (BZ#495635)\n\n* if the hypervisor was booted with the dom0_max_vcpus parameter set\nto less than the actual number of CPUs in the system, and the cpuspeed\nservice was started, the hypervisor could crash. (BZ#495931)\n\n* using Openswan to provide an IPsec virtual private network\neventually resulted in a CPU soft lockup and a system crash.\n(BZ#496044)\n\n* it was possible for posix_locks_deadlock() to enter an infinite loop\n(under the BKL), causing a system hang. (BZ#496842)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-May/015844.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6e5071f8\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-May/015845.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3b13f808\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 189, 264, 362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-2.6.18-128.1.10.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-128.1.10.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-128.1.10.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-debug-2.6.18-128.1.10.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-debug-devel-2.6.18-128.1.10.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-devel-2.6.18-128.1.10.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-doc-2.6.18-128.1.10.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-headers-2.6.18-128.1.10.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-2.6.18-128.1.10.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-devel-2.6.18-128.1.10.el5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-01-11T14:49:59", "description": "From Red Hat Security Advisory 2009:0473 :\n\nUpdated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* a logic error was found in the do_setlk() function of the Linux kernel Network File System (NFS) implementation. If a signal interrupted a lock request, the local POSIX lock was incorrectly created. This could cause a denial of service on the NFS server if a file descriptor was closed before its corresponding lock request returned. (CVE-2008-4307, Important)\n\n* a deficiency was found in the Linux kernel system call auditing implementation on 64-bit systems. This could allow a local, unprivileged user to circumvent a system call audit configuration, if that configuration filtered based on the 'syscall' number or arguments. (CVE-2009-0834, Important)\n\n* the exit_notify() function in the Linux kernel did not properly reset the exit signal if a process executed a set user ID (setuid) application before exiting. This could allow a local, unprivileged user to elevate their privileges. (CVE-2009-1337, Important)\n\n* a flaw was found in the ecryptfs_write_metadata_to_contents() function of the Linux kernel eCryptfs implementation. On systems with a 4096 byte page-size, this flaw may have caused 4096 bytes of uninitialized kernel memory to be written into the eCryptfs file headers, leading to an information leak. Note: Encrypted files created on systems running the vulnerable version of eCryptfs may contain leaked data in the eCryptfs file headers. This update does not remove any leaked data. Refer to the Knowledgebase article in the References section for further information. (CVE-2009-0787, Moderate)\n\n* the Linux kernel implementation of the Network File System (NFS) did not properly initialize the file name limit in the nfs_server data structure. This flaw could possibly lead to a denial of service on a client mounting an NFS share. (CVE-2009-1336, Moderate)\n\nThis update also fixes the following bugs :\n\n* the enic driver (Cisco 10G Ethernet) did not operate under virtualization. (BZ#472474)\n\n* network interfaces using the IBM eHEA Ethernet device driver could not be successfully configured under low-memory conditions.\n(BZ#487035)\n\n* bonding with the 'arp_validate=3' option may have prevented fail overs. (BZ#488064)\n\n* when running under virtualization, the acpi-cpufreq module wrote 'Domain attempted WRMSR' errors to the dmesg log. (BZ#488928)\n\n* NFS clients may have experienced deadlocks during unmount.\n(BZ#488929)\n\n* the ixgbe driver double counted the number of received bytes and packets. (BZ#489459)\n\n* the Wacom Intuos3 Lens Cursor device did not work correctly with the Wacom Intuos3 12x12 tablet. (BZ#489460)\n\n* on the Itanium(r) architecture, nanosleep() caused commands which used it, such as sleep and usleep, to sleep for one second more than expected. (BZ#490434)\n\n* a panic and corruption of slab cache data structures occurred on 64-bit PowerPC systems when clvmd was running. (BZ#491677)\n\n* the NONSTOP_TSC feature did not perform correctly on the Intel(r) microarchitecture (Nehalem) when running in 32-bit mode. (BZ#493356)\n\n* keyboards may not have functioned on IBM eServer System p machines after a certain point during installation or afterward. (BZ#494293)\n\n* using Device Mapper Multipathing with the qla2xxx driver resulted in frequent path failures. (BZ#495635)\n\n* if the hypervisor was booted with the dom0_max_vcpus parameter set to less than the actual number of CPUs in the system, and the cpuspeed service was started, the hypervisor could crash. (BZ#495931)\n\n* using Openswan to provide an IPsec virtual private network eventually resulted in a CPU soft lockup and a system crash.\n(BZ#496044)\n\n* it was possible for posix_locks_deadlock() to enter an infinite loop (under the BKL), causing a system hang. (BZ#496842)\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : kernel (ELSA-2009-0473)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4307", "CVE-2009-0787", "CVE-2009-0834", "CVE-2009-1336", "CVE-2009-1337"], "modified": "2021-08-24T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-PAE", "p-cpe:/a:oracle:linux:kernel-PAE-devel", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-doc", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-xen", "p-cpe:/a:oracle:linux:kernel-xen-devel", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2009-0473.NASL", "href": "https://www.tenable.com/plugins/nessus/67854", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2009:0473 and \n# Oracle Linux Security Advisory ELSA-2009-0473 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67854);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/24\");\n\n script_cve_id(\"CVE-2008-4307\", \"CVE-2009-0787\", \"CVE-2009-0834\", \"CVE-2009-1336\", \"CVE-2009-1337\");\n script_bugtraq_id(33951, 34405);\n script_xref(name:\"RHSA\", value:\"2009:0473\");\n\n script_name(english:\"Oracle Linux 5 : kernel (ELSA-2009-0473)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2009:0473 :\n\nUpdated kernel packages that fix several security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* a logic error was found in the do_setlk() function of the Linux\nkernel Network File System (NFS) implementation. If a signal\ninterrupted a lock request, the local POSIX lock was incorrectly\ncreated. This could cause a denial of service on the NFS server if a\nfile descriptor was closed before its corresponding lock request\nreturned. (CVE-2008-4307, Important)\n\n* a deficiency was found in the Linux kernel system call auditing\nimplementation on 64-bit systems. This could allow a local,\nunprivileged user to circumvent a system call audit configuration, if\nthat configuration filtered based on the 'syscall' number or\narguments. (CVE-2009-0834, Important)\n\n* the exit_notify() function in the Linux kernel did not properly\nreset the exit signal if a process executed a set user ID (setuid)\napplication before exiting. This could allow a local, unprivileged\nuser to elevate their privileges. (CVE-2009-1337, Important)\n\n* a flaw was found in the ecryptfs_write_metadata_to_contents()\nfunction of the Linux kernel eCryptfs implementation. On systems with\na 4096 byte page-size, this flaw may have caused 4096 bytes of\nuninitialized kernel memory to be written into the eCryptfs file\nheaders, leading to an information leak. Note: Encrypted files created\non systems running the vulnerable version of eCryptfs may contain\nleaked data in the eCryptfs file headers. This update does not remove\nany leaked data. Refer to the Knowledgebase article in the References\nsection for further information. (CVE-2009-0787, Moderate)\n\n* the Linux kernel implementation of the Network File System (NFS) did\nnot properly initialize the file name limit in the nfs_server data\nstructure. This flaw could possibly lead to a denial of service on a\nclient mounting an NFS share. (CVE-2009-1336, Moderate)\n\nThis update also fixes the following bugs :\n\n* the enic driver (Cisco 10G Ethernet) did not operate under\nvirtualization. (BZ#472474)\n\n* network interfaces using the IBM eHEA Ethernet device driver could\nnot be successfully configured under low-memory conditions.\n(BZ#487035)\n\n* bonding with the 'arp_validate=3' option may have prevented fail\novers. (BZ#488064)\n\n* when running under virtualization, the acpi-cpufreq module wrote\n'Domain attempted WRMSR' errors to the dmesg log. (BZ#488928)\n\n* NFS clients may have experienced deadlocks during unmount.\n(BZ#488929)\n\n* the ixgbe driver double counted the number of received bytes and\npackets. (BZ#489459)\n\n* the Wacom Intuos3 Lens Cursor device did not work correctly with the\nWacom Intuos3 12x12 tablet. (BZ#489460)\n\n* on the Itanium(r) architecture, nanosleep() caused commands which\nused it, such as sleep and usleep, to sleep for one second more than\nexpected. (BZ#490434)\n\n* a panic and corruption of slab cache data structures occurred on\n64-bit PowerPC systems when clvmd was running. (BZ#491677)\n\n* the NONSTOP_TSC feature did not perform correctly on the Intel(r)\nmicroarchitecture (Nehalem) when running in 32-bit mode. (BZ#493356)\n\n* keyboards may not have functioned on IBM eServer System p machines\nafter a certain point during installation or afterward. (BZ#494293)\n\n* using Device Mapper Multipathing with the qla2xxx driver resulted in\nfrequent path failures. (BZ#495635)\n\n* if the hypervisor was booted with the dom0_max_vcpus parameter set\nto less than the actual number of CPUs in the system, and the cpuspeed\nservice was started, the hypervisor could crash. (BZ#495931)\n\n* using Openswan to provide an IPsec virtual private network\neventually resulted in a CPU soft lockup and a system crash.\n(BZ#496044)\n\n* it was possible for posix_locks_deadlock() to enter an infinite loop\n(under the BKL), causing a system hang. (BZ#496842)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-May/001000.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 189, 264, 362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n cve_list = make_list(\"CVE-2008-4307\", \"CVE-2009-0787\", \"CVE-2009-0834\", \"CVE-2009-1336\", \"CVE-2009-1337\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2009-0473\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-2.6.18-128.1.10.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-PAE-2.6.18\") && rpm_check(release:\"EL5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-128.1.10.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-PAE-devel-2.6.18\") && rpm_check(release:\"EL5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-128.1.10.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-debug-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-debug-2.6.18-128.1.10.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-debug-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-debug-devel-2.6.18-128.1.10.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-devel-2.6.18-128.1.10.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-doc-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-doc-2.6.18-128.1.10.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-headers-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-headers-2.6.18-128.1.10.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-xen-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-xen-2.6.18-128.1.10.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-xen-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-xen-devel-2.6.18-128.1.10.0.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-01-11T14:26:59", "description": "This update fixes the following security issues :\n\n - a logic error was found in the do_setlk() function of the Linux kernel Network File System (NFS) implementation. If a signal interrupted a lock request, the local POSIX lock was incorrectly created. This could cause a denial of service on the NFS server if a file descriptor was closed before its corresponding lock request returned. (CVE-2008-4307, Important)\n\n - a deficiency was found in the Linux kernel system call auditing implementation on 64-bit systems. This could allow a local, unprivileged user to circumvent a system call audit configuration, if that configuration filtered based on the 'syscall' number or arguments.\n (CVE-2009-0834, Important)\n\n - the exit_notify() function in the Linux kernel did not properly reset the exit signal if a process executed a set user ID (setuid) application before exiting. This could allow a local, unprivileged user to elevate their privileges. (CVE-2009-1337, Important)\n\n - a flaw was found in the ecryptfs_write_metadata_to_contents() function of the Linux kernel eCryptfs implementation. On systems with a 4096 byte page-size, this flaw may have caused 4096 bytes of uninitialized kernel memory to be written into the eCryptfs file headers, leading to an information leak. Note: Encrypted files created on systems running the vulnerable version of eCryptfs may contain leaked data in the eCryptfs file headers. This update does not remove any leaked data. Refer to the Knowledgebase article in the References section for further information. (CVE-2009-0787, Moderate)\n\n - the Linux kernel implementation of the Network File System (NFS) did not properly initialize the file name limit in the nfs_server data structure. This flaw could possibly lead to a denial of service on a client mounting an NFS share. (CVE-2009-1336, Moderate)\n\nThis update also fixes the following bugs :\n\n - the enic driver (Cisco 10G Ethernet) did not operate under virtualization. (BZ#472474)\n\n - network interfaces using the IBM eHEA Ethernet device driver could not be successfully configured under low-memory conditions. (BZ#487035)\n\n - bonding with the 'arp_validate=3' option may have prevented fail overs. (BZ#488064)\n\n - when running under virtualization, the acpi-cpufreq module wrote 'Domain attempted WRMSR' errors to the dmesg log. (BZ#488928)\n\n - NFS clients may have experienced deadlocks during unmount. (BZ#488929)\n\n - the ixgbe driver double counted the number of received bytes and packets. (BZ#489459)\n\n - the Wacom Intuos3 Lens Cursor device did not work correctly with the Wacom Intuos3 12x12 tablet.\n (BZ#489460)\n\n - on the Itanium® architecture, nanosleep() caused commands which used it, such as sleep and usleep, to sleep for one second more than expected. (BZ#490434)\n\n - a panic and corruption of slab cache data structures occurred on 64-bit PowerPC systems when clvmd was running. (BZ#491677)\n\n - the NONSTOP_TSC feature did not perform correctly on the Intel® microarchitecture (Nehalem) when running in 32-bit mode. (BZ#493356)\n\n - keyboards may not have functioned on IBM eServer System p machines after a certain point during installation or afterward. (BZ#494293)\n\n - using Device Mapper Multipathing with the qla2xxx driver resulted in frequent path failures. (BZ#495635)\n\n - if the hypervisor was booted with the dom0_max_vcpus parameter set to less than the actual number of CPUs in the system, and the cpuspeed service was started, the hypervisor could crash. (BZ#495931)\n\n - using Openswan to provide an IPsec virtual private network eventually resulted in a CPU soft lockup and a system crash. (BZ#496044)\n\n - it was possible for posix_locks_deadlock() to enter an infinite loop (under the BKL), causing a system hang.\n (BZ#496842)\n\nThe system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4307", "CVE-2009-0787", "CVE-2009-0834", "CVE-2009-1336", "CVE-2009-1337"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20090507_KERNEL_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60581", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60581);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-4307\", \"CVE-2009-0787\", \"CVE-2009-0834\", \"CVE-2009-1336\", \"CVE-2009-1337\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issues :\n\n - a logic error was found in the do_setlk() function of\n the Linux kernel Network File System (NFS)\n implementation. If a signal interrupted a lock request,\n the local POSIX lock was incorrectly created. This could\n cause a denial of service on the NFS server if a file\n descriptor was closed before its corresponding lock\n request returned. (CVE-2008-4307, Important)\n\n - a deficiency was found in the Linux kernel system call\n auditing implementation on 64-bit systems. This could\n allow a local, unprivileged user to circumvent a system\n call audit configuration, if that configuration filtered\n based on the 'syscall' number or arguments.\n (CVE-2009-0834, Important)\n\n - the exit_notify() function in the Linux kernel did not\n properly reset the exit signal if a process executed a\n set user ID (setuid) application before exiting. This\n could allow a local, unprivileged user to elevate their\n privileges. (CVE-2009-1337, Important)\n\n - a flaw was found in the\n ecryptfs_write_metadata_to_contents() function of the\n Linux kernel eCryptfs implementation. On systems with a\n 4096 byte page-size, this flaw may have caused 4096\n bytes of uninitialized kernel memory to be written into\n the eCryptfs file headers, leading to an information\n leak. Note: Encrypted files created on systems running\n the vulnerable version of eCryptfs may contain leaked\n data in the eCryptfs file headers. This update does not\n remove any leaked data. Refer to the Knowledgebase\n article in the References section for further\n information. (CVE-2009-0787, Moderate)\n\n - the Linux kernel implementation of the Network File\n System (NFS) did not properly initialize the file name\n limit in the nfs_server data structure. This flaw could\n possibly lead to a denial of service on a client\n mounting an NFS share. (CVE-2009-1336, Moderate)\n\nThis update also fixes the following bugs :\n\n - the enic driver (Cisco 10G Ethernet) did not operate\n under virtualization. (BZ#472474)\n\n - network interfaces using the IBM eHEA Ethernet device\n driver could not be successfully configured under\n low-memory conditions. (BZ#487035)\n\n - bonding with the 'arp_validate=3' option may have\n prevented fail overs. (BZ#488064)\n\n - when running under virtualization, the acpi-cpufreq\n module wrote 'Domain attempted WRMSR' errors to the\n dmesg log. (BZ#488928)\n\n - NFS clients may have experienced deadlocks during\n unmount. (BZ#488929)\n\n - the ixgbe driver double counted the number of received\n bytes and packets. (BZ#489459)\n\n - the Wacom Intuos3 Lens Cursor device did not work\n correctly with the Wacom Intuos3 12x12 tablet.\n (BZ#489460)\n\n - on the Itanium® architecture, nanosleep() caused\n commands which used it, such as sleep and usleep, to\n sleep for one second more than expected. (BZ#490434)\n\n - a panic and corruption of slab cache data structures\n occurred on 64-bit PowerPC systems when clvmd was\n running. (BZ#491677)\n\n - the NONSTOP_TSC feature did not perform correctly on the\n Intel® microarchitecture (Nehalem) when running in\n 32-bit mode. (BZ#493356)\n\n - keyboards may not have functioned on IBM eServer System\n p machines after a certain point during installation or\n afterward. (BZ#494293)\n\n - using Device Mapper Multipathing with the qla2xxx driver\n resulted in frequent path failures. (BZ#495635)\n\n - if the hypervisor was booted with the dom0_max_vcpus\n parameter set to less than the actual number of CPUs in\n the system, and the cpuspeed service was started, the\n hypervisor could crash. (BZ#495931)\n\n - using Openswan to provide an IPsec virtual private\n network eventually resulted in a CPU soft lockup and a\n system crash. (BZ#496044)\n\n - it was possible for posix_locks_deadlock() to enter an\n infinite loop (under the BKL), causing a system hang.\n (BZ#496842)\n\nThe system must be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=472474\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=487035\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=488064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=488928\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=488929\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=489459\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=489460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=490434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=491677\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=493356\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=494293\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=495635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=495931\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=496044\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=496842\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0905&L=scientific-linux-errata&T=0&P=541\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0640b726\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_cwe_id(20, 189, 264, 362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"kernel-2.6.18-128.1.10.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-128.1.10.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-128.1.10.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debug-2.6.18-128.1.10.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debug-devel-2.6.18-128.1.10.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-devel-2.6.18-128.1.10.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-doc-2.6.18-128.1.10.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-headers-2.6.18-128.1.10.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-xen-2.6.18-128.1.10.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-xen-devel-2.6.18-128.1.10.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-01-18T14:40:43", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\nCVE-2008-4307 Race condition in the do_setlk function in fs/nfs/file.c in the Linux kernel before 2.6.26 allows local users to cause a denial of service (crash) via vectors resulting in an interrupted RPC call that leads to a stray FL_POSIX lock, related to improper handling of a race between fcntl and close in the EINTR case.\n\nCVE-2009-1337 The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application.\n\nCVE-2009-0834 The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted syscalls, a related issue to CVE-2009-0342 and CVE-2009-0343.\n\nCVE-2009-1336 fs/nfs/client.c in the Linux kernel before 2.6.23 does not properly initialize a certain structure member that stores the maximum NFS filename length, which allows local users to cause a denial of service (OOPS) via a long filename, related to the encode_lookup function.\n\n - CVE-2008-4307 -[nfs] remove bogus lock-if-signalled case (Bryn M. Reeves) [456287 456288]\n\n - CVE-2009-1337 - [misc] exit_notify: kill the wrong capable check \n\n - CVE-2009-0834 - [ptrace] audit_syscall_entry to use right syscall number (Jiri Pirko) [488001 488002]\n\n - CVE-2009-1336 - [nfs] v4: client crash on file lookup with long names (Sachin S. Prabhu) [494078 493942]", "cvss3": {}, "published": "2014-11-26T00:00:00", "type": "nessus", "title": "OracleVM 2.1 : kernel (OVMSA-2009-0009)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4307", "CVE-2009-0342", "CVE-2009-0343", "CVE-2009-0834", "CVE-2009-1336", "CVE-2009-1337"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-BOOT", "p-cpe:/a:oracle:vm:kernel-BOOT-devel", "p-cpe:/a:oracle:vm:kernel-kdump", "p-cpe:/a:oracle:vm:kernel-kdump-devel", "p-cpe:/a:oracle:vm:kernel-ovs", "p-cpe:/a:oracle:vm:kernel-ovs-devel", "cpe:/o:oracle:vm_server:2.1"], "id": "ORACLEVM_OVMSA-2009-0009.NASL", "href": "https://www.tenable.com/plugins/nessus/79456", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2009-0009.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79456);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-4307\", \"CVE-2009-0342\", \"CVE-2009-0343\", \"CVE-2009-0834\", \"CVE-2009-1336\", \"CVE-2009-1337\");\n script_bugtraq_id(33417, 33951, 34405);\n\n script_name(english:\"OracleVM 2.1 : kernel (OVMSA-2009-0009)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\nCVE-2008-4307 Race condition in the do_setlk function in fs/nfs/file.c\nin the Linux kernel before 2.6.26 allows local users to cause a denial\nof service (crash) via vectors resulting in an interrupted RPC call\nthat leads to a stray FL_POSIX lock, related to improper handling of a\nrace between fcntl and close in the EINTR case.\n\nCVE-2009-1337 The exit_notify function in kernel/exit.c in the Linux\nkernel before 2.6.30-rc1 does not restrict exit signals when the\nCAP_KILL capability is held, which allows local users to send an\narbitrary signal to a process by running a program that modifies the\nexit_signal field and then uses an exec system call to launch a setuid\napplication.\n\nCVE-2009-0834 The audit_syscall_entry function in the Linux kernel\n2.6.28.7 and earlier on the x86_64 platform does not properly handle\n(1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process\nmaking a 32-bit syscall, which allows local users to bypass certain\nsyscall audit configurations via crafted syscalls, a related issue to\nCVE-2009-0342 and CVE-2009-0343.\n\nCVE-2009-1336 fs/nfs/client.c in the Linux kernel before 2.6.23 does\nnot properly initialize a certain structure member that stores the\nmaximum NFS filename length, which allows local users to cause a\ndenial of service (OOPS) via a long filename, related to the\nencode_lookup function.\n\n - CVE-2008-4307 -[nfs] remove bogus lock-if-signalled case\n (Bryn M. Reeves) [456287 456288]\n\n - CVE-2009-1337 - [misc] exit_notify: kill the wrong\n capable check \n\n - CVE-2009-0834 - [ptrace] audit_syscall_entry to use\n right syscall number (Jiri Pirko) [488001 488002]\n\n - CVE-2009-1336 - [nfs] v4: client crash on file lookup\n with long names (Sachin S. Prabhu) [494078 493942]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2009-May/000023.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 264, 362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-BOOT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-BOOT-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-ovs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-ovs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:2.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"2\\.1\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 2.1\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS2.1\", reference:\"kernel-BOOT-2.6.18-8.1.15.1.32.el5\")) flag++;\nif (rpm_check(release:\"OVS2.1\", reference:\"kernel-BOOT-devel-2.6.18-8.1.15.1.32.el5\")) flag++;\nif (rpm_check(release:\"OVS2.1\", reference:\"kernel-kdump-2.6.18-8.1.15.1.32.el5\")) flag++;\nif (rpm_check(release:\"OVS2.1\", reference:\"kernel-kdump-devel-2.6.18-8.1.15.1.32.el5\")) flag++;\nif (rpm_check(release:\"OVS2.1\", reference:\"kernel-ovs-2.6.18-8.1.15.1.32.el5\")) flag++;\nif (rpm_check(release:\"OVS2.1\", reference:\"kernel-ovs-devel-2.6.18-8.1.15.1.32.el5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-BOOT / kernel-BOOT-devel / kernel-kdump / kernel-kdump-devel / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:54:18", "description": "NFS did not correctly handle races between fcntl and interrupts. A local attacker on an NFS mount could consume unlimited kernel memory, leading to a denial of service. (CVE-2008-4307)\n\nSparc syscalls did not correctly check mmap regions. A local attacker could cause a system panic, leading to a denial of service.\n(CVE-2008-6107)\n\nIn certain situations, cloned processes were able to send signals to parent processes, crossing privilege boundaries. A local attacker could send arbitrary signals to parent processes, leading to a denial of service. (CVE-2009-0028)\n\nThe 64-bit syscall interfaces did not correctly handle sign extension.\nA local attacker could make malicious syscalls, possibly gaining root privileges. The x86_64 architecture was not affected. (CVE-2009-0029)\n\nThe SCTP stack did not correctly validate FORWARD-TSN packets. A remote attacker could send specially crafted SCTP traffic causing a system crash, leading to a denial of service. (CVE-2009-0065)\n\nThe Dell platform device did not correctly validate user parameters. A local attacker could perform specially crafted reads to crash the system, leading to a denial of service. (CVE-2009-0322)\n\nNetwork interfaces statistics for the SysKonnect FDDI driver did not check capabilities. A local user could reset statistics, potentially interfering with packet accounting systems. (CVE-2009-0675)\n\nThe getsockopt function did not correctly clear certain parameters. A local attacker could read leaked kernel memory, leading to a loss of privacy. (CVE-2009-0676)\n\nThe syscall interface did not correctly validate parameters when crossing the 64-bit/32-bit boundary. A local attacker could bypass certain syscall restricts via crafted syscalls. (CVE-2009-0834, CVE-2009-0835)\n\nThe shared memory subsystem did not correctly handle certain shmctl calls when CONFIG_SHMEM was disabled. Ubuntu kernels were not vulnerable, since CONFIG_SHMEM is enabled by default. (CVE-2009-0859).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2009-04-23T00:00:00", "type": "nessus", "title": "Ubuntu 6.06 LTS : linux-source-2.6.15 vulnerabilities (USN-752-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4307", "CVE-2008-6107", "CVE-2009-0028", "CVE-2009-0029", "CVE-2009-0065", "CVE-2009-0322", "CVE-2009-0675", "CVE-2009-0676", "CVE-2009-0834", "CVE-2009-0835", "CVE-2009-0859"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:avm-fritz-firmware", "p-cpe:/a:canonical:ubuntu_linux:avm-fritz-firmware-2.6.15-54", "p-cpe:/a:canonical:ubuntu_linux:avm-fritz-kernel-source", "p-cpe:/a:canonical:ubuntu_linux:fglrx-control", "p-cpe:/a:canonical:ubuntu_linux:fglrx-kernel-source", "p-cpe:/a:canonical:ubuntu_linux:linux", "p-cpe:/a:canonical:ubuntu_linux:linux-386", "p-cpe:/a:canonical:ubuntu_linux:linux-686", "p-cpe:/a:canonical:ubuntu_linux:linux-686-smp", "p-cpe:/a:canonical:ubuntu_linux:linux-amd64-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-amd64-k8", "p-cpe:/a:canonical:ubuntu_linux:linux-amd64-k8-smp", "p-cpe:/a:canonical:ubuntu_linux:linux-amd64-server", "p-cpe:/a:canonical:ubuntu_linux:linux-amd64-xeon", "p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-2.6-686", "p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-2.6-amd64-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-2.6-amd64-k8", "p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-2.6-amd64-server", "p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-2.6-amd64-xeon", "p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-386", "p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-686", "p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-amd64-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-amd64-k8", "p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-amd64-server", "p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-amd64-xeon", "p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-server", "p-cpe:/a:canonical:ubuntu_linux:linux-doc", "p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.15", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-686", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-k8", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-server", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-xeon", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-386", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-686", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-amd64-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-amd64-k8", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-amd64-server", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-amd64-xeon", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-xeon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-386", "p-cpe:/a:canonical:ubuntu_linux:linux-image-686", "p-cpe:/a:canonical:ubuntu_linux:linux-image-amd64-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-amd64-k8", "p-cpe:/a:canonical:ubuntu_linux:linux-image-amd64-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-amd64-xeon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-server", "p-cpe:/a:canonical:ubuntu_linux:linux-kernel-devel", "p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-686", "p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-k8", "p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-xeon", "p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-386", "p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-686", "p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-amd64-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-amd64-k8", "p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-amd64-xeon", "p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-common", "p-cpe:/a:canonical:ubuntu_linux:linux-server", "p-cpe:/a:canonical:ubuntu_linux:linux-source", "p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.15", "p-cpe:/a:canonical:ubuntu_linux:nvidia-glx", "p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-dev", "p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-legacy", "p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-legacy-dev", "p-cpe:/a:canonical:ubuntu_linux:nvidia-kernel-source", "p-cpe:/a:canonical:ubuntu_linux:nvidia-legacy-kernel-source", "p-cpe:/a:canonical:ubuntu_linux:xorg-driver-fglrx", "p-cpe:/a:canonical:ubuntu_linux:xorg-driver-fglrx-dev", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-752-1.NASL", "href": "https://www.tenable.com/plugins/nessus/36418", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-752-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36418);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2008-4307\", \"CVE-2008-6107\", \"CVE-2009-0028\", \"CVE-2009-0029\", \"CVE-2009-0065\", \"CVE-2009-0322\", \"CVE-2009-0675\", \"CVE-2009-0676\", \"CVE-2009-0834\", \"CVE-2009-0835\", \"CVE-2009-0859\");\n script_bugtraq_id(33113, 33846, 33948, 33951, 34020);\n script_xref(name:\"USN\", value:\"752-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS : linux-source-2.6.15 vulnerabilities (USN-752-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"NFS did not correctly handle races between fcntl and interrupts. A\nlocal attacker on an NFS mount could consume unlimited kernel memory,\nleading to a denial of service. (CVE-2008-4307)\n\nSparc syscalls did not correctly check mmap regions. A local attacker\ncould cause a system panic, leading to a denial of service.\n(CVE-2008-6107)\n\nIn certain situations, cloned processes were able to send signals to\nparent processes, crossing privilege boundaries. A local attacker\ncould send arbitrary signals to parent processes, leading to a denial\nof service. (CVE-2009-0028)\n\nThe 64-bit syscall interfaces did not correctly handle sign extension.\nA local attacker could make malicious syscalls, possibly gaining root\nprivileges. The x86_64 architecture was not affected. (CVE-2009-0029)\n\nThe SCTP stack did not correctly validate FORWARD-TSN packets. A\nremote attacker could send specially crafted SCTP traffic causing a\nsystem crash, leading to a denial of service. (CVE-2009-0065)\n\nThe Dell platform device did not correctly validate user parameters. A\nlocal attacker could perform specially crafted reads to crash the\nsystem, leading to a denial of service. (CVE-2009-0322)\n\nNetwork interfaces statistics for the SysKonnect FDDI driver did not\ncheck capabilities. A local user could reset statistics, potentially\ninterfering with packet accounting systems. (CVE-2009-0675)\n\nThe getsockopt function did not correctly clear certain parameters. A\nlocal attacker could read leaked kernel memory, leading to a loss of\nprivacy. (CVE-2009-0676)\n\nThe syscall interface did not correctly validate parameters when\ncrossing the 64-bit/32-bit boundary. A local attacker could bypass\ncertain syscall restricts via crafted syscalls. (CVE-2009-0834,\nCVE-2009-0835)\n\nThe shared memory subsystem did not correctly handle certain shmctl\ncalls when CONFIG_SHMEM was disabled. Ubuntu kernels were not\nvulnerable, since CONFIG_SHMEM is enabled by default. (CVE-2009-0859).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/752-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 189, 264, 362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:avm-fritz-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:avm-fritz-firmware-2.6.15-54\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:avm-fritz-kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:fglrx-control\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:fglrx-kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-686-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-amd64-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-amd64-k8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-amd64-k8-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-amd64-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-amd64-xeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-2.6-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-2.6-amd64-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-2.6-amd64-k8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-2.6-amd64-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-2.6-amd64-xeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-amd64-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-amd64-k8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-amd64-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-amd64-xeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-k8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-xeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-amd64-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-amd64-k8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-amd64-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-amd64-xeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-xeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-amd64-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-amd64-k8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-amd64-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-amd64-xeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-k8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-xeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-amd64-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-amd64-k8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-amd64-xeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-legacy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-legacy-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nvidia-kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nvidia-legacy-kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xorg-driver-fglrx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xorg-driver-fglrx-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2021 Canonical, Inc. / NASL script (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2008-4307\", \"CVE-2008-6107\", \"CVE-2009-0028\", \"CVE-2009-0029\", \"CVE-2009-0065\", \"CVE-2009-0322\", \"CVE-2009-0675\", \"CVE-2009-0676\", \"CVE-2009-0834\", \"CVE-2009-0835\", \"CVE-2009-0859\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-752-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"avm-fritz-firmware\", pkgver:\"2.6.15.55\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"avm-fritz-firmware-2.6.15-54\", pkgver:\"3.11+2.6.15.12-54.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"avm-fritz-kernel-source\", pkgver:\"3.11+2.6.15.12-54.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"fglrx-control\", pkgver:\"8.25.18+2.6.15.12-54.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"fglrx-kernel-source\", pkgver:\"8.25.18+2.6.15.12-54.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux\", pkgver:\"2.6.15.55\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-386\", pkgver:\"2.6.15.55\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-686\", pkgver:\"2.6.15.55\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-686-smp\", pkgver:\"2.6.15.55\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-amd64-generic\", pkgver:\"2.6.15.55\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-amd64-k8\", pkgver:\"2.6.15.55\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-amd64-k8-smp\", pkgver:\"2.6.15.55\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-amd64-server\", pkgver:\"2.6.15.55\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-amd64-xeon\", pkgver:\"2.6.15.55\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-backports-modules-2.6.15-54-386\", pkgver:\"2.6.15-54.12\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-backports-modules-2.6.15-54-686\", pkgver:\"2.6.15-54.12\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-backports-modules-2.6.15-54-amd64-generic\", pkgver:\"2.6.15-54.12\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-backports-modules-2.6.15-54-amd64-k8\", pkgver:\"2.6.15-54.12\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-backports-modules-2.6.15-54-amd64-server\", pkgver:\"2.6.15-54.12\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-backports-modules-2.6.15-54-amd64-xeon\", pkgver:\"2.6.15-54.12\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-backports-modules-2.6.15-54-server\", pkgver:\"2.6.15-54.12\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-backports-modules-386\", pkgver:\"2.6.15.55\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-backports-modules-686\", pkgver:\"2.6.15.55\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-backports-modules-amd64-generic\", pkgver:\"2.6.15.55\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-backports-modules-amd64-k8\", pkgver:\"2.6.15.55\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-backports-modules-amd64-server\", pkgver:\"2.6.15.55\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-backports-modules-amd64-xeon\", pkgver:\"2.6.15.55\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-backports-modules-server\", pkgver:\"2.6.15.55\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-doc\", pkgver:\"2.6.15.55\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-doc-2.6.15\", pkgver:\"2.6.15-54.76\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-54\", pkgver:\"2.6.15-54.76\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-54-386\", pkgver:\"2.6.15-54.76\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-54-686\", pkgver:\"2.6.15-54.76\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-54-amd64-generic\", pkgver:\"2.6.15-54.76\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-54-amd64-k8\", pkgver:\"2.6.15-54.76\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-54-amd64-server\", pkgver:\"2.6.15-54.76\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-54-amd64-xeon\", pkgver:\"2.6.15-54.76\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-54-server\", pkgver:\"2.6.15-54.76\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-386\", pkgver:\"2.6.15.55\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-686\", pkgver:\"2.6.15.55\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-amd64-generic\", pkgver:\"2.6.15.55\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-amd64-k8\", pkgver:\"2.6.15.55\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-amd64-server\", pkgver:\"2.6.15.55\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-amd64-xeon\", pkgver:\"2.6.15.55\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-server\", pkgver:\"2.6.15.55\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-54-386\", pkgver:\"2.6.15-54.76\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-54-686\", pkgver:\"2.6.15-54.76\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-54-amd64-generic\", pkgver:\"2.6.15-54.76\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-54-amd64-k8\", pkgver:\"2.6.15-54.76\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-54-amd64-server\", pkgver:\"2.6.15-54.76\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-54-amd64-xeon\", pkgver:\"2.6.15-54.76\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-54-server\", pkgver:\"2.6.15-54.76\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-386\", pkgver:\"2.6.15.55\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-686\", pkgver:\"2.6.15.55\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-amd64-generic\", pkgver:\"2.6.15.55\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-amd64-k8\", pkgver:\"2.6.15.55\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-amd64-server\", pkgver:\"2.6.15.55\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-amd64-xeon\", pkgver:\"2.6.15.55\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-server\", pkgver:\"2.6.15.55\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-kernel-devel\", pkgver:\"2.6.15-54.76\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-restricted-modules-2.6.15-54-386\", pkgver:\"2.6.15.12-54.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-restricted-modules-2.6.15-54-686\", pkgver:\"2.6.15.12-54.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-restricted-modules-2.6.15-54-amd64-generic\", pkgver:\"2.6.15.12-54.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-restricted-modules-2.6.15-54-amd64-k8\", pkgver:\"2.6.15.12-54.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-restricted-modules-2.6.15-54-amd64-xeon\", pkgver:\"2.6.15.12-54.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-restricted-modules-386\", pkgver:\"2.6.15.55\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-restricted-modules-686\", pkgver:\"2.6.15.55\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-restricted-modules-amd64-generic\", pkgver:\"2.6.15.55\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-restricted-modules-amd64-k8\", pkgver:\"2.6.15.55\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-restricted-modules-amd64-xeon\", pkgver:\"2.6.15.55\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-restricted-modules-common\", pkgver:\"2.6.15.12-54.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-server\", pkgver:\"2.6.15.55\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-source\", pkgver:\"2.6.15.55\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-source-2.6.15\", pkgver:\"2.6.15-54.76\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"nvidia-glx\", pkgver:\"1.0.8776+2.6.15.12-54.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"nvidia-glx-dev\", pkgver:\"1.0.8776+2.6.15.12-54.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"nvidia-glx-legacy\", pkgver:\"1.0.7174+2.6.15.12-54.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"nvidia-glx-legacy-dev\", pkgver:\"1.0.7174+2.6.15.12-54.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"nvidia-kernel-source\", pkgver:\"1.0.8776+2.6.15.12-54.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"nvidia-legacy-kernel-source\", pkgver:\"1.0.7174+2.6.15.12-54.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"xorg-driver-fglrx\", pkgver:\"7.0.0-8.25.18+2.6.15.12-54.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"xorg-driver-fglrx-dev\", pkgver:\"7.0.0-8.25.18+2.6.15.12-54.5\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"avm-fritz-firmware / avm-fritz-firmware-2.6.15-54 / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:57:50", "description": "NFS did not correctly handle races between fcntl and interrupts. A local attacker on an NFS mount could consume unlimited kernel memory, leading to a denial of service. Ubuntu 8.10 was not affected.\n(CVE-2008-4307)\n\nSparc syscalls did not correctly check mmap regions. A local attacker could cause a system panic, leading to a denial of service. Ubuntu 8.10 was not affected. (CVE-2008-6107)\n\nIn certain situations, cloned processes were able to send signals to parent processes, crossing privilege boundaries. A local attacker could send arbitrary signals to parent processes, leading to a denial of service. (CVE-2009-0028)\n\nThe kernel keyring did not free memory correctly. A local attacker could consume unlimited kernel memory, leading to a denial of service.\n(CVE-2009-0031)\n\nThe SCTP stack did not correctly validate FORWARD-TSN packets. A remote attacker could send specially crafted SCTP traffic causing a system crash, leading to a denial of service. (CVE-2009-0065)\n\nThe eCryptfs filesystem did not correctly handle certain VFS return codes. A local attacker with write-access to an eCryptfs filesystem could cause a system crash, leading to a denial of service.\n(CVE-2009-0269)\n\nThe Dell platform device did not correctly validate user parameters. A local attacker could perform specially crafted reads to crash the system, leading to a denial of service. (CVE-2009-0322)\n\nThe page fault handler could consume stack memory. A local attacker could exploit this to crash the system or gain root privileges with a Kprobe registered. Only Ubuntu 8.10 was affected. (CVE-2009-0605)\n\nNetwork interfaces statistics for the SysKonnect FDDI driver did not check capabilities. A local user could reset statistics, potentially interfering with packet accounting systems. (CVE-2009-0675)\n\nThe getsockopt function did not correctly clear certain parameters. A local attacker could read leaked kernel memory, leading to a loss of privacy. (CVE-2009-0676)\n\nThe ext4 filesystem did not correctly clear group descriptors when resizing. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2009-0745)\n\nThe ext4 filesystem did not correctly validate certain fields. A local attacker could mount a malicious ext4 filesystem, causing a system crash, leading to a denial of service. (CVE-2009-0746, CVE-2009-0747, CVE-2009-0748)\n\nThe syscall interface did not correctly validate parameters when crossing the 64-bit/32-bit boundary. A local attacker could bypass certain syscall restricts via crafted syscalls. (CVE-2009-0834, CVE-2009-0835)\n\nThe shared memory subsystem did not correctly handle certain shmctl calls when CONFIG_SHMEM was disabled. Ubuntu kernels were not vulnerable, since CONFIG_SHMEM is enabled by default. (CVE-2009-0859)\n\nThe virtual consoles did not correctly handle certain UTF-8 sequences.\nA local attacker on the physical console could exploit this to cause a system crash, leading to a denial of service. (CVE-2009-1046).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2009-04-23T00:00:00", "type": "nessus", "title": "Ubuntu 7.10 / 8.04 LTS / 8.10 : linux, linux-source-2.6.22 vulnerabilities (USN-751-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4307", "CVE-2008-6107", "CVE-2009-0028", "CVE-2009-0031", "CVE-2009-0065", "CVE-2009-0269", "CVE-2009-0322", "CVE-2009-0605", "CVE-2009-0675", "CVE-2009-0676", "CVE-2009-0745", "CVE-2009-0746", "CVE-2009-0747", "CVE-2009-0748", "CVE-2009-0834", "CVE-2009-0835", "CVE-2009-0859", "CVE-2009-1046"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.22", "p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.24", "p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.27", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-openvz", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-rt", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-ume", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-xen", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-cell", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpiacompat", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-openvz", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-rt", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ume", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-xen", "p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-kernel-devel", "p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev", "p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.22", "p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.24", "p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.27", "cpe:/o:canonical:ubuntu_linux:7.10", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:8.10"], "id": "UBUNTU_USN-751-1.NASL", "href": "https://www.tenable.com/plugins/nessus/37337", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-751-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37337);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2008-4307\", \"CVE-2008-6107\", \"CVE-2009-0028\", \"CVE-2009-0031\", \"CVE-2009-0065\", \"CVE-2009-0269\", \"CVE-2009-0322\", \"CVE-2009-0605\", \"CVE-2009-0675\", \"CVE-2009-0676\", \"CVE-2009-0745\", \"CVE-2009-0746\", \"CVE-2009-0747\", \"CVE-2009-0748\", \"CVE-2009-0834\", \"CVE-2009-0835\", \"CVE-2009-0859\", \"CVE-2009-1046\");\n script_bugtraq_id(33113, 33672, 33846, 33948, 33951, 34020);\n script_xref(name:\"USN\", value:\"751-1\");\n\n script_name(english:\"Ubuntu 7.10 / 8.04 LTS / 8.10 : linux, linux-source-2.6.22 vulnerabilities (USN-751-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"NFS did not correctly handle races between fcntl and interrupts. A\nlocal attacker on an NFS mount could consume unlimited kernel memory,\nleading to a denial of service. Ubuntu 8.10 was not affected.\n(CVE-2008-4307)\n\nSparc syscalls did not correctly check mmap regions. A local attacker\ncould cause a system panic, leading to a denial of service. Ubuntu\n8.10 was not affected. (CVE-2008-6107)\n\nIn certain situations, cloned processes were able to send signals to\nparent processes, crossing privilege boundaries. A local attacker\ncould send arbitrary signals to parent processes, leading to a denial\nof service. (CVE-2009-0028)\n\nThe kernel keyring did not free memory correctly. A local attacker\ncould consume unlimited kernel memory, leading to a denial of service.\n(CVE-2009-0031)\n\nThe SCTP stack did not correctly validate FORWARD-TSN packets. A\nremote attacker could send specially crafted SCTP traffic causing a\nsystem crash, leading to a denial of service. (CVE-2009-0065)\n\nThe eCryptfs filesystem did not correctly handle certain VFS return\ncodes. A local attacker with write-access to an eCryptfs filesystem\ncould cause a system crash, leading to a denial of service.\n(CVE-2009-0269)\n\nThe Dell platform device did not correctly validate user parameters. A\nlocal attacker could perform specially crafted reads to crash the\nsystem, leading to a denial of service. (CVE-2009-0322)\n\nThe page fault handler could consume stack memory. A local attacker\ncould exploit this to crash the system or gain root privileges with a\nKprobe registered. Only Ubuntu 8.10 was affected. (CVE-2009-0605)\n\nNetwork interfaces statistics for the SysKonnect FDDI driver did not\ncheck capabilities. A local user could reset statistics, potentially\ninterfering with packet accounting systems. (CVE-2009-0675)\n\nThe getsockopt function did not correctly clear certain parameters. A\nlocal attacker could read leaked kernel memory, leading to a loss of\nprivacy. (CVE-2009-0676)\n\nThe ext4 filesystem did not correctly clear group descriptors when\nresizing. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2009-0745)\n\nThe ext4 filesystem did not correctly validate certain fields. A local\nattacker could mount a malicious ext4 filesystem, causing a system\ncrash, leading to a denial of service. (CVE-2009-0746, CVE-2009-0747,\nCVE-2009-0748)\n\nThe syscall interface did not correctly validate parameters when\ncrossing the 64-bit/32-bit boundary. A local attacker could bypass\ncertain syscall restricts via crafted syscalls. (CVE-2009-0834,\nCVE-2009-0835)\n\nThe shared memory subsystem did not correctly handle certain shmctl\ncalls when CONFIG_SHMEM was disabled. Ubuntu kernels were not\nvulnerable, since CONFIG_SHMEM is enabled by default. (CVE-2009-0859)\n\nThe virtual consoles did not correctly handle certain UTF-8 sequences.\nA local attacker on the physical console could exploit this to cause a\nsystem crash, leading to a denial of service. (CVE-2009-1046).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/751-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 189, 264, 362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.27\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-openvz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-ume\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-cell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpiacompat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-openvz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ume\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.27\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2021 Canonical, Inc. / NASL script (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(7\\.10|8\\.04|8\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 7.10 / 8.04 / 8.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2008-4307\", \"CVE-2008-6107\", \"CVE-2009-0028\", \"CVE-2009-0031\", \"CVE-2009-0065\", \"CVE-2009-0269\", \"CVE-2009-0322\", \"CVE-2009-0605\", \"CVE-2009-0675\", \"CVE-2009-0676\", \"CVE-2009-0745\", \"CVE-2009-0746\", \"CVE-2009-0747\", \"CVE-2009-0748\", \"CVE-2009-0834\", \"CVE-2009-0835\", \"CVE-2009-0859\", \"CVE-2009-1046\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-751-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-doc-2.6.22\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-headers-2.6.22-16\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-headers-2.6.22-16-386\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-headers-2.6.22-16-generic\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-headers-2.6.22-16-rt\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-headers-2.6.22-16-server\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-headers-2.6.22-16-ume\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-headers-2.6.22-16-virtual\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-headers-2.6.22-16-xen\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-16-386\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-16-cell\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-16-generic\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-16-lpia\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-16-lpiacompat\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-16-rt\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-16-server\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-16-ume\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-16-virtual\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-16-xen\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-debug-2.6.22-16-386\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-debug-2.6.22-16-generic\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-debug-2.6.22-16-server\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-debug-2.6.22-16-virtual\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-kernel-devel\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-libc-dev\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-source-2.6.22\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-doc-2.6.24\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-23\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-23-386\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-23-generic\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-23-openvz\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-23-rt\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-23-server\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-23-virtual\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-23-xen\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-23-386\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-23-generic\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-23-lpia\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-23-lpiacompat\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-23-openvz\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-23-rt\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-23-server\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-23-virtual\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-23-xen\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-debug-2.6.24-23-386\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-debug-2.6.24-23-generic\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-debug-2.6.24-23-server\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-debug-2.6.24-23-virtual\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-kernel-devel\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-libc-dev\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-source-2.6.24\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-doc-2.6.27\", pkgver:\"2.6.27-11.31\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-headers-2.6.27-11\", pkgver:\"2.6.27-11.31\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-headers-2.6.27-11-generic\", pkgver:\"2.6.27-11.31\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-headers-2.6.27-11-server\", pkgver:\"2.6.27-11.31\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-image-2.6.27-11-generic\", pkgver:\"2.6.27-11.31\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-image-2.6.27-11-server\", pkgver:\"2.6.27-11.31\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-image-2.6.27-11-virtual\", pkgver:\"2.6.27-11.31\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-libc-dev\", pkgver:\"2.6.27-11.31\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-source-2.6.27\", pkgver:\"2.6.27-11.31\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-doc-2.6.22 / linux-doc-2.6.24 / linux-doc-2.6.27 / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:01:10", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to denial of service, privilege escalation, or information leak. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2008-4307 Bryn M. Reeves reported a denial of service in the NFS filesystem. Local users can trigger a kernel BUG() due to a race condition in the do_setlk function.\n\n - CVE-2008-5395 Helge Deller discovered a denial of service condition that allows local users on PA-RISC to crash the system by attempting to unwind a stack containing userspace addresses.\n\n - CVE-2008-5701 Vlad Malov reported an issue on 64-bit MIPS where a local user could cause a system crash by crafting a malicious binary which makes o32 syscalls with a number less than 4000.\n\n - CVE-2008-5702 Zvonimir Rakamaric reported an off-by-one error in the ib700wdt watchdog driver which allows local users to cause a buffer underflow by making a specially crafted WDIOC_SETTIMEOUT ioctl call.\n\n - CVE-2008-5713 Flavio Leitner discovered that a local user can cause a denial of service by generating large amounts of traffic on a large SMP system, resulting in soft lockups.\n\n - CVE-2009-0028 Chris Evans discovered a situation in which a child process can send an arbitrary signal to its parent.\n\n - CVE-2009-0029 Christian Borntraeger discovered an issue effecting the alpha, mips, powerpc, s390 and sparc64 architectures that allows local users to cause a denial of service or potentially gain elevated privileges.\n\n - CVE-2009-0031 Vegard Nossum discovered a memory leak in the keyctl subsystem that allows local users to cause a denial of service by consuming all available kernel memory.\n\n - CVE-2009-0065 Wei Yongjun discovered a memory overflow in the SCTP implementation that can be triggered by remote users, permitting remote code execution.\n\n - CVE-2009-0322 Pavel Roskin provided a fix for an issue in the dell_rbu driver that allows a local user to cause a denial of service (oops) by reading 0 bytes from a sysfs entry.\n\n - CVE-2009-0675 Roel Kluin discovered inverted logic in the skfddi driver that permits local, unprivileged users to reset the driver statistics.\n\n - CVE-2009-0676 Clement LECIGNE discovered a bug in the sock_getsockopt function that may result in leaking sensitive kernel memory.\n\n - CVE-2009-0834 Roland McGrath discovered an issue on amd64 kernels that allows local users to circumvent system call audit configurations which filter based on the syscall numbers or argument details.\n\n - CVE-2009-0859 Jiri Olsa discovered that a local user can cause a denial of service (system hang) using a SHM_INFO shmctl call on kernels compiled with CONFIG_SHMEM disabled.\n This issue does not affect prebuilt Debian kernels.\n\n - CVE-2009-1192 Shaohua Li reported an issue in the AGP subsystem that may allow local users to read sensitive kernel memory due to a leak of uninitialized memory.\n\n - CVE-2009-1265 Thomas Pollet reported an overflow in the af_rose implementation that allows remote attackers to retrieve uninitialized kernel memory that may contain sensitive data.\n\n - CVE-2009-1336 Trond Myklebust reported an issue in the encode_lookup() function in the nfs server subsystem that allows local users to cause a denial of service (oops in encode_lookup()) by use of a long filename.\n\n - CVE-2009-1337 Oleg Nesterov discovered an issue in the exit_notify function that allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application.\n\n - CVE-2009-1439 Pavan Naregundi reported an issue in the CIFS filesystem code that allows remote users to overwrite memory via a long nativeFileSystem field in a Tree Connect response during mount.", "cvss3": {}, "published": "2009-05-11T00:00:00", "type": "nessus", "title": "Debian DSA-1794-1 : linux-2.6 - denial of service/privilege escalation/information leak", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4307", "CVE-2008-5395", "CVE-2008-5701", "CVE-2008-5702", "CVE-2008-5713", "CVE-2009-0028", "CVE-2009-0029", "CVE-2009-0031", "CVE-2009-0065", "CVE-2009-0322", "CVE-2009-0675", "CVE-2009-0676", "CVE-2009-0834", "CVE-2009-0859", "CVE-2009-1192", "CVE-2009-1265", "CVE-2009-1336", "CVE-2009-1337", "CVE-2009-1439"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-2.6", "cpe:/o:debian:debian_linux:4.0"], "id": "DEBIAN_DSA-1794.NASL", "href": "https://www.tenable.com/plugins/nessus/38722", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1794. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(38722);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-4307\", \"CVE-2008-5395\", \"CVE-2008-5701\", \"CVE-2008-5702\", \"CVE-2008-5713\", \"CVE-2009-0028\", \"CVE-2009-0029\", \"CVE-2009-0031\", \"CVE-2009-0065\", \"CVE-2009-0322\", \"CVE-2009-0675\", \"CVE-2009-0676\", \"CVE-2009-0834\", \"CVE-2009-0859\", \"CVE-2009-1192\", \"CVE-2009-1265\", \"CVE-2009-1336\", \"CVE-2009-1337\", \"CVE-2009-1439\");\n script_bugtraq_id(33113, 33846, 33951, 34020, 34405, 34453, 34654, 34673);\n script_xref(name:\"DSA\", value:\"1794\");\n\n script_name(english:\"Debian DSA-1794-1 : linux-2.6 - denial of service/privilege escalation/information leak\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to denial of service, privilege escalation, or information\nleak. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems :\n\n - CVE-2008-4307\n Bryn M. Reeves reported a denial of service in the NFS\n filesystem. Local users can trigger a kernel BUG() due\n to a race condition in the do_setlk function.\n\n - CVE-2008-5395\n Helge Deller discovered a denial of service condition\n that allows local users on PA-RISC to crash the system\n by attempting to unwind a stack containing userspace\n addresses.\n\n - CVE-2008-5701\n Vlad Malov reported an issue on 64-bit MIPS where a\n local user could cause a system crash by crafting a\n malicious binary which makes o32 syscalls with a number\n less than 4000.\n\n - CVE-2008-5702\n Zvonimir Rakamaric reported an off-by-one error in the\n ib700wdt watchdog driver which allows local users to\n cause a buffer underflow by making a specially crafted\n WDIOC_SETTIMEOUT ioctl call.\n\n - CVE-2008-5713\n Flavio Leitner discovered that a local user can cause a\n denial of service by generating large amounts of traffic\n on a large SMP system, resulting in soft lockups.\n\n - CVE-2009-0028\n Chris Evans discovered a situation in which a child\n process can send an arbitrary signal to its parent.\n\n - CVE-2009-0029\n Christian Borntraeger discovered an issue effecting the\n alpha, mips, powerpc, s390 and sparc64 architectures\n that allows local users to cause a denial of service or\n potentially gain elevated privileges.\n\n - CVE-2009-0031\n Vegard Nossum discovered a memory leak in the keyctl\n subsystem that allows local users to cause a denial of\n service by consuming all available kernel memory.\n\n - CVE-2009-0065\n Wei Yongjun discovered a memory overflow in the SCTP\n implementation that can be triggered by remote users,\n permitting remote code execution.\n\n - CVE-2009-0322\n Pavel Roskin provided a fix for an issue in the dell_rbu\n driver that allows a local user to cause a denial of\n service (oops) by reading 0 bytes from a sysfs entry.\n\n - CVE-2009-0675\n Roel Kluin discovered inverted logic in the skfddi\n driver that permits local, unprivileged users to reset\n the driver statistics.\n\n - CVE-2009-0676\n Clement LECIGNE discovered a bug in the sock_getsockopt\n function that may result in leaking sensitive kernel\n memory.\n\n - CVE-2009-0834\n Roland McGrath discovered an issue on amd64 kernels that\n allows local users to circumvent system call audit\n configurations which filter based on the syscall numbers\n or argument details.\n\n - CVE-2009-0859\n Jiri Olsa discovered that a local user can cause a\n denial of service (system hang) using a SHM_INFO shmctl\n call on kernels compiled with CONFIG_SHMEM disabled.\n This issue does not affect prebuilt Debian kernels.\n\n - CVE-2009-1192\n Shaohua Li reported an issue in the AGP subsystem that\n may allow local users to read sensitive kernel memory\n due to a leak of uninitialized memory.\n\n - CVE-2009-1265\n Thomas Pollet reported an overflow in the af_rose\n implementation that allows remote attackers to retrieve\n uninitialized kernel memory that may contain sensitive\n data.\n\n - CVE-2009-1336\n Trond Myklebust reported an issue in the encode_lookup()\n function in the nfs server subsystem that allows local\n users to cause a denial of service (oops in\n encode_lookup()) by use of a long filename.\n\n - CVE-2009-1337\n Oleg Nesterov discovered an issue in the exit_notify\n function that allows local users to send an arbitrary\n signal to a process by running a program that modifies\n the exit_signal field and then uses an exec system call\n to launch a setuid application.\n\n - CVE-2009-1439\n Pavan Naregundi reported an issue in the CIFS filesystem\n code that allows remote users to overwrite memory via a\n long nativeFileSystem field in a Tree Connect response\n during mount.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-4307\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-5395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-5701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-5702\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-5713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0028\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0029\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0322\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0675\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0676\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0834\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0859\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1336\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1337\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1439\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1794\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux-2.6, fai-kernels, and user-mode-linux packages.\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 2.6.18.dfsg.1-24etch2.\n\nNote: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or 'leap-frog' fashion.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 189, 264, 362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/05/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"fai-kernels\", reference:\"1.17+etch.24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-doc-2.6.18\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-486\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-686\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-686-bigmem\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all-alpha\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all-amd64\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all-arm\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all-hppa\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all-i386\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all-ia64\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all-mips\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all-mipsel\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all-powerpc\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all-s390\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all-sparc\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-alpha-generic\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-alpha-legacy\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-alpha-smp\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-amd64\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-footbridge\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-iop32x\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-itanium\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-ixp4xx\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-k7\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-mckinley\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-parisc\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-parisc-smp\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-parisc64\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-parisc64-smp\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-powerpc\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-powerpc-miboot\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-powerpc-smp\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-powerpc64\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-prep\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-qemu\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-r3k-kn02\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-r4k-ip22\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-r4k-kn04\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-r5k-cobalt\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-r5k-ip32\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-rpc\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-s390\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-s390x\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-s3c2410\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-sb1-bcm91250a\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-sb1a-bcm91480b\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-sparc32\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-sparc64\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-sparc64-smp\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-vserver\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-vserver-686\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-vserver-alpha\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-vserver-amd64\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-vserver-k7\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-vserver-powerpc\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-vserver-powerpc64\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-vserver-s390x\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-vserver-sparc64\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-xen\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-xen-686\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-xen-amd64\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-xen-vserver\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-xen-vserver-686\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-xen-vserver-amd64\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-486\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-686\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-686-bigmem\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-alpha-generic\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-alpha-legacy\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-alpha-smp\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-amd64\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-footbridge\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-iop32x\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-itanium\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-ixp4xx\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-k7\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-mckinley\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-parisc\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-parisc-smp\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-parisc64\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-parisc64-smp\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-powerpc\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-powerpc-miboot\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-powerpc-smp\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-powerpc64\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-prep\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-qemu\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-r3k-kn02\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-r4k-ip22\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-r4k-kn04\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-r5k-cobalt\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-r5k-ip32\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-rpc\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-s390\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-s390-tape\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-s390x\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-s3c2410\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-sb1-bcm91250a\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-sb1a-bcm91480b\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-sparc32\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-sparc64\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-sparc64-smp\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-vserver-686\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-vserver-alpha\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-vserver-amd64\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-vserver-k7\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-vserver-powerpc\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-vserver-powerpc64\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-vserver-s390x\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-vserver-sparc64\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-xen-686\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-xen-amd64\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-xen-vserver-686\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-xen-vserver-amd64\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-manual-2.6.18\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-modules-2.6.18-6-xen-686\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-modules-2.6.18-6-xen-amd64\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-modules-2.6.18-6-xen-vserver-686\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-modules-2.6.18-6-xen-vserver-amd64\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-patch-debian-2.6.18\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-source-2.6.18\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-support-2.6.18-6\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-tree-2.6.18\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"user-mode-linux\", reference:\"2.6.18-1um-2etch.24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"xen-linux-system-2.6.18-6-xen-686\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"xen-linux-system-2.6.18-6-xen-amd64\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"xen-linux-system-2.6.18-6-xen-vserver-686\", reference:\"2.6.18.dfsg.1-24etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"xen-linux-system-2.6.18-6-xen-vserver-amd64\", reference:\"2.6.18.dfsg.1-24etch2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:01:35", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2008-4307 Bryn M. Reeves reported a denial of service in the NFS filesystem. Local users can trigger a kernel BUG() due to a race condition in the do_setlk function.\n\n - CVE-2008-5079 Hugo Dias reported a DoS condition in the ATM subsystem that can be triggered by a local user by calling the svc_listen function twice on the same socket and reading /proc/net/atm/*vc.\n\n - CVE-2008-5395 Helge Deller discovered a denial of service condition that allows local users on PA-RISC systems to crash a system by attempting to unwind a stack containing userspace addresses.\n\n - CVE-2008-5700 Alan Cox discovered a lack of minimum timeouts on SG_IO requests, which allows local users of systems using ATA to cause a denial of service by forcing drives into PIO mode.\n\n - CVE-2008-5701 Vlad Malov reported an issue on 64-bit MIPS systems where a local user could cause a system crash by crafing a malicious binary which makes o32 syscalls with a number less than 4000.\n\n - CVE-2008-5702 Zvonimir Rakamaric reported an off-by-one error in the ib700wdt watchdog driver which allows local users to cause a buffer underflow by making a specially crafted WDIOC_SETTIMEOUT ioctl call.\n\n - CVE-2009-0028 Chris Evans discovered a situation in which a child process can send an arbitrary signal to its parent.\n\n - CVE-2009-0029 Christian Borntraeger discovered an issue effecting the alpha, mips, powerpc, s390 and sparc64 architectures that allows local users to cause a denial of service or potentially gain elevated privileges.\n\n - CVE-2009-0031 Vegard Nossum discovered a memory leak in the keyctl subsystem that allows local users to cause a denial of service by consuming all of kernel memory.\n\n - CVE-2009-0065 Wei Yongjun discovered a memory overflow in the SCTP implementation that can be triggered by remote users, permitting remote code execution.\n\n - CVE-2009-0269 Duane Griffin provided a fix for an issue in the eCryptfs subsystem which allows local users to cause a denial of service (fault or memory corruption).\n\n - CVE-2009-0322 Pavel Roskin provided a fix for an issue in the dell_rbu driver that allows a local user to cause a denial of service (oops) by reading 0 bytes from a sysfs entry.\n\n - CVE-2009-0675 Roel Kluin discovered inverted logic in the skfddi driver that permits local, unprivileged users to reset the driver statistics.\n\n - CVE-2009-0676 Clement LECIGNE discovered a bug in the sock_getsockopt function that may result in leaking sensitive kernel memory.\n\n - CVE-2009-0745 Peter Kerwien discovered an issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) during a resize operation.\n\n - CVE-2009-0834 Roland McGrath discovered an issue on amd64 kernels that allows local users to circumvent system call audit configurations which filter based on the syscall numbers or argument details.\n\n - CVE-2009-0859 Jiri Olsa discovered that a local user can cause a denial of service (system hang) using a SHM_INFO shmctl call on kernels compiled with CONFIG_SHMEM disabled.\n This issue does not affect prebuilt Debian kernels.\n\n - CVE-2009-1046 Mikulas Patocka reported an issue in the console subsystem that allows a local user to cause memory corruption by selecting a small number of 3-byte UTF-8 characters.\n\n - CVE-2009-1192 Shaohua Li reported an issue in the AGP subsystem that may allow local users to read sensitive kernel memory due to a leak of uninitialized memory.\n\n - CVE-2009-1242 Benjamin Gilbert reported a local denial of service vulnerability in the KVM VMX implementation that allows local users to trigger an oops.\n\n - CVE-2009-1265 Thomas Pollet reported an overflow in the af_rose implementation that allows remote attackers to retrieve uninitialized kernel memory that may contain sensitive data.\n\n - CVE-2009-1337 Oleg Nesterov discovered an issue in the exit_notify function that allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application.\n\n - CVE-2009-1338 Daniel Hokka Zakrisson discovered that a kill(-1) is permitted to reach processes outside of the current process namespace.\n\n - CVE-2009-1439 Pavan Naregundi reported an issue in the CIFS filesystem code that allows remote users to overwrite memory via a long nativeFileSystem field in a Tree Connect response during mount.", "cvss3": {}, "published": "2009-05-04T00:00:00", "type": "nessus", "title": "Debian DSA-1787-1 : linux-2.6.24 - denial of service/privilege escalation/information leak", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4307", "CVE-2008-5079", "CVE-2008-5395", "CVE-2008-5700", "CVE-2008-5701", "CVE-2008-5702", "CVE-2009-0028", "CVE-2009-0029", "CVE-2009-0031", "CVE-2009-0065", "CVE-2009-0269", "CVE-2009-0322", "CVE-2009-0675", "CVE-2009-0676", "CVE-2009-0745", "CVE-2009-0834", "CVE-2009-0859", "CVE-2009-1046", "CVE-2009-1192", "CVE-2009-1242", "CVE-2009-1265", "CVE-2009-1337", "CVE-2009-1338", "CVE-2009-1439"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-2.6.24", "cpe:/o:debian:debian_linux:4.0"], "id": "DEBIAN_DSA-1787.NASL", "href": "https://www.tenable.com/plugins/nessus/38668", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1787. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(38668);\n script_version(\"1.30\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-4307\", \"CVE-2008-5079\", \"CVE-2008-5395\", \"CVE-2008-5700\", \"CVE-2008-5701\", \"CVE-2008-5702\", \"CVE-2009-0028\", \"CVE-2009-0029\", \"CVE-2009-0031\", \"CVE-2009-0065\", \"CVE-2009-0269\", \"CVE-2009-0322\", \"CVE-2009-0675\", \"CVE-2009-0676\", \"CVE-2009-0745\", \"CVE-2009-0834\", \"CVE-2009-0859\", \"CVE-2009-1046\", \"CVE-2009-1192\", \"CVE-2009-1242\", \"CVE-2009-1265\", \"CVE-2009-1337\", \"CVE-2009-1338\", \"CVE-2009-1439\");\n script_bugtraq_id(32676, 33113, 33672, 33846, 33951, 34020, 34405, 34453, 34654, 34673);\n script_xref(name:\"DSA\", value:\"1787\");\n\n script_name(english:\"Debian DSA-1787-1 : linux-2.6.24 - denial of service/privilege escalation/information leak\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2008-4307\n Bryn M. Reeves reported a denial of service in the NFS\n filesystem. Local users can trigger a kernel BUG() due\n to a race condition in the do_setlk function.\n\n - CVE-2008-5079\n Hugo Dias reported a DoS condition in the ATM subsystem\n that can be triggered by a local user by calling the\n svc_listen function twice on the same socket and reading\n /proc/net/atm/*vc.\n\n - CVE-2008-5395\n Helge Deller discovered a denial of service condition\n that allows local users on PA-RISC systems to crash a\n system by attempting to unwind a stack containing\n userspace addresses.\n\n - CVE-2008-5700\n Alan Cox discovered a lack of minimum timeouts on SG_IO\n requests, which allows local users of systems using ATA\n to cause a denial of service by forcing drives into PIO\n mode.\n\n - CVE-2008-5701\n Vlad Malov reported an issue on 64-bit MIPS systems\n where a local user could cause a system crash by crafing\n a malicious binary which makes o32 syscalls with a\n number less than 4000.\n\n - CVE-2008-5702\n Zvonimir Rakamaric reported an off-by-one error in the\n ib700wdt watchdog driver which allows local users to\n cause a buffer underflow by making a specially crafted\n WDIOC_SETTIMEOUT ioctl call.\n\n - CVE-2009-0028\n Chris Evans discovered a situation in which a child\n process can send an arbitrary signal to its parent.\n\n - CVE-2009-0029\n Christian Borntraeger discovered an issue effecting the\n alpha, mips, powerpc, s390 and sparc64 architectures\n that allows local users to cause a denial of service or\n potentially gain elevated privileges.\n\n - CVE-2009-0031\n Vegard Nossum discovered a memory leak in the keyctl\n subsystem that allows local users to cause a denial of\n service by consuming all of kernel memory.\n\n - CVE-2009-0065\n Wei Yongjun discovered a memory overflow in the SCTP\n implementation that can be triggered by remote users,\n permitting remote code execution.\n\n - CVE-2009-0269\n Duane Griffin provided a fix for an issue in the\n eCryptfs subsystem which allows local users to cause a\n denial of service (fault or memory corruption).\n\n - CVE-2009-0322\n Pavel Roskin provided a fix for an issue in the dell_rbu\n driver that allows a local user to cause a denial of\n service (oops) by reading 0 bytes from a sysfs entry.\n\n - CVE-2009-0675\n Roel Kluin discovered inverted logic in the skfddi\n driver that permits local, unprivileged users to reset\n the driver statistics.\n\n - CVE-2009-0676\n Clement LECIGNE discovered a bug in the sock_getsockopt\n function that may result in leaking sensitive kernel\n memory.\n\n - CVE-2009-0745\n Peter Kerwien discovered an issue in the ext4 filesystem\n that allows local users to cause a denial of service\n (kernel oops) during a resize operation.\n\n - CVE-2009-0834\n Roland McGrath discovered an issue on amd64 kernels that\n allows local users to circumvent system call audit\n configurations which filter based on the syscall numbers\n or argument details.\n\n - CVE-2009-0859\n Jiri Olsa discovered that a local user can cause a\n denial of service (system hang) using a SHM_INFO shmctl\n call on kernels compiled with CONFIG_SHMEM disabled.\n This issue does not affect prebuilt Debian kernels.\n\n - CVE-2009-1046\n Mikulas Patocka reported an issue in the console\n subsystem that allows a local user to cause memory\n corruption by selecting a small number of 3-byte UTF-8\n characters.\n\n - CVE-2009-1192\n Shaohua Li reported an issue in the AGP subsystem that\n may allow local users to read sensitive kernel memory\n due to a leak of uninitialized memory.\n\n - CVE-2009-1242\n Benjamin Gilbert reported a local denial of service\n vulnerability in the KVM VMX implementation that allows\n local users to trigger an oops.\n\n - CVE-2009-1265\n Thomas Pollet reported an overflow in the af_rose\n implementation that allows remote attackers to retrieve\n uninitialized kernel memory that may contain sensitive\n data.\n\n - CVE-2009-1337\n Oleg Nesterov discovered an issue in the exit_notify\n function that allows local users to send an arbitrary\n signal to a process by running a program that modifies\n the exit_signal field and then uses an exec system call\n to launch a setuid application.\n\n - CVE-2009-1338\n Daniel Hokka Zakrisson discovered that a kill(-1) is\n permitted to reach processes outside of the current\n process namespace.\n\n - CVE-2009-1439\n Pavan Naregundi reported an issue in the CIFS filesystem\n code that allows remote users to overwrite memory via a\n long nativeFileSystem field in a Tree Connect response\n during mount.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-4307\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-5079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-5395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-5700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-5701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-5702\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0028\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0029\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0269\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0322\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0675\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0676\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0834\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0859\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1046\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1337\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1338\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1439\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1787\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux-2.6.24 packages.\n\nFor the oldstable distribution (etch), these problems have been fixed\nin version 2.6.24-6~etchnhalf.8etch1.\n\nNote: Debian 'etch' includes linux kernel packages based upon both the\n2.6.18 and 2.6.24 linux releases. All known security issues are\ncarefully tracked against both packages and both packages will receive\nsecurity updates until security support for Debian 'etch' concludes.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, lower severity 2.6.18 and 2.6.24 updates will\ntypically release in a staggered or 'leap-frog' fashion.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(20, 119, 189, 264, 362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-2.6.24\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/05/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"linux-doc-2.6.24\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-486\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-4kc-malta\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-5kc-malta\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-686\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-686-bigmem\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all-alpha\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all-amd64\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all-arm\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all-hppa\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all-i386\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all-ia64\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all-mips\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all-mipsel\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all-powerpc\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all-s390\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all-sparc\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-alpha-generic\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-alpha-legacy\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-alpha-smp\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-amd64\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-common\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-footbridge\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-iop32x\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-itanium\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-ixp4xx\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-mckinley\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-parisc\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-parisc-smp\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-parisc64\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-parisc64-smp\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-powerpc\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-powerpc-miboot\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-powerpc-smp\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-powerpc64\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-r4k-ip22\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-r5k-cobalt\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-r5k-ip32\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-s390\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-s390x\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-sparc64\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-sparc64-smp\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-486\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-4kc-malta\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-5kc-malta\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-686\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-686-bigmem\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-alpha-generic\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-alpha-legacy\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-alpha-smp\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-amd64\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-footbridge\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-iop32x\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-itanium\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-ixp4xx\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-mckinley\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-parisc\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-parisc-smp\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-parisc64\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-parisc64-smp\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-powerpc\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-powerpc-miboot\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-powerpc-smp\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-powerpc64\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-r4k-ip22\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-r5k-cobalt\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-r5k-ip32\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-s390\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-s390-tape\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-s390x\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-sparc64\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-sparc64-smp\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-manual-2.6.24\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-patch-debian-2.6.24\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-source-2.6.24\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-support-2.6.24-etchnhalf.1\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-tree-2.6.24\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:14:38", "description": "a. JRE Security Update\n\n JRE update to version 1.5.0_20, which addresses multiple security issues that existed in earlier releases of JRE.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724.\n\nb. Update Apache Tomcat version\n\n Update for VirtualCenter and ESX patch update the Tomcat package to version 6.0.20 (vSphere 4.0) or version 5.5.28 (VirtualCenter 2.5) which addresses multiple security issues that existed in the previous version of Apache Tomcat.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.20 and Tomcat 5.5.28: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.18: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.16: CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002.\n c. Third-party library update for ntp.\n The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source.\n ESXi 3.5 and ESXi 4.0 have a ntp client that is affected by the following security issue. Note that the same security issue is present in the ESX Service Console as described in section d. of this advisory.\n A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the 'ntp' user.\n The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1252 to this issue.\n The NTP security issue identified by CVE-2009-0159 is not relevant for ESXi 3.5 and ESXi 4.0.\n d. Service Console update for ntp\n\n Service Console package ntp updated to version ntp-4.2.2pl-9el5_3.2 The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source.\n The Service Console present in ESX is affected by the following security issues.\n A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the 'ntp' user.\n NTP authentication is not enabled by default on the Service Console.\n The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1252 to this issue.\n A buffer overflow flaw was found in the ntpq diagnostic command. A malicious, remote server could send a specially crafted reply to an ntpq request that could crash ntpq or, potentially, execute arbitrary code with the privileges of the user running the ntpq command.\n The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-0159 to this issue.\n e. Updated Service Console package kernel\n\n Updated Service Console package kernel addresses the security issues listed below.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-3528, CVE-2008-5700, CVE-2009-0028, CVE-2009-0269, CVE-2009-0322, CVE-2009-0675, CVE-2009-0676, CVE-2009-0778 to the security issues fixed in kernel 2.6.18-128.1.6.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-4307, CVE-2009-0834, CVE-2009-1337, CVE-2009-0787, CVE-2009-1336 to the security issues fixed in kernel 2.6.18-128.1.10.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-1439, CVE-2009-1633, CVE-2009-1072, CVE-2009-1630, CVE-2009-1192 to the security issues fixed in kernel 2.6.18-128.1.14.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-5966, CVE-2009-1385, CVE-2009-1388, CVE-2009-1389, CVE-2009-1895, CVE-2009-2406, CVE-2009-2407 to the security issues fixed in kernel 2.6.18-128.4.1.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2692, CVE-2009-2698 to the security issues fixed in kernel 2.6.18-128.7.1.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-0745, CVE-2009-0746, CVE-2009-0747, CVE-2009-0748, CVE-2009-2847, CVE-2009-2848 to the security issues fixed in kernel 2.6.18-164.\n\n f. Updated Service Console package python\n\n Service Console package Python update to version 2.4.3-24.el5.\n\n When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter's privileges.\n\n Multiple buffer and integer overflow flaws were found in the Python Unicode string processing and in the Python Unicode and string object implementations. An attacker could use these flaws to cause a denial of service.\n\n Multiple integer overflow flaws were found in the Python imageop module. If a Python application used the imageop module to process untrusted images, it could cause the application to disclose sensitive information, crash or, potentially, execute arbitrary code with the Python interpreter's privileges.\n\n Multiple integer underflow and overflow flaws were found in the Python snprintf() wrapper implementation. An attacker could use these flaws to cause a denial of service (memory corruption).\n\n Multiple integer overflow flaws were found in various Python modules. An attacker could use these flaws to cause a denial of service.\n\n An integer signedness error, leading to a buffer overflow, was found in the Python zlib extension module. If a Python application requested the negative byte count be flushed for a decompression stream, it could cause the application to crash or, potentially, execute arbitrary code with the Python interpreter's privileges.\n\n A flaw was discovered in the strxfrm() function of the Python locale module. Strings generated by this function were not properly NULL-terminated, which could possibly cause disclosure of data stored in the memory of a Python application using this function.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-2052 CVE-2007-4965 CVE-2008-1721 CVE-2008-1887 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144 CVE-2008-4864 CVE-2008-5031 to these issues.\n\n g. Updated Service Console package bind\n\n Service Console package bind updated to version 9.3.6-4.P1.el5\n\n The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\n A flaw was found in the way BIND handles dynamic update message packets containing the 'ANY' record type. A remote attacker could use this flaw to send a specially crafted dynamic update packet that could cause named to exit with an assertion failure.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-0696 to this issue.\n\n h. Updated Service Console package libxml2\n\n Service Console package libxml2 updated to version 2.6.26-2.1.2.8.\n\n libxml is a library for parsing and manipulating XML files. A Document Type Definition (DTD) defines the legal syntax (and also which elements can be used) for certain types of files, such as XML files.\n\n A stack overflow flaw was found in the way libxml processes the root XML document element definition in a DTD. A remote attacker could provide a specially crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service.\n\n Multiple use-after-free flaws were found in the way libxml parses the Notation and Enumeration attribute types. A remote attacker could provide a specially crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2414 and CVE-2009-2416 to these issues.\n\n i. Updated Service Console package curl\n\n Service Console package curl updated to version 7.15.5-2.1.el5_3.5\n\n A cURL is affected by the previously published 'null prefix attack', caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse cURL into accepting it by mistake.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-2417 to this issue\n\n j. Updated Service Console package gnutls\n\n Service Console package gnutil updated to version 1.4.1-3.el5_3.5\n\n A flaw was discovered in the way GnuTLS handles NULL characters in certain fields of X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by an application using GnuTLS, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse the application into accepting it by mistake.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-2730 to this issue", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "baseScore": 4.2, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2009-11-23T00:00:00", "type": "nessus", "title": "VMSA-2009-0016 : VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-2052", "CVE-2007-4965", "CVE-2007-5333", "CVE-2007-5342", "CVE-2007-5461", "CVE-2007-5966", "CVE-2007-6286", "CVE-2008-0002", "CVE-2008-1232", "CVE-2008-1721", "CVE-2008-1887", "CVE-2008-1947", "CVE-2008-2315", "CVE-2008-2370", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144", "CVE-2008-3528", "CVE-2008-4307", "CVE-2008-4864", "CVE-2008-5031", "CVE-2008-5515", "CVE-2008-5700", "CVE-2009-0028", "CVE-2009-0033", "CVE-2009-0159", "CVE-2009-0269", "CVE-2009-0322", "CVE-2009-0580", "CVE-2009-0675", "CVE-2009-0676", "CVE-2009-0696", "CVE-2009-0745", "CVE-2009-0746", "CVE-2009-0747", "CVE-2009-0748", "CVE-2009-0778", "CVE-2009-0781", "CVE-2009-0783", "CVE-2009-0787", "CVE-2009-0834", "CVE-2009-1072", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107", "CVE-2009-1192", "CVE-2009-1252", "CVE-2009-1336", "CVE-2009-1337", "CVE-2009-1385", "CVE-2009-1388", "CVE-2009-1389", "CVE-2009-1439", "CVE-2009-1630", "CVE-2009-1633", "CVE-2009-1895", "CVE-2009-2406", "CVE-2009-2407", "CVE-2009-2414", "CVE-2009-2416", "CVE-2009-2417", "CVE-2009-2625", "CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2675", "CVE-2009-2676", "CVE-2009-2692", "CVE-2009-2698", "CVE-2009-2716", "CVE-2009-2718", "CVE-2009-2719", "CVE-2009-2720", "CVE-2009-2721", "CVE-2009-2722", "CVE-2009-2723", "CVE-2009-2724", "CVE-2009-2730", "CVE-2009-2847", "CVE-2009-2848"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:vmware:esx:3.0.3", "cpe:/o:vmware:esx:3.5", "cpe:/o:vmware:esx:4.0", "cpe:/o:vmware:esxi:3.5", "cpe:/o:vmware:esxi:4.0"], "id": "VMWARE_VMSA-2009-0016.NASL", "href": "https://www.tenable.com/plugins/nessus/42870", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from VMware Security Advisory 2009-0016. \n# The text itself is copyright (C) VMware Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42870);\n script_version(\"1.44\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-2052\", \"CVE-2007-4965\", \"CVE-2007-5333\", \"CVE-2007-5342\", \"CVE-2007-5461\", \"CVE-2007-5966\", \"CVE-2007-6286\", \"CVE-2008-0002\", \"CVE-2008-1232\", \"CVE-2008-1721\", \"CVE-2008-1887\", \"CVE-2008-1947\", \"CVE-2008-2315\", \"CVE-2008-2370\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-3528\", \"CVE-2008-4307\", \"CVE-2008-4864\", \"CVE-2008-5031\", \"CVE-2008-5515\", \"CVE-2008-5700\", \"CVE-2009-0028\", \"CVE-2009-0033\", \"CVE-2009-0159\", \"CVE-2009-0269\", \"CVE-2009-0322\", \"CVE-2009-0580\", \"CVE-2009-0675\", \"CVE-2009-0676\", \"CVE-2009-0696\", \"CVE-2009-0745\", \"CVE-2009-0746\", \"CVE-2009-0747\", \"CVE-2009-0748\", \"CVE-2009-0778\", \"CVE-2009-0781\", \"CVE-2009-0783\", \"CVE-2009-0787\", \"CVE-2009-0834\", \"CVE-2009-1072\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\", \"CVE-2009-1192\", \"CVE-2009-1252\", \"CVE-2009-1336\", \"CVE-2009-1337\", \"CVE-2009-1385\", \"CVE-2009-1388\", \"CVE-2009-1389\", \"CVE-2009-1439\", \"CVE-2009-1630\", \"CVE-2009-1633\", \"CVE-2009-1895\", \"CVE-2009-2406\", \"CVE-2009-2407\", \"CVE-2009-2414\", \"CVE-2009-2416\", \"CVE-2009-2417\", \"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2675\", \"CVE-2009-2676\", \"CVE-2009-2692\", \"CVE-2009-2698\", \"CVE-2009-2716\", \"CVE-2009-2718\", \"CVE-2009-2719\", \"CVE-2009-2720\", \"CVE-2009-2721\", \"CVE-2009-2722\", \"CVE-2009-2723\", \"CVE-2009-2724\", \"CVE-2009-2847\", \"CVE-2009-2848\");\n script_bugtraq_id(25696, 26070, 26880, 27006, 27703, 27706, 28715, 28749, 29502, 30491, 30494, 30496, 31932, 31976, 33187, 33846, 33951, 34205, 34240, 34405, 34453, 34481, 34612, 34673, 34934, 35017, 35185, 35193, 35196, 35263, 35281, 35416, 35647, 35848, 35850, 35851, 35922, 35930, 35939, 35943, 35944, 35946, 35958, 36010, 36032, 36038, 36108);\n script_xref(name:\"VMSA\", value:\"2009-0016\");\n\n script_name(english:\"VMSA-2009-0016 : VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.\");\n script_summary(english:\"Checks esxupdate output for the patches\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote VMware ESXi / ESX host is missing one or more\nsecurity-related patches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"a. JRE Security Update\n\n JRE update to version 1.5.0_20, which addresses multiple security\n issues that existed in earlier releases of JRE.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\n CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099,\n CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103,\n CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671,\n CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676,\n CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720,\n CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724.\n\nb. Update Apache Tomcat version\n\n Update for VirtualCenter and ESX patch update the Tomcat package to\n version 6.0.20 (vSphere 4.0) or version 5.5.28 (VirtualCenter 2.5)\n which addresses multiple security issues that existed\n in the previous version of Apache Tomcat.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n Apache Tomcat 6.0.20 and Tomcat 5.5.28: CVE-2008-5515,\n CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n Apache Tomcat 6.0.18: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n Apache Tomcat 6.0.16: CVE-2007-5333, CVE-2007-5342, CVE-2007-5461,\n CVE-2007-6286, CVE-2008-0002.\n \n c. Third-party library update for ntp.\n \n The Network Time Protocol (NTP) is used to synchronize a computer's\n time with a referenced time source.\n \n ESXi 3.5 and ESXi 4.0 have a ntp client that is affected by the\n following security issue. Note that the same security issue is\n present in the ESX Service Console as described in section d. of\n this advisory.\n \n A buffer overflow flaw was discovered in the ntpd daemon's NTPv4\n authentication code. If ntpd was configured to use public key\n cryptography for NTP packet authentication, a remote attacker could\n use this flaw to send a specially crafted request packet that could\n crash ntpd or, potentially, execute arbitrary code with the\n privileges of the 'ntp' user.\n \n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-1252 to this issue.\n \n The NTP security issue identified by CVE-2009-0159 is not relevant\n for ESXi 3.5 and ESXi 4.0.\n \nd. Service Console update for ntp\n\n Service Console package ntp updated to version ntp-4.2.2pl-9el5_3.2\n \n The Network Time Protocol (NTP) is used to synchronize a computer's\n time with a referenced time source.\n \n The Service Console present in ESX is affected by the following\n security issues.\n \n A buffer overflow flaw was discovered in the ntpd daemon's NTPv4\n authentication code. If ntpd was configured to use public key\n cryptography for NTP packet authentication, a remote attacker could\n use this flaw to send a specially crafted request packet that could\n crash ntpd or, potentially, execute arbitrary code with the\n privileges of the 'ntp' user.\n \n NTP authentication is not enabled by default on the Service Console.\n \n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-1252 to this issue.\n \n A buffer overflow flaw was found in the ntpq diagnostic command. A\n malicious, remote server could send a specially crafted reply to an\n ntpq request that could crash ntpq or, potentially, execute\n arbitrary code with the privileges of the user running the ntpq\n command.\n \n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-0159 to this issue.\n \n e. Updated Service Console package kernel\n\n Updated Service Console package kernel addresses the security\n issues listed below.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2008-3528, CVE-2008-5700, CVE-2009-0028,\n CVE-2009-0269, CVE-2009-0322, CVE-2009-0675, CVE-2009-0676,\n CVE-2009-0778 to the security issues fixed in kernel\n 2.6.18-128.1.6.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2008-4307, CVE-2009-0834, CVE-2009-1337,\n CVE-2009-0787, CVE-2009-1336 to the security issues fixed in\n kernel 2.6.18-128.1.10.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-1439, CVE-2009-1633, CVE-2009-1072,\n CVE-2009-1630, CVE-2009-1192 to the security issues fixed in\n kernel 2.6.18-128.1.14.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2007-5966, CVE-2009-1385, CVE-2009-1388,\n CVE-2009-1389, CVE-2009-1895, CVE-2009-2406, CVE-2009-2407 to the\n security issues fixed in kernel 2.6.18-128.4.1.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-2692, CVE-2009-2698 to the\n security issues fixed in kernel 2.6.18-128.7.1.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-0745, CVE-2009-0746, CVE-2009-0747,\n CVE-2009-0748, CVE-2009-2847, CVE-2009-2848 to the security issues\n fixed in kernel 2.6.18-164.\n\n f. Updated Service Console package python\n\n Service Console package Python update to version 2.4.3-24.el5.\n\n When the assert() system call was disabled, an input sanitization\n flaw was revealed in the Python string object implementation that\n led to a buffer overflow. The missing check for negative size values\n meant the Python memory allocator could allocate less memory than\n expected. This could result in arbitrary code execution with the\n Python interpreter's privileges.\n\n Multiple buffer and integer overflow flaws were found in the Python\n Unicode string processing and in the Python Unicode and string\n object implementations. An attacker could use these flaws to cause\n a denial of service.\n\n Multiple integer overflow flaws were found in the Python imageop\n module. If a Python application used the imageop module to\n process untrusted images, it could cause the application to\n disclose sensitive information, crash or, potentially, execute\n arbitrary code with the Python interpreter's privileges.\n\n Multiple integer underflow and overflow flaws were found in the\n Python snprintf() wrapper implementation. An attacker could use\n these flaws to cause a denial of service (memory corruption).\n\n Multiple integer overflow flaws were found in various Python\n modules. An attacker could use these flaws to cause a denial of\n service.\n\n An integer signedness error, leading to a buffer overflow, was\n found in the Python zlib extension module. If a Python application\n requested the negative byte count be flushed for a decompression\n stream, it could cause the application to crash or, potentially,\n execute arbitrary code with the Python interpreter's privileges.\n\n A flaw was discovered in the strxfrm() function of the Python\n locale module. Strings generated by this function were not properly\n NULL-terminated, which could possibly cause disclosure of data\n stored in the memory of a Python application using this function.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2007-2052 CVE-2007-4965 CVE-2008-1721\n CVE-2008-1887 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143\n CVE-2008-3144 CVE-2008-4864 CVE-2008-5031 to these issues.\n\n g. Updated Service Console package bind\n\n Service Console package bind updated to version 9.3.6-4.P1.el5\n\n The Berkeley Internet Name Domain (BIND) is an implementation of the\n Domain Name System (DNS) protocols. BIND includes a DNS server\n (named); a resolver library (routines for applications to use when\n interfacing with DNS); and tools for verifying that the DNS server\n is operating correctly.\n\n A flaw was found in the way BIND handles dynamic update message\n packets containing the 'ANY' record type. A remote attacker could\n use this flaw to send a specially crafted dynamic update packet\n that could cause named to exit with an assertion failure.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2009-0696 to this issue.\n\n h. Updated Service Console package libxml2\n\n Service Console package libxml2 updated to version 2.6.26-2.1.2.8.\n\n libxml is a library for parsing and manipulating XML files. A\n Document Type Definition (DTD) defines the legal syntax (and also\n which elements can be used) for certain types of files, such as XML\n files.\n\n A stack overflow flaw was found in the way libxml processes the\n root XML document element definition in a DTD. A remote attacker\n could provide a specially crafted XML file, which once opened by a\n local, unsuspecting user, would lead to denial of service.\n\n Multiple use-after-free flaws were found in the way libxml parses\n the Notation and Enumeration attribute types. A remote attacker\n could provide a specially crafted XML file, which once opened by a\n local, unsuspecting user, would lead to denial of service.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-2414 and CVE-2009-2416 to these\n issues.\n\n i. Updated Service Console package curl\n\n Service Console package curl updated to version 7.15.5-2.1.el5_3.5\n\n A cURL is affected by the previously published 'null prefix attack',\n caused by incorrect handling of NULL characters in X.509\n certificates. If an attacker is able to get a carefully-crafted\n certificate signed by a trusted Certificate Authority, the attacker\n could use the certificate during a man-in-the-middle attack and\n potentially confuse cURL into accepting it by mistake.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2009-2417 to this issue\n\n j. Updated Service Console package gnutls\n\n Service Console package gnutil updated to version 1.4.1-3.el5_3.5\n\n A flaw was discovered in the way GnuTLS handles NULL characters in\n certain fields of X.509 certificates. If an attacker is able to get\n a carefully-crafted certificate signed by a Certificate Authority\n trusted by an application using GnuTLS, the attacker could use the\n certificate during a man-in-the-middle attack and potentially\n confuse the application into accepting it by mistake.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2009-2730 to this issue\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.vmware.com/pipermail/security-announce/2010/000087.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply the missing patches.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel Sendpage Local Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(16, 20, 22, 79, 94, 119, 189, 200, 264, 310, 362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.0.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:3.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/23\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/VMware/release\", \"Host/VMware/version\");\n script_require_ports(\"Host/VMware/esxupdate\", \"Host/VMware/esxcli_software_vibs\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"vmware_esx_packages.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/VMware/release\")) audit(AUDIT_OS_NOT, \"VMware ESX / ESXi\");\nif (\n !get_kb_item(\"Host/VMware/esxcli_software_vibs\") &&\n !get_kb_item(\"Host/VMware/esxupdate\")\n) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ninit_esx_check(date:\"2009-11-20\");\nflag = 0;\n\n\nif (esx_check(ver:\"ESX 3.0.3\", patch:\"ESX303-201002204-SG\")) flag++;\nif (esx_check(ver:\"ESX 3.0.3\", patch:\"ESX303-201002205-SG\")) flag++;\nif (esx_check(ver:\"ESX 3.0.3\", patch:\"ESX303-201002206-SG\")) flag++;\n\nif (esx_check(ver:\"ESX 3.5.0\", patch:\"ESX350-201002402-SG\")) flag++;\nif (esx_check(ver:\"ESX 3.5.0\", patch:\"ESX350-201002404-SG\")) flag++;\nif (esx_check(ver:\"ESX 3.5.0\", patch:\"ESX350-201002407-SG\")) flag++;\nif (\n esx_check(\n ver : \"ESX 3.5.0\",\n patch : \"ESX350-201003403-SG\",\n patch_updates : make_list(\"ESX350-201203401-SG\")\n )\n) flag++;\n\nif (\n esx_check(\n ver : \"ESX 4.0\",\n patch : \"ESX400-200911201-UG\",\n patch_updates : make_list(\"ESX400-Update01a\", \"ESX400-Update02\", \"ESX400-Update03\", \"ESX400-Update04\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.0\",\n patch : \"ESX400-200911223-UG\",\n patch_updates : make_list(\"ESX400-Update01a\", \"ESX400-Update02\", \"ESX400-Update03\", \"ESX400-Update04\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.0\",\n patch : \"ESX400-200911232-SG\",\n patch_updates : make_list(\"ESX400-201009409-SG\", \"ESX400-201203403-SG\", \"ESX400-Update01a\", \"ESX400-Update02\", \"ESX400-Update03\", \"ESX400-Update04\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.0\",\n patch : \"ESX400-200911233-SG\",\n patch_updates : make_list(\"ESX400-Update01a\", \"ESX400-Update02\", \"ESX400-Update03\", \"ESX400-Update04\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.0\",\n patch : \"ESX400-200911234-SG\",\n patch_updates : make_list(\"ESX400-201209402-SG\", \"ESX400-201305404-SG\", \"ESX400-201310402-SG\", \"ESX400-Update01a\", \"ESX400-Update02\", \"ESX400-Update03\", \"ESX400-Update04\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.0\",\n patch : \"ESX400-200911235-SG\",\n patch_updates : make_list(\"ESX400-201203402-SG\", \"ESX400-Update01a\", \"ESX400-Update02\", \"ESX400-Update03\", \"ESX400-Update04\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.0\",\n patch : \"ESX400-200911237-SG\",\n patch_updates : make_list(\"ESX400-201005408-SG\", \"ESX400-201103407-SG\", \"ESX400-201305403-SG\", \"ESX400-Update01a\", \"ESX400-Update02\", \"ESX400-Update03\", \"ESX400-Update04\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.0\",\n patch : \"ESX400-200911238-SG\",\n patch_updates : make_list(\"ESX400-201005404-SG\", \"ESX400-201404402-SG\", \"ESX400-Update01a\", \"ESX400-Update02\", \"ESX400-Update03\", \"ESX400-Update04\")\n )\n) flag++;\n\nif (esx_check(ver:\"ESXi 3.5.0\", patch:\"ESXe350-201002401-O-SG\")) flag++;\n\nif (esx_check(ver:\"ESXi 4.0\", patch:\"ESXi400-200911201-UG\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T16:34:18", "description": "The remote VMware ESX / ESXi host is missing a security-related patch.\nIt is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components :\n\n - Apache Geronimo\n - Apache Tomcat\n - Apache Xerces2\n - cURL/libcURL\n - ISC BIND\n - Libxml2\n - Linux kernel\n - Linux kernel 64-bit\n - Linux kernel Common Internet File System\n - Linux kernel eCryptfs\n - NTP\n - Python\n - Java Runtime Environment (JRE)\n - Java SE Development Kit (JDK)\n - Java SE Abstract Window Toolkit (AWT)\n - Java SE Plugin\n - Java SE Provider\n - Java SE Swing\n - Java SE Web Start", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "baseScore": 4.2, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2016-03-03T00:00:00", "type": "nessus", "title": "VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0016) (remote check)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-2052", "CVE-2007-4965", "CVE-2007-5333", "CVE-2007-5342", "CVE-2007-5461", "CVE-2007-5966", "CVE-2007-6286", "CVE-2008-0002", "CVE-2008-1232", "CVE-2008-1721", "CVE-2008-1887", "CVE-2008-1947", "CVE-2008-2315", "CVE-2008-2370", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144", "CVE-2008-3528", "CVE-2008-4307", "CVE-2008-4864", "CVE-2008-5031", "CVE-2008-5515", "CVE-2008-5700", "CVE-2009-0028", "CVE-2009-0033", "CVE-2009-0159", "CVE-2009-0269", "CVE-2009-0322", "CVE-2009-0580", "CVE-2009-0675", "CVE-2009-0676", "CVE-2009-0696", "CVE-2009-0745", "CVE-2009-0746", "CVE-2009-0747", "CVE-2009-0748", "CVE-2009-0778", "CVE-2009-0781", "CVE-2009-0783", "CVE-2009-0787", "CVE-2009-0834", "CVE-2009-1072", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107", "CVE-2009-1192", "CVE-2009-1252", "CVE-2009-1336", "CVE-2009-1337", "CVE-2009-1385", "CVE-2009-1388", "CVE-2009-1389", "CVE-2009-1439", "CVE-2009-1630", "CVE-2009-1633", "CVE-2009-1895", "CVE-2009-2406", "CVE-2009-2407", "CVE-2009-2414", "CVE-2009-2416", "CVE-2009-2417", "CVE-2009-2625", "CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2675", "CVE-2009-2676", "CVE-2009-2692", "CVE-2009-2698", "CVE-2009-2716", "CVE-2009-2718", "CVE-2009-2719", "CVE-2009-2720", "CVE-2009-2721", "CVE-2009-2722", "CVE-2009-2723", "CVE-2009-2724", "CVE-2009-2847", "CVE-2009-2848"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:vmware:esx", "cpe:/o:vmware:esxi"], "id": "VMWARE_VMSA-2009-0016_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/89117", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89117);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2007-2052\",\n \"CVE-2007-4965\",\n \"CVE-2007-5333\",\n \"CVE-2007-5342\",\n \"CVE-2007-5461\",\n \"CVE-2007-5966\",\n \"CVE-2007-6286\",\n \"CVE-2008-0002\",\n \"CVE-2008-1232\",\n \"CVE-2008-1721\",\n \"CVE-2008-1887\",\n \"CVE-2008-1947\",\n \"CVE-2008-2315\",\n \"CVE-2008-2370\",\n \"CVE-2008-3142\",\n \"CVE-2008-3143\",\n \"CVE-2008-3144\",\n \"CVE-2008-3528\",\n \"CVE-2008-4307\",\n \"CVE-2008-4864\",\n \"CVE-2008-5031\",\n \"CVE-2008-5515\",\n \"CVE-2008-5700\",\n \"CVE-2009-0028\",\n \"CVE-2009-0033\",\n \"CVE-2009-0159\",\n \"CVE-2009-0269\",\n \"CVE-2009-0322\",\n \"CVE-2009-0580\",\n \"CVE-2009-0675\",\n \"CVE-2009-0676\",\n \"CVE-2009-0696\",\n \"CVE-2009-0745\",\n \"CVE-2009-0746\",\n \"CVE-2009-0747\",\n \"CVE-2009-0748\",\n \"CVE-2009-0778\",\n \"CVE-2009-0781\",\n \"CVE-2009-0783\",\n \"CVE-2009-0787\",\n \"CVE-2009-0834\",\n \"CVE-2009-1072\",\n \"CVE-2009-1093\",\n \"CVE-2009-1094\",\n \"CVE-2009-1095\",\n \"CVE-2009-1096\",\n \"CVE-2009-1097\",\n \"CVE-2009-1098\",\n \"CVE-2009-1099\",\n \"CVE-2009-1100\",\n \"CVE-2009-1101\",\n \"CVE-2009-1102\",\n \"CVE-2009-1103\",\n \"CVE-2009-1104\",\n \"CVE-2009-1105\",\n \"CVE-2009-1106\",\n \"CVE-2009-1107\",\n \"CVE-2009-1192\",\n \"CVE-2009-1252\",\n \"CVE-2009-1336\",\n \"CVE-2009-1337\",\n \"CVE-2009-1385\",\n \"CVE-2009-1388\",\n \"CVE-2009-1389\",\n \"CVE-2009-1439\",\n \"CVE-2009-1630\",\n \"CVE-2009-1633\",\n \"CVE-2009-1895\",\n \"CVE-2009-2406\",\n \"CVE-2009-2407\",\n \"CVE-2009-2414\",\n \"CVE-2009-2416\",\n \"CVE-2009-2417\",\n \"CVE-2009-2625\",\n \"CVE-2009-2670\",\n \"CVE-2009-2671\",\n \"CVE-2009-2672\",\n \"CVE-2009-2673\",\n \"CVE-2009-2675\",\n \"CVE-2009-2676\",\n \"CVE-2009-2692\",\n \"CVE-2009-2698\",\n \"CVE-2009-2716\",\n \"CVE-2009-2718\",\n \"CVE-2009-2719\",\n \"CVE-2009-2720\",\n \"CVE-2009-2721\",\n \"CVE-2009-2722\",\n \"CVE-2009-2723\",\n \"CVE-2009-2724\",\n \"CVE-2009-2847\",\n \"CVE-2009-2848\"\n );\n script_bugtraq_id(\n 23887,\n 25696,\n 26070,\n 26880,\n 27006,\n 27703,\n 27706,\n 28715,\n 28749,\n 29502,\n 30491,\n 30494,\n 30496,\n 31932,\n 33187,\n 33237,\n 33412,\n 33428,\n 33618,\n 33846,\n 33906,\n 33951,\n 34084,\n 34205,\n 34216,\n 34240,\n 34390,\n 34405,\n 34453,\n 34481,\n 34612,\n 34673,\n 34934,\n 35017,\n 35185,\n 35193,\n 35196,\n 35263,\n 35281,\n 35416,\n 35559,\n 35647,\n 35848,\n 35850,\n 35851,\n 35922,\n 35929,\n 35930,\n 35939,\n 35943,\n 35944,\n 35946,\n 35958,\n 36010,\n 36032,\n 36038,\n 36108,\n 49470\n );\n script_xref(name:\"VMSA\", value:\"2009-0016\");\n\n script_name(english:\"VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0016) (remote check)\");\n script_summary(english:\"Checks the ESX / ESXi version and build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a security-related patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESX / ESXi host is missing a security-related patch.\nIt is, therefore, affected by multiple vulnerabilities, including\nremote code execution vulnerabilities, in the following components :\n\n - Apache Geronimo\n - Apache Tomcat\n - Apache Xerces2\n - cURL/libcURL\n - ISC BIND\n - Libxml2\n - Linux kernel\n - Linux kernel 64-bit\n - Linux kernel Common Internet File System\n - Linux kernel eCryptfs\n - NTP\n - Python\n - Java Runtime Environment (JRE)\n - Java SE Development Kit (JDK)\n - Java SE Abstract Window Toolkit (AWT)\n - Java SE Plugin\n - Java SE Provider\n - Java SE Swing\n - Java SE Web Start\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2009-0016\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the vendor advisory that\npertains to ESX / ESXi version 3.5 / 4.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel Sendpage Local Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(16, 20, 22, 79, 94, 119, 189, 200, 264, 310, 362, 399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/03/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n script_require_ports(\"Host/VMware/vsphere\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"Host/VMware/version\");\nrelease = get_kb_item_or_exit(\"Host/VMware/release\");\nport = get_kb_item_or_exit(\"Host/VMware/vsphere\");\n\nfixes = make_array();\nfixes[\"ESX 3.5\"] = 227413;\nfixes[\"ESXi 3.5\"] = 226117;\nfixes[\"ESX 4.0\"] = 208167;\nfixes[\"ESXi 4.0\"] = 208167;\n\nmatches = eregmatch(pattern:'^VMware (ESXi?).*build-([0-9]+)$', string:release);\nif (empty_or_null(matches))\n exit(1, 'Failed to extract the ESX / ESXi build number.');\n\ntype = matches[1];\nbuild = int(matches[2]);\n\nfixed_build = fixes[version];\n\nif (!isnull(fixed_build) && build < fixed_build)\n{\n padding = crap(data:\" \", length:8 - strlen(type)); # Spacing alignment\n\n report = '\\n ' + type + ' version' + padding + ': ' + version +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fixed_build +\n '\\n';\n\n security_report_v4(extra:report, port:port, severity:SECURITY_HOLE, xss:TRUE);\n}\nelse\n audit(AUDIT_INST_VER_NOT_VULN, \"VMware \" + version + \" build \" + build);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-27T10:56:06", "description": "The remote host is missing updates to the kernel announced in\nadvisory RHSA-2009:0459.\n\nSecurity fixes:\n\n* a logic error was found in the do_setlk() function of the Linux kernel\nNetwork File System (NFS) implementation. If a signal interrupted a lock\nrequest, the local POSIX lock was incorrectly created. This could cause a\ndenial of service on the NFS server if a file descriptor was closed before\nits corresponding lock request returned. (CVE-2008-4307, Important)\n\n* a deficiency was found in the Linux kernel system call auditing\nimplementation on 64-bit systems. This could allow a local, unprivileged\nuser to circumvent a system call audit configuration, if that configuration\nfiltered based on the syscall number or arguments.\n(CVE-2009-0834, Important)\n\n* Chris Evans reported a deficiency in the Linux kernel signals\nimplementation. The clone() system call permits the caller to indicate the\nsignal it wants to receive when its child exits. When clone() is called\nwith the CLONE_PARENT flag, it permits the caller to clone a new child that\nshares the same parent as itself, enabling the indicated signal to be sent\nto the caller's parent (instead of the caller), even if the caller's parent\nhas different real and effective user IDs. This could lead to a denial of\nservice of the parent. (CVE-2009-0028, Moderate)\n\n* the sock_getsockopt() function in the Linux kernel did not properly\ninitialize a data structure that can be directly returned to user-space\nwhen the getsockopt() function is called with SO_BSDCOMPAT optname set.\nThis flaw could possibly lead to memory disclosure.\n(CVE-2009-0676, Moderate)\n\nFor details on other non-security related bug fixes, please visit\nthe referenced advisories.", "cvss3": {}, "published": "2009-05-05T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0459", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-4307", "CVE-2009-0028", "CVE-2009-0676", "CVE-2009-0834"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:63911", "href": "http://plugins.openvas.org/nasl.php?oid=63911", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0459.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0459 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to the kernel announced in\nadvisory RHSA-2009:0459.\n\nSecurity fixes:\n\n* a logic error was found in the do_setlk() function of the Linux kernel\nNetwork File System (NFS) implementation. If a signal interrupted a lock\nrequest, the local POSIX lock was incorrectly created. This could cause a\ndenial of service on the NFS server if a file descriptor was closed before\nits corresponding lock request returned. (CVE-2008-4307, Important)\n\n* a deficiency was found in the Linux kernel system call auditing\nimplementation on 64-bit systems. This could allow a local, unprivileged\nuser to circumvent a system call audit configuration, if that configuration\nfiltered based on the syscall number or arguments.\n(CVE-2009-0834, Important)\n\n* Chris Evans reported a deficiency in the Linux kernel signals\nimplementation. The clone() system call permits the caller to indicate the\nsignal it wants to receive when its child exits. When clone() is called\nwith the CLONE_PARENT flag, it permits the caller to clone a new child that\nshares the same parent as itself, enabling the indicated signal to be sent\nto the caller's parent (instead of the caller), even if the caller's parent\nhas different real and effective user IDs. This could lead to a denial of\nservice of the parent. (CVE-2009-0028, Moderate)\n\n* the sock_getsockopt() function in the Linux kernel did not properly\ninitialize a data structure that can be directly returned to user-space\nwhen the getsockopt() function is called with SO_BSDCOMPAT optname set.\nThis flaw could possibly lead to memory disclosure.\n(CVE-2009-0676, Moderate)\n\nFor details on other non-security related bug fixes, please visit\nthe referenced advisories.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(63911);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 16:00:35 +0200 (Tue, 05 May 2009)\");\n script_cve_id(\"CVE-2008-4307\", \"CVE-2009-0028\", \"CVE-2009-0676\", \"CVE-2009-0834\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:N/I:N/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0459\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0459.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.9~78.0.22.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.9~78.0.22.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.9~78.0.22.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-hugemem\", rpm:\"kernel-hugemem~2.6.9~78.0.22.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-hugemem-devel\", rpm:\"kernel-hugemem-devel~2.6.9~78.0.22.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.9~78.0.22.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.9~78.0.22.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xenU\", rpm:\"kernel-xenU~2.6.9~78.0.22.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xenU-devel\", rpm:\"kernel-xenU-devel~2.6.9~78.0.22.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-largesmp\", rpm:\"kernel-largesmp~2.6.9~78.0.22.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-largesmp-devel\", rpm:\"kernel-largesmp-devel~2.6.9~78.0.22.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.9~78.0.22.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.0, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:40", "description": "The remote host is missing updates to kernel announced in\nadvisory CESA-2009:0459.", "cvss3": {}, "published": "2009-05-05T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:0459 (kernel)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-4307", "CVE-2009-0028", "CVE-2009-0676", "CVE-2009-0834"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:63946", "href": "http://plugins.openvas.org/nasl.php?oid=63946", "sourceData": "#CESA-2009:0459 63946 2\n# $Id: ovcesa2009_0459.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:0459 (kernel)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:0459\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:0459\nhttps://rhn.redhat.com/errata/RHSA-2009-0459.html\";\ntag_summary = \"The remote host is missing updates to kernel announced in\nadvisory CESA-2009:0459.\";\n\n\n\nif(description)\n{\n script_id(63946);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 16:00:35 +0200 (Tue, 05 May 2009)\");\n script_cve_id(\"CVE-2008-4307\", \"CVE-2009-0028\", \"CVE-2009-0676\", \"CVE-2009-0834\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:N/I:N/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:0459 (kernel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.9~78.0.22.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.9~78.0.22.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.9~78.0.22.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-largesmp\", rpm:\"kernel-largesmp~2.6.9~78.0.22.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-largesmp-devel\", rpm:\"kernel-largesmp-devel~2.6.9~78.0.22.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.9~78.0.22.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.9~78.0.22.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xenU\", rpm:\"kernel-xenU~2.6.9~78.0.22.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xenU-devel\", rpm:\"kernel-xenU-devel~2.6.9~78.0.22.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-hugemem\", rpm:\"kernel-hugemem~2.6.9~78.0.22.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-hugemem-devel\", rpm:\"kernel-hugemem-devel~2.6.9~78.0.22.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.0, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:33", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2009:0459 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-4307", "CVE-2009-0028", "CVE-2009-0676", "CVE-2009-0834"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880941", "href": "http://plugins.openvas.org/nasl.php?oid=880941", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2009:0459 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n Security fixes:\n \n * a logic error was found in the do_setlk() function of the Linux kernel\n Network File System (NFS) implementation. If a signal interrupted a lock\n request, the local POSIX lock was incorrectly created. This could cause a\n denial of service on the NFS server if a file descriptor was closed before\n its corresponding lock request returned. (CVE-2008-4307, Important)\n \n * a deficiency was found in the Linux kernel system call auditing\n implementation on 64-bit systems. This could allow a local, unprivileged\n user to circumvent a system call audit configuration, if that configuration\n filtered based on the "syscall" number or arguments.\n (CVE-2009-0834, Important)\n \n * Chris Evans reported a deficiency in the Linux kernel signals\n implementation. The clone() system call permits the caller to indicate the\n signal it wants to receive when its child exits. When clone() is called\n with the CLONE_PARENT flag, it permits the caller to clone a new child that\n shares the same parent as itself, enabling the indicated signal to be sent\n to the caller's parent (instead of the caller), even if the caller's parent\n has different real and effective user IDs. This could lead to a denial of\n service of the parent. (CVE-2009-0028, Moderate)\n \n * the sock_getsockopt() function in the Linux kernel did not properly\n initialize a data structure that can be directly returned to user-space\n when the getsockopt() function is called with SO_BSDCOMPAT optname set.\n This flaw could possibly lead to memory disclosure.\n (CVE-2009-0676, Moderate)\n \n Bug fixes:\n \n * a kernel crash may have occurred for Red Hat Enterprise Linux 4.7 guests\n if their guest configuration file specified "vif = [ "type=ioemu" ]". This\n crash only occurred when starting guests via the "xm create" command.\n (BZ#477146)\n \n * a bug in IO-APIC NMI watchdog may have prevented Red Hat Enterprise Linux\n 4.7 from being installed on HP ProLiant DL580 G5 systems. Hangs during\n installation and "NMI received for unknown reason [xx]" errors may have\n occurred. (BZ#479184)\n \n * a kernel deadlock on some systems when using netdump through a network\n interface that uses the igb driver. (BZ#480579)\n \n * a possible kernel hang in sys_ptrace() on the Itanium architecture,\n possibly triggered by tracing a threaded process with strace. (BZ#484904)\n \n * the RHSA-2008:0665 errata only fixed the known problem with the LSI Logic\n LSI53C1030 Ultra320 SCSI controller, for ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"kernel on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-May/015839.html\");\n script_id(880941);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"CESA\", value: \"2009:0459\");\n script_cve_id(\"CVE-2008-4307\", \"CVE-2009-0028\", \"CVE-2009-0676\", \"CVE-2009-0834\");\n script_name(\"CentOS Update for kernel CESA-2009:0459 centos4 i386\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.9~78.0.22.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.9~78.0.22.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.9~78.0.22.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-hugemem\", rpm:\"kernel-hugemem~2.6.9~78.0.22.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-hugemem-devel\", rpm:\"kernel-hugemem-devel~2.6.9~78.0.22.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.9~78.0.22.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.9~78.0.22.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xenU\", rpm:\"kernel-xenU~2.6.9~78.0.22.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xenU-devel\", rpm:\"kernel-xenU-devel~2.6.9~78.0.22.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:01", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2009:0459 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-4307", "CVE-2009-0028", "CVE-2009-0676", "CVE-2009-0834"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880941", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880941", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2009:0459 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-May/015839.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880941\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"CESA\", value:\"2009:0459\");\n script_cve_id(\"CVE-2008-4307\", \"CVE-2009-0028\", \"CVE-2009-0676\", \"CVE-2009-0834\");\n script_name(\"CentOS Update for kernel CESA-2009:0459 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"kernel on CentOS 4\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n Security fixes:\n\n * a logic error was found in the do_setlk() function of the Linux kernel\n Network File System (NFS) implementation. If a signal interrupted a lock\n request, the local POSIX lock was incorrectly created. This could cause a\n denial of service on the NFS server if a file descriptor was closed before\n its corresponding lock request returned. (CVE-2008-4307, Important)\n\n * a deficiency was found in the Linux kernel system call auditing\n implementation on 64-bit systems. This could allow a local, unprivileged\n user to circumvent a system call audit configuration, if that configuration\n filtered based on the 'syscall' number or arguments.\n (CVE-2009-0834, Important)\n\n * Chris Evans reported a deficiency in the Linux kernel signals\n implementation. The clone() system call permits the caller to indicate the\n signal it wants to receive when its child exits. When clone() is called\n with the CLONE_PARENT flag, it permits the caller to clone a new child that\n shares the same parent as itself, enabling the indicated signal to be sent\n to the caller's parent (instead of the caller), even if the caller's parent\n has different real and effective user IDs. This could lead to a denial of\n service of the parent. (CVE-2009-0028, Moderate)\n\n * the sock_getsockopt() function in the Linux kernel did not properly\n initialize a data structure that can be directly returned to user-space\n when the getsockopt() function is called with SO_BSDCOMPAT optname set.\n This flaw could possibly lead to memory disclosure.\n (CVE-2009-0676, Moderate)\n\n Bug fixes:\n\n * a kernel crash may have occurred for Red Hat Enterprise Linux 4.7 guests\n if their guest configuration file specified 'vif = [ 'type=ioemu' ]'. This\n crash only occurred when starting guests via the 'xm create' command.\n (BZ#477146)\n\n * a bug in IO-APIC NMI watchdog may have prevented Red Hat Enterprise Linux\n 4.7 from being installed on HP ProLiant DL580 G5 systems. Hangs during\n installation and 'NMI received for unknown reason [xx]' errors may have\n occurred. (BZ#479184)\n\n * a kernel deadlock on some systems when using netdump through a network\n interface that uses the igb driver. (BZ#480579)\n\n * a possible kernel hang in sys_ptrace() on the Itanium architecture,\n possibly triggered by tracing a threaded process with strace. (BZ#484904)\n\n * the RHSA-2008:0665 errata only fixed the known problem with the LSI Logic\n LSI53C1030 Ultra320 SCSI controller, for ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.9~78.0.22.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.9~78.0.22.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.9~78.0.22.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-hugemem\", rpm:\"kernel-hugemem~2.6.9~78.0.22.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-hugemem-devel\", rpm:\"kernel-hugemem-devel~2.6.9~78.0.22.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.9~78.0.22.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.9~78.0.22.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xenU\", rpm:\"kernel-xenU~2.6.9~78.0.22.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xenU-devel\", rpm:\"kernel-xenU-devel~2.6.9~78.0.22.EL\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:L/AC:H/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2018-04-06T11:38:33", "description": "The remote host is missing updates to the kernel announced in\nadvisory RHSA-2009:0459.\n\nSecurity fixes:\n\n* a logic error was found in the do_setlk() function of the Linux kernel\nNetwork File System (NFS) implementation. If a signal interrupted a lock\nrequest, the local POSIX lock was incorrectly created. This could cause a\ndenial of service on the NFS server if a file descriptor was closed before\nits corresponding lock request returned. (CVE-2008-4307, Important)\n\n* a deficiency was found in the Linux kernel system call auditing\nimplementation on 64-bit systems. This could allow a local, unprivileged\nuser to circumvent a system call audit configuration, if that configuration\nfiltered based on the syscall number or arguments.\n(CVE-2009-0834, Important)\n\n* Chris Evans reported a deficiency in the Linux kernel signals\nimplementation. The clone() system call permits the caller to indicate the\nsignal it wants to receive when its child exits. When clone() is called\nwith the CLONE_PARENT flag, it permits the caller to clone a new child that\nshares the same parent as itself, enabling the indicated signal to be sent\nto the caller's parent (instead of the caller), even if the caller's parent\nhas different real and effective user IDs. This could lead to a denial of\nservice of the parent. (CVE-2009-0028, Moderate)\n\n* the sock_getsockopt() function in the Linux kernel did not properly\ninitialize a data structure that can be directly returned to user-space\nwhen the getsockopt() function is called with SO_BSDCOMPAT optname set.\nThis flaw could possibly lead to memory disclosure.\n(CVE-2009-0676, Moderate)\n\nFor details on other non-security related bug fixes, please visit\nthe referenced advisories.", "cvss3": {}, "published": "2009-05-05T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0459", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-4307", "CVE-2009-0028", "CVE-2009-0676", "CVE-2009-0834"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063911", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063911", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0459.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0459 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to the kernel announced in\nadvisory RHSA-2009:0459.\n\nSecurity fixes:\n\n* a logic error was found in the do_setlk() function of the Linux kernel\nNetwork File System (NFS) implementation. If a signal interrupted a lock\nrequest, the local POSIX lock was incorrectly created. This could cause a\ndenial of service on the NFS server if a file descriptor was closed before\nits corresponding lock request returned. (CVE-2008-4307, Important)\n\n* a deficiency was found in the Linux kernel system call auditing\nimplementation on 64-bit systems. This could allow a local, unprivileged\nuser to circumvent a system call audit configuration, if that configuration\nfiltered based on the syscall number or arguments.\n(CVE-2009-0834, Important)\n\n* Chris Evans reported a deficiency in the Linux kernel signals\nimplementation. The clone() system call permits the caller to indicate the\nsignal it wants to receive when its child exits. When clone() is called\nwith the CLONE_PARENT flag, it permits the caller to clone a new child that\nshares the same parent as itself, enabling the indicated signal to be sent\nto the caller's parent (instead of the caller), even if the caller's parent\nhas different real and effective user IDs. This could lead to a denial of\nservice of the parent. (CVE-2009-0028, Moderate)\n\n* the sock_getsockopt() function in the Linux kernel did not properly\ninitialize a data structure that can be directly returned to user-space\nwhen the getsockopt() function is called with SO_BSDCOMPAT optname set.\nThis flaw could possibly lead to memory disclosure.\n(CVE-2009-0676, Moderate)\n\nFor details on other non-security related bug fixes, please visit\nthe referenced advisories.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63911\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 16:00:35 +0200 (Tue, 05 May 2009)\");\n script_cve_id(\"CVE-2008-4307\", \"CVE-2009-0028\", \"CVE-2009-0676\", \"CVE-2009-0834\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:N/I:N/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0459\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0459.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.9~78.0.22.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.9~78.0.22.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.9~78.0.22.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-hugemem\", rpm:\"kernel-hugemem~2.6.9~78.0.22.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-hugemem-devel\", rpm:\"kernel-hugemem-devel~2.6.9~78.0.22.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.9~78.0.22.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.9~78.0.22.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xenU\", rpm:\"kernel-xenU~2.6.9~78.0.22.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xenU-devel\", rpm:\"kernel-xenU-devel~2.6.9~78.0.22.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-largesmp\", rpm:\"kernel-largesmp~2.6.9~78.0.22.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-largesmp-devel\", rpm:\"kernel-largesmp-devel~2.6.9~78.0.22.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.9~78.0.22.EL\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.0, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:02", "description": "The remote host is missing updates to kernel announced in\nadvisory CESA-2009:0459.", "cvss3": {}, "published": "2009-05-05T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:0459 (kernel)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-4307", "CVE-2009-0028", "CVE-2009-0676", "CVE-2009-0834"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063946", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063946", "sourceData": "#CESA-2009:0459 63946 2\n# $Id: ovcesa2009_0459.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:0459 (kernel)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:0459\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:0459\nhttps://rhn.redhat.com/errata/RHSA-2009-0459.html\";\ntag_summary = \"The remote host is missing updates to kernel announced in\nadvisory CESA-2009:0459.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63946\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 16:00:35 +0200 (Tue, 05 May 2009)\");\n script_cve_id(\"CVE-2008-4307\", \"CVE-2009-0028\", \"CVE-2009-0676\", \"CVE-2009-0834\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:N/I:N/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:0459 (kernel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.9~78.0.22.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.9~78.0.22.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.9~78.0.22.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-largesmp\", rpm:\"kernel-largesmp~2.6.9~78.0.22.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-largesmp-devel\", rpm:\"kernel-largesmp-devel~2.6.9~78.0.22.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.9~78.0.22.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.9~78.0.22.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xenU\", rpm:\"kernel-xenU~2.6.9~78.0.22.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xenU-devel\", rpm:\"kernel-xenU-devel~2.6.9~78.0.22.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-hugemem\", rpm:\"kernel-hugemem~2.6.9~78.0.22.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-hugemem-devel\", rpm:\"kernel-hugemem-devel~2.6.9~78.0.22.EL\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.0, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:58", "description": "The remote host is missing updates to kernel announced in\nadvisory CESA-2009:0473.", "cvss3": {}, "published": "2009-05-11T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:0473 (kernel)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0787", "CVE-2008-4307", "CVE-2009-1337", "CVE-2009-0834", "CVE-2009-1336"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:63970", "href": "http://plugins.openvas.org/nasl.php?oid=63970", "sourceData": "#CESA-2009:0473 63970 2\n# $Id: ovcesa2009_0473.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:0473 (kernel)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:0473\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:0473\nhttps://rhn.redhat.com/errata/RHSA-2009-0473.html\";\ntag_summary = \"The remote host is missing updates to kernel announced in\nadvisory CESA-2009:0473.\";\n\n\n\nif(description)\n{\n script_id(63970);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-11 20:24:31 +0200 (Mon, 11 May 2009)\");\n script_cve_id(\"CVE-2008-4307\", \"CVE-2009-0787\", \"CVE-2009-0834\", \"CVE-2009-1336\", \"CVE-2009-1337\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_name(\"CentOS Security Advisory CESA-2009:0473 (kernel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~128.1.10.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~128.1.10.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~128.1.10.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~128.1.10.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~128.1.10.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~128.1.10.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~128.1.10.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~128.1.10.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~128.1.10.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~128.1.10.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-27T10:56:40", "description": "The remote host is missing updates to the kernel announced in\nadvisory RHSA-2009:0473.\n\nThis update fixes the following security issues:\n\n* a logic error was found in the do_setlk() function of the Linux kernel\nNetwork File System (NFS) implementation. If a signal interrupted a lock\nrequest, the local POSIX lock was incorrectly created. This could cause a\ndenial of service on the NFS server if a file descriptor was closed before\nits corresponding lock request returned. (CVE-2008-4307, Important)\n\n* a deficiency was found in the Linux kernel system call auditing\nimplementation on 64-bit systems. This could allow a local, unprivileged\nuser to circumvent a system call audit configuration, if that configuration\nfiltered based on the syscall number or arguments.\n(CVE-2009-0834, Important)\n\n* the exit_notify() function in the Linux kernel did not properly reset the\nexit signal if a process executed a set user ID (setuid) application before\nexiting. This could allow a local, unprivileged user to elevate their\nprivileges. (CVE-2009-1337, Important)\n\n* a flaw was found in the ecryptfs_write_metadata_to_contents() function of\nthe Linux kernel eCryptfs implementation. On systems with a 4096 byte\npage-size, this flaw may have caused 4096 bytes of uninitialized kernel\nmemory to be written into the eCryptfs file headers, leading to an\ninformation leak. Note: Encrypted files created on systems running the\nvulnerable version of eCryptfs may contain leaked data in the eCryptfs file\nheaders. This update does not remove any leaked data. Refer to the\nKnowledgebase article in the References section for further information.\n(CVE-2009-0787, Moderate)\n\n* the Linux kernel implementation of the Network File System (NFS) did not\nproperly initialize the file name limit in the nfs_server data structure.\nThis flaw could possibly lead to a denial of service on a client mounting\nan NFS share. (CVE-2009-1336, Moderate)\n\nFor additional details on bugs fixed in this update, please visit\nthe referenced security advisories.\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. The system must be rebooted for this\nupdate to take effect.", "cvss3": {}, "published": "2009-05-11T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0473", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0787", "CVE-2008-4307", "CVE-2009-1337", "CVE-2009-0834", "CVE-2009-1336"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:63947", "href": "http://plugins.openvas.org/nasl.php?oid=63947", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0473.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0473 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to the kernel announced in\nadvisory RHSA-2009:0473.\n\nThis update fixes the following security issues:\n\n* a logic error was found in the do_setlk() function of the Linux kernel\nNetwork File System (NFS) implementation. If a signal interrupted a lock\nrequest, the local POSIX lock was incorrectly created. This could cause a\ndenial of service on the NFS server if a file descriptor was closed before\nits corresponding lock request returned. (CVE-2008-4307, Important)\n\n* a deficiency was found in the Linux kernel system call auditing\nimplementation on 64-bit systems. This could allow a local, unprivileged\nuser to circumvent a system call audit configuration, if that configuration\nfiltered based on the syscall number or arguments.\n(CVE-2009-0834, Important)\n\n* the exit_notify() function in the Linux kernel did not properly reset the\nexit signal if a process executed a set user ID (setuid) application before\nexiting. This could allow a local, unprivileged user to elevate their\nprivileges. (CVE-2009-1337, Important)\n\n* a flaw was found in the ecryptfs_write_metadata_to_contents() function of\nthe Linux kernel eCryptfs implementation. On systems with a 4096 byte\npage-size, this flaw may have caused 4096 bytes of uninitialized kernel\nmemory to be written into the eCryptfs file headers, leading to an\ninformation leak. Note: Encrypted files created on systems running the\nvulnerable version of eCryptfs may contain leaked data in the eCryptfs file\nheaders. This update does not remove any leaked data. Refer to the\nKnowledgebase article in the References section for further information.\n(CVE-2009-0787, Moderate)\n\n* the Linux kernel implementation of the Network File System (NFS) did not\nproperly initialize the file name limit in the nfs_server data structure.\nThis flaw could possibly lead to a denial of service on a client mounting\nan NFS share. (CVE-2009-1336, Moderate)\n\nFor additional details on bugs fixed in this update, please visit\nthe referenced security advisories.\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. The system must be rebooted for this\nupdate to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(63947);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-11 20:24:31 +0200 (Mon, 11 May 2009)\");\n script_cve_id(\"CVE-2008-4307\", \"CVE-2009-0787\", \"CVE-2009-0834\", \"CVE-2009-1336\", \"CVE-2009-1337\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_name(\"RedHat Security Advisory RHSA-2009:0473\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0473.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n script_xref(name : \"URL\" , value : \"http://kbase.redhat.com/faq/docs/DOC-16748\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~128.1.10.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~128.1.10.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.18~128.1.10.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~128.1.10.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~128.1.10.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.18~128.1.10.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~128.1.10.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.18~128.1.10.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.18~128.1.10.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~128.1.10.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~128.1.10.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~128.1.10.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~2.6.18~128.1.10.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~128.1.10.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~128.1.10.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-kdump\", rpm:\"kernel-kdump~2.6.18~128.1.10.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-kdump-debuginfo\", rpm:\"kernel-kdump-debuginfo~2.6.18~128.1.10.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-kdump-devel\", rpm:\"kernel-kdump-devel~2.6.18~128.1.10.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-25T10:55:42", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2009:0473 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0787", "CVE-2008-4307", "CVE-2009-1337", "CVE-2009-0834", "CVE-2009-1336"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880841", "href": "http://plugins.openvas.org/nasl.php?oid=880841", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2009:0473 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n \n * a logic error was found in the do_setlk() function of the Linux kernel\n Network File System (NFS) implementation. If a signal interrupted a lock\n request, the local POSIX lock was incorrectly created. This could cause a\n denial of service on the NFS server if a file descriptor was closed before\n its corresponding lock request returned. (CVE-2008-4307, Important)\n \n * a deficiency was found in the Linux kernel system call auditing\n implementation on 64-bit systems. This could allow a local, unprivileged\n user to circumvent a system call audit configuration, if that configuration\n filtered based on the "syscall" number or arguments.\n (CVE-2009-0834, Important)\n \n * the exit_notify() function in the Linux kernel did not properly reset the\n exit signal if a process executed a set user ID (setuid) application before\n exiting. This could allow a local, unprivileged user to elevate their\n privileges. (CVE-2009-1337, Important)\n \n * a flaw was found in the ecryptfs_write_metadata_to_contents() function of\n the Linux kernel eCryptfs implementation. On systems with a 4096 byte\n page-size, this flaw may have caused 4096 bytes of uninitialized kernel\n memory to be written into the eCryptfs file headers, leading to an\n information leak. Note: Encrypted files created on systems running the\n vulnerable version of eCryptfs may contain leaked data in the eCryptfs file\n headers. This update does not remove any leaked data. Refer to the\n Knowledgebase article in the References section for further information.\n (CVE-2009-0787, Moderate)\n \n * the Linux kernel implementation of the Network File System (NFS) did not\n properly initialize the file name limit in the nfs_server data structure.\n This flaw could possibly lead to a denial of service on a client mounting\n an NFS share. (CVE-2009-1336, Moderate)\n \n This update also fixes the following bugs:\n \n * the enic driver (Cisco 10G Ethernet) did not operate under\n virtualization. (BZ#472474)\n \n * network interfaces using the IBM eHEA Ethernet device driver could not be\n successfully configured under low-memory conditions. (BZ#487035)\n \n * bonding with the "arp_validate=3" option may have prevented fail overs.\n (BZ#488064)\n \n * when running under virtualization, the acpi-cpufreq module wrote "Domain\n attempted WRMSR" errors to the dmesg log. (BZ#488928)\n \n * NFS clients may have experienced deadlocks during unmount. (BZ#488929)\n \n * the ixgbe drive ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"kernel on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-May/015845.html\");\n script_id(880841);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_xref(name: \"CESA\", value: \"2009:0473\");\n script_cve_id(\"CVE-2008-4307\", \"CVE-2009-0787\", \"CVE-2009-0834\", \"CVE-2009-1336\", \"CVE-2009-1337\");\n script_name(\"CentOS Update for kernel CESA-2009:0473 centos5 i386\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~128.1.10.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~128.1.10.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~128.1.10.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~128.1.10.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~128.1.10.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~128.1.10.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~128.1.10.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~128.1.10.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~128.1.10.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~128.1.10.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:36:50", "description": "Oracle Linux Local Security Checks ELSA-2009-0473", "cvss3": {}, "published": "2015-10-08T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2009-0473", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0787", "CVE-2008-4307", "CVE-2009-1337", "CVE-2009-0834", "CVE-2009-1336"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122489", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122489", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2009-0473.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122489\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:46:29 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2009-0473\");\n script_tag(name:\"insight\", value:\"ELSA-2009-0473 - kernel security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2009-0473\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2009-0473.html\");\n script_cve_id(\"CVE-2008-4307\", \"CVE-2009-0787\", \"CVE-2009-0834\", \"CVE-2009-1336\", \"CVE-2009-1337\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~128.1.10.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~128.1.10.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~128.1.10.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~128.1.10.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~128.1.10.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~128.1.10.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~128.1.10.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~128.1.10.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~128.1.10.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~128.1.10.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~128.1.10.0.1.el5~1.2.9~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~128.1.10.0.1.el5~1.4.1~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~128.1.10.0.1.el5PAE~1.2.9~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~128.1.10.0.1.el5PAE~1.4.1~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~128.1.10.0.1.el5debug~1.2.9~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~128.1.10.0.1.el5debug~1.4.1~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~128.1.10.0.1.el5xen~1.2.9~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~128.1.10.0.1.el5xen~1.4.1~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~128.1.10.0.1.el5~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~128.1.10.0.1.el5PAE~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~128.1.10.0.1.el5debug~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~128.1.10.0.1.el5xen~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2018-04-06T11:40:10", "description": "The remote host is missing updates to the kernel announced in\nadvisory RHSA-2009:0473.\n\nThis update fixes the following security issues:\n\n* a logic error was found in the do_setlk() function of the Linux kernel\nNetwork File System (NFS) implementation. If a signal interrupted a lock\nrequest, the local POSIX lock was incorrectly created. This could cause a\ndenial of service on the NFS server if a file descriptor was closed before\nits corresponding lock request returned. (CVE-2008-4307, Important)\n\n* a deficiency was found in the Linux kernel system call auditing\nimplementation on 64-bit systems. This could allow a local, unprivileged\nuser to circumvent a system call audit configuration, if that configuration\nfiltered based on the syscall number or arguments.\n(CVE-2009-0834, Important)\n\n* the exit_notify() function in the Linux kernel did not properly reset the\nexit signal if a process executed a set user ID (setuid) application before\nexiting. This could allow a local, unprivileged user to elevate their\nprivileges. (CVE-2009-1337, Important)\n\n* a flaw was found in the ecryptfs_write_metadata_to_contents() function of\nthe Linux kernel eCryptfs implementation. On systems with a 4096 byte\npage-size, this flaw may have caused 4096 bytes of uninitialized kernel\nmemory to be written into the eCryptfs file headers, leading to an\ninformation leak. Note: Encrypted files created on systems running the\nvulnerable version of eCryptfs may contain leaked data in the eCryptfs file\nheaders. This update does not remove any leaked data. Refer to the\nKnowledgebase article in the References section for further information.\n(CVE-2009-0787, Moderate)\n\n* the Linux kernel implementation of the Network File System (NFS) did not\nproperly initialize the file name limit in the nfs_server data structure.\nThis flaw could possibly lead to a denial of service on a client mounting\nan NFS share. (CVE-2009-1336, Moderate)\n\nFor additional details on bugs fixed in this update, please visit\nthe referenced security advisories.\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. The system must be rebooted for this\nupdate to take effect.", "cvss3": {}, "published": "2009-05-11T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0473", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0787", "CVE-2008-4307", "CVE-2009-1337", "CVE-2009-0834", "CVE-2009-1336"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063947", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063947", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0473.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0473 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to the kernel announced in\nadvisory RHSA-2009:0473.\n\nThis update fixes the following security issues:\n\n* a logic error was found in the do_setlk() function of the Linux kernel\nNetwork File System (NFS) implementation. If a signal interrupted a lock\nrequest, the local POSIX lock was incorrectly created. This could cause a\ndenial of service on the NFS server if a file descriptor was closed before\nits corresponding lock request returned. (CVE-2008-4307, Important)\n\n* a deficiency was found in the Linux kernel system call auditing\nimplementation on 64-bit systems. This could allow a local, unprivileged\nuser to circumvent a system call audit configuration, if that configuration\nfiltered based on the syscall number or arguments.\n(CVE-2009-0834, Important)\n\n* the exit_notify() function in the Linux kernel did not properly reset the\nexit signal if a process executed a set user ID (setuid) application before\nexiting. This could allow a local, unprivileged user to elevate their\nprivileges. (CVE-2009-1337, Important)\n\n* a flaw was found in the ecryptfs_write_metadata_to_contents() function of\nthe Linux kernel eCryptfs implementation. On systems with a 4096 byte\npage-size, this flaw may have caused 4096 bytes of uninitialized kernel\nmemory to be written into the eCryptfs file headers, leading to an\ninformation leak. Note: Encrypted files created on systems running the\nvulnerable version of eCryptfs may contain leaked data in the eCryptfs file\nheaders. This update does not remove any leaked data. Refer to the\nKnowledgebase article in the References section for further information.\n(CVE-2009-0787, Moderate)\n\n* the Linux kernel implementation of the Network File System (NFS) did not\nproperly initialize the file name limit in the nfs_server data structure.\nThis flaw could possibly lead to a denial of service on a client mounting\nan NFS share. (CVE-2009-1336, Moderate)\n\nFor additional details on bugs fixed in this update, please visit\nthe referenced security advisories.\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. The system must be rebooted for this\nupdate to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63947\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-11 20:24:31 +0200 (Mon, 11 May 2009)\");\n script_cve_id(\"CVE-2008-4307\", \"CVE-2009-0787\", \"CVE-2009-0834\", \"CVE-2009-1336\", \"CVE-2009-1337\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_name(\"RedHat Security Advisory RHSA-2009:0473\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0473.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n script_xref(name : \"URL\" , value : \"http://kbase.redhat.com/faq/docs/DOC-16748\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~128.1.10.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~128.1.10.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.18~128.1.10.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~128.1.10.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~128.1.10.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.18~128.1.10.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~128.1.10.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.18~128.1.10.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.18~128.1.10.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~128.1.10.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~128.1.10.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~128.1.10.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~2.6.18~128.1.10.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~128.1.10.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~128.1.10.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-kdump\", rpm:\"kernel-kdump~2.6.18~128.1.10.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-kdump-debuginfo\", rpm:\"kernel-kdump-debuginfo~2.6.18~128.1.10.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-kdump-devel\", rpm:\"kernel-kdump-devel~2.6.18~128.1.10.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:35", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2009:0473 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0787", "CVE-2008-4307", "CVE-2009-1337", "CVE-2009-0834", "CVE-2009-1336"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880841", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880841", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2009:0473 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-May/015845.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880841\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_xref(name:\"CESA\", value:\"2009:0473\");\n script_cve_id(\"CVE-2008-4307\", \"CVE-2009-0787\", \"CVE-2009-0834\", \"CVE-2009-1336\", \"CVE-2009-1337\");\n script_name(\"CentOS Update for kernel CESA-2009:0473 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"kernel on CentOS 5\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n\n * a logic error was found in the do_setlk() function of the Linux kernel\n Network File System (NFS) implementation. If a signal interrupted a lock\n request, the local POSIX lock was incorrectly created. This could cause a\n denial of service on the NFS server if a file descriptor was closed before\n its corresponding lock request returned. (CVE-2008-4307, Important)\n\n * a deficiency was found in the Linux kernel system call auditing\n implementation on 64-bit systems. This could allow a local, unprivileged\n user to circumvent a system call audit configuration, if that configuration\n filtered based on the 'syscall' number or arguments.\n (CVE-2009-0834, Important)\n\n * the exit_notify() function in the Linux kernel did not properly reset the\n exit signal if a process executed a set user ID (setuid) application before\n exiting. This could allow a local, unprivileged user to elevate their\n privileges. (CVE-2009-1337, Important)\n\n * a flaw was found in the ecryptfs_write_metadata_to_contents() function of\n the Linux kernel eCryptfs implementation. On systems with a 4096 byte\n page-size, this flaw may have caused 4096 bytes of uninitialized kernel\n memory to be written into the eCryptfs file headers, leading to an\n information leak. Note: Encrypted files created on systems running the\n vulnerable version of eCryptfs may contain leaked data in the eCryptfs file\n headers. This update does not remove any leaked data. Refer to the\n Knowledgebase article in the References section for further information.\n (CVE-2009-0787, Moderate)\n\n * the Linux kernel implementation of the Network File System (NFS) did not\n properly initialize the file name limit in the nfs_server data structure.\n This flaw could possibly lead to a denial of service on a client mounting\n an NFS share. (CVE-2009-1336, Moderate)\n\n This update also fixes the following bugs:\n\n * the enic driver (Cisco 10G Ethernet) did not operate under\n virtualization. (BZ#472474)\n\n * network interfaces using the IBM eHEA Ethernet device driver could not be\n successfully configured under low-memory conditions. (BZ#487035)\n\n * bonding with the 'arp_validate=3' option may have prevented fail overs.\n (BZ#488064)\n\n * when running under virtualization, the acpi-cpufreq module wrote 'Domain\n attempted WRMSR' errors to the dmesg log. (BZ#488928)\n\n * NFS clients may have experienced deadlocks during unmount. (BZ#488929)\n\n * the ixgbe drive ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~128.1.10.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~128.1.10.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~128.1.10.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~128.1.10.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~128.1.10.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~128.1.10.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~128.1.10.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~128.1.10.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~128.1.10.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~128.1.10.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2018-04-06T11:39:55", "description": "The remote host is missing updates to kernel announced in\nadvisory CESA-2009:0473.", "cvss3": {}, "published": "2009-05-11T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:0473 (kernel)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0787", "CVE-2008-4307", "CVE-2009-1337", "CVE-2009-0834", "CVE-2009-1336"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063970", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063970", "sourceData": "#CESA-2009:0473 63970 2\n# $Id: ovcesa2009_0473.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:0473 (kernel)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:0473\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:0473\nhttps://rhn.redhat.com/errata/RHSA-2009-0473.html\";\ntag_summary = \"The remote host is missing updates to kernel announced in\nadvisory CESA-2009:0473.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63970\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-11 20:24:31 +0200 (Mon, 11 May 2009)\");\n script_cve_id(\"CVE-2008-4307\", \"CVE-2009-0787\", \"CVE-2009-0834\", \"CVE-2009-1336\", \"CVE-2009-1337\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_name(\"CentOS Security Advisory CESA-2009:0473 (kernel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~128.1.10.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~128.1.10.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~128.1.10.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~128.1.10.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~128.1.10.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~128.1.10.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~128.1.10.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~128.1.10.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~128.1.10.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~128.1.10.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-27T10:56:22", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0451.\n\nThe kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated packages fix the following security issues:\n\n* a logic error was found in the do_setlk() function of the Linux kernel\nNetwork File System (NFS) implementation. If a signal interrupted a lock\nrequest, the local POSIX lock was incorrectly created. This could cause a\ndenial of service on the NFS server if a file descriptor was closed before\nits corresponding lock request returned. (CVE-2008-4307, Important)\n\n* a deficiency was found in the Linux kernel system call auditing\nimplementation on 64-bit systems. This could allow a local, unprivileged\nuser to circumvent a system call audit configuration, if that configuration\nfiltered based on the syscall number or arguments.\n(CVE-2009-0834, Important)\n\n* Chris Evans reported a deficiency in the Linux kernel secure-computing\nimplementation on 64-bit systems. This could allow a local, unprivileged\nuser to bypass intended access restrictions, if those access restriction\nfilters were based on the syscall number or arguments.\n(CVE-2009-0835, Important)\n\n* the exit_notify() function in the Linux kernel did not properly reset the\nexit signal if a process executed a set user ID (setuid) application before\nexiting. This could allow a local, unprivileged user to elevate their\nprivileges. (CVE-2009-1337, Important)\n\n* Chris Evans reported a deficiency in the Linux kernel signals\nimplementation. The clone() system call permits the caller to indicate the\nsignal it wants to receive when its child exits. When clone() is called\nwith the CLONE_PARENT flag, it permits the caller to clone a new child that\nshares the same parent as itself, enabling the indicated signal to be sent\nto the caller's parent (instead of the caller), even if the caller's parent\nhas different real and effective user IDs. This could lead to a denial of\nservice of the parent. (CVE-2009-0028, Moderate)\n\n* an off-by-two error was found in the set_selection() function of the\nLinux kernel. This could allow a local, unprivileged user to cause a denial\nof service when making a selection of characters in a UTF-8 console. Note:\nphysical console access is required to exploit this issue.\n(CVE-2009-1046, Low)\n\nThese updated packages also fix the following bug:\n\n* the __scsi_device_lookup_by_target() function was always returning the\nfirst matching device, regardless of the state of the device. This meant\nthat any valid device listed after a deleted device would not be found. The\n__scsi_device_lookup_by_target() function was modified so that deleted\ndevices are skipped, and valid devices are now found. (BZ#495976)\n\nAll Red Hat Enterprise MRG users should install this update, which resolves\nthese issues. For this update to take effect, the system must be rebooted.", "cvss3": {}, "published": "2009-05-05T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0451", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1046", "CVE-2008-4307", "CVE-2009-0028", "CVE-2009-0835", "CVE-2009-1337", "CVE-2009-0834"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:63908", "href": "http://plugins.openvas.org/nasl.php?oid=63908", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0451.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0451 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0451.\n\nThe kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated packages fix the following security issues:\n\n* a logic error was found in the do_setlk() function of the Linux kernel\nNetwork File System (NFS) implementation. If a signal interrupted a lock\nrequest, the local POSIX lock was incorrectly created. This could cause a\ndenial of service on the NFS server if a file descriptor was closed before\nits corresponding lock request returned. (CVE-2008-4307, Important)\n\n* a deficiency was found in the Linux kernel system call auditing\nimplementation on 64-bit systems. This could allow a local, unprivileged\nuser to circumvent a system call audit configuration, if that configuration\nfiltered based on the syscall number or arguments.\n(CVE-2009-0834, Important)\n\n* Chris Evans reported a deficiency in the Linux kernel secure-computing\nimplementation on 64-bit systems. This could allow a local, unprivileged\nuser to bypass intended access restrictions, if those access restriction\nfilters were based on the syscall number or arguments.\n(CVE-2009-0835, Important)\n\n* the exit_notify() function in the Linux kernel did not properly reset the\nexit signal if a process executed a set user ID (setuid) application before\nexiting. This could allow a local, unprivileged user to elevate their\nprivileges. (CVE-2009-1337, Important)\n\n* Chris Evans reported a deficiency in the Linux kernel signals\nimplementation. The clone() system call permits the caller to indicate the\nsignal it wants to receive when its child exits. When clone() is called\nwith the CLONE_PARENT flag, it permits the caller to clone a new child that\nshares the same parent as itself, enabling the indicated signal to be sent\nto the caller's parent (instead of the caller), even if the caller's parent\nhas different real and effective user IDs. This could lead to a denial of\nservice of the parent. (CVE-2009-0028, Moderate)\n\n* an off-by-two error was found in the set_selection() function of the\nLinux kernel. This could allow a local, unprivileged user to cause a denial\nof service when making a selection of characters in a UTF-8 console. Note:\nphysical console access is required to exploit this issue.\n(CVE-2009-1046, Low)\n\nThese updated packages also fix the following bug:\n\n* the __scsi_device_lookup_by_target() function was always returning the\nfirst matching device, regardless of the state of the device. This meant\nthat any valid device listed after a deleted device would not be found. The\n__scsi_device_lookup_by_target() function was modified so that deleted\ndevices are skipped, and valid devices are now found. (BZ#495976)\n\nAll Red Hat Enterprise MRG users should install this update, which resolves\nthese issues. For this update to take effect, the system must be rebooted.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(63908);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 16:00:35 +0200 (Tue, 05 May 2009)\");\n script_cve_id(\"CVE-2008-4307\", \"CVE-2009-0028\", \"CVE-2009-0834\", \"CVE-2009-0835\", \"CVE-2009-1046\", \"CVE-2009-1337\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0451\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0451.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel-rt\", rpm:\"kernel-rt~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-debug\", rpm:\"kernel-rt-debug~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-debug-debuginfo\", rpm:\"kernel-rt-debug-debuginfo~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-debug-devel\", rpm:\"kernel-rt-debug-devel~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-debuginfo\", rpm:\"kernel-rt-debuginfo~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-debuginfo-common\", rpm:\"kernel-rt-debuginfo-common~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-devel\", rpm:\"kernel-rt-devel~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-trace\", rpm:\"kernel-rt-trace~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-trace-debuginfo\", rpm:\"kernel-rt-trace-debuginfo~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-trace-devel\", rpm:\"kernel-rt-trace-devel~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-vanilla\", rpm:\"kernel-rt-vanilla~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-vanilla-debuginfo\", rpm:\"kernel-rt-vanilla-debuginfo~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-vanilla-devel\", rpm:\"kernel-rt-vanilla-devel~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-doc\", rpm:\"kernel-rt-doc~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:19", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0451.\n\nThe kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated packages fix the following security issues:\n\n* a logic error was found in the do_setlk() function of the Linux kernel\nNetwork File System (NFS) implementation. If a signal interrupted a lock\nrequest, the local POSIX lock was incorrectly created. This could cause a\ndenial of service on the NFS server if a file descriptor was closed before\nits corresponding lock request returned. (CVE-2008-4307, Important)\n\n* a deficiency was found in the Linux kernel system call auditing\nimplementation on 64-bit systems. This could allow a local, unprivileged\nuser to circumvent a system call audit configuration, if that configuration\nfiltered based on the syscall number or arguments.\n(CVE-2009-0834, Important)\n\n* Chris Evans reported a deficiency in the Linux kernel secure-computing\nimplementation on 64-bit systems. This could allow a local, unprivileged\nuser to bypass intended access restrictions, if those access restriction\nfilters were based on the syscall number or arguments.\n(CVE-2009-0835, Important)\n\n* the exit_notify() function in the Linux kernel did not properly reset the\nexit signal if a process executed a set user ID (setuid) application before\nexiting. This could allow a local, unprivileged user to elevate their\nprivileges. (CVE-2009-1337, Important)\n\n* Chris Evans reported a deficiency in the Linux kernel signals\nimplementation. The clone() system call permits the caller to indicate the\nsignal it wants to receive when its child exits. When clone() is called\nwith the CLONE_PARENT flag, it permits the caller to clone a new child that\nshares the same parent as itself, enabling the indicated signal to be sent\nto the caller's parent (instead of the caller), even if the caller's parent\nhas different real and effective user IDs. This could lead to a denial of\nservice of the parent. (CVE-2009-0028, Moderate)\n\n* an off-by-two error was found in the set_selection() function of the\nLinux kernel. This could allow a local, unprivileged user to cause a denial\nof service when making a selection of characters in a UTF-8 console. Note:\nphysical console access is required to exploit this issue.\n(CVE-2009-1046, Low)\n\nThese updated packages also fix the following bug:\n\n* the __scsi_device_lookup_by_target() function was always returning the\nfirst matching device, regardless of the state of the device. This meant\nthat any valid device listed after a deleted device would not be found. The\n__scsi_device_lookup_by_target() function was modified so that deleted\ndevices are skipped, and valid devices are now found. (BZ#495976)\n\nAll Red Hat Enterprise MRG users should install this update, which resolves\nthese issues. For this update to take effect, the system must be rebooted.", "cvss3": {}, "published": "2009-05-05T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0451", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1046", "CVE-2008-4307", "CVE-2009-0028", "CVE-2009-0835", "CVE-2009-1337", "CVE-2009-0834"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063908", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063908", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0451.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0451 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0451.\n\nThe kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated packages fix the following security issues:\n\n* a logic error was found in the do_setlk() function of the Linux kernel\nNetwork File System (NFS) implementation. If a signal interrupted a lock\nrequest, the local POSIX lock was incorrectly created. This could cause a\ndenial of service on the NFS server if a file descriptor was closed before\nits corresponding lock request returned. (CVE-2008-4307, Important)\n\n* a deficiency was found in the Linux kernel system call auditing\nimplementation on 64-bit systems. This could allow a local, unprivileged\nuser to circumvent a system call audit configuration, if that configuration\nfiltered based on the syscall number or arguments.\n(CVE-2009-0834, Important)\n\n* Chris Evans reported a deficiency in the Linux kernel secure-computing\nimplementation on 64-bit systems. This could allow a local, unprivileged\nuser to bypass intended access restrictions, if those access restriction\nfilters were based on the syscall number or arguments.\n(CVE-2009-0835, Important)\n\n* the exit_notify() function in the Linux kernel did not properly reset the\nexit signal if a process executed a set user ID (setuid) application before\nexiting. This could allow a local, unprivileged user to elevate their\nprivileges. (CVE-2009-1337, Important)\n\n* Chris Evans reported a deficiency in the Linux kernel signals\nimplementation. The clone() system call permits the caller to indicate the\nsignal it wants to receive when its child exits. When clone() is called\nwith the CLONE_PARENT flag, it permits the caller to clone a new child that\nshares the same parent as itself, enabling the indicated signal to be sent\nto the caller's parent (instead of the caller), even if the caller's parent\nhas different real and effective user IDs. This could lead to a denial of\nservice of the parent. (CVE-2009-0028, Moderate)\n\n* an off-by-two error was found in the set_selection() function of the\nLinux kernel. This could allow a local, unprivileged user to cause a denial\nof service when making a selection of characters in a UTF-8 console. Note:\nphysical console access is required to exploit this issue.\n(CVE-2009-1046, Low)\n\nThese updated packages also fix the following bug:\n\n* the __scsi_device_lookup_by_target() function was always returning the\nfirst matching device, regardless of the state of the device. This meant\nthat any valid device listed after a deleted device would not be found. The\n__scsi_device_lookup_by_target() function was modified so that deleted\ndevices are skipped, and valid devices are now found. (BZ#495976)\n\nAll Red Hat Enterprise MRG users should install this update, which resolves\nthese issues. For this update to take effect, the system must be rebooted.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63908\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 16:00:35 +0200 (Tue, 05 May 2009)\");\n script_cve_id(\"CVE-2008-4307\", \"CVE-2009-0028\", \"CVE-2009-0834\", \"CVE-2009-0835\", \"CVE-2009-1046\", \"CVE-2009-1337\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0451\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0451.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel-rt\", rpm:\"kernel-rt~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-debug\", rpm:\"kernel-rt-debug~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-debug-debuginfo\", rpm:\"kernel-rt-debug-debuginfo~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-debug-devel\", rpm:\"kernel-rt-debug-devel~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-debuginfo\", rpm:\"kernel-rt-debuginfo~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-debuginfo-common\", rpm:\"kernel-rt-debuginfo-common~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-devel\", rpm:\"kernel-rt-devel~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-trace\", rpm:\"kernel-rt-trace~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-trace-debuginfo\", rpm:\"kernel-rt-trace-debuginfo~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-trace-devel\", rpm:\"kernel-rt-trace-devel~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-vanilla\", rpm:\"kernel-rt-vanilla~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-vanilla-debuginfo\", rpm:\"kernel-rt-vanilla-debuginfo~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-vanilla-devel\", rpm:\"kernel-rt-vanilla-devel~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-doc\", rpm:\"kernel-rt-doc~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:28:57", "description": "The remote host is missing an update to linux-source-2.6.15\nannounced via advisory USN-752-1.\n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. If\nyou use linux-restricted-modules, you have to update that package as\nwell to get modules which work with the new kernel version. Unless you\nmanually uninstalled the standard kernel metapackages (e.g. linux-generic,\nlinux-server, linux-powerpc), a standard system upgrade will automatically\nperform this as well.\n\nFor details on the issues addressed in this update, please visit\nthe referenced security advisories.", "cvss3": {}, "published": "2009-04-15T00:00:00", "type": "openvas", "title": "Ubuntu USN-752-1 (linux-source-2.6.15)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0859", "CVE-2009-0675", "CVE-2008-6107", "CVE-2008-4307", "CVE-2009-0028", "CVE-2009-0835", "CVE-2009-0322", "CVE-2009-0676", "CVE-2009-0065", "CVE-2009-0834", "CVE-2009-0029"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:63812", "href": "http://plugins.openvas.org/nasl.php?oid=63812", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_752_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_752_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-752-1 (linux-source-2.6.15)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 6.06 LTS:\n linux-image-2.6.15-54-386 2.6.15-54.76\n linux-image-2.6.15-54-686 2.6.15-54.76\n linux-image-2.6.15-54-amd64-generic 2.6.15-54.76\n linux-image-2.6.15-54-amd64-k8 2.6.15-54.76\n linux-image-2.6.15-54-amd64-server 2.6.15-54.76\n linux-image-2.6.15-54-amd64-xeon 2.6.15-54.76\n linux-image-2.6.15-54-hppa32 2.6.15-54.76\n linux-image-2.6.15-54-hppa32-smp 2.6.15-54.76\n linux-image-2.6.15-54-hppa64 2.6.15-54.76\n linux-image-2.6.15-54-hppa64-smp 2.6.15-54.76\n linux-image-2.6.15-54-itanium 2.6.15-54.76\n linux-image-2.6.15-54-itanium-smp 2.6.15-54.76\n linux-image-2.6.15-54-k7 2.6.15-54.76\n linux-image-2.6.15-54-mckinley 2.6.15-54.76\n linux-image-2.6.15-54-mckinley-smp 2.6.15-54.76\n linux-image-2.6.15-54-powerpc 2.6.15-54.76\n linux-image-2.6.15-54-powerpc-smp 2.6.15-54.76\n linux-image-2.6.15-54-powerpc64-smp 2.6.15-54.76\n linux-image-2.6.15-54-server 2.6.15-54.76\n linux-image-2.6.15-54-server-bigiron 2.6.15-54.76\n linux-image-2.6.15-54-sparc64 2.6.15-54.76\n linux-image-2.6.15-54-sparc64-smp 2.6.15-54.76\n\nAfter a standard system upgrade you need to reboot your computer to\neffect the necessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-752-1\";\n\ntag_summary = \"The remote host is missing an update to linux-source-2.6.15\nannounced via advisory USN-752-1.\n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. If\nyou use linux-restricted-modules, you have to update that package as\nwell to get modules which work with the new kernel version. Unless you\nmanually uninstalled the standard kernel metapackages (e.g. linux-generic,\nlinux-server, linux-powerpc), a standard system upgrade will automatically\nperform this as well.\n\nFor details on the issues addressed in this update, please visit\nthe referenced security advisories.\";\n\n \n\n\nif(description)\n{\n script_id(63812);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-15 22:11:00 +0200 (Wed, 15 Apr 2009)\");\n script_cve_id(\"CVE-2008-4307\", \"CVE-2008-6107\", \"CVE-2009-0028\", \"CVE-2009-0029\", \"CVE-2009-0065\", \"CVE-2009-0322\", \"CVE-2009-0675\", \"CVE-2009-0676\", \"CVE-2009-0834\", \"CVE-2009-0835\", \"CVE-2009-0859\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-752-1 (linux-source-2.6.15)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-752-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"linux-doc\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-source\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-doc-2.6.15\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-kernel-devel\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-source-2.6.15\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-restricted-modules-common\", ver:\"2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-2.6.15-54-amd64-generic\", ver:\"2.6.15-54.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-2.6.15-54-amd64-k8\", ver:\"2.6.15-54.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-2.6.15-54-amd64-server\", ver:\"2.6.15-54.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-2.6.15-54-amd64-xeon\", ver:\"2.6.15-54.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-amd64-generic\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-amd64-k8\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-amd64-server\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-amd64-xeon\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-amd64-generic\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-amd64-k8\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-amd64-server\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-amd64-xeon\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-amd64-generic\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-amd64-k8\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-amd64-server\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-amd64-xeon\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.15-54-amd64-generic\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.15-54-amd64-k8\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.15-54-amd64-server\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.15-54-amd64-xeon\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.15-54\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-54-amd64-generic\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-54-amd64-k8\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-54-amd64-server\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-54-amd64-xeon\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"avm-fritz-kernel-source\", ver:\"3.11+2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"fglrx-kernel-source\", ver:\"8.25.18+2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nvidia-kernel-source\", ver:\"1.0.8776+2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nvidia-legacy-kernel-source\", ver:\"1.0.7174+2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"avm-fritz-firmware\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-amd64-generic\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-amd64-k8-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-amd64-k8\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-amd64-server\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-amd64-xeon\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-restricted-modules-amd64-generic\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-restricted-modules-amd64-k8\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-restricted-modules-amd64-xeon\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"avm-fritz-firmware-2.6.15-54\", ver:\"3.11+2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"fglrx-control\", ver:\"8.25.18+2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-restricted-modules-2.6.15-54-amd64-generic\", ver:\"2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-restricted-modules-2.6.15-54-amd64-k8\", ver:\"2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-restricted-modules-2.6.15-54-amd64-xeon\", ver:\"2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nvidia-glx-dev\", ver:\"1.0.8776+2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nvidia-glx-legacy-dev\", ver:\"1.0.7174+2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nvidia-glx-legacy\", ver:\"1.0.7174+2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nvidia-glx\", ver:\"1.0.8776+2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xorg-driver-fglrx-dev\", ver:\"7.0.0-8.25.18+2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xorg-driver-fglrx\", ver:\"7.0.0-8.25.18+2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-2.6.15-54-386\", ver:\"2.6.15-54.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-2.6.15-54-686\", ver:\"2.6.15-54.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-2.6.15-54-k7\", ver:\"2.6.15-54.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-2.6.15-54-server-bigiron\", ver:\"2.6.15-54.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-2.6.15-54-server\", ver:\"2.6.15-54.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-386\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-686\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-k7\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-server-bigiron\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-server\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-386\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-686\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-k7\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-server-bigiron\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-server\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-386\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-686\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-k7\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-server-bigiron\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-server\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.15-54-386\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.15-54-686\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.15-54-k7\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.15-54-server-bigiron\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.15-54-server\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-54-386\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-54-686\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-54-k7\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-54-server-bigiron\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-54-server\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-386\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-686-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-686\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-k7-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-k7\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-restricted-modules-386\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-restricted-modules-686\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-restricted-modules-k7\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-server-bigiron\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-server\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-restricted-modules-2.6.15-54-386\", ver:\"2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-restricted-modules-2.6.15-54-686\", ver:\"2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-restricted-modules-2.6.15-54-k7\", ver:\"2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-2.6.15-54-powerpc-smp\", ver:\"2.6.15-54.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-2.6.15-54-powerpc64-smp\", ver:\"2.6.15-54.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-2.6.15-54-powerpc\", ver:\"2.6.15-54.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-powerpc-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-powerpc64-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-powerpc\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-power3-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-power3\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-power4-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-power4\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-powerpc-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-powerpc64-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-powerpc\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-power3-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-power3\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-power4-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-power4\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-powerpc\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.15-54-powerpc-smp\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.15-54-powerpc64-smp\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.15-54-powerpc\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-54-powerpc-smp\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-54-powerpc64-smp\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-54-powerpc\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-power3-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-power3\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-power4-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-power4\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-powerpc-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-powerpc64-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-powerpc\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-restricted-modules-powerpc-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-restricted-modules-powerpc\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-restricted-modules-2.6.15-54-powerpc-smp\", ver:\"2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-restricted-modules-2.6.15-54-powerpc\", ver:\"2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-2.6.15-54-sparc64-smp\", ver:\"2.6.15-54.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-2.6.15-54-sparc64\", ver:\"2.6.15-54.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-sparc64-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-sparc64\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-sparc64-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-sparc64\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-sparc64-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-sparc64\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-sparc64-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-sparc64\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.15-54-sparc64-smp\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.15-54-sparc64\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-54-sparc64-smp\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-54-sparc64\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-restricted-modules-sparc64-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-restricted-modules-sparc64\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-restricted-modules-2.6.15-54-sparc64-smp\", ver:\"2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-restricted-modules-2.6.15-54-sparc64\", ver:\"2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:29:45", "description": "The remote host is missing an update to postgresql-8.3\nannounced via advisory USN-753-1.", "cvss3": {}, "published": "2009-04-15T00:00:00", "type": "openvas", "title": "Ubuntu USN-753-1 (postgresql-8.3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0859", "CVE-2009-0675", "CVE-2008-6107", "CVE-2008-4307", "CVE-2009-0922", "CVE-2009-0028", "CVE-2009-0835", "CVE-2009-0322", "CVE-2009-0676", "CVE-2009-0065", "CVE-2009-0834", "CVE-2009-0029"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:63811", "href": "http://plugins.openvas.org/nasl.php?oid=63811", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_753_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_753_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-753-1 (postgresql-8.3)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 6.06 LTS:\n postgresql-8.1 8.1.17-0ubuntu0.6.06.1\n\nUbuntu 8.04 LTS:\n postgresql-8.3 8.3.7-0ubuntu8.04.1\n\nUbuntu 8.10:\n postgresql-8.3 8.3.7-0ubuntu8.10.1\n\nThis update uses a new upstream release, which includes additional\nbug fixes. In general, a standard system upgrade is sufficient to\neffect the necessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-753-1\";\n\ntag_insight = \"It was discovered that PostgreSQL did not properly handle encoding\nconversion failures. An attacker could exploit this by sending specially\ncrafted requests to PostgreSQL, leading to a denial of service.\";\ntag_summary = \"The remote host is missing an update to postgresql-8.3\nannounced via advisory USN-753-1.\";\n\n \n\n\nif(description)\n{\n script_id(63811);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-15 22:11:00 +0200 (Wed, 15 Apr 2009)\");\n script_cve_id(\"CVE-2009-0922\", \"CVE-2008-4307\", \"CVE-2008-6107\", \"CVE-2009-0028\", \"CVE-2009-0029\", \"CVE-2009-0065\", \"CVE-2009-0322\", \"CVE-2009-0675\", \"CVE-2009-0676\", \"CVE-2009-0834\", \"CVE-2009-0835\", \"CVE-2009-0859\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-753-1 (postgresql-8.3)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-753-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"postgresql-doc-8.1\", ver:\"8.1.17-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libecpg-compat2\", ver:\"8.1.17-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"8.1.17-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libecpg5\", ver:\"8.1.17-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpgtypes2\", ver:\"8.1.17-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"8.1.17-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpq4\", ver:\"8.1.17-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-8.1\", ver:\"8.1.17-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-client-8.1\", ver:\"8.1.17-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-contrib-8.1\", ver:\"8.1.17-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-plperl-8.1\", ver:\"8.1.17-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-plpython-8.1\", ver:\"8.1.17-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-pltcl-8.1\", ver:\"8.1.17-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-server-dev-8.1\", ver:\"8.1.17-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.3.7-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.3.7-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-doc-8.3\", ver:\"8.3.7-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.3.7-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.3.7-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libecpg-compat3\", ver:\"8.3.7-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"8.3.7-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libecpg6\", ver:\"8.3.7-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpgtypes3\", ver:\"8.3.7-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"8.3.7-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpq5\", ver:\"8.3.7-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-8.3\", ver:\"8.3.7-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-client-8.3\", ver:\"8.3.7-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-contrib-8.3\", ver:\"8.3.7-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-plperl-8.3\", ver:\"8.3.7-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-plpython-8.3\", ver:\"8.3.7-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-pltcl-8.3\", ver:\"8.3.7-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-server-dev-8.3\", ver:\"8.3.7-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.3.7-0ubuntu8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.3.7-0ubuntu8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-doc-8.3\", ver:\"8.3.7-0ubuntu8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.3.7-0ubuntu8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.3.7-0ubuntu8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libecpg-compat3\", ver:\"8.3.7-0ubuntu8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"8.3.7-0ubuntu8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libecpg6\", ver:\"8.3.7-0ubuntu8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpgtypes3\", ver:\"8.3.7-0ubuntu8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"8.3.7-0ubuntu8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpq5\", ver:\"8.3.7-0ubuntu8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-8.3\", ver:\"8.3.7-0ubuntu8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-client-8.3\", ver:\"8.3.7-0ubuntu8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-contrib-8.3\", ver:\"8.3.7-0ubuntu8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-plperl-8.3\", ver:\"8.3.7-0ubuntu8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-plpython-8.3\", ver:\"8.3.7-0ubuntu8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-pltcl-8.3\", ver:\"8.3.7-0ubuntu8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-server-dev-8.3\", ver:\"8.3.7-0ubuntu8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-doc\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-source\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-doc-2.6.15\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-kernel-devel\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-source-2.6.15\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-restricted-modules-common\", ver:\"2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-2.6.15-54-amd64-generic\", ver:\"2.6.15-54.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-2.6.15-54-amd64-k8\", ver:\"2.6.15-54.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-2.6.15-54-amd64-server\", ver:\"2.6.15-54.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-2.6.15-54-amd64-xeon\", ver:\"2.6.15-54.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-amd64-generic\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-amd64-k8\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-amd64-server\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-amd64-xeon\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-amd64-generic\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-amd64-k8\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-amd64-server\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-amd64-xeon\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-amd64-generic\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-amd64-k8\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-amd64-server\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-amd64-xeon\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.15-54-amd64-generic\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.15-54-amd64-k8\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.15-54-amd64-server\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.15-54-amd64-xeon\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.15-54\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-54-amd64-generic\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-54-amd64-k8\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-54-amd64-server\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-54-amd64-xeon\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"avm-fritz-kernel-source\", ver:\"3.11+2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"fglrx-kernel-source\", ver:\"8.25.18+2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nvidia-kernel-source\", ver:\"1.0.8776+2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nvidia-legacy-kernel-source\", ver:\"1.0.7174+2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"avm-fritz-firmware\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-amd64-generic\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-amd64-k8-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-amd64-k8\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-amd64-server\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-amd64-xeon\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-restricted-modules-amd64-generic\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-restricted-modules-amd64-k8\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-restricted-modules-amd64-xeon\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"avm-fritz-firmware-2.6.15-54\", ver:\"3.11+2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"fglrx-control\", ver:\"8.25.18+2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-restricted-modules-2.6.15-54-amd64-generic\", ver:\"2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-restricted-modules-2.6.15-54-amd64-k8\", ver:\"2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-restricted-modules-2.6.15-54-amd64-xeon\", ver:\"2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nvidia-glx-dev\", ver:\"1.0.8776+2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nvidia-glx-legacy-dev\", ver:\"1.0.7174+2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nvidia-glx-legacy\", ver:\"1.0.7174+2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nvidia-glx\", ver:\"1.0.8776+2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xorg-driver-fglrx-dev\", ver:\"7.0.0-8.25.18+2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xorg-driver-fglrx\", ver:\"7.0.0-8.25.18+2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-2.6.15-54-386\", ver:\"2.6.15-54.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-2.6.15-54-686\", ver:\"2.6.15-54.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-2.6.15-54-k7\", ver:\"2.6.15-54.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-2.6.15-54-server-bigiron\", ver:\"2.6.15-54.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-2.6.15-54-server\", ver:\"2.6.15-54.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-386\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-686\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-k7\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-server-bigiron\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-server\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-386\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-686\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-k7\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-server-bigiron\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-server\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-386\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-686\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-k7\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-server-bigiron\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-server\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.15-54-386\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.15-54-686\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.15-54-k7\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.15-54-server-bigiron\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.15-54-server\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-54-386\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-54-686\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-54-k7\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-54-server-bigiron\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-54-server\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-386\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-686-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-686\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-k7-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-k7\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-restricted-modules-386\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-restricted-modules-686\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-restricted-modules-k7\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-server-bigiron\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-server\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-restricted-modules-2.6.15-54-386\", ver:\"2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-restricted-modules-2.6.15-54-686\", ver:\"2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-restricted-modules-2.6.15-54-k7\", ver:\"2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-2.6.15-54-powerpc-smp\", ver:\"2.6.15-54.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-2.6.15-54-powerpc64-smp\", ver:\"2.6.15-54.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-2.6.15-54-powerpc\", ver:\"2.6.15-54.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-powerpc-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-powerpc64-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-powerpc\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-power3-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-power3\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-power4-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-power4\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-powerpc-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-powerpc64-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-powerpc\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-power3-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-power3\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-power4-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-power4\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-powerpc\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.15-54-powerpc-smp\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.15-54-powerpc64-smp\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.15-54-powerpc\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-54-powerpc-smp\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-54-powerpc64-smp\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-54-powerpc\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-power3-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-power3\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-power4-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-power4\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-powerpc-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-powerpc64-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-powerpc\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-restricted-modules-powerpc-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-restricted-modules-powerpc\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-restricted-modules-2.6.15-54-powerpc-smp\", ver:\"2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-restricted-modules-2.6.15-54-powerpc\", ver:\"2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-2.6.15-54-sparc64-smp\", ver:\"2.6.15-54.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-2.6.15-54-sparc64\", ver:\"2.6.15-54.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-sparc64-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-backports-modules-sparc64\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-sparc64-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-sparc64\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-sparc64-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-sparc64\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-sparc64-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-sparc64\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.15-54-sparc64-smp\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.15-54-sparc64\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-54-sparc64-smp\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-54-sparc64\", ver:\"2.6.15-54.76\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-restricted-modules-sparc64-smp\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-restricted-modules-sparc64\", ver:\"2.6.15.55\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-restricted-modules-2.6.15-54-sparc64-smp\", ver:\"2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-restricted-modules-2.6.15-54-sparc64\", ver:\"2.6.15.12-54.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:57:04", "description": "The remote host is missing an update to linux-2.6\nannounced via advisory DSA 1794-1.", "cvss3": {}, "published": "2009-05-11T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1794-1 (linux-2.6)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5702", "CVE-2008-5395", "CVE-2009-0859", "CVE-2008-5713", "CVE-2009-0675", "CVE-2008-4307", "CVE-2009-0028", "CVE-2009-0322", "CVE-2009-0676", "CVE-2009-1192", "CVE-2009-0065", "CVE-2009-1337", "CVE-2009-0834", "CVE-2009-1265", "CVE-2009-0031", "CVE-2009-1439", "CVE-2009-1336", "CVE-2009-0029", "CVE-2008-5701"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:63959", "href": "http://plugins.openvas.org/nasl.php?oid=63959", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1794_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1794-1 (linux-2.6)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to denial of service, privilege escalation, or information\nleak. For details, please visit the referenced security advisories.\n\nFor the oldstable distribution (etch), these problems have been fixed in\nversion 2.6.18.dfsg.1-24etch2.\";\ntag_summary = \"The remote host is missing an update to linux-2.6\nannounced via advisory DSA 1794-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201794-1\";\n\n\nif(description)\n{\n script_id(63959);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-11 20:24:31 +0200 (Mon, 11 May 2009)\");\n script_cve_id(\"CVE-2008-4307\", \"CVE-2008-5395\", \"CVE-2008-5701\", \"CVE-2008-5702\", \"CVE-2008-5713\", \"CVE-2009-0028\", \"CVE-2009-0029\", \"CVE-2009-0031\", \"CVE-2009-0065\", \"CVE-2009-0322\", \"CVE-2009-0675\", \"CVE-2009-0676\", \"CVE-2009-0834\", \"CVE-2009-0859\", \"CVE-2009-1192\", \"CVE-2009-1265\", \"CVE-2009-1336\", \"CVE-2009-1337\", \"CVE-2009-1439\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1794-1 (linux-2.6)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"linux-doc-2.6.18\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-tree-2.6.18\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-manual-2.6.18\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-patch-debian-2.6.18\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-source-2.6.18\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-support-2.6.18-6\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-alpha-legacy\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-alpha-generic\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-all\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-alpha-smp\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-alpha-smp\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-alpha-legacy\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-alpha-generic\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-vserver-alpha\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-vserver-alpha\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-vserver\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-all-alpha\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-amd64\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-xen-vserver\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-xen-amd64\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-xen\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-2.6.18-6-xen-vserver-amd64\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-all-amd64\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-xen-vserver-amd64\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-xen-amd64\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-modules-2.6.18-6-xen-vserver-amd64\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-xen-vserver-amd64\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-vserver-amd64\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-2.6.18-6-xen-amd64\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-vserver-amd64\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-amd64\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-modules-2.6.18-6-xen-amd64\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"fai-kernels\", ver:\"1.17+etch.24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-rpc\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-s3c2410\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-all-arm\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-ixp4xx\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-footbridge\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-iop32x\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-s3c2410\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-ixp4xx\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-footbridge\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-iop32x\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-rpc\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-parisc\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-parisc64-smp\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-parisc-smp\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-parisc\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-parisc64-smp\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-parisc-smp\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-all-hppa\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-parisc64\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-parisc64\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-all-i386\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-vserver-686\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-xen-vserver-686\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-modules-2.6.18-6-xen-vserver-686\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-686-bigmem\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-486\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-686\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-vserver-k7\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-686\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-xen-686\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-2.6.18-6-xen-vserver-686\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-k7\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-686-bigmem\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-vserver-k7\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-k7\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-486\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-vserver-686\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-xen-686\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"user-mode-linux\", ver:\"2.6.18-1um-2etch.24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-modules-2.6.18-6-xen-686\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-2.6.18-6-xen-686\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-xen-vserver-686\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-itanium\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-mckinley\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-all-ia64\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-mckinley\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-itanium\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-r5k-ip32\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-r5k-ip32\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-r4k-ip22\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-sb1-bcm91250a\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-sb1a-bcm91480b\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-r4k-ip22\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-qemu\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-sb1a-bcm91480b\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-qemu\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-all-mips\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-sb1-bcm91250a\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-all-mipsel\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-r5k-cobalt\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-r3k-kn02\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-r3k-kn02\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-r5k-cobalt\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-r4k-kn04\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-r4k-kn04\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-powerpc\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-prep\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-prep\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-powerpc64\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-powerpc-miboot\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-powerpc-smp\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-vserver-powerpc64\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-vserver-powerpc64\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-powerpc64\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-powerpc\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-vserver-powerpc\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-vserver-powerpc\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-all-powerpc\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-powerpc-miboot\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-powerpc-smp\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-s390-tape\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-vserver-s390x\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-s390\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-vserver-s390x\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-s390x\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-all-s390\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-s390\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-s390x\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-all-sparc\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-vserver-sparc64\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-sparc64-smp\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-sparc64\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-sparc32\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-sparc32\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-vserver-sparc64\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-sparc64\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-sparc64-smp\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:08", "description": "The remote host is missing an update to linux-2.6\nannounced via advisory DSA 1794-1.", "cvss3": {}, "published": "2009-05-11T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1794-1 (linux-2.6)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5702", "CVE-2008-5395", "CVE-2009-0859", "CVE-2008-5713", "CVE-2009-0675", "CVE-2008-4307", "CVE-2009-0028", "CVE-2009-0322", "CVE-2009-0676", "CVE-2009-1192", "CVE-2009-0065", "CVE-2009-1337", "CVE-2009-0834", "CVE-2009-1265", "CVE-2009-0031", "CVE-2009-1439", "CVE-2009-1336", "CVE-2009-0029", "CVE-2008-5701"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063959", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063959", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1794_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1794-1 (linux-2.6)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to denial of service, privilege escalation, or information\nleak. For details, please visit the referenced security advisories.\n\nFor the oldstable distribution (etch), these problems have been fixed in\nversion 2.6.18.dfsg.1-24etch2.\";\ntag_summary = \"The remote host is missing an update to linux-2.6\nannounced via advisory DSA 1794-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201794-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63959\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-11 20:24:31 +0200 (Mon, 11 May 2009)\");\n script_cve_id(\"CVE-2008-4307\", \"CVE-2008-5395\", \"CVE-2008-5701\", \"CVE-2008-5702\", \"CVE-2008-5713\", \"CVE-2009-0028\", \"CVE-2009-0029\", \"CVE-2009-0031\", \"CVE-2009-0065\", \"CVE-2009-0322\", \"CVE-2009-0675\", \"CVE-2009-0676\", \"CVE-2009-0834\", \"CVE-2009-0859\", \"CVE-2009-1192\", \"CVE-2009-1265\", \"CVE-2009-1336\", \"CVE-2009-1337\", \"CVE-2009-1439\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1794-1 (linux-2.6)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"linux-doc-2.6.18\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-tree-2.6.18\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-manual-2.6.18\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-patch-debian-2.6.18\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-source-2.6.18\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-support-2.6.18-6\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-alpha-legacy\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-alpha-generic\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-all\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-alpha-smp\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-alpha-smp\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-alpha-legacy\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-alpha-generic\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-vserver-alpha\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-vserver-alpha\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-vserver\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-all-alpha\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-amd64\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-xen-vserver\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-xen-amd64\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-xen\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-2.6.18-6-xen-vserver-amd64\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-all-amd64\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-xen-vserver-amd64\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-xen-amd64\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-modules-2.6.18-6-xen-vserver-amd64\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-xen-vserver-amd64\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-vserver-amd64\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-2.6.18-6-xen-amd64\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-vserver-amd64\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-amd64\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-modules-2.6.18-6-xen-amd64\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"fai-kernels\", ver:\"1.17+etch.24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-rpc\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-s3c2410\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-all-arm\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-ixp4xx\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-footbridge\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-iop32x\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-s3c2410\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-ixp4xx\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-footbridge\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-iop32x\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-rpc\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-parisc\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-parisc64-smp\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-parisc-smp\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-parisc\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-parisc64-smp\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-parisc-smp\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-all-hppa\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-parisc64\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-parisc64\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-all-i386\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-vserver-686\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-xen-vserver-686\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-modules-2.6.18-6-xen-vserver-686\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-686-bigmem\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-486\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-686\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-vserver-k7\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-686\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-xen-686\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-2.6.18-6-xen-vserver-686\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-k7\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-686-bigmem\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-vserver-k7\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-k7\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-486\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-vserver-686\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-xen-686\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"user-mode-linux\", ver:\"2.6.18-1um-2etch.24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-modules-2.6.18-6-xen-686\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-2.6.18-6-xen-686\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-xen-vserver-686\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-itanium\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-mckinley\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-all-ia64\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-mckinley\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-itanium\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-r5k-ip32\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-r5k-ip32\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-r4k-ip22\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-sb1-bcm91250a\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-sb1a-bcm91480b\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-r4k-ip22\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-qemu\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-sb1a-bcm91480b\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-qemu\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-all-mips\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-sb1-bcm91250a\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-all-mipsel\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-r5k-cobalt\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-r3k-kn02\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-r3k-kn02\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-r5k-cobalt\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-r4k-kn04\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-r4k-kn04\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-powerpc\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-prep\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-prep\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-powerpc64\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-powerpc-miboot\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-powerpc-smp\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-vserver-powerpc64\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-vserver-powerpc64\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-powerpc64\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-powerpc\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-vserver-powerpc\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-vserver-powerpc\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-all-powerpc\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-powerpc-miboot\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-powerpc-smp\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-s390-tape\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-vserver-s390x\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-s390\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-vserver-s390x\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-s390x\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-all-s390\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-s390\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-s390x\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-all-sparc\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-vserver-sparc64\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-sparc64-smp\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-sparc64\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-sparc32\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-6-sparc32\", ver:\"2.6.18.dfsg.1-24etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-vserver-sparc64\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-sparc64\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-6-sparc64-smp\", ver:\"2.6.18.dfsg.1-24etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:57:08", "description": "The remote host is missing an update to linux-2.6.24\nannounced via advisory DSA 1787-1.", "cvss3": {}, "published": "2009-05-05T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1787-1 (linux-2.6.24)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5702", "CVE-2009-1046", "CVE-2008-5395", "CVE-2008-5700", "CVE-2009-0859", "CVE-2009-0675", "CVE-2008-4307", "CVE-2009-0028", "CVE-2009-1242", "CVE-2009-0322", "CVE-2009-0676", "CVE-2009-1192", "CVE-2008-5079", "CVE-2009-0065", "CVE-2009-0745", "CVE-2009-1338", "CVE-2009-1337", "CVE-2009-0269", "CVE-2009-0834", "CVE-2009-1265", "CVE-2009-0031", "CVE-2009-1439", "CVE-2009-0029", "CVE-2008-5701"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:63939", "href": "http://plugins.openvas.org/nasl.php?oid=63939", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1787_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1787-1 (linux-2.6.24)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or privilege escalation. For details,\nplease visit the referenced security advisories.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.6.24-6~etchnhalf.8etch1.\n\nWe recommend that you upgrade your linux-2.6.24 packages.\";\ntag_summary = \"The remote host is missing an update to linux-2.6.24\nannounced via advisory DSA 1787-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201787-1\";\n\n\nif(description)\n{\n script_id(63939);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 16:00:35 +0200 (Tue, 05 May 2009)\");\n script_cve_id(\"CVE-2008-4307\", \"CVE-2008-5079\", \"CVE-2008-5395\", \"CVE-2008-5700\", \"CVE-2008-5701\", \"CVE-2008-5702\", \"CVE-2009-0028\", \"CVE-2009-0029\", \"CVE-2009-0031\", \"CVE-2009-0065\", \"CVE-2009-0269\", \"CVE-2009-0322\", \"CVE-2009-0675\", \"CVE-2009-0676\", \"CVE-2009-0745\", \"CVE-2009-0834\", \"CVE-2009-0859\", \"CVE-2009-1046\", \"CVE-2009-1192\", \"CVE-2009-1242\", \"CVE-2009-1265\", \"CVE-2009-1337\", \"CVE-2009-1338\", \"CVE-2009-1439\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1787-1 (linux-2.6.24)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"linux-tree-2.6.24\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-doc-2.6.24\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-support-2.6.24-etchnhalf.1\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-manual-2.6.24\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-source-2.6.24\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-patch-debian-2.6.24\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-alpha\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-alpha-legacy\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-alpha-smp\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-alpha-generic\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-alpha-smp\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-alpha-generic\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-common\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-alpha-legacy\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-amd64\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-amd64\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-amd64\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-ixp4xx\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-iop32x\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-footbridge\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-footbridge\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-ixp4xx\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-iop32x\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-arm\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-parisc64-smp\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-parisc-smp\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-hppa\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-parisc\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-parisc\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-parisc64\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-parisc64\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-parisc64-smp\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-parisc-smp\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-686\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-486\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-686-bigmem\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-i386\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-686-bigmem\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-486\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-686\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-mckinley\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-itanium\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-itanium\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-mckinley\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-ia64\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-5kc-malta\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-r4k-ip22\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-mips\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-r4k-ip22\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-r5k-ip32\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-r5k-ip32\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-5kc-malta\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-4kc-malta\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-4kc-malta\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-r5k-cobalt\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-mipsel\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-r5k-cobalt\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-powerpc\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-powerpc-smp\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-powerpc\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-powerpc-smp\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-powerpc-miboot\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-powerpc64\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-powerpc-miboot\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-powerpc64\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-powerpc\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-s390-tape\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-s390\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-s390\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-s390\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-s390x\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-s390x\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-sparc\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-sparc64\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-sparc64\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-sparc64-smp\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-sparc64-smp\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:21", "description": "The remote host is missing an update to linux-2.6.24\nannounced via advisory DSA 1787-1.", "cvss3": {}, "published": "2009-05-05T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1787-1 (linux-2.6.24)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5702", "CVE-2009-1046", "CVE-2008-5395", "CVE-2008-5700", "CVE-2009-0859", "CVE-2009-0675", "CVE-2008-4307", "CVE-2009-0028", "CVE-2009-1242", "CVE-2009-0322", "CVE-2009-0676", "CVE-2009-1192", "CVE-2008-5079", "CVE-2009-0065", "CVE-2009-0745", "CVE-2009-1338", "CVE-2009-1337", "CVE-2009-0269", "CVE-2009-0834", "CVE-2009-1265", "CVE-2009-0031", "CVE-2009-1439", "CVE-2009-0029", "CVE-2008-5701"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063939", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063939", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1787_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1787-1 (linux-2.6.24)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or privilege escalation. For details,\nplease visit the referenced security advisories.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.6.24-6~etchnhalf.8etch1.\n\nWe recommend that you upgrade your linux-2.6.24 packages.\";\ntag_summary = \"The remote host is missing an update to linux-2.6.24\nannounced via advisory DSA 1787-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201787-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63939\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 16:00:35 +0200 (Tue, 05 May 2009)\");\n script_cve_id(\"CVE-2008-4307\", \"CVE-2008-5079\", \"CVE-2008-5395\", \"CVE-2008-5700\", \"CVE-2008-5701\", \"CVE-2008-5702\", \"CVE-2009-0028\", \"CVE-2009-0029\", \"CVE-2009-0031\", \"CVE-2009-0065\", \"CVE-2009-0269\", \"CVE-2009-0322\", \"CVE-2009-0675\", \"CVE-2009-0676\", \"CVE-2009-0745\", \"CVE-2009-0834\", \"CVE-2009-0859\", \"CVE-2009-1046\", \"CVE-2009-1192\", \"CVE-2009-1242\", \"CVE-2009-1265\", \"CVE-2009-1337\", \"CVE-2009-1338\", \"CVE-2009-1439\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1787-1 (linux-2.6.24)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"linux-tree-2.6.24\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-doc-2.6.24\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-support-2.6.24-etchnhalf.1\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-manual-2.6.24\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-source-2.6.24\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-patch-debian-2.6.24\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-alpha\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-alpha-legacy\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-alpha-smp\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-alpha-generic\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-alpha-smp\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-alpha-generic\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-common\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-alpha-legacy\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-amd64\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-amd64\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-amd64\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-ixp4xx\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-iop32x\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-footbridge\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-footbridge\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-ixp4xx\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-iop32x\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-arm\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-parisc64-smp\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-parisc-smp\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-hppa\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-parisc\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-parisc\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-parisc64\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-parisc64\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-parisc64-smp\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-parisc-smp\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-686\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-486\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-686-bigmem\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-i386\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-686-bigmem\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-486\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-686\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-mckinley\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-itanium\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-itanium\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-mckinley\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-ia64\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-5kc-malta\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-r4k-ip22\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-mips\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-r4k-ip22\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-r5k-ip32\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-r5k-ip32\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-5kc-malta\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-4kc-malta\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-4kc-malta\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-r5k-cobalt\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-mipsel\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-r5k-cobalt\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-powerpc\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-powerpc-smp\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-powerpc\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-powerpc-smp\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-powerpc-miboot\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-powerpc64\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-powerpc-miboot\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-powerpc64\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-powerpc\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-s390-tape\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-s390\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-s390\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-s390\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-s390x\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-s390x\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-sparc\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-sparc64\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-sparc64\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-sparc64-smp\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-sparc64-smp\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:22", "description": "[2.6.9-78.0.22.0.1.EL]\n- [xen] fix for hung JVM thread after #GPF [orabug 7916406] (Chuck Anderson)\n- fix entropy flag in bnx2 driver to generate entropy pool (John Sobecki) \n [orabug 5931647]\n- fix skb alignment that was causing sendto() to fail with EFAULT (Olaf Kirch) \n [orabug 6845794]\n- fix enomem due to larger mtu size page alloc (Zach Brown) [orabug 5486128]\n- fix per_cpu() api bug_on with rds (Zach Brown) [orabug 5760648]\n- backout patch sysrq-b that queues upto keventd thread (Guru Anbalagane) \n [orabug 6125546]\n- netrx/netpoll race avoidance (Tina Yang) [orabug 6143381]\n- fix guest spinning in xen (Herbert van den Bergh) [orabug 7004010]\n- fix serial port lock recursion (Herbert van den Bergh) [orabug 6761872]\n- [XEN] Fix elf_core_dump (Tina Yang) [orabug 6995928]\n- fix in nfs_attribute_timeout() (Trond Myklebust) [orabug 7378108]\n- use lfence instead of cpuid instruction to implement memory barriers\n (Herbert van den Bergh) [orabug 7452412]\n- add netpoll support to xen netfront (Tina Yang) [orabz 7261]\n- [xen] execshield: fix endless GPF fault loop (Stephen Tweedie) [orabug 7175395]\n- port Red Hat bug 472572: HVM crash in net/core/dev.c during boot [orabug 7653948]\n The following Red Hat patches were ported from the source RPM at:\n http://people.redhat.com/vgoyal/rhel4/SRPMS.kernel/kernel-2.6.9-78.22.EL.src.rpm\n linux-2.6.9-xen-fix-netfront-mem-leak.patch\n linux-2.6.9-xen-xen-vnif-stops-working-on-reception-of-duplicat.patch\n- fix kernel null dereference in ap_suspend() during migration [orabug 7635625]\n Ported from the el5u2 xenpv-0.1-9.0.1.el5 patch\n ovs-bugz7262-fix-migration-hang-due-to-write-lock-starvation.patch.\n In el5u2, the fix is to the xenpv driver. For el4u7, the xenpv driver\n was moved into the kernel.\n- port el4u6 xenpv patch (orabug 7442030) for live migration hang \n [orabug 7458244]\n- [xen]: port el5u2 patch that allows 64-bit PVHVM guest to boot with 32-bit \n dom0 [orabug 7452107]\n- [mm] update shrink_zone patch to allow 100% swap utilization (John Sobecki, \n Chris Mason, Chuck Anderson, Dave McCracken) [orabug 7566319,6086839] \n- [nfs] update fix for attribute caching when using actimeo=0 (Chuck Lever, \n John Sobecki) [ORABUG 7131141,7156607,7388056] [RHBZ 446083,476726]\n- [kernel] backport report_lost_ticks patch from EL5.2 (John Sobecki) \n [orabug 6110605]\n- port EL5U3 patch to adjust totalhigh_pages in the balloon driver [orabug 8300888]\n- check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug7556514]\n- [XEN] use hypercall to fixmap pte updates (Mukesh Rathor) [orabug 8433329]\n- [XEN] Extend physical mask to 40bit for machine above 64G [orabug 8312526]\n- fix oops in show_partition using RCU (Wen gang Wang) [orabug 8423936]\n[2.6.9-78.0.22]\n-nmi watchdog: fix LAPIC mode detection on cpus with supported performance counters (John Villalovos) [497330 491338]\n[2.6.9-78.0.21] \n-igb: prevent deadlock while executing netdump (Andy Gospodarek) [480579 435886]\n[2.6.9-78.0.20]\n-mce: do not clear status registers in fatal conditions (Aristeu Rozanski) [494915 489695]\n[2.6.9-78.0.19]\n-xen: guest will crash if rtl8139 nic is only one specified (Don Dutile) [477146 472572]\n-fix CLONE_PARENT and parent_exec_id interaction (Don Howard) [479961 479962] {CVE-2009-0028}\n-x86_64: syscall_audit: fix 32/64 syscall hole (Jerome Marchand) [487999 488000] {CVE-2009-0834}\n-x86_64: backport is_compat_task (Jerome Marchand) [487999 488000] {CVE-2009-0834}\n-megaraid: fix a bug in reset handler (Tomas Henzl) [493420 481662]\n-ext3: ext3_symlink should use gfp_nofs allocations inside (Flavio Leitner) [493422 489768]\n[2.6.9-78.0.18]\n-igb: prevent deadlock while executing netdump (Andy Gospodarek) [480579 435886]\n-nfs: fix pages of a memory mapped nfs file get corrupted (Peter Staubach) [490119 432974]\n-aio: fix race in aio_complete that leads to a process hang (Jeff Moyer) [489935 456686]\n-mptfusion: remove check for type disk (Tomas Henzl) [487399 465514]\n-kernel: fix kernel memory disclosure in getsockopt() with option SO_BSDCOMPAT (Don Howard) [486515 486516] {CVE-2009-0676}\n-ia64: fix deadlock in ia64 sys_ptrace (Jerome Marchand) [484904 442816]\n-nfs: remove bogus lock if signalled case (Bryn M. Reeves) [456284 456285] {CVE-2008-4307}\n-nmi watchdog: generate load on all cpus while testing if the watchdog works (Aristeu Rozanski) [479184 488018]\n-nmi watchdog: move check_nmi_watchdog to later in boot time (Aristeu Rozanski) [479184 458859] ", "cvss3": {}, "published": "2009-05-01T00:00:00", "type": "oraclelinux", "title": "kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2008-4307", "CVE-2009-0028", "CVE-2009-0676", "CVE-2009-0834"], "modified": "2009-05-01T00:00:00", "id": "ELSA-2009-0459", "href": "http://linux.oracle.com/errata/ELSA-2009-0459.html", "cvss": {"score": 4.0, "vector": "AV:L/AC:H/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:37:46", "description": "[2.6.18-128.1.10.0.1.el5]\n- [NET] Add entropy support to e1000 and bnx2 (John Sobecki,Guru Anbalagane) [orabug 6045759]\n- [MM] shrink zone patch (John Sobecki,Chris Mason) [orabug 6086839]\n- [NET] Add xen pv/bonding netconsole support (Tina yang) [orabug 6993043] [bz 7258]\n- [nfs] convert ENETUNREACH to ENOTCONN (Guru Anbalagane) [orabug 7689332]\n- [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514]\n- [MM] balloon code needs to adjust totalhigh_pages (Chuck Anderson) [orabug 8300888]\n[2.6.18-128.1.10.el5]\n- [fs] fix softlockup in posix_locks_deadlock (Josef Bacik ) [496842 476659]\n[2.6.18-128.1.9.el5]\n- [net] ipv4: remove uneeded bh_lock/unlock from udp_rcv (Neil Horman ) [496044 484590]\n[2.6.18-128.1.8.el5]\n- [misc] exit_notify: kill the wrong capable check [494270 494271] {CVE-2009-1337}\n- [misc] fork: CLONE_PARENT && parent_exec_id interaction (Don Howard ) [479963 479964] {CVE-2009-0028}\n- [scsi] qla2xxx: reduce DID_BUS_BUSY failover errors (Marcus Barrow ) [495635 244967]\n- [nfs] v4: client crash on file lookup with long names (Sachin S. Prabhu ) [494078 493942] {CVE-2009-1336}\n- [net] ixgbe: stop double counting frames and bytes (Andy Gospodarek ) [489459 487213]\n- [xen] x86: update the earlier APERF/MPERF patch (Chris Lalancette ) [495929 493557]\n- [xen] x86: fix dom0 panic when using dom0_max_vcpus (Chris Lalancette ) [495931 485119]\n- [net] fix oops when using openswan (Neil Horman ) [496044 484590]\n[2.6.18-128.1.7.el5]\n- [nfs] remove bogus lock-if-signalled case (Bryn M. Reeves ) [456287 456288] {CVE-2008-4307}\n- [x86] NONSTOP_TSC in tsc clocksource (Luming Yu ) [493356 474091]\n- [ppc] keyboard not recognized on bare metal (Justin Payne ) [494293 455232]\n- [fs] ecryptfs: fix memory leak into crypto headers (Eric Sandeen ) [491255 491256] {CVE-2009-0787}\n- [xen] x86: silence WRMSR warnings (Chris Lalancette ) [488928 470035]\n- [ptrace] audit_syscall_entry to use right syscall number (Jiri Pirko ) [488001 488002] {CVE-2009-0834}\n- [dlm] fix length calculation in compat code (David Teigland ) [491677 487672]\n- [nfs] fix hung clients from deadlock in flush_workqueue (David Jeffery ) [488929 483627]\n- [ia64] use current_kernel_time/xtime in hrtimer_start() (Prarit Bhargava ) [490434 485323]\n- [net] bonding: fix arp_validate=3 slaves behaviour (Jiri Pirko ) [488064 484304]\n- [net] enic: return notify intr credits (Andy Gospodarek ) [472474 484824]\n- [input] wacom: 12x12 problem while using lens cursor (Aristeu Rozanski ) [489460 484959]\n- [net] ehea: improve behaviour in low mem conditions (AMEET M. PARANJAPE ) [487035 483148]", "cvss3": {}, "published": "2009-05-07T00:00:00", "type": "oraclelinux", "title": "kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2009-0787", "CVE-2008-4307", "CVE-2009-0028", "CVE-2009-1337", "CVE-2009-0834", "CVE-2009-1336"], "modified": "2009-05-07T00:00:00", "id": "ELSA-2009-0473", "href": "http://linux.oracle.com/errata/ELSA-2009-0473.html", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-05-29T18:37:05", "description": "[2.6.9-89]\n-fix regression in cxgb3 driver spin_lock usage (Andy Gospodarek) [495557]\n-cxgb3: fixup possible workqueue deadlocks (Andy Gospodarek) [495558]\n-e1000: network driver doesn t reset nic during shutdown and prevents pxe reloads (George Beshers) [465620]\n-cxgb3: fix msix bringup so we dont leak vectors on failed init (Doug Ledford) [495556]\n-e1000e: support for 82583 and new 82574LA (Andy Gospodarek) [452287]\n-igb: support for dual port 82576 (Andy Gospodarek) [452289]\n-dm crypt: memory corruption when invalid mapping parameters provided (Milan Broz) [495673]\n-Revert 'fix race condition in input.c' (Vivek Goyal) [491940]\n-Revert 'more fixes for fix race condition in input.c' (Vivek Goyal) [491940]\n[2.6.9-88]\n-cpu p-state limits (via acpi_ppc) ignored by os (Stanislaw Gruszka) [490531]\n-add some missing bits to the chelsio cxgb3 driver (Doug Ledford) [454557]\n-net: ipv6: mcast: fix joining all node multicast group on device initialization (Jiri Pirko) [494463]\n-exit_notify: kill the wrong capable check (Oleg Nesterov) [494269]\n-e1000e: reset chip when taking down interface (Andy Gospodarek) [452287]\n-kernel: random32: seeding improvement (Vitaly Mayatskikh) [458022]\n-nfsv4: client crashes when doing a lookup on files with long names (Sachin S. Prabhu) [493939]\n[2.6.9-87]\n-fix CLONE_PARENT and parent_exec_id interaction (Don Howard) [479962] {CVE-2009-0028}\n-qla2xxx: remove sysfs entry for nvram (Marcus Barrow) [476704]\n-mce: do not clear status registers in fatal conditions (Aristeu Rozanski) [489695]\n-nehalem ex support (John Villalovos) [491338]\n-cciss: export device model and vendor info through sysfs (Tomas Henzl) [490187]\n-cciss: kernel thread to detect config changes on the MSA2012 (Tomas Henzl) [490187]\n-cciss: cleanup redundant code (Tomas Henzl) [490187]\n-cciss: changes in config functions (Tomas Henzl) [490187]\n-x86_64: syscall_audit: fix 32/64 syscall hole (Jerome Marchand) [488000] {CVE-2009-0834}\n-x86_64: backport is_compat_task (Jerome Marchand) [488000] {CVE-2009-0834}\n[2.6.9-86]\n-qla2xxx: reduce BUS_BUSY error returns (Marcus Barrow) [490744]\n-scsi: modify scsi layer to retry DID_ERROR (Marcus Barrow) [490744]\n-tg3: add in driver phy support for 5785 (Andy Gospodarek) [452925]\n-e1000: fix false link detection (Michal Schmidt) [489960]\n-qla2xxx: fix flash program: fix read/write version update issues (Marcus Barrow) [491784]\n-qla2xxx: fix loop resets and HBA traversal (Marcus Barrow) [491784]\n-qla2xxx: 8 gb/s firmware update for blade servers 4.06.01 => 4.04.09 (Marcus Barrow) [492156]\n-qla2xxx: 4 gb/s firmware update for blade servers 4.06.01 => 4.04.09 (Marcus Barrow) [492156]\n-bnx2x: initialization and ia64 fixes (Andy Gospodarek) [453305]\n-hfs: fix hfs mount memory leak (Dave Anderson) [479607]\n-fix warn in __writeback_single_inode (Josef Bacik) [458955]\n-ide: increase the timeout in wait_drive_not_busy (Prarit Bhargava) [456078]\n-more fixes for fix race condition in input.c (James Paradis) [491940]\n[2.6.9-85]\n-md: pass down bio_rw_sync in raid 1,10 (Dave Maley) [467829]\n-fix the tsc clocksource when using the tick divider (Chris Lalancette) [491154]\n-bonding: give full arp monitoring cycle to slaves (Jiri Pirko) [489362]\n-megaraid: fix a bug in reset handler (Tomas Henzl) [481662]\n-dm: check that the log bitmap will fit within the log device (Milan Broz) [490021]\n[2.6.9-84]\n-cciss: disable dma refetch on p600 (Tomas Henzl) [454643]\n-cciss: remove unused variable (Tomas Henzl) [454643]\n-cciss: read config table to determine max_commands (Tomas Henzl) [454643]\n-cciss: Updated cciss driver to 2.6.20.RH2, update controller names and version (Tomas Henzl) [454643]\n-ext3: ext3_symlink should use gfp_nofs allocations inside (Flavio Leitner) [489768]\n-net: fix dst_entry leak (Neil Horman) [489300]\n-nmi watchdog: generate load on all cpus while testing if the watchdog works (Aristeu Rozanski) [488018]\n-qla4xxx: properly support async pdu messages (Marcus Barrow) [485092]\n[2.6.9-83]\n-arp: add uresolved_discards counter (Neil Horman) [453173]\n-xen: fix crash when modprobe xen-vnif in a kvm guest (Chris Lalancette) [485421]\n-Re-apply: fix kernel crash in sunrpc::cache_clean (Peter Staubach) [278291]\n-r8169: don t update statistics counters when interface is down (Ivan Vecera) [440467]\n-fix panic when loading pciehp module (Prarit Bhargava) [487385]\n-hid: fix return code in hid_probe (Aristeu Rozanski) [453171]\n-ixgbe: make sure devices can netdump (Andy Gospodarek) [484376]\n-igb: make sure devices can netdump (Andy Gospodarek) [484376]\n-igb: prevent deadlock while executing netdump (Andy Gospodarek) [435886]\n-bnx2: fix driver update that broke netdump (Andy Gospodarek) [484667]\n-bug fix for hdmi audio (Bhavana Nagendra) [459222]\n-usb: workaround for usb hang in sb600/sb700 (Pete Zaitcev) [472789]\n-netpoll: fix up device quota in netpoll prior to calling driver poll method (Neil Horman) [481207]\n-fix leap second hang (Prarit Bhargava) [479764]\n[2.6.9-82]\n-kernel: fix kernel memory disclosure in getsockopt() with option SO_BSDCOMPAT (Don Howard) [486516] {CVE-2009-0676}\n-e1000: move around config for es2lan (Andy Gospodarek) [473258]\n-dm: fix more random snapshot crashes and corruption (Mikulas Patocka) [484319]\n-dm: random snapshot crashes and corruption (Mikulas Patocka) [484319]\n-mptfusion: remove check for type disk (Tomas Henzl) [465514]\n-scsi: remove wrong lock from scsi layer (Tomas Henzl) [483191]\n-ipv6: fix link local connect hang (Neil Horman) [483619]\n-improve udp port randomization (Vitaly Mayatskikh) [480137]\n-e1000: test for unusable msi (Andy Gospodarek) [482822]\n-md: crash with partially succeeded request (Mikulas Patocka) [472796]\n-nfs: remove bogus lock if signalled case (Bryn M. Reeves) [456285] {CVE-2008-4307}\n-amd k6 doesnt support mce (Prarit Bhargava) [479910]\n-Revert 'sunrpc: fix kernel crash in sunrpc cache_clean' (Vivek Goyal) [479728 278291]\n[2.6.9-81]\n-virtio_net: let virtio_net change the mtu (Chris Lalancette) [483535]\n-fix a buffer overflow vulnerability with del_rbu driver (Don Howard) [482940] {CVE-2009-0322}\n-net: backport of dscp functionality (Thomas Graf) [484398]\n-netxen critical fixes (Tony Camuso) [458863]\n-check futex timespec validity (Jerome Marchand) [472557]\n-cifs: replace missing else in cifs_open_inode_helper (Jeff Layton) [484261]\n-libata: ahci: Withdraw IGN_SERR_INTERNAL for SB800 SATA (David Milburn) [480395]\n-sd: Fix handling of NO_SENSE check condition (Rob Evers) [480666]\n-security: introduce missing kfree (Jiri Pirko) [480596] {CVE-2009-0031}\n-libata: fix removing adding hdd thru proc (David Milburn) [329201]\n-md: fix snapshot data corruption (Mikulas Patocka) [175830]\n[2.6.9-80]\n-evdev: use kref in order to call evdev_free only after all closes and disconnect (Mauro Carvalho Chehab) [460457]\n-evdev: avoid a race condition between open and disconnect (Mauro Carvalho Chehab) [460457]\n-evdev: simplify close disconnect code (Mauro Carvalho Chehab) [460457]\n-evdev: converts open close mutex into static (Mauro Carvalho Chehab) [460457]\n-evdev: adds memory barriers protect evdev (Mauro Carvalho Chehab) [460457]\n-mptfusion: limit dma addresses to 32bit for devices with 106E B1 chip (Tomas Henzl) [480158]\n-e1000: add parameter to set transmit descriptor size (Andy Gospodarek) [334411]\n-e1000e: add reboot notifier so wol will work (Andy Gospodarek) [432364]\n-net: fix ip tunnel can not be bound to another device (Michal Schmidt) [437410]\n-Revert 'qla2xxx: more fix flash for isp25xx and scheduling' (Vivek Goyal) [476704]\n-Revert 'identify pm timer calibration issues during boot' (Vivek Goyal) [456935]\n[2.6.9-79]\n-add new AMD HDMI audio device pci id (Joachim Deguara) [459222]\n-ofed: remove lro bits from ofed 1.4 update (Doug Ledford) [454557 478687]\n-config: ofed 1.4: disable MLX4 ethernet on iSeries (Doug Ledford) [454557 478687]\n-config: ofed 1.4: only build ipath on x86_64 (Doug Ledford) [454557 478687]\n-config: disable ehca driver to ensure ofed 1.4 builds on ppc64 (Doug Ledford) [454557 478687]\n-fix deadlock between mmap munmap and jbd (Josef Bacik) [439548]\n-enable entropy generation from e1000 and bnx2 network cards (Ivan Vecera) [439920]\n-netpoll: disable bottom halvees during napi poll (Neil Horman) [477945]\n-ofed 1.4 update (Doug Ledford) [454557 478687]\n-config: config file changes for ofed 1.4 update (Doug Ledford) [454557 478687]\n-[s390] zfcp: provide support for npiv (Hans-Joachim Picht) [249775]", "cvss3": {}, "published": "2009-05-26T00:00:00", "type": "oraclelinux", "title": "Oracle Enterprise Linux 4.8 kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2008-4307", "CVE-2009-0028", "CVE-2009-0322", "CVE-2009-0676", "CVE-2009-1337", "CVE-2009-0834", "CVE-2009-0031", "CVE-2009-1336"], "modified": "2009-05-26T00:00:00", "id": "ELSA-2009-1024", "href": "http://linux.oracle.com/errata/ELSA-2009-1024.html", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "redhat": [{"lastseen": "2021-10-21T04:45:33", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes:\n\n* a logic error was found in the do_setlk() function of the Linux kernel\nNetwork File System (NFS) implementation. If a signal interrupted a lock\nrequest, the local POSIX lock was incorrectly created. This could cause a\ndenial of service on the NFS server if a file descriptor was closed before\nits corresponding lock request returned. (CVE-2008-4307, Important)\n\n* a deficiency was found in the Linux kernel system call auditing\nimplementation on 64-bit systems. This could allow a local, unprivileged\nuser to circumvent a system call audit configuration, if that configuration\nfiltered based on the \"syscall\" number or arguments.\n(CVE-2009-0834, Important)\n\n* Chris Evans reported a deficiency in the Linux kernel signals\nimplementation. The clone() system call permits the caller to indicate the\nsignal it wants to receive when its child exits. When clone() is called\nwith the CLONE_PARENT flag, it permits the caller to clone a new child that\nshares the same parent as itself, enabling the indicated signal to be sent\nto the caller's parent (instead of the caller), even if the caller's parent\nhas different real and effective user IDs. This could lead to a denial of\nservice of the parent. (CVE-2009-0028, Moderate)\n\n* the sock_getsockopt() function in the Linux kernel did not properly\ninitialize a data structure that can be directly returned to user-space\nwhen the getsockopt() function is called with SO_BSDCOMPAT optname set.\nThis flaw could possibly lead to memory disclosure.\n(CVE-2009-0676, Moderate)\n\nBug fixes:\n\n* a kernel crash may have occurred for Red Hat Enterprise Linux 4.7 guests\nif their guest configuration file specified \"vif = [ \"type=ioemu\" ]\". This\ncrash only occurred when starting guests via the \"xm create\" command.\n(BZ#477146)\n\n* a bug in IO-APIC NMI watchdog may have prevented Red Hat Enterprise Linux\n4.7 from being installed on HP ProLiant DL580 G5 systems. Hangs during\ninstallation and \"NMI received for unknown reason [xx]\" errors may have\noccurred. (BZ#479184)\n\n* a kernel deadlock on some systems when using netdump through a network\ninterface that uses the igb driver. (BZ#480579)\n\n* a possible kernel hang in sys_ptrace() on the Itanium\u00ae architecture,\npossibly triggered by tracing a threaded process with strace. (BZ#484904)\n\n* the RHSA-2008:0665 errata only fixed the known problem with the LSI Logic\nLSI53C1030 Ultra320 SCSI controller, for tape devices. Read commands sent\nto tape devices may have received incorrect data. This issue may have led\nto data corruption. This update includes a fix for all types of devices.\n(BZ#487399)\n\n* a missing memory barrier caused a race condition in the AIO subsystem\nbetween the read_events() and aio_complete() functions. This may have\ncaused a thread in read_events() to sleep indefinitely, possibly causing an\napplication hang. (BZ#489935)\n\n* due to a lack of synchronization in the NFS client code, modifications\nto some pages (for files on an NFS mounted file system) made through a\nregion of memory mapped by mmap() may be lost if the NFS client invalidates\nits page cache for particular files. (BZ#490119)\n\n* a NULL pointer dereference in the megaraid_mbox driver caused a system\ncrash on some systems. (BZ#493420)\n\n* the ext3_symlink() function in the ext3 file system code used an\nillegal __GFP_FS allocation inside some transactions. This may have\nresulted in a kernel panic and \"Assertion failure\" errors. (BZ#493422)\n\n* do_machine_check() cleared all Machine Check Exception (MCE) status\nregisters, preventing the BIOS from using them to determine the cause of\ncertain panics and errors. (BZ#494915)\n\n* a bug prevented NMI watchdog from initializing on HP ProLiant DL580 G5\nsystems. (BZ#497330)\n\nThis update contains backported patches to fix these issues. The system\nmust be rebooted for this update to take effect.", "cvss3": {}, "published": "2009-04-30T00:00:00", "type": "redhat", "title": "(RHSA-2009:0459) Important: kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:L/AC:H/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4307", "CVE-2009-0028", "CVE-2009-0676", "CVE-2009-0834"], "modified": "2017-09-08T07:48:42", "id": "RHSA-2009:0459", "href": "https://access.redhat.com/errata/RHSA-2009:0459", "cvss": {"score": 4.0, "vector": "AV:L/AC:H/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-10-21T04:42:07", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* a logic error was found in the do_setlk() function of the Linux kernel\nNetwork File System (NFS) implementation. If a signal interrupted a lock\nrequest, the local POSIX lock was incorrectly created. This could cause a\ndenial of service on the NFS server if a file descriptor was closed before\nits corresponding lock request returned. (CVE-2008-4307, Important)\n\n* a deficiency was found in the Linux kernel system call auditing\nimplementation on 64-bit systems. This could allow a local, unprivileged\nuser to circumvent a system call audit configuration, if that configuration\nfiltered based on the \"syscall\" number or arguments.\n(CVE-2009-0834, Important)\n\n* the exit_notify() function in the Linux kernel did not properly reset the\nexit signal if a process executed a set user ID (setuid) application before\nexiting. This could allow a local, unprivileged user to elevate their\nprivileges. (CVE-2009-1337, Important)\n\n* a flaw was found in the ecryptfs_write_metadata_to_contents() function of\nthe Linux kernel eCryptfs implementation. On systems with a 4096 byte\npage-size, this flaw may have caused 4096 bytes of uninitialized kernel\nmemory to be written into the eCryptfs file headers, leading to an\ninformation leak. Note: Encrypted files created on systems running the\nvulnerable version of eCryptfs may contain leaked data in the eCryptfs file\nheaders. This update does not remove any leaked data. Refer to the\nKnowledgebase article in the References section for further information.\n(CVE-2009-0787, Moderate)\n\n* the Linux kernel implementation of the Network File System (NFS) did not\nproperly initialize the file name limit in the nfs_server data structure.\nThis flaw could possibly lead to a denial of service on a client mounting\nan NFS share. (CVE-2009-1336, Moderate)\n\nThis update also fixes the following bugs:\n\n* the enic driver (Cisco 10G Ethernet) did not operate under\nvirtualization. (BZ#472474)\n\n* network interfaces using the IBM eHEA Ethernet device driver could not be\nsuccessfully configured under low-memory conditions. (BZ#487035)\n\n* bonding with the \"arp_validate=3\" option may have prevented fail overs.\n(BZ#488064)\n\n* when running under virtualization, the acpi-cpufreq module wrote \"Domain\nattempted WRMSR\" errors to the dmesg log. (BZ#488928)\n\n* NFS clients may have experienced deadlocks during unmount. (BZ#488929)\n\n* the ixgbe driver double counted the number of received bytes and packets.\n(BZ#489459)\n\n* the Wacom Intuos3 Lens Cursor device did not work correctly with the\nWacom Intuos3 12x12 tablet. (BZ#489460)\n\n* on the Itanium(r) architecture, nanosleep() caused commands which used it,\nsuch as sleep and usleep, to sleep for one second more than expected.\n(BZ#490434)\n\n* a panic and corruption of slab cache data structures occurred on 64-bit\nPowerPC systems when clvmd was running. (BZ#491677)\n\n* the NONSTOP_TSC feature did not perform correctly on the Intel(r)\nmicroarchitecture (Nehalem) when running in 32-bit mode. (BZ#493356)\n\n* keyboards may not have functioned on IBM eServer System p machines after\na certain point during installation or afterward. (BZ#494293)\n\n* using Device Mapper Multipathing with the qla2xxx driver resulted in\nfrequent path failures. (BZ#495635)\n\n* if the hypervisor was booted with the dom0_max_vcpus parameter set to\nless than the actual number of CPUs in the system, and the cpuspeed service\nwas started, the hypervisor could crash. (BZ#495931)\n\n* using Openswan to provide an IPsec virtual private network eventually\nresulted in a CPU soft lockup and a system crash. (BZ#496044)\n\n* it was possible for posix_locks_deadlock() to enter an infinite loop\n(under the BKL), causing a system hang. (BZ#496842)\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. The system must be rebooted for this\nupdate to take effect.", "cvss3": {}, "published": "2009-05-07T00:00:00", "type": "redhat", "title": "(RHSA-2009:0473) Important: kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4307", "CVE-2009-0787", "CVE-2009-0834", "CVE-2009-1336", "CVE-2009-1337"], "modified": "2017-09-08T08:17:07", "id": "RHSA-2009:0473", "href": "https://access.redhat.com/errata/RHSA-2009:0473", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-10-19T20:37:30", "description": "The kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated packages fix the following security issues:\n\n* a logic error was found in the do_setlk() function of the Linux kernel\nNetwork File System (NFS) implementation. If a signal interrupted a lock\nrequest, the local POSIX lock was incorrectly created. This could cause a\ndenial of service on the NFS server if a file descriptor was closed before\nits corresponding lock request returned. (CVE-2008-4307, Important)\n\n* a deficiency was found in the Linux kernel system call auditing\nimplementation on 64-bit systems. This could allow a local, unprivileged\nuser to circumvent a system call audit configuration, if that configuration\nfiltered based on the \"syscall\" number or arguments.\n(CVE-2009-0834, Important)\n\n* Chris Evans reported a deficiency in the Linux kernel secure-computing\nimplementation on 64-bit systems. This could allow a local, unprivileged\nuser to bypass intended access restrictions, if those access restriction\nfilters were based on the \"syscall\" number or arguments.\n(CVE-2009-0835, Important)\n\n* the exit_notify() function in the Linux kernel did not properly reset the\nexit signal if a process executed a set user ID (setuid) application before\nexiting. This could allow a local, unprivileged user to elevate their\nprivileges. (CVE-2009-1337, Important)\n\n* Chris Evans reported a deficiency in the Linux kernel signals\nimplementation. The clone() system call permits the caller to indicate the\nsignal it wants to receive when its child exits. When clone() is called\nwith the CLONE_PARENT flag, it permits the caller to clone a new child that\nshares the same parent as itself, enabling the indicated signal to be sent\nto the caller's parent (instead of the caller), even if the caller's parent\nhas different real and effective user IDs. This could lead to a denial of\nservice of the parent. (CVE-2009-0028, Moderate)\n\n* an off-by-two error was found in the set_selection() function of the\nLinux kernel. This could allow a local, unprivileged user to cause a denial\nof service when making a selection of characters in a UTF-8 console. Note:\nphysical console access is required to exploit this issue.\n(CVE-2009-1046, Low)\n\nThese updated packages also fix the following bug:\n\n* the __scsi_device_lookup_by_target() function was always returning the\nfirst matching device, regardless of the state of the device. This meant\nthat any valid device listed after a deleted device would not be found. The\n__scsi_device_lookup_by_target() function was modified so that deleted\ndevices are skipped, and valid devices are now found. (BZ#495976)\n\nAll Red Hat Enterprise MRG users should install this update, which resolves\nthese issues. For this update to take effect, the system must be rebooted.", "cvss3": {}, "published": "2009-04-29T00:00:00", "type": "redhat", "title": "(RHSA-2009:0451) Important: kernel-rt security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4307", "CVE-2009-0028", "CVE-2009-0834", "CVE-2009-0835", "CVE-2009-1046", "CVE-2009-1337"], "modified": "2019-03-22T19:44:23", "id": "RHSA-2009:0451", "href": "https://access.redhat.com/errata/RHSA-2009:0451", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}], "ubuntu": [{"lastseen": "2023-01-26T13:42:13", "description": "## Releases\n\n * Ubuntu 6.06 \n\n## Packages\n\n * linux-source-2.6.15 \\- \n\nNFS did not correctly handle races between fcntl and interrupts. A local \nattacker on an NFS mount could consume unlimited kernel memory, leading to \na denial of service. (CVE-2008-4307)\n\nSparc syscalls did not correctly check mmap regions. A local attacker could \ncause a system panic, leading to a denial of service. (CVE-2008-6107)\n\nIn certain situations, cloned processes were able to send signals to parent \nprocesses, crossing privilege boundaries. A local attacker could send \narbitrary signals to parent processes, leading to a denial of service. \n(CVE-2009-0028)\n\nThe 64-bit syscall interfaces did not correctly handle sign extension. A \nlocal attacker could make malicious syscalls, possibly gaining root \nprivileges. The x86_64 architecture was not affected. (CVE-2009-0029)\n\nThe SCTP stack did not correctly validate FORWARD-TSN packets. A remote \nattacker could send specially crafted SCTP traffic causing a system crash, \nleading to a denial of service. (CVE-2009-0065)\n\nThe Dell platform device did not correctly validate user parameters. A \nlocal attacker could perform specially crafted reads to crash the system, \nleading to a denial of service. (CVE-2009-0322)\n\nNetwork interfaces statistics for the SysKonnect FDDI driver did not check \ncapabilities. A local user could reset statistics, potentially interfering \nwith packet accounting systems. (CVE-2009-0675)\n\nThe getsockopt function did not correctly clear certain parameters. A local \nattacker could read leaked kernel memory, leading to a loss of privacy. \n(CVE-2009-0676)\n\nThe syscall interface did not correctly validate parameters when crossing \nthe 64-bit/32-bit boundary. A local attacker could bypass certain syscall \nrestricts via crafted syscalls. (CVE-2009-0834, CVE-2009-0835)\n\nThe shared memory subsystem did not correctly handle certain shmctl calls \nwhen CONFIG_SHMEM was disabled. Ubuntu kernels were not vulnerable, since \nCONFIG_SHMEM is enabled by default. (CVE-2009-0859)\n", "cvss3": {}, "published": "2009-04-07T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4307", "CVE-2008-6107", "CVE-2009-0028", "CVE-2009-0029", "CVE-2009-0065", "CVE-2009-0322", "CVE-2009-0675", "CVE-2009-0676", "CVE-2009-0834", "CVE-2009-0835", "CVE-2009-0859"], "modified": "2009-04-07T00:00:00", "id": "USN-752-1", "href": "https://ubuntu.com/security/notices/USN-752-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T13:42:14", "description": "## Releases\n\n * Ubuntu 8.10 \n * Ubuntu 8.04 \n * Ubuntu 7.10 \n\n## Packages\n\n * linux \\- \n * linux-source-2.6.22 \\- \n\nNFS did not correctly handle races between fcntl and interrupts. A local \nattacker on an NFS mount could consume unlimited kernel memory, leading to \na denial of service. Ubuntu 8.10 was not affected. (CVE-2008-4307)\n\nSparc syscalls did not correctly check mmap regions. A local attacker \ncould cause a system panic, leading to a denial of service. Ubuntu 8.10 \nwas not affected. (CVE-2008-6107)\n\nIn certain situations, cloned processes were able to send signals to parent \nprocesses, crossing privilege boundaries. A local attacker could send \narbitrary signals to parent processes, leading to a denial of service. \n(CVE-2009-0028)\n\nThe kernel keyring did not free memory correctly. A local attacker could \nconsume unlimited kernel memory, leading to a denial of service. \n(CVE-2009-0031)\n\nThe SCTP stack did not correctly validate FORWARD-TSN packets. A remote \nattacker could send specially crafted SCTP traffic causing a system crash, \nleading to a denial of service. (CVE-2009-0065)\n\nThe eCryptfs filesystem did not correctly handle certain VFS return codes. \nA local attacker with write-access to an eCryptfs filesystem could cause a \nsystem crash, leading to a denial of service. (CVE-2009-0269)\n\nThe Dell platform device did not correctly validate user parameters. A \nlocal attacker could perform specially crafted reads to crash the system, \nleading to a denial of service. (CVE-2009-0322)\n\nThe page fault handler could consume stack memory. A local attacker could \nexploit this to crash the system or gain root privileges with a Kprobe \nregistered. Only Ubuntu 8.10 was affected. (CVE-2009-0605)\n\nNetwork interfaces statistics for the SysKonnect FDDI driver did not check \ncapabilities. A local user could reset statistics, potentially interfering \nwith packet accounting systems. (CVE-2009-0675)\n\nThe getsockopt function did not correctly clear certain parameters. A local \nattacker could read leaked kernel memory, leading to a loss of privacy. \n(CVE-2009-0676)\n\nThe ext4 filesystem did not correctly clear group descriptors when \nresizing. A local attacker could exploit this to crash the system, leading \nto a denial of service. (CVE-2009-0745)\n\nThe ext4 filesystem did not correctly validate certain fields. A local \nattacker could mount a malicious ext4 filesystem, causing a system \ncrash, leading to a denial of service. (CVE-2009-0746, CVE-2009-0747, \nCVE-2009-0748)\n\nThe syscall interface did not correctly validate parameters when crossing \nthe 64-bit/32-bit boundary. A local attacker could bypass certain syscall \nrestricts via crafted syscalls. (CVE-2009-0834, CVE-2009-0835)\n\nThe shared memory subsystem did not correctly handle certain shmctl calls \nwhen CONFIG_SHMEM was disabled. Ubuntu kernels were not vulnerable, since \nCONFIG_SHMEM is enabled by default. (CVE-2009-0859)\n\nThe virtual consoles did not correctly handle certain UTF-8 sequences. A \nlocal attacker on the physical console could exploit this to cause a system \ncrash, leading to a denial of service. (CVE-2009-1046)\n", "cvss3": {}, "published": "2009-04-06T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4307", "CVE-2008-6107", "CVE-2009-0028", "CVE-2009-0031", "CVE-2009-0065", "CVE-2009-0269", "CVE-2009-0322", "CVE-2009-0605", "CVE-2009-0675", "CVE-2009-0676", "CVE-2009-0745", "CVE-2009-0746", "CVE-2009-0747", "CVE-2009-0748", "CVE-2009-0834", "CVE-2009-0835", "CVE-2009-0859", "CVE-2009-1046"], "modified": "2009-04-06T00:00:00", "id": "USN-751-1", "href": "https://ubuntu.com/security/notices/USN-751-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2021-10-22T01:11:38", "description": "- ----------------------------------------------------------------------\nDebian Security Advisory DSA-1794-1 security@debian.org\nhttp://www.debian.org/security/ dann frazier\nMay 6, 2009 http://www.debian.org/security/faq\n- ----------------------------------------------------------------------\n\nPackage : linux-2.6\nVulnerability : denial of service/privilege escalation/information leak\nProblem type : local/remote\nDebian-specific: no\nCVE Id(s) : CVE-2008-4307 CVE-2008-5395 CVE-2008-5701 CVE-2008-5702\n CVE-2008-5713 CVE-2009-0028 CVE-2009-0029 CVE-2009-0031\n CVE-2009-0065 CVE-2009-0322 CVE-2009-0675 CVE-2009-0676\n CVE-2009-0834 CVE-2009-0859 CVE-2009-1192 CVE-2009-1265\n CVE-2009-1336 CVE-2009-1337 CVE-2009-1439\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to denial of service, privilege escalation, or information\nleak. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2008-4307\n\n Bryn M. Reeves reported a denial of service in the NFS filesystem.\n Local users can trigger a kernel BUG() due to a race condition in\n the do_setlk function.\n\nCVE-2008-5395\n\n Helge Deller discovered a denial of service condition that allows\n local users on PA-RISC to crash the system by attempting to unwind\n a stack containing userspace addresses.\n\nCVE-2008-5701\n\n Vlad Malov reported an issue on 64-bit MIPS where a local user\n could cause a system crash by crafting a malicious binary which\n makes o32 syscalls with a number less than 4000.\n\nCVE-2008-5702\n\n Zvonimir Rakamaric reported an off-by-one error in the ib700wdt\n watchdog driver which allows local users to cause a buffer\n underflow by making a specially crafted WDIOC_SETTIMEOUT ioctl\n call.\n\nCVE-2008-5713\n\n Flavio Leitner discovered that a local user can cause a denial of\n service by generating large amounts of traffic on a large SMP\n system, resulting in soft lockups.\n\nCVE-2009-0028\n\n Chris Evans discovered a situation in which a child process can\n send an arbitrary signal to its parent.\n\nCVE-2009-0029\n\n Christian Borntraeger discovered an issue effecting the alpha,\n mips, powerpc, s390 and sparc64 architectures that allows local\n users to cause a denial of service or potentially gain elevated\n privileges.\n\nCVE-2009-0031\n\n Vegard Nossum discovered a memory leak in the keyctl subsystem\n that allows local users to cause a denial of service by consuming\n all available kernel memory.\n\nCVE-2009-0065\n\n Wei Yongjun discovered a memory overflow in the SCTP\n implementation that can be triggered by remote users, permitting\n remote code execution.\n \nCVE-2009-0322\n\n Pavel Roskin provided a fix for an issue in the dell_rbu driver\n that allows a local user to cause a denial of service (oops) by\n reading 0 byts from a sysfs entry.\n\nCVE-2009-0675\n\n Roel Kluin discovered inverted logic in the skfddi driver that\n permits local, unprivileged users to reset the driver statistics.\n\nCVE-2009-0676\n\n Clement LECIGNE discovered a bug in the sock_getsockopt function\n that may result in leaking sensitive kernel memory.\n\nCVE-2009-0834\n\n Roland McGrath discovered an issue on amd64 kernels that allows\n local users to circumvent system call audit configurations which\n filter based on the syscall numbers or argument details.\n\nCVE-2009-0859\n\n Jiri Olsa discovered that a local user can cause a denial of\n service (system hang) using a SHM_INFO shmctl call on kernels\n compiled with CONFIG_SHMEM disabled. This issue does not affect\n prebuilt Debian kernels.\n\nCVE-2009-1192\n\n Shaohua Li reported an issue in the AGP subsystem they may allow\n local users to read sensitive kernel memory due to a leak of\n uninitialized memory.\n\nCVE-2009-1265\n\n Thomas Pollet reported an overflow in the af_rose implementation\n that allows remote attackers to retrieve uninitialized kernel\n memory that may contain sensitive data.\n\nCVE-2009-1336\n\n Trond Myklebust reported an issue in the encode_lookup() function\n in the nfs server subsystem that allows local users to cause a\n denial of service (oops in encode_lookup()) by use of a long\n filename.\n \nCVE-2009-1337\n\n Oleg Nesterov discovered an issue in the exit_notify function that\n allows local users to send an arbitrary signal to a process by\n running a program that modifies the exit_signal field and then\n uses an exec system call to launch a setuid application.\n\nCVE-2009-1439\n\n Pavan Naregundi reported an issue in the CIFS filesystem code that\n allows remote users to overwrite memory via a long\n nativeFileSystem field in a Tree Connect response during mount.\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 2.6.18.dfsg.1-24etch2.\n\nWe recommend that you upgrade your linux-2.6, fai-kernels, and\nuser-mode-linux packages.\n\nNote: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or "leap-frog" fashion.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nThe following matrix lists additional source packages that were rebuilt for\ncompatability with or to take advantage of this update:\n\n Debian 4.0 (etch)\n fai-kernels 1.17+etch.24etch2\n user-mode-linux 2.6.18-1um-2etch.24etch2\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-24etch2.dsc\n Size/MD5 checksum: 5672 29972a87539a76fb5b146470f7b45c39\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-24etch1.diff.gz\n Size/MD5 checksum: 5536652 bf239ac0f2487929933aa0629de64ad7\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-24etch1.dsc\n Size/MD5 checksum: 5672 b92a0d9b93d8ccf430734e0e3cc2fe87\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-24etch2.diff.gz\n Size/MD5 checksum: 5536709 4503d0ff5de1d53b5a672289ed5848f2\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz\n Size/MD5 checksum: 52225460 6a1ab0948d6b5b453ea0fce0fcc29060\n http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.24etch2.dsc\n Size/MD5 checksum: 740 b37bc8f75334963c7f0410c2296e77fb\n http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.24etch2.dsc\n Size/MD5 checksum: 892 68d98e1c77c46035a49ff30831b6dde9\n http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.24etch2.tar.gz\n Size/MD5 checksum: 59036 682c3c14e9ef4e7696db50899a02f0b5\n http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz\n Size/MD5 checksum: 14435 4d10c30313e11a24621f7218c31f3582\n http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.24etch2.diff.gz\n Size/MD5 checksum: 20663 9fe6e2b6513767676fb005a00cbb71f6\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-24etch2_all.deb\n Size/MD5 checksum: 3592500 554e5252f25700683aaa6fd5761ef5d8\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-24etch2_all.deb\n Size/MD5 checksum: 58160 ae531496950d99a5b992570a1310c52e\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-24etch1_all.deb\n Size/MD5 checksum: 1085412 7e893ac7ae22985cb909b597c2f20e8c\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-24etch2_all.deb\n Size/MD5 checksum: 1820912 20119b39b0924aa9f3083450c7be8a85\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-24etch2_all.deb\n Size/MD5 checksum: 41471594 a7fdc8dfc809e1fc276a7b51795fa8dc\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-6_2.6.18.dfsg.1-24etch1_all.deb\n Size/MD5 checksum: 3741774 84b89ad27a37d505a01d762b0747ff2c\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-24etch1_all.deb\n Size/MD5 checksum: 1820466 586a8e99417e2612b5f3d7369e2f94a9\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-24etch2_all.deb\n Size/MD5 checksum: 1085068 84281a805dae405a8468175d098b7601\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-6_2.6.18.dfsg.1-24etch2_all.deb\n Size/MD5 checksum: 3742014 7094d10edb64a9abec2edef65928839e\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-24etch1_all.deb\n Size/MD5 checksum: 41473576 38c60799be708c352ad9255add42ce3b\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-24etch1_all.deb\n Size/MD5 checksum: 58106 17a134e707c201d4a77f1e24a5e2769e\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-24etch1_all.deb\n Size/MD5 checksum: 3593118 8b74f3ec8d207f6c73572ab96c8c7395\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-24etch2_alpha.deb\n Size/MD5 checksum: 23473934 cbe30f310450bd925914daca5813749a\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-generic_2.6.18.dfsg.1-24etch2_alpha.deb\n Size/MD5 checksum: 23492924 56433c869026af90edf2e676577f8897\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch1_alpha.deb\n Size/MD5 checksum: 57504 d0f363f4a0afac56901ba09147a7d9c9\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-smp_2.6.18.dfsg.1-24etch2_alpha.deb\n Size/MD5 checksum: 270400 4946950b6f7a49f71ad402df8b56f727\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-smp_2.6.18.dfsg.1-24etch1_alpha.deb\n Size/MD5 checksum: 23751458 f515ef33090fbd04e9091fd404698bff\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-24etch2_alpha.deb\n Size/MD5 checksum: 270962 81e7337f510dfa7a573311942a2cb0c4\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-generic_2.6.18.dfsg.1-24etch2_alpha.deb\n Size/MD5 checksum: 270810 9dde43cd10c0c76ce7f95ac1b3c48ee8\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-24etch1_alpha.deb\n Size/MD5 checksum: 266996 ebdea056276a98aa168ec3f2a8d6fead\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-24etch2_alpha.deb\n Size/MD5 checksum: 23546372 d36aae75dfd73bb920e972ed35c51130\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch1_alpha.deb\n Size/MD5 checksum: 2977390 cb91566e47051b087818025c09433686\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-24etch1_alpha.deb\n Size/MD5 checksum: 266628 2af9e07d8fde05394c77490a56cace39\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-24etch1_alpha.deb\n Size/MD5 checksum: 23373164 6da0b86b5624545c57003ad4971a8600\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-smp_2.6.18.dfsg.1-24etch2_alpha.deb\n Size/MD5 checksum: 23849404 adc61b296e0148d80a36fd5c0cdc398e\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch1_alpha.deb\n Size/MD5 checksum: 3000958 6495ed75388c161aeea3fe3f234649c2\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-generic_2.6.18.dfsg.1-24etch1_alpha.deb\n Size/MD5 checksum: 266740 ece7d15d812a818fb941bf066c4cf107\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-smp_2.6.18.dfsg.1-24etch1_alpha.deb\n Size/MD5 checksum: 266510 c8fb5396900faa5fe29617e65b5d1340\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-alpha_2.6.18.dfsg.1-24etch2_alpha.deb\n Size/MD5 checksum: 57590 ce8fde6a4c56b444ffc4169e2c91d8c8\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch2_alpha.deb\n Size/MD5 checksum: 3057218 4079ceaeec683727d42aa4f0ff039467\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch2_alpha.deb\n Size/MD5 checksum: 57556 cfc864cc678ae266f537a5dbf913444d\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-generic_2.6.18.dfsg.1-24etch1_alpha.deb\n Size/MD5 checksum: 23392094 bd229c2a4a5139282f8d56dc5d68db3d\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-24etch1_alpha.deb\n Size/MD5 checksum: 23442694 2cbff8237013489493619b0bd7b5cb76\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-alpha_2.6.18.dfsg.1-24etch1_alpha.deb\n Size/MD5 checksum: 57538 eedeb00fdcab4f08f7bd0817972d4a39\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch2_alpha.deb\n Size/MD5 checksum: 3032298 5d8d424009fbb14d6a3d7747bc8f2db3\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-24etch2_alpha.deb\n Size/MD5 checksum: 271360 1192112c8bad4d8249307d8a04719e0d\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-24etch1_amd64.deb\n Size/MD5 checksum: 16913766 b9bdf3f150eb989e56defbe20a3a54d8\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-24etch2_amd64.deb\n Size/MD5 checksum: 3425782 0f9a61fbd2ddeacddc1a284022d20137\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-amd64_2.6.18.dfsg.1-24etch1_amd64.deb\n Size/MD5 checksum: 278846 c157673d8bb21376bc6efaf921a37c3d\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-24etch1_amd64.deb\n Size/MD5 checksum: 3401184 f7f5fc7c991fc045aaadf74ff0eeb541\n http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-24etch1_amd64.deb\n Size/MD5 checksum: 57496 27388370e87ce060dc4cc73f7f3564aa\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-amd64_2.6.18.dfsg.1-24etch2_amd64.deb\n Size/MD5 checksum: 57584 135a83295850c6cc297f250336b1e336\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-24etch1_amd64.deb\n Size/MD5 checksum: 279170 ec156e059a46e69c8bd5213c38b81246\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch1_amd64.deb\n Size/MD5 checksum: 57508 326c436e34be9324a7a7945a75b467f5\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch1_amd64.deb\n Size/MD5 checksum: 3256172 0f992a332d44244811d4f4667b946131\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-amd64_2.6.18.dfsg.1-24etch2_amd64.deb\n Size/MD5 checksum: 1656524 b8ae89e56a18ba4f5b2d44a95203969f\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-24etch2_amd64.deb\n Size/MD5 checksum: 15369608 a45b9cd80f819696489589d03a4a5902\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-24etch2_amd64.deb\n Size/MD5 checksum: 1688680 e72bda68ed661e841903e71a5e7d0cdc\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-24etch1_amd64.deb\n Size/MD5 checksum: 16954524 f7267352268a0dfbccd1b05ebea495d3\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-amd64_2.6.18.dfsg.1-24etch2_amd64.deb\n Size/MD5 checksum: 278736 0bd52f59a1a4976433fa81019916e953\n http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-amd64_2.6.18.dfsg.1-24etch2_amd64.deb\n Size/MD5 checksum: 57530 37b533587e80bb97fdb1f9e273ef1c71\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-24etch2_amd64.deb\n Size/MD5 checksum: 281080 d652716ee66e0df8f1d2e11469bd5df5\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-24etch1_amd64.deb\n Size/MD5 checksum: 1688674 61d7baeb6633c615efadffd0c7e9e7a0\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-24etch1_amd64.deb\n Size/MD5 checksum: 15370384 24eba6725ba7ca279fb3987f5760d84b\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-24etch1_amd64.deb\n Size/MD5 checksum: 282946 dff25979ef813b6d0737fd9de01388ae\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-amd64_2.6.18.dfsg.1-24etch2_amd64.deb\n Size/MD5 checksum: 15356656 f9d0a81e7c590e86dce1932b0cf0e2ff\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-24etch1_amd64.deb\n Size/MD5 checksum: 3425774 7d19e5bd73f7a3e765b3734233688f75\n http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-amd64_2.6.18.dfsg.1-24etch1_amd64.deb\n Size/MD5 checksum: 57482 ddfbea54419ecf453651522b512f80ad\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-amd64_2.6.18.dfsg.1-24etch1_amd64.deb\n Size/MD5 checksum: 1656508 62c40ab1e29b39c3d0ef016deaf6a99a\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-amd64_2.6.18.dfsg.1-24etch1_amd64.deb\n Size/MD5 checksum: 15358578 d6814d7b1e776206cf7a21badb3d151e\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-24etch2_amd64.deb\n Size/MD5 checksum: 3400906 8b56ec266783cf0c6edf3dada99b05a1\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch2_amd64.deb\n Size/MD5 checksum: 3256076 9f704018576440522771ad44dd063745\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch2_amd64.deb\n Size/MD5 checksum: 57558 bdbc12099f897600cb0bb7866fcf12a6\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-24etch2_amd64.deb\n Size/MD5 checksum: 279258 d8be131fc99940e033b4cc3c8039df24\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-24etch2_amd64.deb\n Size/MD5 checksum: 16911938 0d5e9e8c538a399c60fbe7f4ad38e239\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-24etch2_amd64.deb\n Size/MD5 checksum: 280758 8ddd0b369532cdcd44383587ba1040e8\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch1_amd64.deb\n Size/MD5 checksum: 3231962 018b0dfeae9849cd0e28962a5a160048\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-24etch2_amd64.deb\n Size/MD5 checksum: 16955372 7d9c63e175ded010ba1f9a1057185ce2\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch2_amd64.deb\n Size/MD5 checksum: 3231978 f268273c6f5d8753b354919ef3d42ffb\n http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-24etch2_amd64.deb\n Size/MD5 checksum: 57546 f638083e1a12fe611dbfc0f9b9177ab5\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-24etch1_amd64.deb\n Size/MD5 checksum: 282356 4f43f955762f7be01de440d3cbce7f40\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-amd64_2.6.18.dfsg.1-24etch1_amd64.deb\n Size/MD5 checksum: 57530 191a1e58eeb5ce701ce3605c8bfb13cf\n http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.24etch2_amd64.deb\n Size/MD5 checksum: 5962092 043c2c51d7aa93e1c4a7fd5b056f0e1d\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-rpc_2.6.18.dfsg.1-24etch2_arm.deb\n Size/MD5 checksum: 4592620 b5adc2cf2f3b4867bc5f005f5b485d72\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s3c2410_2.6.18.dfsg.1-24etch1_arm.deb\n Size/MD5 checksum: 208512 df79f26c934caf542346b25d6fbced6a\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-arm_2.6.18.dfsg.1-24etch1_arm.deb\n Size/MD5 checksum: 57626 78c18b7635eff38eeed8c8cda07468a7\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-ixp4xx_2.6.18.dfsg.1-24etch1_arm.deb\n Size/MD5 checksum: 8875798 2a577a02d18eab3e863afc8b3ae6fc93\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-footbridge_2.6.18.dfsg.1-24etch2_arm.deb\n Size/MD5 checksum: 7572928 45c6ecd8d912d0344c749eb161ac3d75\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-footbridge_2.6.18.dfsg.1-24etch1_arm.deb\n Size/MD5 checksum: 7572984 2a3ff014d8bf13a07de248be7bdefaeb\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-iop32x_2.6.18.dfsg.1-24etch1_arm.deb\n Size/MD5 checksum: 237092 aeeb9a78894e18986599035db9ee9efc\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s3c2410_2.6.18.dfsg.1-24etch2_arm.deb\n Size/MD5 checksum: 5016302 ee7a8fa2c4c33f56362d7b3c4a699313\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-ixp4xx_2.6.18.dfsg.1-24etch1_arm.deb\n Size/MD5 checksum: 241972 9ff3387ffd1b42b8384488986183b506\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-rpc_2.6.18.dfsg.1-24etch1_arm.deb\n Size/MD5 checksum: 4592706 f64c33fb5089be94d6e78c374ce086a9\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch1_arm.deb\n Size/MD5 checksum: 3414642 49be1eaea5986030f55377333c5de8d9\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-footbridge_2.6.18.dfsg.1-24etch2_arm.deb\n Size/MD5 checksum: 236406 3bad5f97981ff15e5552a623945aa41e\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-footbridge_2.6.18.dfsg.1-24etch1_arm.deb\n Size/MD5 checksum: 236736 ebc67406b3c643f260d430dc12c2b7cf\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch1_arm.deb\n Size/MD5 checksum: 57580 ea065372d4e83d62536251e678c9c1ec\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-ixp4xx_2.6.18.dfsg.1-24etch2_arm.deb\n Size/MD5 checksum: 8875796 44d84e7aedbf25c6c10fd53edefc0ef0\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-iop32x_2.6.18.dfsg.1-24etch2_arm.deb\n Size/MD5 checksum: 237190 20c7f8b97a2800172fab92a1dde0b215\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-ixp4xx_2.6.18.dfsg.1-24etch2_arm.deb\n Size/MD5 checksum: 241958 3a5e3dc633d9f5b5d889eb4c2742fa0a\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch2_arm.deb\n Size/MD5 checksum: 57632 b1691bed70092c7478f4d0fd184b454b\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-arm_2.6.18.dfsg.1-24etch2_arm.deb\n Size/MD5 checksum: 57676 06e20417a690515b1e34a03ec55ac6e9\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-iop32x_2.6.18.dfsg.1-24etch2_arm.deb\n Size/MD5 checksum: 7928896 ab63947ead7c39d7b060a218eab378d9\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-rpc_2.6.18.dfsg.1-24etch1_arm.deb\n Size/MD5 checksum: 202788 7c96813dac0c6ac27ccbe1ffe47744bf\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-iop32x_2.6.18.dfsg.1-24etch1_arm.deb\n Size/MD5 checksum: 7929028 6f7f1c14998cfe9e4591772d5be3787e\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s3c2410_2.6.18.dfsg.1-24etch1_arm.deb\n Size/MD5 checksum: 5016402 ada8901a7d595c2fe9d00a841e872006\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-rpc_2.6.18.dfsg.1-24etch2_arm.deb\n Size/MD5 checksum: 202868 19a550d4763ce56d68a07222f4013b94\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s3c2410_2.6.18.dfsg.1-24etch2_arm.deb\n Size/MD5 checksum: 207396 3a7de120801525268476a7b6c22e8f84\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch2_arm.deb\n Size/MD5 checksum: 3414664 b68fdde7a80f3538a3c57b21a920bb16\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc_2.6.18.dfsg.1-24etch1_hppa.deb\n Size/MD5 checksum: 200234 a42025eb492c8cee39a4f9998e3b8582\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-24etch2_hppa.deb\n Size/MD5 checksum: 202374 68069764dc95a0cf3a025e9eb22a43ca\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc_2.6.18.dfsg.1-24etch2_hppa.deb\n Size/MD5 checksum: 200272 7b77d41811bcbef1e8033eb93dd67c03\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc-smp_2.6.18.dfsg.1-24etch1_hppa.deb\n Size/MD5 checksum: 11003742 1c6177557357e1f2a8aca8dede898aa8\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch2_hppa.deb\n Size/MD5 checksum: 3026110 c17d933ab1a987137164b17cc824cc01\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc_2.6.18.dfsg.1-24etch2_hppa.deb\n Size/MD5 checksum: 10562712 eab6c4fb035514db0a3d2013a58e8811\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-24etch2_hppa.deb\n Size/MD5 checksum: 11812822 3739d1c70edc836b2b6183c91c64b891\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch1_hppa.deb\n Size/MD5 checksum: 57582 0227efab68fe6eba71e9a24707c14a3e\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-24etch1_hppa.deb\n Size/MD5 checksum: 202348 85844928a7e53875ed65cd8ca9e2564d\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch1_hppa.deb\n Size/MD5 checksum: 3026082 a6e5f10396429271a3f6af6db3bd2fcd\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-24etch1_hppa.deb\n Size/MD5 checksum: 11813274 39a6c61b5750bfbd3af21e20efe10790\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc-smp_2.6.18.dfsg.1-24etch2_hppa.deb\n Size/MD5 checksum: 11003404 2c476e17aadea4d5fe9787fc31bbf270\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc_2.6.18.dfsg.1-24etch1_hppa.deb\n Size/MD5 checksum: 10562896 62a8eeed396f7b0939bc8afcd3fa1b5f\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc-smp_2.6.18.dfsg.1-24etch2_hppa.deb\n Size/MD5 checksum: 202170 c0a87e0bb013b276498bf22784c45cf2\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-hppa_2.6.18.dfsg.1-24etch1_hppa.deb\n Size/MD5 checksum: 57610 b94850d5975ec590c4bfd47b7fa92ffa\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc-smp_2.6.18.dfsg.1-24etch1_hppa.deb\n Size/MD5 checksum: 201544 2e8116afb9b090f0e8328ecdf8b721c8\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-hppa_2.6.18.dfsg.1-24etch2_hppa.deb\n Size/MD5 checksum: 57656 b4936ba6ac6d07ea688bc309f1a9ecf9\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64_2.6.18.dfsg.1-24etch2_hppa.deb\n Size/MD5 checksum: 201206 865306b58d1bb6a51125120b86f623a6\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64_2.6.18.dfsg.1-24etch2_hppa.deb\n Size/MD5 checksum: 11403058 7675c1356f94a0b7a9d3ee73a11ac0fc\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64_2.6.18.dfsg.1-24etch1_hppa.deb\n Size/MD5 checksum: 201116 abba23bc60ba910f881b77e03e253993\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64_2.6.18.dfsg.1-24etch1_hppa.deb\n Size/MD5 checksum: 11403572 8a70c6799aee1cf84d69db41128b5aa4\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch2_hppa.deb\n Size/MD5 checksum: 57632 e4c7d6b4040947e3ebfab64731e65d7c\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-i386_2.6.18.dfsg.1-24etch1_i386.deb\n Size/MD5 checksum: 57550 d1ceaf85ffbab26f6263c1d2a1084628\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-686_2.6.18.dfsg.1-24etch1_i386.deb\n Size/MD5 checksum: 281720 fdfbc017794ba163718541a1c9bcee33\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-24etch1_i386.deb\n Size/MD5 checksum: 3153370 1f3fbdaff2406c79f078121430552b95\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-24etch1_i386.deb\n Size/MD5 checksum: 276026 a72a6f8b4b34ebe811011c05844aa9a3\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch1_i386.deb\n Size/MD5 checksum: 3172814 0b15c3215f8c11bb74721ae95d3bbbee\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-24etch2_i386.deb\n Size/MD5 checksum: 14297004 a2c3b3f3bf7fdd96a0956559baf4a575\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch1_i386.deb\n Size/MD5 checksum: 3058734 97ed58c50160f2bc1489183c64faa83f\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-i386_2.6.18.dfsg.1-24etch2_i386.deb\n Size/MD5 checksum: 57608 9390abb9a6730f776b0eef14db8d1d15\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-24etch1_i386.deb\n Size/MD5 checksum: 14296618 30e96680a42f3388f547674d83a211b5\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-24etch2_i386.deb\n Size/MD5 checksum: 273904 4546e871056555434d1fb068d46dcc34\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686-bigmem_2.6.18.dfsg.1-24etch2_i386.deb\n Size/MD5 checksum: 283582 f7c8322aa914f0d2e1011e8ad90eb511\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-24etch2_i386.deb\n Size/MD5 checksum: 277092 041c0f265fac7dbb870ab13705850cec\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-486_2.6.18.dfsg.1-24etch2_i386.deb\n Size/MD5 checksum: 286424 ea3ab3f5a6d5cebb0839c50d300fbbf6\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-24etch2_i386.deb\n Size/MD5 checksum: 16839428 f55d4b7e3ad16b770e4f872d6002938c\n http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.24etch2_i386.deb\n Size/MD5 checksum: 5510668 f6318da68f755fb149d3e4b7345a5454\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686-bigmem_2.6.18.dfsg.1-24etch1_i386.deb\n Size/MD5 checksum: 283488 034e2db0c65bdf8356de66933dbe18dc\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch2_i386.deb\n Size/MD5 checksum: 57554 3c4263a6bb304f46306985eec6da76e7\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686_2.6.18.dfsg.1-24etch2_i386.deb\n Size/MD5 checksum: 16342612 16a822f4a4cc910bf4ef2ca154d80db6\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-k7_2.6.18.dfsg.1-24etch2_i386.deb\n Size/MD5 checksum: 282614 69948ea58a5f3e023bd2f7e9334f5206\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686_2.6.18.dfsg.1-24etch1_i386.deb\n Size/MD5 checksum: 283292 a609e8c75751bd23f93ea8c9c9805862\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-686_2.6.18.dfsg.1-24etch2_i386.deb\n Size/MD5 checksum: 275714 7d20932e6e8a9defb771762dec8c2cf8\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-24etch2_i386.deb\n Size/MD5 checksum: 3175260 cdd0199e4a2deb3384babde08fff29ed\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-k7_2.6.18.dfsg.1-24etch1_i386.deb\n Size/MD5 checksum: 281854 2b8b7cb1cf824259ef5bca51dd7e6e9e\n http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-24etch2_i386.deb\n Size/MD5 checksum: 57554 25d25e9c76e48d90abdc6dc4fa98dc36\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-686_2.6.18.dfsg.1-24etch1_i386.deb\n Size/MD5 checksum: 275626 c69d4bb7338689bc1c1034c72a73552a\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-24etch1_i386.deb\n Size/MD5 checksum: 16839160 3abb3b88db3261585f1107b816d7e73b\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-k7_2.6.18.dfsg.1-24etch1_i386.deb\n Size/MD5 checksum: 16478602 406b982ea69b3fbf60f05bc79aeb01c3\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686-bigmem_2.6.18.dfsg.1-24etch2_i386.deb\n Size/MD5 checksum: 16414150 8980f62d059c08ee4715b4f840251c4a\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-486_2.6.18.dfsg.1-24etch1_i386.deb\n Size/MD5 checksum: 285546 20fddef08d809bd62618dba1170b2443\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-k7_2.6.18.dfsg.1-24etch1_i386.deb\n Size/MD5 checksum: 16516304 98127faa1288680196802d80a2e516b0\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-k7_2.6.18.dfsg.1-24etch1_i386.deb\n Size/MD5 checksum: 283196 39cf1e20d4fa1be5dc81639f80cc53da\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686_2.6.18.dfsg.1-24etch1_i386.deb\n Size/MD5 checksum: 16342464 492956ec0bfb3a9348de483af93358e0\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686-bigmem_2.6.18.dfsg.1-24etch1_i386.deb\n Size/MD5 checksum: 16413914 16e9f9a184d734ff9ba72cf448d9e006\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-486_2.6.18.dfsg.1-24etch1_i386.deb\n Size/MD5 checksum: 16195640 ac590b14fea2c14933773e7acd8ee2e9\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-686_2.6.18.dfsg.1-24etch1_i386.deb\n Size/MD5 checksum: 16384758 275b6551ea309a85247c8269a2ca131f\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-686_2.6.18.dfsg.1-24etch2_i386.deb\n Size/MD5 checksum: 1303760 6c21475aca4f6840bfd6ecf72ca07ddf\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-486_2.6.18.dfsg.1-24etch2_i386.deb\n Size/MD5 checksum: 16195636 512976a3d50729b684e101f3d436d0f1\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch1_i386.deb\n Size/MD5 checksum: 57498 3ad4d448a82a79bee90d020a1a3efd4c\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686_2.6.18.dfsg.1-24etch2_i386.deb\n Size/MD5 checksum: 283614 9958a5555871c3b55395a3811e2ba16a\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-24etch1_i386.deb\n Size/MD5 checksum: 3175062 760a09051d4c6f159d94ab61ce46d3e2\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-k7_2.6.18.dfsg.1-24etch2_i386.deb\n Size/MD5 checksum: 283278 d181a3c6b7e2b45338452652e9788f81\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-24etch2_i386.deb\n Size/MD5 checksum: 3153590 d06c74e964ddb8e06e57149237cb0e13\n http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.24etch2_i386.deb\n Size/MD5 checksum: 25602218 a43ee679786a92ff8600c6a8e7fb036c\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-686_2.6.18.dfsg.1-24etch1_i386.deb\n Size/MD5 checksum: 14284348 654f88dc30ab167b523c06c860268d2b\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-k7_2.6.18.dfsg.1-24etch2_i386.deb\n Size/MD5 checksum: 16516566 db353533d7e7d533225e99bd8fd6ddf1\n http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-686_2.6.18.dfsg.1-24etch1_i386.deb\n Size/MD5 checksum: 57482 a6ab58ab8b3cfa2dce6f49521b7a1f5b\n http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-686_2.6.18.dfsg.1-24etch2_i386.deb\n Size/MD5 checksum: 57538 1eac10fb9251c8242e06bc9b15cbc8a6\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-686_2.6.18.dfsg.1-24etch2_i386.deb\n Size/MD5 checksum: 16385264 488399c28192c835a772e1e6763254ba\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-686_2.6.18.dfsg.1-24etch2_i386.deb\n Size/MD5 checksum: 14284744 138457c64958da10328a9bc662518f47\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-24etch1_i386.deb\n Size/MD5 checksum: 1331760 e977207f31a617418114c629310a0a64\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch2_i386.deb\n Size/MD5 checksum: 3173012 9abba6a99f0c83bf508b490883ebd27c\n http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-24etch1_i386.deb\n Size/MD5 checksum: 57490 d98a55e25eebbf20315792e2da604cbd\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-k7_2.6.18.dfsg.1-24etch2_i386.deb\n Size/MD5 checksum: 16478822 86cd8edc1f2224fb9186b07cc63c0f30\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch2_i386.deb\n Size/MD5 checksum: 3058924 6df6c7ce3239c160c836b30b0cb850a4\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-686_2.6.18.dfsg.1-24etch1_i386.deb\n Size/MD5 checksum: 1303686 6b4cb561ccf0ae8b692505a83a62c1c3\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-24etch1_i386.deb\n Size/MD5 checksum: 273704 a48288dec2bbd3e4eaf297891a82e2ac\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-686_2.6.18.dfsg.1-24etch2_i386.deb\n Size/MD5 checksum: 282232 15d0b97ca171af915931e43445323401\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-24etch2_i386.deb\n Size/MD5 checksum: 1331834 911ed2ea38e95a8459ce6eb00461c67a\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch2_ia64.deb\n Size/MD5 checksum: 3086288 8159d8247b8439aad32be09747c44ed3\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-itanium_2.6.18.dfsg.1-24etch1_ia64.deb\n Size/MD5 checksum: 259050 c4dabe17057799266a806ee9f49c1d01\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-mckinley_2.6.18.dfsg.1-24etch1_ia64.deb\n Size/MD5 checksum: 259026 fe551aa81737ae7562ea613074687159\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-mckinley_2.6.18.dfsg.1-24etch2_ia64.deb\n Size/MD5 checksum: 259020 da3cf312b5d0ce8bc59ab152134c7e10\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-ia64_2.6.18.dfsg.1-24etch2_ia64.deb\n Size/MD5 checksum: 57576 beedcbe1cbf4c9ff2eead5e7dd5bbeaa\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-mckinley_2.6.18.dfsg.1-24etch1_ia64.deb\n Size/MD5 checksum: 28191326 75be5f2b0b5d9dde291d7fc3f75a3c01\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch2_ia64.deb\n Size/MD5 checksum: 57558 f29ab34edb09fbf0cf460a52d900cb86\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-mckinley_2.6.18.dfsg.1-24etch2_ia64.deb\n Size/MD5 checksum: 28189032 5b2684d4dafbcc34e077e76367f99d7d\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-ia64_2.6.18.dfsg.1-24etch1_ia64.deb\n Size/MD5 checksum: 57518 53097da6759f5dbf720ed6741d5dfc31\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-itanium_2.6.18.dfsg.1-24etch2_ia64.deb\n Size/MD5 checksum: 259028 dcecde4739f9e7091b498c55d543de61\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch1_ia64.deb\n Size/MD5 checksum: 3086420 1715deb979b2fd128a404017c51199ad\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-itanium_2.6.18.dfsg.1-24etch1_ia64.deb\n Size/MD5 checksum: 28022512 2f7150f069fe10314be8366b6f33c80a\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-itanium_2.6.18.dfsg.1-24etch2_ia64.deb\n Size/MD5 checksum: 28021554 15888059ada25a1df53ea1e06f98cc43\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch1_ia64.deb\n Size/MD5 checksum: 57498 ff2147d4b9d86a7104049004a75d0b0b\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch2_mips.deb\n Size/MD5 checksum: 57556 c55b8f2b6c058ac2e8e977a244a8ca0e\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r5k-ip32_2.6.18.dfsg.1-24etch2_mips.deb\n Size/MD5 checksum: 9057908 930211393dd0eae186413bf64d1ad929\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r5k-ip32_2.6.18.dfsg.1-24etch2_mips.deb\n Size/MD5 checksum: 166366 b8ed836c7b52a7473b5442cf34571932\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r4k-ip22_2.6.18.dfsg.1-24etch2_mips.deb\n Size/MD5 checksum: 8290842 c1e26a281edabea12127297eb6908cce\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-24etch2_mips.deb\n Size/MD5 checksum: 186218 998e71301c0e570eaea5f89d4c14bc94\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-24etch2_mips.deb\n Size/MD5 checksum: 186040 f55f16820c5ee432380103be8d3b98a4\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r4k-ip22_2.6.18.dfsg.1-24etch2_mips.deb\n Size/MD5 checksum: 162948 6aa24c824d9bdc46a9b2e3ec9206ca56\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch2_mips.deb\n Size/MD5 checksum: 3353852 dd5151c5ba373421c1d73414f7635050\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-qemu_2.6.18.dfsg.1-24etch2_mips.deb\n Size/MD5 checksum: 6099320 91a09240e52a5e253432b48f18340018\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-24etch2_mips.deb\n Size/MD5 checksum: 15630942 226ef41a01e8321d063b11ef3cdd71ac\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-qemu_2.6.18.dfsg.1-24etch2_mips.deb\n Size/MD5 checksum: 153842 3f0980845300200bb42ebc17e50da882\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-mips_2.6.18.dfsg.1-24etch2_mips.deb\n Size/MD5 checksum: 57602 e3259b68bbd8f112ac288d964b67735f\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-24etch2_mips.deb\n Size/MD5 checksum: 15661864 50e4498ba1db7b799a4a943964d7dba4\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-24etch2_mipsel.deb\n Size/MD5 checksum: 15071130 7b47b1248592c27110f95d8433df14ba\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-mipsel_2.6.18.dfsg.1-24etch2_mipsel.deb\n Size/MD5 checksum: 57612 36149a3f699bd3a27812379659d63797\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r5k-cobalt_2.6.18.dfsg.1-24etch2_mipsel.deb\n Size/MD5 checksum: 181876 f88c97af7dc565fadf445df63cf63092\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-24etch2_mipsel.deb\n Size/MD5 checksum: 15046026 d91a6917a024bb53f1409038b7a5da7d\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r3k-kn02_2.6.18.dfsg.1-24etch2_mipsel.deb\n Size/MD5 checksum: 5950792 bdc92871276e840c831b6608d7580b35\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r3k-kn02_2.6.18.dfsg.1-24etch2_mipsel.deb\n Size/MD5 checksum: 159122 f289f1bdd1042dfd137c28ebdbb4fdc0\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-24etch2_mipsel.deb\n Size/MD5 checksum: 186138 de5ba3faa0cf39eb70d1a901382af660\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-qemu_2.6.18.dfsg.1-24etch2_mipsel.deb\n Size/MD5 checksum: 153884 56ab7e619af304890feb104ae0031ae0\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch2_mipsel.deb\n Size/MD5 checksum: 57558 e5579bb41376ef237efd5b1d1beeec8e\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch2_mipsel.deb\n Size/MD5 checksum: 3354246 e271a853595718667ad9ee92b640a945\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r5k-cobalt_2.6.18.dfsg.1-24etch2_mipsel.deb\n Size/MD5 checksum: 9864850 38643aac81245db2bd4e3ad2e8187d43\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r4k-kn04_2.6.18.dfsg.1-24etch2_mipsel.deb\n Size/MD5 checksum: 5930606 bc44903ec933088611bbab35eae7d0a6\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-24etch2_mipsel.deb\n Size/MD5 checksum: 185890 8a76b425da8f9bd843445ab402e9c369\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-qemu_2.6.18.dfsg.1-24etch2_mipsel.deb\n Size/MD5 checksum: 6037172 6e7d261fbebb9cb6b3d7420f030d57e0\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r4k-kn04_2.6.18.dfsg.1-24etch2_mipsel.deb\n Size/MD5 checksum: 159120 49606ba4ec3b9dc3891a8db70dd32248\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc_2.6.18.dfsg.1-24etch1_powerpc.deb\n Size/MD5 checksum: 255646 cb3a8874c18a6e4e91181880a6c9b85c\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-prep_2.6.18.dfsg.1-24etch1_powerpc.deb\n Size/MD5 checksum: 16410114 ba833fa8dd87cfc4b4b8f6c69a4c45ab\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-prep_2.6.18.dfsg.1-24etch1_powerpc.deb\n Size/MD5 checksum: 249724 e83692d6b13eaf23e53d9ca8bcb619dd\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch1_powerpc.deb\n Size/MD5 checksum: 3419496 627c21fbdb9350be0b4cbc808d696f59\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc64_2.6.18.dfsg.1-24etch1_powerpc.deb\n Size/MD5 checksum: 257626 459bc8e3abd033aa341780557a5e5467\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-24etch1_powerpc.deb\n Size/MD5 checksum: 233010 391c104f5ffc427f003f55366ccb26ca\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-24etch1_powerpc.deb\n Size/MD5 checksum: 16975346 a1cf3eb6652bf9cf5d921aee20eb7679\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-24etch1_powerpc.deb\n Size/MD5 checksum: 257372 19c2286c4d82b40ee3d1eab8b47a1a70\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-24etch1_powerpc.deb\n Size/MD5 checksum: 18365660 d3a96656b0d4e60217fa4e32bf613efb\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc64_2.6.18.dfsg.1-24etch1_powerpc.deb\n Size/MD5 checksum: 18316678 855d8c6664fcd4f0fc485a2254b434fa\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch1_powerpc.deb\n Size/MD5 checksum: 3396976 ae6f8c9d11c5cefbd55a79a0065b95e9\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc_2.6.18.dfsg.1-24etch1_powerpc.deb\n Size/MD5 checksum: 16634246 82837cc8be152a2eaad04864534b1354\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-24etch1_powerpc.deb\n Size/MD5 checksum: 256610 fafe406336be7d5a72c95f5ed4434486\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-24etch1_powerpc.deb\n Size/MD5 checksum: 17016040 aab904f4de994ac02f6767d787aaa2d7\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-powerpc_2.6.18.dfsg.1-24etch1_powerpc.deb\n Size/MD5 checksum: 57556 a0961152b7c461bcf46838598f337fa2\n http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.24etch2_powerpc.deb\n Size/MD5 checksum: 3371096 4ed778de0fe58e4e575f2009b1b21a68\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-24etch1_powerpc.deb\n Size/MD5 checksum: 15164166 48f27600af451a81ed8f439ead2d9094\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch1_powerpc.deb\n Size/MD5 checksum: 57506 309dcf0bb0093626145bb5a3dbbcd313\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-24etch1_powerpc.deb\n Size/MD5 checksum: 256318 dd09e9ab9b0b55e6242fd43d39ca52b0\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390-tape_2.6.18.dfsg.1-24etch1_s390.deb\n Size/MD5 checksum: 1444792 65cf6d54d1864fa9593cc1d7bd48e32c\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-24etch1_s390.deb\n Size/MD5 checksum: 5670236 9ffbaf35ad540ef7943246cff5f56d9e\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch2_s390.deb\n Size/MD5 checksum: 57550 c31a56e819cdca9d8f683756e86d6e3b\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390_2.6.18.dfsg.1-24etch2_s390.deb\n Size/MD5 checksum: 5408924 23205928ae2570fa9de9d918a92bbffe\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch1_s390.deb\n Size/MD5 checksum: 57498 f9ec34fbabdcd47e82bdebfd5c61b5d1\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-24etch1_s390.deb\n Size/MD5 checksum: 148582 ed576121635601eb13f9b1b5b18df158\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch2_s390.deb\n Size/MD5 checksum: 2970576 cb9ff5de4f159be26adb77a1654f9c38\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-24etch2_s390.deb\n Size/MD5 checksum: 5670086 bb6b939d4ee4055d1414e9ee820debde\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390-tape_2.6.18.dfsg.1-24etch2_s390.deb\n Size/MD5 checksum: 1444844 687c959498ff8554892b1d980ffbcc18\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390x_2.6.18.dfsg.1-24etch1_s390.deb\n Size/MD5 checksum: 5626962 c4292f4eb21a43815f1f034a925b0590\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-s390_2.6.18.dfsg.1-24etch1_s390.deb\n Size/MD5 checksum: 57520 099be07a236cfc4990717731bf08139d\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch1_s390.deb\n Size/MD5 checksum: 2970532 9d1668579f9a9eb745a44d08b30007da\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch1_s390.deb\n Size/MD5 checksum: 2947446 3e27023a055fdd774b3289b045b7c1a8\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390_2.6.18.dfsg.1-24etch1_s390.deb\n Size/MD5 checksum: 5408972 f39e7ee9bd84c2d635d96cb0716abdd8\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390x_2.6.18.dfsg.1-24etch2_s390.deb\n Size/MD5 checksum: 5626908 b1ab2c5891fd1c69b2a14438130f3e4a\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390_2.6.18.dfsg.1-24etch1_s390.deb\n Size/MD5 checksum: 147404 78db167dea1715c9c2fb9c639078da6e\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch2_s390.deb\n Size/MD5 checksum: 2947568 a4e433116e8eb0fc50b0f845daeb30d2\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-s390_2.6.18.dfsg.1-24etch2_s390.deb\n Size/MD5 checksum: 57572 ebb8c12ec07403944bdda2ea032eb658\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390_2.6.18.dfsg.1-24etch2_s390.deb\n Size/MD5 checksum: 147488 0be2b32820585b651699c20c895c187e\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390x_2.6.18.dfsg.1-24etch2_s390.deb\n Size/MD5 checksum: 147840 83572cbe27afda0438768888f54afbd5\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-24etch2_s390.deb\n Size/MD5 checksum: 148648 4d7696585231987d7b1d0b89206aa3bf\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390x_2.6.18.dfsg.1-24etch1_s390.deb\n Size/MD5 checksum: 147812 5b5ec24eb7a1e503e54d1b826d4320f7\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-sparc_2.6.18.dfsg.1-24etch2_sparc.deb\n Size/MD5 checksum: 57658 85d8d9e4220d714f035fdba3945f8a5b\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-sparc64_2.6.18.dfsg.1-24etch2_sparc.deb\n Size/MD5 checksum: 10749234 c315a6732b4bdc1f2a933a3ab7f70f61\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc64-smp_2.6.18.dfsg.1-24etch2_sparc.deb\n Size/MD5 checksum: 10704988 5c8aa657f6e753d564ce28cd5233a870\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch2_sparc.deb\n Size/MD5 checksum: 3225012 8b647ba8e8683c216d38d2f65b44c986\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc64_2.6.18.dfsg.1-24etch2_sparc.deb\n Size/MD5 checksum: 10441342 67341cf21ca33af97e28a2f50816868d\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-sparc64_2.6.18.dfsg.1-24etch1_sparc.deb\n Size/MD5 checksum: 10752862 fe7ffe1779f19ed125fe457ff72e2ebf\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc32_2.6.18.dfsg.1-24etch2_sparc.deb\n Size/MD5 checksum: 173194 5005c744ca39613c7947209667085ec3\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch1_sparc.deb\n Size/MD5 checksum: 3229378 ec4511d40a9462de41990c6760af6d4d\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc32_2.6.18.dfsg.1-24etch1_sparc.deb\n Size/MD5 checksum: 6453010 a78d12a91fcaa85d0934fc2c9475156e\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch1_sparc.deb\n Size/MD5 checksum: 57578 80adaf839f84cc7e7c9848165c280225\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc32_2.6.18.dfsg.1-24etch1_sparc.deb\n Size/MD5 checksum: 172678 39720fa936c578899ddac4170d3114f2\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-sparc64_2.6.18.dfsg.1-24etch2_sparc.deb\n Size/MD5 checksum: 206042 38a98a8b604c552c907ad00ba3d16e2e\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc64_2.6.18.dfsg.1-24etch1_sparc.deb\n Size/MD5 checksum: 10447546 b75fd20c483fd0952ef441cd8ce3fcf3\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc64-smp_2.6.18.dfsg.1-24etch1_sparc.deb\n Size/MD5 checksum: 10707914 fc789353ab59d224287ccc565cdcb03a\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc32_2.6.18.dfsg.1-24etch2_sparc.deb\n Size/MD5 checksum: 6463760 392d2db88951658128f7abfd7f8cdb70\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc64_2.6.18.dfsg.1-24etch2_sparc.deb\n Size/MD5 checksum: 204844 c7d684a559e09da6d714e71411af18ac\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc64_2.6.18.dfsg.1-24etch1_sparc.deb\n Size/MD5 checksum: 203610 f2d365cdbe7b2caf090588c125d8b17a\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc64-smp_2.6.18.dfsg.1-24etch2_sparc.deb\n Size/MD5 checksum: 205708 4b0f45ae23fc2f0ad3936a9c076c6f0b\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch2_sparc.deb\n Size/MD5 checksum: 57630 9dcc5865c37f2d750da37fc7b4c0f7bc\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch1_sparc.deb\n Size/MD5 checksum: 3254264 3897f034a6c8cfc24d683a0816718ed1\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc64-smp_2.6.18.dfsg.1-24etch1_sparc.deb\n Size/MD5 checksum: 204240 2e04c9fccacef2761c4fd3608fdae318\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch2_sparc.deb\n Size/MD5 checksum: 3249626 fe045b931d67788a718c2040ef440a21\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-sparc64_2.6.18.dfsg.1-24etch1_sparc.deb\n Size/MD5 checksum: 204924 da40e61d358b209497bf4c720121154b\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-sparc_2.6.18.dfsg.1-24etch1_sparc.deb\n Size/MD5 checksum: 57608 7ce928a49a6c81ab639c4dce82429bab\n\n These changes will probably be included in the oldstable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ oldstable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/oldstable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2009-05-06T23:23:13", "type": "debian", "title": "[SECURITY] [DSA 1794-1] New Linux 2.6.18 packages fix several vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4307", "CVE-2008-5395", "CVE-2008-5701", "CVE-2008-5702", "CVE-2008-5713", "CVE-2009-0028", "CVE-2009-0029", "CVE-2009-0031", "CVE-2009-0065", "CVE-2009-0322", "CVE-2009-0675", "CVE-2009-0676", "CVE-2009-0834", "CVE-2009-0859", "CVE-2009-1192", "CVE-2009-1265", "CVE-2009-1336", "CVE-2009-1337", "CVE-2009-1439"], "modified": "2009-05-06T23:23:13", "id": "DEBIAN:DSA-1794-1:CF19C", "href": "https://lists.debian.org/debian-security-announce/2009/msg00105.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-26T15:55:32", "description": "- ----------------------------------------------------------------------\nDebian Security Advisory DSA-1787-1 security@debian.org\nhttp://www.debian.org/security/ Dann Frazier\nMay 2, 2009 http://www.debian.org/security/faq\n- ----------------------------------------------------------------------\n\nPackage : linux-2.6.24\nVulnerability : denial of service/privilege escalation/information leak\nProblem type : local/remote\nDebian-specific: no\nCVE Id(s) : CVE-2008-4307 CVE-2008-5079 CVE-2008-5395 CVE-2008-5700\n CVE-2008-5701 CVE-2008-5702 CVE-2009-0028 CVE-2009-0029\n CVE-2009-0031 CVE-2009-0065 CVE-2009-0269 CVE-2009-0322\n CVE-2009-0675 CVE-2009-0676 CVE-2009-0745 CVE-2009-0834\n CVE-2009-0859 CVE-2009-1046 CVE-2009-1192 CVE-2009-1242\n CVE-2009-1265 CVE-2009-1337 CVE-2009-1338 CVE-2009-1439\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:\n\nCVE-2008-4307\n\n Bryn M. Reeves reported a denial of service in the NFS filesystem.\n Local users can trigger a kernel BUG() due to a race condition in\n the do_setlk function.\n\nCVE-2008-5079\n\n Hugo Dias reported a DoS condition in the ATM subsystem that can\n be triggered by a local user by calling the svc_listen function\n twice on the same socket and reading /proc/net/atm/*vc.\n\nCVE-2008-5395\n\n Helge Deller discovered a denial of service condition that allows\n local users on PA-RISC systems to crash a system by attempting to\n unwind a stack contiaining userspace addresses.\n\nCVE-2008-5700\n\n Alan Cox discovered a lack of minimum timeouts on SG_IO requests,\n which allows local users of systems using ATA to cause a denial of\n service by forcing drives into PIO mode.\n \nCVE-2008-5701\n\n Vlad Malov reported an issue on 64-bit MIPS systems where a local\n user could cause a system crash by crafing a malicious binary\n which makes o32 syscalls with a number less than 4000.\n\nCVE-2008-5702\n\n Zvonimir Rakamaric reported an off-by-one error in the ib700wdt\n watchdog driver which allows local users to cause a buffer\n underflow by making a specially crafted WDIOC_SETTIMEOUT ioctl\n call.\n\nCVE-2009-0028\n\n Chris Evans discovered a situation in which a child process can\n send an arbitrary signal to its parent.\n\nCVE-2009-0029\n\n Christian Borntraeger discovered an issue effecting the alpha,\n mips, powerpc, s390 and sparc64 architectures that allows local\n users to cause a denial of service or potentially gain elevated\n privileges.\n\nCVE-2009-0031\n\n Vegard Nossum discovered a memory leak in the keyctl subsystem\n that allows local users to cause a denial of service by consuming\n all of kernel memory.\n\nCVE-2009-0065\n\n Wei Yongjun discovered a memory overflow in the SCTP\n implementation that can be triggered by remote users, permitting\n remote code execution.\n \nCVE-2009-0269\n\n Duane Griffin provided a fix for an issue in the eCryptfs\n subsystem which allows local users to cause a denial of service\n (fault or memory corruption).\n\nCVE-2009-0322\n\n Pavel Roskin provided a fix for an issue in the dell_rbu driver\n that allows a local user to cause a denial of service (oops) by\n reading 0 byts from a sysfs entry.\n\nCVE-2009-0675\n\n Roel Kluin discovered inverted logic in the skfddi driver that\n permits local, unprivileged users to reset the driver statistics.\n\nCVE-2009-0676\n\n Clement LECIGNE discovered a bug in the sock_getsockopt function\n that may result in leaking sensitive kernel memory.\n\nCVE-2009-0745\n\n Peter Kerwien discovered an issue in the ext4 filesystem that\n allows local users to cause a denial of service (kernel oops)\n during a resize operation.\n\nCVE-2009-0834\n\n Roland McGrath discovered an issue on amd64 kernels that allows\n local users to circumvent system call audit configurations which\n filter based on the syscall numbers or argument details.\n\nCVE-2009-0859\n\n Jiri Olsa discovered that a local user can cause a denial of\n service (system hang) using a SHM_INFO shmctl call on kernels\n compiled with CONFIG_SHMEM disabled. This issue does not affect\n prebuilt Debian kernels.\n\nCVE-2009-1046\n\n Mikulas Patocka reported an issue in the console subsystem that\n allows a local user to cause memory corruption by selecting a\n small number of 3-byte UTF-8 characters.\n\nCVE-2009-1192\n\n Shaohua Li reported an issue in the AGP subsystem they may allow\n local users to read sensitive kernel memory due to a leak of\n uninitialized memory.\n\nCVE-2009-1242\n\n Benjamin Gilbert reported a local denial of service vulnerability\n in the KVM VMX implementation that allows local users to trigger\n an oops.\n\nCVE-2009-1265\n\n Thomas Pollet reported an overflow in the af_rose implementation\n that allows remote attackers to retrieve uninitialized kernel\n memory that may contain sensitive data.\n\nCVE-2009-1337\n\n Oleg Nesterov discovered an issue in the exit_notify function that\n allows local users to send an arbitrary signal to a process by\n running a program that modifies the exit_signal field and then\n uses an exec system call to launch a setuid application.\n\nCVE-2009-1338\n\n Daniel Hokka Zakrisson discovered that a kill(-1) is permitted to\n reach processes outside of the current process namespace.\n \nCVE-2009-1439\n\n Pavan Naregundi reported an issue in the CIFS filesystem code that\n allows remote users to overwrite memory via a long\n nativeFileSystem field in a Tree Connect response during mount.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.6.24-6~etchnhalf.8etch1.\n\nWe recommend that you upgrade your linux-2.6.24 packages.\n\nNote: Debian 'etch' includes linux kernel packages based upon both the\n2.6.18 and 2.6.24 linux releases. All known security issues are\ncarefully tracked against both packages and both packages will receive\nsecurity updates until security support for Debian 'etch'\nconcludes. However, given the high frequency at which low-severity\nsecurity issues are discovered in the kernel and the resource\nrequirements of doing an update, lower severity 2.6.18 and 2.6.24\nupdates will typically release in a staggered or "leap-frog" fashion.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.8etch1.diff.gz\n Size/MD5 checksum: 4033829 ff5f9342fbd061dcab316080057bf9ac\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.8etch1.dsc\n Size/MD5 checksum: 5117 c71acfa6a187429a702d368e5974d082\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24.orig.tar.gz\n Size/MD5 checksum: 59630522 6b8751d1eb8e71498ba74bbd346343af\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-tree-2.6.24_2.6.24-6~etchnhalf.8etch1_all.deb\n Size/MD5 checksum: 82422 f39c24b3acf13eee80ab07421e120bc7\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-doc-2.6.24_2.6.24-6~etchnhalf.8etch1_all.deb\n Size/MD5 checksum: 4260850 8b0891fa602714572b2ea8be13d4b2eb\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-support-2.6.24-etchnhalf.1_2.6.24-6~etchnhalf.8etch1_all.deb\n Size/MD5 checksum: 96802 317936645be453126afab54705999059\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-manual-2.6.24_2.6.24-6~etchnhalf.8etch1_all.deb\n Size/MD5 checksum: 1542086 460bc638a040b2674f4da6e30fc975f1\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-source-2.6.24_2.6.24-6~etchnhalf.8etch1_all.deb\n Size/MD5 checksum: 46865722 b3afc19906294f1990ab97e6c8943285\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-patch-debian-2.6.24_2.6.24-6~etchnhalf.8etch1_all.deb\n Size/MD5 checksum: 917482 dc533207197184a44dcc931372534b0b\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-alpha_2.6.24-6~etchnhalf.8etch1_alpha.deb\n Size/MD5 checksum: 82038 12269f5ccc3251bed6544c82ace6bab8\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-legacy_2.6.24-6~etchnhalf.8etch1_alpha.deb\n Size/MD5 checksum: 26736698 8714134f74ad24d4a761d9e1b18c84dc\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-smp_2.6.24-6~etchnhalf.8etch1_alpha.deb\n Size/MD5 checksum: 332080 2632341b6c0d98b6798103d4e03a4980\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-generic_2.6.24-6~etchnhalf.8etch1_alpha.deb\n Size/MD5 checksum: 26757530 c00a3280cf8bc9d18e52c64202af9e34\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-smp_2.6.24-6~etchnhalf.8etch1_alpha.deb\n Size/MD5 checksum: 27341904 ee355aab70b9061c511e7152929c150a\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-generic_2.6.24-6~etchnhalf.8etch1_alpha.deb\n Size/MD5 checksum: 331054 7d30fb320e409180de47bdf7be8430c2\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_alpha.deb\n Size/MD5 checksum: 3454072 01417e58c71bb9515a4011c390be0580\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_alpha.deb\n Size/MD5 checksum: 82010 cff77bfb7491d357acc7d9d50dc0217e\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-legacy_2.6.24-6~etchnhalf.8etch1_alpha.deb\n Size/MD5 checksum: 330926 1b2c38a3628e25cc62b7e555800d48e5\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.8etch1_amd64.deb\n Size/MD5 checksum: 19480638 9f9f06adb37a611ed3f24000859beb03\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_amd64.deb\n Size/MD5 checksum: 3654580 aac989a8eee05d7adaf9731dfdda062f\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.8etch1_amd64.deb\n Size/MD5 checksum: 344960 4a6f4ac493086ec243734b3b6968a2bd\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-amd64_2.6.24-6~etchnhalf.8etch1_amd64.deb\n Size/MD5 checksum: 82010 f7713fceebf11933dd20c7db1c636df0\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_amd64.deb\n Size/MD5 checksum: 81998 7f2d31a9d80ae34c397d90912dbbb46f\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-ixp4xx_2.6.24-6~etchnhalf.8etch1_arm.deb\n Size/MD5 checksum: 308926 05539199c8e837c4fccc75172a9c82be\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_arm.deb\n Size/MD5 checksum: 82136 39e67aa9c8617379a54c9f36d0d72572\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_arm.deb\n Size/MD5 checksum: 3939598 804e621a444954f2045f27a9282ae77a\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-iop32x_2.6.24-6~etchnhalf.8etch1_arm.deb\n Size/MD5 checksum: 306808 3086d994c254c2481c6610729c6ee182\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-footbridge_2.6.24-6~etchnhalf.8etch1_arm.deb\n Size/MD5 checksum: 296510 23d73ccad75398f169ad602db513b908\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-footbridge_2.6.24-6~etchnhalf.8etch1_arm.deb\n Size/MD5 checksum: 9351566 c0326566806f5c7ed8de2342f4de857a\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-ixp4xx_2.6.24-6~etchnhalf.8etch1_arm.deb\n Size/MD5 checksum: 10775966 6661bd851503d953c4ca43b6f8e85deb\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-iop32x_2.6.24-6~etchnhalf.8etch1_arm.deb\n Size/MD5 checksum: 10768304 daca396e0f5decdfe92a7724069daa50\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-arm_2.6.24-6~etchnhalf.8etch1_arm.deb\n Size/MD5 checksum: 82166 8bb034ce3157aeefe7c3c692ebe14df4\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc64-smp_2.6.24-6~etchnhalf.8etch1_hppa.deb\n Size/MD5 checksum: 261644 7c1852bbe840ac3d90c12d452e2681cf\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_hppa.deb\n Size/MD5 checksum: 82016 293d2bba2cb8563e700377ada35f2ba2\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc-smp_2.6.24-6~etchnhalf.8etch1_hppa.deb\n Size/MD5 checksum: 259304 f3db74269efbac5501598e35a462bf20\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-hppa_2.6.24-6~etchnhalf.8etch1_hppa.deb\n Size/MD5 checksum: 82038 bdae604446c924296cd1aac5b9be7e95\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc_2.6.24-6~etchnhalf.8etch1_hppa.deb\n Size/MD5 checksum: 13332816 5d9819ffa069392df46ad94e193cbdf1\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc_2.6.24-6~etchnhalf.8etch1_hppa.deb\n Size/MD5 checksum: 258452 c1a9dde9f1c92b4563126d1937d4eec2\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc64_2.6.24-6~etchnhalf.8etch1_hppa.deb\n Size/MD5 checksum: 14385162 6cbd8dc0702e5cb15237d246883dd2c0\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc64_2.6.24-6~etchnhalf.8etch1_hppa.deb\n Size/MD5 checksum: 258378 4a864d5f74cd4f1e05362aa00e94236a\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc64-smp_2.6.24-6~etchnhalf.8etch1_hppa.deb\n Size/MD5 checksum: 14847618 ab5989ffb84c1780ba7a8d06ac501f67\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_hppa.deb\n Size/MD5 checksum: 3439250 22ebf43e46ee15c1240d6881c2554248\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc-smp_2.6.24-6~etchnhalf.8etch1_hppa.deb\n Size/MD5 checksum: 13845394 731ba27a151e94071c8f64ceb0da9e92\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-686_2.6.24-6~etchnhalf.8etch1_i386.deb\n Size/MD5 checksum: 360908 aef486d9faf9aca0e61ea01e16d0cbc8\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-486_2.6.24-6~etchnhalf.8etch1_i386.deb\n Size/MD5 checksum: 19348860 15a2e2dc1fa2b3b423d3010272f7f3f6\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_i386.deb\n Size/MD5 checksum: 82124 ee99a97dc91f3c2e205bce0b901904c0\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-686-bigmem_2.6.24-6~etchnhalf.8etch1_i386.deb\n Size/MD5 checksum: 359834 d80f275632e07acaaa02679eee976bb6\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-i386_2.6.24-6~etchnhalf.8etch1_i386.deb\n Size/MD5 checksum: 82160 07df09b3f1af03cd0f20d2b0cf2b679a\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.8etch1_i386.deb\n Size/MD5 checksum: 347518 a3530c65c732ef54f207a3551c85ec9f\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-686-bigmem_2.6.24-6~etchnhalf.8etch1_i386.deb\n Size/MD5 checksum: 19344944 28d8879c242e0698ee8524d006970445\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-486_2.6.24-6~etchnhalf.8etch1_i386.deb\n Size/MD5 checksum: 361402 3bad41e46bd717ebe8d15e0473f130eb\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.8etch1_i386.deb\n Size/MD5 checksum: 19589084 a8319258d3194cd59fa263a1b66a5626\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-686_2.6.24-6~etchnhalf.8etch1_i386.deb\n Size/MD5 checksum: 19278254 608362b1503eb3ec838bd01152d7aa93\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_i386.deb\n Size/MD5 checksum: 3647296 a6ce4748c3fefd49a40ebbfed1e004f9\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-mckinley_2.6.24-6~etchnhalf.8etch1_ia64.deb\n Size/MD5 checksum: 318210 76ad07637a2fac8a32d827c23f893ffa\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-itanium_2.6.24-6~etchnhalf.8etch1_ia64.deb\n Size/MD5 checksum: 32025152 eb4eec0df149a61e18ae22ef8c50eb43\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-itanium_2.6.24-6~etchnhalf.8etch1_ia64.deb\n Size/MD5 checksum: 318482 a155708aa4e74d90e54a4f107221c995\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_ia64.deb\n Size/MD5 checksum: 3567324 0e1d20a7ecbf444ad6aba30cc169963d\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_ia64.deb\n Size/MD5 checksum: 82000 f66623c2c53891b0d92055fb032d0592\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-mckinley_2.6.24-6~etchnhalf.8etch1_ia64.deb\n Size/MD5 checksum: 32206190 62738a79d48dffcad324124d2b73f3d4\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-ia64_2.6.24-6~etchnhalf.8etch1_ia64.deb\n Size/MD5 checksum: 82028 6aa864922de84ad84cfff13eb9ce71ee\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.8etch1_mips.deb\n Size/MD5 checksum: 308452 f5d33880c20e98b12a9ad5ef53743910\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r4k-ip22_2.6.24-6~etchnhalf.8etch1_mips.deb\n Size/MD5 checksum: 214502 a39b0ecffd3a215979f8e5bcdcd78bfe\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.8etch1_mips.deb\n Size/MD5 checksum: 17166576 38a62721888bbb2f0fc4d7fbdba70c9e\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-mips_2.6.24-6~etchnhalf.8etch1_mips.deb\n Size/MD5 checksum: 82062 3aa3ea6a854d046759d5824257e47bf3\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.8etch1_mips.deb\n Size/MD5 checksum: 17151594 603b866be5168c042bbef832eb253c9d\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r4k-ip22_2.6.24-6~etchnhalf.8etch1_mips.deb\n Size/MD5 checksum: 10522386 725913ed966df3029d3f72332af590fd\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r5k-ip32_2.6.24-6~etchnhalf.8etch1_mips.deb\n Size/MD5 checksum: 225228 e8ad107d20c67c798cdb093ae150592c\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.8etch1_mips.deb\n Size/MD5 checksum: 246218 69eee0d55e37c414da07e70b90c190a9\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r5k-ip32_2.6.24-6~etchnhalf.8etch1_mips.deb\n Size/MD5 checksum: 11957416 9d75b25a0668735d4bfb1fac77788723\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.8etch1_mips.deb\n Size/MD5 checksum: 27772372 307325283c10af9dd6dc8cb4f0de39a7\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.8etch1_mips.deb\n Size/MD5 checksum: 246310 815dfe8f02f354f03f0d63f8605bedd9\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.8etch1_mips.deb\n Size/MD5 checksum: 22150880 d183f2a93f59d18034573fd7febf5e22\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_mips.deb\n Size/MD5 checksum: 3803446 4448552a0dd930e3d51a800c1d6deb50\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_mips.deb\n Size/MD5 checksum: 82008 871aace093a3411d3d01dfcc19e57a7a\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.8etch1_mips.deb\n Size/MD5 checksum: 309908 ebc141db56c3f149eaf265af89054e03\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_mipsel.deb\n Size/MD5 checksum: 3803432 926f0974edf97ded8ef4bd4f99847b35\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r5k-cobalt_2.6.24-6~etchnhalf.8etch1_mipsel.deb\n Size/MD5 checksum: 245716 9a62f6221f1b1e36c8b397e5afcb966a\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-mipsel_2.6.24-6~etchnhalf.8etch1_mipsel.deb\n Size/MD5 checksum: 82060 401c4c5fb02f54a0deacef21bf630b0e\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.8etch1_mipsel.deb\n Size/MD5 checksum: 26982892 39032aaca4b2a6cecc7091022a42e2b7\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.8etch1_mipsel.deb\n Size/MD5 checksum: 16629962 874a967e72aa10398626267cb2d5ba54\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.8etch1_mipsel.deb\n Size/MD5 checksum: 21732318 7819062b50720a60a098d086978298ea\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_mipsel.deb\n Size/MD5 checksum: 82012 06886337047db3ad1df77cc919c4cff6\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.8etch1_mipsel.deb\n Size/MD5 checksum: 246190 ec4b8f66e8a0065d694f990745049e7e\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.8etch1_mipsel.deb\n Size/MD5 checksum: 16566324 d778d8f7f199e49cb087fafaef7eb551\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r5k-cobalt_2.6.24-6~etchnhalf.8etch1_mipsel.deb\n Size/MD5 checksum: 13316760 aadc4a462ca185163c902551556c92f6\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.8etch1_mipsel.deb\n Size/MD5 checksum: 309226 44e7866afb834db0bf71a9d034d729ba\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.8etch1_mipsel.deb\n Size/MD5 checksum: 308360 e53f7681e10aa6b07d1ea3e3b58622da\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.8etch1_mipsel.deb\n Size/MD5 checksum: 245984 a572ee84ea19bb4bb908e6c20a56ca37\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc_2.6.24-6~etchnhalf.8etch1_powerpc.deb\n Size/MD5 checksum: 19194974 99103ae37f6001139ea44dd31f84183f\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc-smp_2.6.24-6~etchnhalf.8etch1_powerpc.deb\n Size/MD5 checksum: 320916 0ba37f3d80f38b92b9097ea7e90fb3e7\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc_2.6.24-6~etchnhalf.8etch1_powerpc.deb\n Size/MD5 checksum: 320840 0ab836295bc998d5b54f9d54bb2bd23c\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc-smp_2.6.24-6~etchnhalf.8etch1_powerpc.deb\n Size/MD5 checksum: 19485870 bbee80ba2e47827a9f8ac2360ccf9e68\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_powerpc.deb\n Size/MD5 checksum: 3672412 4ff49fe861ab4f49eec95d425114c349\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_powerpc.deb\n Size/MD5 checksum: 82012 03d29f46bdcab8bab20d237a294fc242\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc-miboot_2.6.24-6~etchnhalf.8etch1_powerpc.deb\n Size/MD5 checksum: 295058 7718f3ba536f4af7252961bbbbab24be\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc64_2.6.24-6~etchnhalf.8etch1_powerpc.deb\n Size/MD5 checksum: 21169748 db5e60f6e3ba1fcd12a793fd30f75c14\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc-miboot_2.6.24-6~etchnhalf.8etch1_powerpc.deb\n Size/MD5 checksum: 17459470 60369530c57a669b6c9bcd441f757417\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc64_2.6.24-6~etchnhalf.8etch1_powerpc.deb\n Size/MD5 checksum: 322436 779ccace55f22bdcf1ccd9212033b58d\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-powerpc_2.6.24-6~etchnhalf.8etch1_powerpc.deb\n Size/MD5 checksum: 82046 39a3cbedcbc4e13f997b7641394e3ad0\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390-tape_2.6.24-6~etchnhalf.8etch1_s390.deb\n Size/MD5 checksum: 1501738 7bf06e1f51092c18b512045444fba8e9\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-s390_2.6.24-6~etchnhalf.8etch1_s390.deb\n Size/MD5 checksum: 193848 6713da5dfd8696c27718075e6cb3fa03\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-s390_2.6.24-6~etchnhalf.8etch1_s390.deb\n Size/MD5 checksum: 82016 1668a7a797859f5d9e0a7af2ba1781b4\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390_2.6.24-6~etchnhalf.8etch1_s390.deb\n Size/MD5 checksum: 6950110 9f8a8d765c71aaee7e94402626f413a1\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_s390.deb\n Size/MD5 checksum: 82002 0f37b246336adf27ce4d37776257ff95\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390x_2.6.24-6~etchnhalf.8etch1_s390.deb\n Size/MD5 checksum: 7200396 de8ace94802f259aef088e9384a4ca6b\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-s390x_2.6.24-6~etchnhalf.8etch1_s390.deb\n Size/MD5 checksum: 194084 ea695f010b1916d50f1bdad2e85dd1f0\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_s390.deb\n Size/MD5 checksum: 3429706 8a40f944fa6b7c64353d76154bded277\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-sparc_2.6.24-6~etchnhalf.8etch1_sparc.deb\n Size/MD5 checksum: 82152 88b0f93df760ac992f30c1927d0144f7\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_sparc.deb\n Size/MD5 checksum: 3652306 42dda4de967328363df86bee8ba0c53b\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sparc64_2.6.24-6~etchnhalf.8etch1_sparc.deb\n Size/MD5 checksum: 13022916 93538efd19eae1488128df8a3a73b957\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sparc64_2.6.24-6~etchnhalf.8etch1_sparc.deb\n Size/MD5 checksum: 263066 c796e2fd4e51ff6a66d9eec594c81386\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sparc64-smp_2.6.24-6~etchnhalf.8etch1_sparc.deb\n Size/MD5 checksum: 13317632 e50f9515e67c38d66c58f317bf2c9292\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sparc64-smp_2.6.24-6~etchnhalf.8etch1_sparc.deb\n Size/MD5 checksum: 264930 a1d0ba75ee8eded18b4d97327ebd0291\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_sparc.deb\n Size/MD5 checksum: 82128 6c1ebe596b196e25cb0307f78ab1f358\n\n\n These changes will probably be included in the oldstable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2009-05-02T18:33:03", "type": "debian", "title": "[SECURITY] [DSA 1787-1] New Linux 2.6.24 packages fix several vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4307", "CVE-2008-5079", "CVE-2008-5395", "CVE-2008-5700", "CVE-2008-5701", "CVE-2008-5702", "CVE-2009-0028", "CVE-2009-0029", "CVE-2009-0031", "CVE-2009-0065", "CVE-2009-0269", "CVE-2009-0322", "CVE-2009-0675", "CVE-2009-0676", "CVE-2009-0745", "CVE-2009-0834", "CVE-2009-0859", "CVE-2009-1046", "CVE-2009-1192", "CVE-2009-1242", "CVE-2009-1265", "CVE-2009-1337", "CVE-2009-1338", "CVE-2009-1439"], "modified": "2009-05-02T18:33:03", "id": "DEBIAN:DSA-1787-1:1654D", "href": "https://lists.debian.org/debian-security-announce/2009/msg00098.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "osv": [{"lastseen": "2022-08-10T07:07:27", "description": "\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to denial of service, privilege escalation, or information\nleak. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\n\n* [CVE-2008-4307](https://security-tracker.debian.org/tracker/CVE-2008-4307)\nBryn M. Reeves reported a denial of service in the NFS filesystem.\n Local users can trigger a kernel BUG() due to a race condition in\n the do\\_setlk function.\n* [CVE-2008-5395](https://security-tracker.debian.org/tracker/CVE-2008-5395)\nHelge Deller discovered a denial of service condition that allows\n local users on PA-RISC to crash the system by attempting to unwind\n a stack containing userspace addresses.\n* [CVE-2008-5701](https://security-tracker.debian.org/tracker/CVE-2008-5701)\nVlad Malov reported an issue on 64-bit MIPS where a local user\n could cause a system crash by crafting a malicious binary which\n makes o32 syscalls with a number less than 4000.\n* [CVE-2008-5702](https://security-tracker.debian.org/tracker/CVE-2008-5702)\nZvonimir Rakamaric reported an off-by-one error in the ib700wdt\n watchdog driver which allows local users to cause a buffer\n underflow by making a specially crafted WDIOC\\_SETTIMEOUT ioctl\n call.\n* [CVE-2008-5713](https://security-tracker.debian.org/tracker/CVE-2008-5713)\nFlavio Leitner discovered that a local user can cause a denial of\n service by generating large amounts of traffic on a large SMP\n system, resulting in soft lockups.\n* [CVE-2009-0028](https://security-tracker.debian.org/tracker/CVE-2009-0028)\nChris Evans discovered a situation in which a child process can\n send an arbitrary signal to its parent.\n* [CVE-2009-0029](https://security-tracker.debian.org/tracker/CVE-2009-0029)\nChristian Borntraeger discovered an issue effecting the alpha,\n mips, powerpc, s390 and sparc64 architectures that allows local\n users to cause a denial of service or potentially gain elevated\n privileges.\n* [CVE-2009-0031](https://security-tracker.debian.org/tracker/CVE-2009-0031)\nVegard Nossum discovered a memory leak in the keyctl subsystem\n that allows local users to cause a denial of service by consuming\n all available kernel memory.\n* [CVE-2009-0065](https://security-tracker.debian.org/tracker/CVE-2009-0065)\nWei Yongjun discovered a memory overflow in the SCTP\n implementation that can be triggered by remote users, permitting\n remote code execution.\n* [CVE-2009-0322](https://security-tracker.debian.org/tracker/CVE-2009-0322)\nPavel Roskin provided a fix for an issue in the dell\\_rbu driver\n that allows a local user to cause a denial of service (oops) by\n reading 0 bytes from a sysfs entry.\n* [CVE-2009-0675](https://security-tracker.debian.org/tracker/CVE-2009-0675)\nRoel Kluin discovered inverted logic in the skfddi driver that\n permits local, unprivileged users to reset the driver statistics.\n* [CVE-2009-0676](https://security-tracker.debian.org/tracker/CVE-2009-0676)\nClement LECIGNE discovered a bug in the sock\\_getsockopt function\n that may result in leaking sensitive kernel memory.\n* [CVE-2009-0834](https://security-tracker.debian.org/tracker/CVE-2009-0834)\nRoland McGrath discovered an issue on amd64 kernels that allows\n local users to circumvent system call audit configurations which\n filter based on the syscall numbers or argument details.\n* [CVE-2009-0859](https://security-tracker.debian.org/tracker/CVE-2009-0859)\nJiri Olsa discovered that a local user can cause a denial of\n service (system hang) using a SHM\\_INFO shmctl call on kernels\n compiled with CONFIG\\_SHMEM disabled. This issue does not affect\n prebuilt Debian kernels.\n* [CVE-2009-1192](https://security-tracker.debian.org/tracker/CVE-2009-1192)\nShaohua Li reported an issue in the AGP subsystem that may allow\n local users to read sensitive kernel memory due to a leak of\n uninitialized memory.\n* [CVE-2009-1265](https://security-tracker.debian.org/tracker/CVE-2009-1265)\nThomas Pollet reported an overflow in the af\\_rose implementation\n that allows remote attackers to retrieve uninitialized kernel\n memory that may contain sensitive data.\n* [CVE-2009-1336](https://security-tracker.debian.org/tracker/CVE-2009-1336)\nTrond Myklebust reported an issue in the encode\\_lookup() function\n in the nfs server subsystem that allows local users to cause a\n denial of service (oops in encode\\_lookup()) by use of a long\n filename.\n* [CVE-2009-1337](https://security-tracker.debian.org/tracker/CVE-2009-1337)\nOleg Nesterov discovered an issue in the exit\\_notify function that\n allows local users to send an arbitrary signal to a process by\n running a program that modifies the exit\\_signal field and then\n uses an exec system call to launch a setuid application.\n* [CVE-2009-1439](https://security-tracker.debian.org/tracker/CVE-2009-1439)\nPavan Naregundi reported an issue in the CIFS filesystem code that\n allows remote users to overwrite memory via a long\n nativeFileSystem field in a Tree Connect response during mount.\n\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 2.6.18.dfsg.1-24etch2.\n\n\nWe recommend that you upgrade your linux-2.6, fai-kernels, and\nuser-mode-linux packages.\n\n\nNote: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or \"leap-frog\" fashion.\n\n\n", "cvss3": {}, "published": "2009-05-06T00:00:00", "type": "osv", "title": "linux-2.6 - multiple vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5702", "CVE-2008-5395", "CVE-2009-0859", "CVE-2008-5713", "CVE-2009-0675", "CVE-2008-4307", "CVE-2009-0028", "CVE-2009-0322", "CVE-2009-0676", "CVE-2009-1192", "CVE-2009-0065", "CVE-2009-1337", "CVE-2009-0834", "CVE-2009-1265", "CVE-2009-0031", "CVE-2009-1439", "CVE-2009-1336", "CVE-2009-0029", "CVE-2008-5701"], "modified": "2022-08-10T07:07:23", "id": "OSV:DSA-1794-1", "href": "https://osv.dev/vulnerability/DSA-1794-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-21T08:33:16", "description": "\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:\n\n\n* [CVE-2008-4307](https://security-tracker.debian.org/tracker/CVE-2008-4307)\nBryn M. Reeves reported a denial of service in the NFS filesystem.\n Local users can trigger a kernel BUG() due to a race condition in\n the do\\_setlk function.\n* [CVE-2008-5079](https://security-tracker.debian.org/tracker/CVE-2008-5079)\nHugo Dias reported a DoS condition in the ATM subsystem that can\n be triggered by a local user by calling the svc\\_listen function\n twice on the same socket and reading /proc/net/atm/\\*vc.\n* [CVE-2008-5395](https://security-tracker.debian.org/tracker/CVE-2008-5395)\nHelge Deller discovered a denial of service condition that allows\n local users on PA-RISC systems to crash a system by attempting to\n unwind a stack containing userspace addresses.\n* [CVE-2008-5700](https://security-tracker.debian.org/tracker/CVE-2008-5700)\nAlan Cox discovered a lack of minimum timeouts on SG\\_IO requests,\n which allows local users of systems using ATA to cause a denial of\n service by forcing drives into PIO mode.\n* [CVE-2008-5701](https://security-tracker.debian.org/tracker/CVE-2008-5701)\nVlad Malov reported an issue on 64-bit MIPS systems where a local\n user could cause a system crash by crafing a malicious binary\n which makes o32 syscalls with a number less than 4000.\n* [CVE-2008-5702](https://security-tracker.debian.org/tracker/CVE-2008-5702)\nZvonimir Rakamaric reported an off-by-one error in the ib700wdt\n watchdog driver which allows local users to cause a buffer\n underflow by making a specially crafted WDIOC\\_SETTIMEOUT ioctl\n call.\n* [CVE-2009-0028](https://security-tracker.debian.org/tracker/CVE-2009-0028)\nChris Evans discovered a situation in which a child process can\n send an arbitrary signal to its parent.\n* [CVE-2009-0029](https://security-tracker.debian.org/tracker/CVE-2009-0029)\nChristian Borntraeger discovered an issue effecting the alpha,\n mips, powerpc, s390 and sparc64 architectures that allows local\n users to cause a denial of service or potentially gain elevated\n privileges.\n* [CVE-2009-0031](https://security-tracker.debian.org/tracker/CVE-2009-0031)\nVegard Nossum discovered a memory leak in the keyctl subsystem\n that allows local users to cause a denial of service by consuming\n all of kernel memory.\n* [CVE-2009-0065](https://security-tracker.debian.org/tracker/CVE-2009-0065)\nWei Yongjun discovered a memory overflow in the SCTP\n implementation that can be triggered by remote users, permitting\n remote code execution.\n* [CVE-2009-0269](https://security-tracker.debian.org/tracker/CVE-2009-0269)\nDuane Griffin provided a fix for an issue in the eCryptfs\n subsystem which allows local users to cause a denial of service\n (fault or memory corruption).\n* [CVE-2009-0322](https://security-tracker.debian.org/tracker/CVE-2009-0322)\nPavel Roskin provided a fix for an issue in the dell\\_rbu driver\n that allows a local user to cause a denial of service (oops) by\n reading 0 bytes from a sysfs entry.\n* [CVE-2009-0675](https://security-tracker.debian.org/tracker/CVE-2009-0675)\nRoel Kluin discovered inverted logic in the skfddi driver that\n permits local, unprivileged users to reset the driver statistics.\n* [CVE-2009-0676](https://security-tracker.debian.org/tracker/CVE-2009-0676)\nClement LECIGNE discovered a bug in the sock\\_getsockopt function\n that may result in leaking sensitive kernel memory.\n* [CVE-2009-0745](https://security-tracker.debian.org/tracker/CVE-2009-0745)\nPeter Kerwien discovered an issue in the ext4 filesystem that\n allows local users to cause a denial of service (kernel oops)\n during a resize operation.\n* [CVE-2009-0834](https://security-tracker.debian.org/tracker/CVE-2009-0834)\nRoland McGrath discovered an issue on amd64 kernels that allows\n local users to circumvent system call audit configurations which\n filter based on the syscall numbers or argument details.\n* [CVE-2009-0859](https://security-tracker.debian.org/tracker/CVE-2009-0859)\nJiri Olsa discovered that a local user can cause a denial of\n service (system hang) using a SHM\\_INFO shmctl call on kernels\n compiled with CONFIG\\_SHMEM disabled. This issue does not affect\n prebuilt Debian kernels.\n* [CVE-2009-1046](https://security-tracker.debian.org/tracker/CVE-2009-1046)\nMikulas Patocka reported an issue in the console subsystem that\n allows a local user to cause memory corruption by selecting a\n small number of 3-byte UTF-8 characters.\n* [CVE-2009-1192](https://security-tracker.debian.org/tracker/CVE-2009-1192)\nShaohua Li reported an issue in the AGP subsystem that may allow\n local users to read sensitive kernel memory due to a leak of\n uninitialized memory.\n* [CVE-2009-1242](https://security-tracker.debian.org/tracker/CVE-2009-1242)\nBenjamin Gilbert reported a local denial of service vulnerability\n in the KVM VMX implementation that allows local users to trigger\n an oops.\n* [CVE-2009-1265](https://security-tracker.debian.org/tracker/CVE-2009-1265)\nThomas Pollet reported an overflow in the af\\_rose implementation\n that allows remote attackers to retrieve uninitialized kernel\n memory that may contain sensitive data.\n* [CVE-2009-1337](https://security-tracker.debian.org/tracker/CVE-2009-1337)\nOleg Nesterov discovered an issue in the exit\\_notify function that\n allows local users to send an arbitrary signal to a process by\n running a program that modifies the exit\\_signal field and then\n uses an exec system call to launch a setuid application.\n* [CVE-2009-1338](https://security-tracker.debian.org/tracker/CVE-2009-1338)\nDaniel Hokka Zakrisson discovered that a kill(-1) is permitted to\n reach processes outside of the current process namespace.\n* [CVE-2009-1439](https://security-tracker.debian.org/tracker/CVE-2009-1439)\nPavan Naregundi reported an issue in the CIFS filesystem code that\n allows remote users to overwrite memory via a long\n nativeFileSystem field in a Tree Connect response during mount.\n\n\nFor the oldstable distribution (etch), these problems have been fixed in\nversion 2.6.24-6~etchnhalf.8etch1.\n\n\nWe recommend that you upgrade your linux-2.6.24 packages.\n\n\nNote: Debian 'etch' includes linux kernel packages based upon both the\n2.6.18 and 2.6.24 linux releases. All known security issues are\ncarefully tracked against both packages and both packages will receive\nsecurity updates until security support for Debian 'etch'\nconcludes. However, given the high frequency at which low-severity\nsecurity issues are discovered in the kernel and the resource\nrequirements of doing an update, lower severity 2.6.18 and 2.6.24\nupdates will typically release in a staggered or \"leap-frog\" fashion.\n\n\n", "cvss3": {}, "published": "2009-05-02T00:00:00", "type": "osv", "title": "linux-2.6.24 - several vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5702", "CVE-2009-1046", "CVE-2008-5395", "CVE-2008-5700", "CVE-2009-0859", "CVE-2009-0675", "CVE-2008-4307", "CVE-2009-0028", "CVE-2009-1242", "CVE-2009-0322", "CVE-2009-0676", "CVE-2009-1192", "CVE-2008-5079", "CVE-2009-0065", "CVE-2009-0745", "CVE-2009-1338", "CVE-2009-1337", "CVE-2009-0269", "CVE-2009-0834", "CVE-2009-1265", "CVE-2009-0031", "CVE-2009-1439", "CVE-2009-0029", "CVE-2008-5701"], "modified": "2022-07-21T05:46:51", "id": "OSV:DSA-1787-1", "href": "https://osv.dev/vulnerability/DSA-1787-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:30", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ----------------------------------------------------------------------\r\nDebian Security Advisory DSA-1787-1 security@debian.org\r\nhttp://www.debian.org/security/ Dann Frazier\r\nMay 2, 2009 http://www.debian.org/security/faq\r\n- ----------------------------------------------------------------------\r\n\r\nPackage : linux-2.6.24\r\nVulnerability : denial of service/privilege escalation/information leak\r\nProblem type : local/remote\r\nDebian-specific: no\r\nCVE Id(s) : CVE-2008-4307 CVE-2008-5079 CVE-2008-5395 CVE-2008-5700\r\n CVE-2008-5701 CVE-2008-5702 CVE-2009-0028 CVE-2009-0029\r\n CVE-2009-0031 CVE-2009-0065 CVE-2009-0269 CVE-2009-0322\r\n CVE-2009-0675 CVE-2009-0676 CVE-2009-0745 CVE-2009-0834\r\n CVE-2009-0859 CVE-2009-1046 CVE-2009-1192 CVE-2009-1242\r\n CVE-2009-1265 CVE-2009-1337 CVE-2009-1338 CVE-2009-1439\r\n\r\nSeveral vulnerabilities have been discovered in the Linux kernel that\r\nmay lead to a denial of service or privilege escalation. The Common\r\nVulnerabilities and Exposures project identifies the following\r\nproblems:\r\n\r\nCVE-2008-4307\r\n\r\n Bryn M. Reeves reported a denial of service in the NFS filesystem.\r\n Local users can trigger a kernel BUG() due to a race condition in\r\n the do_setlk function.\r\n\r\nCVE-2008-5079\r\n\r\n Hugo Dias reported a DoS condition in the ATM subsystem that can\r\n be triggered by a local user by calling the svc_listen function\r\n twice on the same socket and reading /proc/net/atm/*vc.\r\n\r\nCVE-2008-5395\r\n\r\n Helge Deller discovered a denial of service condition that allows\r\n local users on PA-RISC systems to crash a system by attempting to\r\n unwind a stack contiaining userspace addresses.\r\n\r\nCVE-2008-5700\r\n\r\n Alan Cox discovered a lack of minimum timeouts on SG_IO requests,\r\n which allows local users of systems using ATA to cause a denial of\r\n service by forcing drives into PIO mode.\r\n \r\nCVE-2008-5701\r\n\r\n Vlad Malov reported an issue on 64-bit MIPS systems where a local\r\n user could cause a system crash by crafing a malicious binary\r\n which makes o32 syscalls with a number less than 4000.\r\n\r\nCVE-2008-5702\r\n\r\n Zvonimir Rakamaric reported an off-by-one error in the ib700wdt\r\n watchdog driver which allows local users to cause a buffer\r\n underflow by making a specially crafted WDIOC_SETTIMEOUT ioctl\r\n call.\r\n\r\nCVE-2009-0028\r\n\r\n Chris Evans discovered a situation in which a child process can\r\n send an arbitrary signal to its parent.\r\n\r\nCVE-2009-0029\r\n\r\n Christian Borntraeger discovered an issue effecting the alpha,\r\n mips, powerpc, s390 and sparc64 architectures that allows local\r\n users to cause a denial of service or potentially gain elevated\r\n privileges.\r\n\r\nCVE-2009-0031\r\n\r\n Vegard Nossum discovered a memory leak in the keyctl subsystem\r\n that allows local users to cause a denial of service by consuming\r\n all of kernel memory.\r\n\r\nCVE-2009-0065\r\n\r\n Wei Yongjun discovered a memory overflow in the SCTP\r\n implementation that can be triggered by remote users, permitting\r\n remote code execution.\r\n \r\nCVE-2009-0269\r\n\r\n Duane Griffin provided a fix for an issue in the eCryptfs\r\n subsystem which allows local users to cause a denial of service\r\n (fault or memory corruption).\r\n\r\nCVE-2009-0322\r\n\r\n Pavel Roskin provided a fix for an issue in the dell_rbu driver\r\n that allows a local user to cause a denial of service (oops) by\r\n reading 0 byts from a sysfs entry.\r\n\r\nCVE-2009-0675\r\n\r\n Roel Kluin discovered inverted logic in the skfddi driver that\r\n permits local, unprivileged users to reset the driver statistics.\r\n\r\nCVE-2009-0676\r\n\r\n Clement LECIGNE discovered a bug in the sock_getsockopt function\r\n that may result in leaking sensitive kernel memory.\r\n\r\nCVE-2009-0745\r\n\r\n Peter Kerwien discovered an issue in the ext4 filesystem that\r\n allows local users to cause a denial of service (kernel oops)\r\n during a resize operation.\r\n\r\nCVE-2009-0834\r\n\r\n Roland McGrath discovered an issue on amd64 kernels that allows\r\n local users to circumvent system call audit configurations which\r\n filter based on the syscall numbers or argument details.\r\n\r\nCVE-2009-0859\r\n\r\n Jiri Olsa discovered that a local user can cause a denial of\r\n service (system hang) using a SHM_INFO shmctl call on kernels\r\n compiled with CONFIG_SHMEM disabled. This issue does not affect\r\n prebuilt Debian kernels.\r\n\r\nCVE-2009-1046\r\n\r\n Mikulas Patocka reported an issue in the console subsystem that\r\n allows a local user to cause memory corruption by selecting a\r\n small number of 3-byte UTF-8 characters.\r\n\r\nCVE-2009-1192\r\n\r\n Shaohua Li reported an issue in the AGP subsystem they may allow\r\n local users to read sensitive kernel memory due to a leak of\r\n uninitialized memory.\r\n\r\nCVE-2009-1242\r\n\r\n Benjamin Gilbert reported a local denial of service vulnerability\r\n in the KVM VMX implementation that allows local users to trigger\r\n an oops.\r\n\r\nCVE-2009-1265\r\n\r\n Thomas Pollet reported an overflow in the af_rose implementation\r\n that allows remote attackers to retrieve uninitialized kernel\r\n memory that may contain sensitive data.\r\n\r\nCVE-2009-1337\r\n\r\n Oleg Nesterov discovered an issue in the exit_notify function that\r\n allows local users to send an arbitrary signal to a process by\r\n running a program that modifies the exit_signal field and then\r\n uses an exec system call to launch a setuid application.\r\n\r\nCVE-2009-1338\r\n\r\n Daniel Hokka Zakrisson discovered that a kill(-1) is permitted to\r\n reach processes outside of the current process namespace.\r\n \r\nCVE-2009-1439\r\n\r\n Pavan Naregundi reported an issue in the CIFS filesystem code that\r\n allows remote users to overwrite memory via a long\r\n nativeFileSystem field in a Tree Connect response during mount.\r\n\r\nFor the stable distribution (etch), these problems have been fixed in\r\nversion 2.6.24-6~etchnhalf.8etch1.\r\n\r\nWe recommend that you upgrade your linux-2.6.24 packages.\r\n\r\nNote: Debian 'etch' includes linux kernel packages based upon both the\r\n2.6.18 and 2.6.24 linux releases. All known security issues are\r\ncarefully tracked against both packages and both packages will receive\r\nsecurity updates until security support for Debian 'etch'\r\nconcludes. However, given the high frequency at which low-severity\r\nsecurity issues are discovered in the kernel and the resource\r\nrequirements of doing an update, lower severity 2.6.18 and 2.6.24\r\nupdates will typically release in a staggered or "leap-frog" fashion.\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\nDebian GNU/Linux 4.0 alias etch\r\n- -------------------------------\r\n\r\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.8etch1.diff.gz\r\n Size/MD5 checksum: 4033829 ff5f9342fbd061dcab316080057bf9ac\r\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.8etch1.dsc\r\n Size/MD5 checksum: 5117 c71acfa6a187429a702d368e5974d082\r\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24.orig.tar.gz\r\n Size/MD5 checksum: 59630522 6b8751d1eb8e71498ba74bbd346343af\r\n\r\nArchitecture independent packages:\r\n\r\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-tree-2.6.24_2.6.24-6~etchnhalf.8etch1_all.deb\r\n Size/MD5 checksum: 82422 f39c24b3acf13eee80ab07421e120bc7\r\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-doc-2.6.24_2.6.24-6~etchnhalf.8etch1_all.deb\r\n Size/MD5 checksum: 4260850 8b0891fa602714572b2ea8be13d4b2eb\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-support-2.6.24-etchnhalf.1_2.6.24-6~etchnhalf.8etch1_all.deb\r\n Size/MD5 checksum: 96802 317936645be453126afab54705999059\r\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-manual-2.6.24_2.6.24-6~etchnhalf.8etch1_all.deb\r\n Size/MD5 checksum: 1542086 460bc638a040b2674f4da6e30fc975f1\r\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-source-2.6.24_2.6.24-6~etchnhalf.8etch1_all.deb\r\n Size/MD5 checksum: 46865722 b3afc19906294f1990ab97e6c8943285\r\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-patch-debian-2.6.24_2.6.24-6~etchnhalf.8etch1_all.deb\r\n Size/MD5 checksum: 917482 dc533207197184a44dcc931372534b0b\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-alpha_2.6.24-6~etchnhalf.8etch1_alpha.deb\r\n Size/MD5 checksum: 82038 12269f5ccc3251bed6544c82ace6bab8\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-legacy_2.6.24-6~etchnhalf.8etch1_alpha.deb\r\n Size/MD5 checksum: 26736698 8714134f74ad24d4a761d9e1b18c84dc\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-smp_2.6.24-6~etchnhalf.8etch1_alpha.deb\r\n Size/MD5 checksum: 332080 2632341b6c0d98b6798103d4e03a4980\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-generic_2.6.24-6~etchnhalf.8etch1_alpha.deb\r\n Size/MD5 checksum: 26757530 c00a3280cf8bc9d18e52c64202af9e34\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-smp_2.6.24-6~etchnhalf.8etch1_alpha.deb\r\n Size/MD5 checksum: 27341904 ee355aab70b9061c511e7152929c150a\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-generic_2.6.24-6~etchnhalf.8etch1_alpha.deb\r\n Size/MD5 checksum: 331054 7d30fb320e409180de47bdf7be8430c2\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_alpha.deb\r\n Size/MD5 checksum: 3454072 01417e58c71bb9515a4011c390be0580\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_alpha.deb\r\n Size/MD5 checksum: 82010 cff77bfb7491d357acc7d9d50dc0217e\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-legacy_2.6.24-6~etchnhalf.8etch1_alpha.deb\r\n Size/MD5 checksum: 330926 1b2c38a3628e25cc62b7e555800d48e5\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.8etch1_amd64.deb\r\n Size/MD5 checksum: 19480638 9f9f06adb37a611ed3f24000859beb03\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_amd64.deb\r\n Size/MD5 checksum: 3654580 aac989a8eee05d7adaf9731dfdda062f\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.8etch1_amd64.deb\r\n Size/MD5 checksum: 344960 4a6f4ac493086ec243734b3b6968a2bd\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-amd64_2.6.24-6~etchnhalf.8etch1_amd64.deb\r\n Size/MD5 checksum: 82010 f7713fceebf11933dd20c7db1c636df0\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_amd64.deb\r\n Size/MD5 checksum: 81998 7f2d31a9d80ae34c397d90912dbbb46f\r\n\r\narm architecture (ARM)\r\n\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-ixp4xx_2.6.24-6~etchnhalf.8etch1_arm.deb\r\n Size/MD5 checksum: 308926 05539199c8e837c4fccc75172a9c82be\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_arm.deb\r\n Size/MD5 checksum: 82136 39e67aa9c8617379a54c9f36d0d72572\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_arm.deb\r\n Size/MD5 checksum: 3939598 804e621a444954f2045f27a9282ae77a\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-iop32x_2.6.24-6~etchnhalf.8etch1_arm.deb\r\n Size/MD5 checksum: 306808 3086d994c254c2481c6610729c6ee182\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-footbridge_2.6.24-6~etchnhalf.8etch1_arm.deb\r\n Size/MD5 checksum: 296510 23d73ccad75398f169ad602db513b908\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-footbridge_2.6.24-6~etchnhalf.8etch1_arm.deb\r\n Size/MD5 checksum: 9351566 c0326566806f5c7ed8de2342f4de857a\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-ixp4xx_2.6.24-6~etchnhalf.8etch1_arm.deb\r\n Size/MD5 checksum: 10775966 6661bd851503d953c4ca43b6f8e85deb\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-iop32x_2.6.24-6~etchnhalf.8etch1_arm.deb\r\n Size/MD5 checksum: 10768304 daca396e0f5decdfe92a7724069daa50\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-arm_2.6.24-6~etchnhalf.8etch1_arm.deb\r\n Size/MD5 checksum: 82166 8bb034ce3157aeefe7c3c692ebe14df4\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc64-smp_2.6.24-6~etchnhalf.8etch1_hppa.deb\r\n Size/MD5 checksum: 261644 7c1852bbe840ac3d90c12d452e2681cf\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_hppa.deb\r\n Size/MD5 checksum: 82016 293d2bba2cb8563e700377ada35f2ba2\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc-smp_2.6.24-6~etchnhalf.8etch1_hppa.deb\r\n Size/MD5 checksum: 259304 f3db74269efbac5501598e35a462bf20\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-hppa_2.6.24-6~etchnhalf.8etch1_hppa.deb\r\n Size/MD5 checksum: 82038 bdae604446c924296cd1aac5b9be7e95\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc_2.6.24-6~etchnhalf.8etch1_hppa.deb\r\n Size/MD5 checksum: 13332816 5d9819ffa069392df46ad94e193cbdf1\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc_2.6.24-6~etchnhalf.8etch1_hppa.deb\r\n Size/MD5 checksum: 258452 c1a9dde9f1c92b4563126d1937d4eec2\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc64_2.6.24-6~etchnhalf.8etch1_hppa.deb\r\n Size/MD5 checksum: 14385162 6cbd8dc0702e5cb15237d246883dd2c0\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc64_2.6.24-6~etchnhalf.8etch1_hppa.deb\r\n Size/MD5 checksum: 258378 4a864d5f74cd4f1e05362aa00e94236a\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc64-smp_2.6.24-6~etchnhalf.8etch1_hppa.deb\r\n Size/MD5 checksum: 14847618 ab5989ffb84c1780ba7a8d06ac501f67\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_hppa.deb\r\n Size/MD5 checksum: 3439250 22ebf43e46ee15c1240d6881c2554248\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc-smp_2.6.24-6~etchnhalf.8etch1_hppa.deb\r\n Size/MD5 checksum: 13845394 731ba27a151e94071c8f64ceb0da9e92\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-686_2.6.24-6~etchnhalf.8etch1_i386.deb\r\n Size/MD5 checksum: 360908 aef486d9faf9aca0e61ea01e16d0cbc8\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-486_2.6.24-6~etchnhalf.8etch1_i386.deb\r\n Size/MD5 checksum: 19348860 15a2e2dc1fa2b3b423d3010272f7f3f6\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_i386.deb\r\n Size/MD5 checksum: 82124 ee99a97dc91f3c2e205bce0b901904c0\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-686-bigmem_2.6.24-6~etchnhalf.8etch1_i386.deb\r\n Size/MD5 checksum: 359834 d80f275632e07acaaa02679eee976bb6\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-i386_2.6.24-6~etchnhalf.8etch1_i386.deb\r\n Size/MD5 checksum: 82160 07df09b3f1af03cd0f20d2b0cf2b679a\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.8etch1_i386.deb\r\n Size/MD5 checksum: 347518 a3530c65c732ef54f207a3551c85ec9f\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-686-bigmem_2.6.24-6~etchnhalf.8etch1_i386.deb\r\n Size/MD5 checksum: 19344944 28d8879c242e0698ee8524d006970445\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-486_2.6.24-6~etchnhalf.8etch1_i386.deb\r\n Size/MD5 checksum: 361402 3bad41e46bd717ebe8d15e0473f130eb\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.8etch1_i386.deb\r\n Size/MD5 checksum: 19589084 a8319258d3194cd59fa263a1b66a5626\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-686_2.6.24-6~etchnhalf.8etch1_i386.deb\r\n Size/MD5 checksum: 19278254 608362b1503eb3ec838bd01152d7aa93\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_i386.deb\r\n Size/MD5 checksum: 3647296 a6ce4748c3fefd49a40ebbfed1e004f9\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-mckinley_2.6.24-6~etchnhalf.8etch1_ia64.deb\r\n Size/MD5 checksum: 318210 76ad07637a2fac8a32d827c23f893ffa\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-itanium_2.6.24-6~etchnhalf.8etch1_ia64.deb\r\n Size/MD5 checksum: 32025152 eb4eec0df149a61e18ae22ef8c50eb43\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-itanium_2.6.24-6~etchnhalf.8etch1_ia64.deb\r\n Size/MD5 checksum: 318482 a155708aa4e74d90e54a4f107221c995\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_ia64.deb\r\n Size/MD5 checksum: 3567324 0e1d20a7ecbf444ad6aba30cc169963d\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_ia64.deb\r\n Size/MD5 checksum: 82000 f66623c2c53891b0d92055fb032d0592\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-mckinley_2.6.24-6~etchnhalf.8etch1_ia64.deb\r\n Size/MD5 checksum: 32206190 62738a79d48dffcad324124d2b73f3d4\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-ia64_2.6.24-6~etchnhalf.8etch1_ia64.deb\r\n Size/MD5 checksum: 82028 6aa864922de84ad84cfff13eb9ce71ee\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.8etch1_mips.deb\r\n Size/MD5 checksum: 308452 f5d33880c20e98b12a9ad5ef53743910\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r4k-ip22_2.6.24-6~etchnhalf.8etch1_mips.deb\r\n Size/MD5 checksum: 214502 a39b0ecffd3a215979f8e5bcdcd78bfe\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.8etch1_mips.deb\r\n Size/MD5 checksum: 17166576 38a62721888bbb2f0fc4d7fbdba70c9e\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-mips_2.6.24-6~etchnhalf.8etch1_mips.deb\r\n Size/MD5 checksum: 82062 3aa3ea6a854d046759d5824257e47bf3\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.8etch1_mips.deb\r\n Size/MD5 checksum: 17151594 603b866be5168c042bbef832eb253c9d\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r4k-ip22_2.6.24-6~etchnhalf.8etch1_mips.deb\r\n Size/MD5 checksum: 10522386 725913ed966df3029d3f72332af590fd\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r5k-ip32_2.6.24-6~etchnhalf.8etch1_mips.deb\r\n Size/MD5 checksum: 225228 e8ad107d20c67c798cdb093ae150592c\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.8etch1_mips.deb\r\n Size/MD5 checksum: 246218 69eee0d55e37c414da07e70b90c190a9\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r5k-ip32_2.6.24-6~etchnhalf.8etch1_mips.deb\r\n Size/MD5 checksum: 11957416 9d75b25a0668735d4bfb1fac77788723\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.8etch1_mips.deb\r\n Size/MD5 checksum: 27772372 307325283c10af9dd6dc8cb4f0de39a7\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.8etch1_mips.deb\r\n Size/MD5 checksum: 246310 815dfe8f02f354f03f0d63f8605bedd9\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.8etch1_mips.deb\r\n Size/MD5 checksum: 22150880 d183f2a93f59d18034573fd7febf5e22\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_mips.deb\r\n Size/MD5 checksum: 3803446 4448552a0dd930e3d51a800c1d6deb50\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_mips.deb\r\n Size/MD5 checksum: 82008 871aace093a3411d3d01dfcc19e57a7a\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.8etch1_mips.deb\r\n Size/MD5 checksum: 309908 ebc141db56c3f149eaf265af89054e03\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_mipsel.deb\r\n Size/MD5 checksum: 3803432 926f0974edf97ded8ef4bd4f99847b35\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r5k-cobalt_2.6.24-6~etchnhalf.8etch1_mipsel.deb\r\n Size/MD5 checksum: 245716 9a62f6221f1b1e36c8b397e5afcb966a\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-mipsel_2.6.24-6~etchnhalf.8etch1_mipsel.deb\r\n Size/MD5 checksum: 82060 401c4c5fb02f54a0deacef21bf630b0e\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.8etch1_mipsel.deb\r\n Size/MD5 checksum: 26982892 39032aaca4b2a6cecc7091022a42e2b7\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.8etch1_mipsel.deb\r\n Size/MD5 checksum: 16629962 874a967e72aa10398626267cb2d5ba54\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.8etch1_mipsel.deb\r\n Size/MD5 checksum: 21732318 7819062b50720a60a098d086978298ea\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_mipsel.deb\r\n Size/MD5 checksum: 82012 06886337047db3ad1df77cc919c4cff6\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.8etch1_mipsel.deb\r\n Size/MD5 checksum: 246190 ec4b8f66e8a0065d694f990745049e7e\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.8etch1_mipsel.deb\r\n Size/MD5 checksum: 16566324 d778d8f7f199e49cb087fafaef7eb551\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r5k-cobalt_2.6.24-6~etchnhalf.8etch1_mipsel.deb\r\n Size/MD5 checksum: 13316760 aadc4a462ca185163c902551556c92f6\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.8etch1_mipsel.deb\r\n Size/MD5 checksum: 309226 44e7866afb834db0bf71a9d034d729ba\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.8etch1_mipsel.deb\r\n Size/MD5 checksum: 308360 e53f7681e10aa6b07d1ea3e3b58622da\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.8etch1_mipsel.deb\r\n Size/MD5 checksum: 245984 a572ee84ea19bb4bb908e6c20a56ca37\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc_2.6.24-6~etchnhalf.8etch1_powerpc.deb\r\n Size/MD5 checksum: 19194974 99103ae37f6001139ea44dd31f84183f\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc-smp_2.6.24-6~etchnhalf.8etch1_powerpc.deb\r\n Size/MD5 checksum: 320916 0ba37f3d80f38b92b9097ea7e90fb3e7\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc_2.6.24-6~etchnhalf.8etch1_powerpc.deb\r\n Size/MD5 checksum: 320840 0ab836295bc998d5b54f9d54bb2bd23c\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc-smp_2.6.24-6~etchnhalf.8etch1_powerpc.deb\r\n Size/MD5 checksum: 19485870 bbee80ba2e47827a9f8ac2360ccf9e68\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_powerpc.deb\r\n Size/MD5 checksum: 3672412 4ff49fe861ab4f49eec95d425114c349\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_powerpc.deb\r\n Size/MD5 checksum: 82012 03d29f46bdcab8bab20d237a294fc242\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc-miboot_2.6.24-6~etchnhalf.8etch1_powerpc.deb\r\n Size/MD5 checksum: 295058 7718f3ba536f4af7252961bbbbab24be\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc64_2.6.24-6~etchnhalf.8etch1_powerpc.deb\r\n Size/MD5 checksum: 21169748 db5e60f6e3ba1fcd12a793fd30f75c14\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc-miboot_2.6.24-6~etchnhalf.8etch1_powerpc.deb\r\n Size/MD5 checksum: 17459470 60369530c57a669b6c9bcd441f757417\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc64_2.6.24-6~etchnhalf.8etch1_powerpc.deb\r\n Size/MD5 checksum: 322436 779ccace55f22bdcf1ccd9212033b58d\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-powerpc_2.6.24-6~etchnhalf.8etch1_powerpc.deb\r\n Size/MD5 checksum: 82046 39a3cbedcbc4e13f997b7641394e3ad0\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390-tape_2.6.24-6~etchnhalf.8etch1_s390.deb\r\n Size/MD5 checksum: 1501738 7bf06e1f51092c18b512045444fba8e9\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-s390_2.6.24-6~etchnhalf.8etch1_s390.deb\r\n Size/MD5 checksum: 193848 6713da5dfd8696c27718075e6cb3fa03\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-s390_2.6.24-6~etchnhalf.8etch1_s390.deb\r\n Size/MD5 checksum: 82016 1668a7a797859f5d9e0a7af2ba1781b4\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390_2.6.24-6~etchnhalf.8etch1_s390.deb\r\n Size/MD5 checksum: 6950110 9f8a8d765c71aaee7e94402626f413a1\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_s390.deb\r\n Size/MD5 checksum: 82002 0f37b246336adf27ce4d37776257ff95\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390x_2.6.24-6~etchnhalf.8etch1_s390.deb\r\n Size/MD5 checksum: 7200396 de8ace94802f259aef088e9384a4ca6b\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-s390x_2.6.24-6~etchnhalf.8etch1_s390.deb\r\n Size/MD5 checksum: 194084 ea695f010b1916d50f1bdad2e85dd1f0\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_s390.deb\r\n Size/MD5 checksum: 3429706 8a40f944fa6b7c64353d76154bded277\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-sparc_2.6.24-6~etchnhalf.8etch1_sparc.deb\r\n Size/MD5 checksum: 82152 88b0f93df760ac992f30c1927d0144f7\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_sparc.deb\r\n Size/MD5 checksum: 3652306 42dda4de967328363df86bee8ba0c53b\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sparc64_2.6.24-6~etchnhalf.8etch1_sparc.deb\r\n Size/MD5 checksum: 13022916 93538efd19eae1488128df8a3a73b957\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sparc64_2.6.24-6~etchnhalf.8etch1_sparc.deb\r\n Size/MD5 checksum: 263066 c796e2fd4e51ff6a66d9eec594c81386\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sparc64-smp_2.6.24-6~etchnhalf.8etch1_sparc.deb\r\n Size/MD5 checksum: 13317632 e50f9515e67c38d66c58f317bf2c9292\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sparc64-smp_2.6.24-6~etchnhalf.8etch1_sparc.deb\r\n Size/MD5 checksum: 264930 a1d0ba75ee8eded18b4d97327ebd0291\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_sparc.deb\r\n Size/MD5 checksum: 82128 6c1ebe596b196e25cb0307f78ab1f358\r\n\r\n\r\n These changes will probably be included in the oldstable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niD8DBQFJ/JE8huANDBmkLRkRAlzXAJwJvkPuUoKwLYQPFVnF7t2DRIkzjQCgg8zC\r\nw+zXZAH5HPrUZ78bMIHk8Sw=\r\n=KhiR\r\n-----END PGP SIGNATURE-----", "cvss3": {}, "published": "2009-05-04T00:00:00", "type": "securityvulns", "title": "[SECURITY] [DSA 1787-1] New Linux 2.6.24 packages fix several vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2008-5702", "CVE-2009-1046", "CVE-2008-5395", "CVE-2008-5700", "CVE-2009-0859", "CVE-2009-0675", "CVE-2008-4307", "CVE-2009-0028", "CVE-2009-1242", "CVE-2009-0322", "CVE-2009-0676", "CVE-2009-1192", "CVE-2008-5079", "CVE-2009-0065", "CVE-2009-0745", "CVE-2009-1338", "CVE-2009-1337", "CVE-2009-0269", "CVE-2009-0834", "CVE-2009-1265", "CVE-2009-0031", "CVE-2009-1439", "CVE-2009-0029", "CVE-2008-5701"], "modified": "2009-05-04T00:00:00", "id": "SECURITYVULNS:DOC:21767", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21767", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "vmware": [{"lastseen": "2022-06-19T20:02:56", "description": "a. JRE Security UpdateJRE update to version 1.5.0_20, which addresses multiple securityissues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) hasassigned the following names to the security issues fixed inJRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099,CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103,CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. The Common Vulnerabilities and Exposures project (cve.mitre.org) hasassigned the following names to the security issues fixed inJRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671,CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676,CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720,CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. The following table lists what action remediates the vulnerability(column 4) if a solution is available.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "baseScore": 4.2, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2009-11-20T00:00:00", "type": "vmware", "title": "VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-2052", "CVE-2007-4965", "CVE-2007-5333", "CVE-2007-5342", "CVE-2007-5461", "CVE-2007-5966", "CVE-2007-6286", "CVE-2008-0002", "CVE-2008-1232", "CVE-2008-1721", "CVE-2008-1887", "CVE-2008-1947", "CVE-2008-2315", "CVE-2008-2370", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144", "CVE-2008-3528", "CVE-2008-4307", "CVE-2008-4864", "CVE-2008-5031", "CVE-2008-5515", "CVE-2008-5700", "CVE-2009-0028", "CVE-2009-0033", "CVE-2009-0159", "CVE-2009-0269", "CVE-2009-0322", "CVE-2009-0580", "CVE-2009-0675", "CVE-2009-0676", "CVE-2009-0696", "CVE-2009-0745", "CVE-2009-0746", "CVE-2009-0747", "CVE-2009-0748", "CVE-2009-0778", "CVE-2009-0781", "CVE-2009-0783", "CVE-2009-0787", "CVE-2009-0834", "CVE-2009-1072", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107", "CVE-2009-1192", "CVE-2009-1252", "CVE-2009-1336", "CVE-2009-1337", "CVE-2009-1385", "CVE-2009-1388", "CVE-2009-1389", "CVE-2009-1439", "CVE-2009-1630", "CVE-2009-1633", "CVE-2009-1895", "CVE-2009-2406", "CVE-2009-2407", "CVE-2009-2414", "CVE-2009-2416", "CVE-2009-2417", "CVE-2009-2625", "CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2675", "CVE-2009-2676", "CVE-2009-2692", "CVE-2009-2698", "CVE-2009-2716", "CVE-2009-2718", "CVE-2009-2719", "CVE-2009-2720", "CVE-2009-2721", "CVE-2009-2722", "CVE-2009-2723", "CVE-2009-2724", "CVE-2009-2730", "CVE-2009-2847", "CVE-2009-2848"], "modified": "2010-03-29T00:00:00", "id": "VMSA-2009-0016.6", "href": "https://www.vmware.com/security/advisories/VMSA-2009-0016.6.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-06-08T18:38:41", "description": "a. JRE Security Update \n \nJRE update to version 1.5.0_20, which addresses multiple security \nissues that existed in earlier releases of JRE. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has \nassigned the following names to the security issues fixed in \nJRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, \nCVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, \nCVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, \nCVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has \nassigned the following names to the security issues fixed in \nJRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, \nCVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, \nCVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, \nCVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. \nThe following table lists what action remediates the vulnerability \n(column 4) if a solution is available. \n\n", "cvss3": {}, "published": "2009-11-20T00:00:00", "type": "vmware", "title": "VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2007-5342", "CVE-2007-2052", "CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-2670", "CVE-2009-1895", "CVE-2009-2692", "CVE-2009-1099", "CVE-2009-2716", "CVE-2009-2417", "CVE-2008-1721", "CVE-2009-1097", "CVE-2008-3143", "CVE-2009-2414", "CVE-2008-4864", "CVE-2009-1385", "CVE-2008-5700", "CVE-2008-3528", "CVE-2009-0033", "CVE-2009-2723", "CVE-2009-2718", "CVE-2007-5333", "CVE-2009-0675", "CVE-2009-0747", "CVE-2009-0787", "CVE-2009-2416", "CVE-2008-4307", "CVE-2009-0696", "CVE-2009-2722", "CVE-2007-4965", "CVE-2009-0746", "CVE-2009-0580", "CVE-2009-2698", "CVE-2009-0028", "CVE-2009-2720", "CVE-2009-0781", "CVE-2008-5515", "CVE-2009-2625", "CVE-2008-1947", "CVE-2009-0778", "CVE-2009-2673", "CVE-2009-1100", "CVE-2008-3144", "CVE-2009-1072", "CVE-2009-0322", "CVE-2009-0159", "CVE-2009-0676", "CVE-2009-1192", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-0745", "CVE-2007-5461", "CVE-2008-3142", "CVE-2009-2407", "CVE-2009-1106", "CVE-2009-1337", "CVE-2009-1103", "CVE-2007-5966", "CVE-2009-1388", "CVE-2009-0783", "CVE-2009-0269", "CVE-2007-6286", "CVE-2009-2724", "CVE-2009-1389", "CVE-2008-2370", "CVE-2009-0834", "CVE-2009-1633", "CVE-2008-2315", "CVE-2009-0748", "CVE-2009-1101", "CVE-2009-2406", "CVE-2009-1439", "CVE-2009-1336", "CVE-2009-2848", "CVE-2009-1252", "CVE-2008-1887", "CVE-2009-1107", "CVE-2009-2671", "CVE-2008-1232", "CVE-2008-5031", "CVE-2009-1102", "CVE-2009-1630", "CVE-2009-2672", "CVE-2009-2847", "CVE-2009-2719", "CVE-2009-2676", "CVE-2009-1105", "CVE-2009-2721", "CVE-2009-2675", "CVE-2008-0002"], "modified": "2010-03-29T00:00:00", "id": "VMSA-2009-0016", "href": "https://www.vmware.com/security/advisories/VMSA-2009-0016.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}

CVE-2008-4307

Description

Affected Package

Related