Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2007-2021 Tenable Network Security, Inc.MANDRAKE_MDKSA-2007-171.NASL
HistorySep 03, 2007 - 12:00 a.m.

Mandrake Linux Security Advisory : kernel (MDKSA-2007:171)

2007-09-0300:00:00
This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.
www.tenable.com
46

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

EPSS

0.146

Percentile

95.9%

JSON

Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel :

The Linux kernel did not properly save or restore EFLAGS during a context switch, or reset the flags when creating new threads, which allowed local users to cause a denial of service (process crash) (CVE-2006-5755).

The compat_sys_mount function in fs/compat.c allowed local users to cause a denial of service (NULL pointer dereference and oops) by mounting a smbfs file system in compatibility mode (CVE-2006-7203).

The nfnetlink_log function in netfilter allowed an attacker to cause a denial of service (crash) via unspecified vectors which would trigger a NULL pointer dereference (CVE-2007-1496).

The nf_conntrack function in netfilter did not set nfctinfo during reassembly of fragmented packets, which left the default value as IP_CT_ESTABLISHED and could allow remote attackers to bypass certain rulesets using IPv6 fragments (CVE-2007-1497).

The netlink functionality did not properly handle NETLINK_FIB_LOOKUP replies, which allowed a remote attacker to cause a denial of service (resource consumption) via unspecified vectors, probably related to infinite recursion (CVE-2007-1861).

A typo in the Linux kernel caused RTA_MAX to be used as an array size instead of RTN_MAX, which lead to an out of bounds access by certain functions (CVE-2007-2172).

The IPv6 protocol allowed remote attackers to cause a denial of service via crafted IPv6 type 0 route headers that create network amplification between two routers (CVE-2007-2242).

The random number feature did not properly seed pools when there was no entropy, or used an incorrect cast when extracting entropy, which could cause the random number generator to provide the same values after reboots on systems without an entropy source (CVE-2007-2453).

A memory leak in the PPPoE socket implementation allowed local users to cause a denial of service (memory consumption) by creating a socket using connect, and releasing it before the PPPIOCGCHAN ioctl is initialized (CVE-2007-2525).

An integer underflow in the cpuset_tasks_read function, when the cpuset filesystem is mounted, allowed local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file (CVE-2007-2875).

The sctp_new function in netfilter allowed remote attackers to cause a denial of service by causing certain invalid states that triggered a NULL pointer dereference (CVE-2007-2876).

In addition to these security fixes, other fixes have been included such as :

  • Fix crash on netfilter when nfnetlink_log is used on certain hooks on packets forwarded to or from a bridge

  • Fixed busy sleep on IPVS which caused high load averages

    • Fixed possible race condition on ext[34]_link

    • Fixed missing braces in condition block that led to wrong behaviour in NFS

  • Fixed XFS lock deallocation that resulted in oops when unmounting

To update your kernel, please follow the directions located at :

http://www.mandriva.com/en/security/kernelupdate

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2007:171. 
# The text itself is copyright (C) Mandriva S.A.
#

if (NASL_LEVEL < 3000) exit(0);

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(25968);
  script_version("1.20");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2006-5755", "CVE-2006-7203", "CVE-2007-1496", "CVE-2007-1497", "CVE-2007-1861", "CVE-2007-2172", "CVE-2007-2242", "CVE-2007-2453", "CVE-2007-2525", "CVE-2007-2875", "CVE-2007-2876");
  script_bugtraq_id(23615, 23870, 24376, 24390);
  script_xref(name:"MDKSA", value:"2007:171");

  script_name(english:"Mandrake Linux Security Advisory : kernel (MDKSA-2007:171)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Some vulnerabilities were discovered and corrected in the Linux 2.6
kernel :

The Linux kernel did not properly save or restore EFLAGS during a
context switch, or reset the flags when creating new threads, which
allowed local users to cause a denial of service (process crash)
(CVE-2006-5755).

The compat_sys_mount function in fs/compat.c allowed local users to
cause a denial of service (NULL pointer dereference and oops) by
mounting a smbfs file system in compatibility mode (CVE-2006-7203).

The nfnetlink_log function in netfilter allowed an attacker to cause a
denial of service (crash) via unspecified vectors which would trigger
a NULL pointer dereference (CVE-2007-1496).

The nf_conntrack function in netfilter did not set nfctinfo during
reassembly of fragmented packets, which left the default value as
IP_CT_ESTABLISHED and could allow remote attackers to bypass certain
rulesets using IPv6 fragments (CVE-2007-1497).

The netlink functionality did not properly handle NETLINK_FIB_LOOKUP
replies, which allowed a remote attacker to cause a denial of service
(resource consumption) via unspecified vectors, probably related to
infinite recursion (CVE-2007-1861).

A typo in the Linux kernel caused RTA_MAX to be used as an array size
instead of RTN_MAX, which lead to an out of bounds access by certain
functions (CVE-2007-2172).

The IPv6 protocol allowed remote attackers to cause a denial of
service via crafted IPv6 type 0 route headers that create network
amplification between two routers (CVE-2007-2242).

The random number feature did not properly seed pools when there was
no entropy, or used an incorrect cast when extracting entropy, which
could cause the random number generator to provide the same values
after reboots on systems without an entropy source (CVE-2007-2453).

A memory leak in the PPPoE socket implementation allowed local users
to cause a denial of service (memory consumption) by creating a socket
using connect, and releasing it before the PPPIOCGCHAN ioctl is
initialized (CVE-2007-2525).

An integer underflow in the cpuset_tasks_read function, when the
cpuset filesystem is mounted, allowed local users to obtain kernel
memory contents by using a large offset when reading the
/dev/cpuset/tasks file (CVE-2007-2875).

The sctp_new function in netfilter allowed remote attackers to cause a
denial of service by causing certain invalid states that triggered a
NULL pointer dereference (CVE-2007-2876).

In addition to these security fixes, other fixes have been included
such as :

  - Fix crash on netfilter when nfnetlink_log is used on
    certain hooks on packets forwarded to or from a bridge

  - Fixed busy sleep on IPVS which caused high load averages

    - Fixed possible race condition on ext[34]_link

    - Fixed missing braces in condition block that led to
      wrong behaviour in NFS

  - Fixed XFS lock deallocation that resulted in oops when
    unmounting

To update your kernel, please follow the directions located at :

http://www.mandriva.com/en/security/kernelupdate"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20, 189, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-2.6.17.15mdv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-doc-2.6.17.15mdv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-doc-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-enterprise-2.6.17.15mdv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-enterprise-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-legacy-2.6.17.15mdv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-legacy-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source-2.6.17.15mdv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source-stripped-2.6.17.15mdv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source-stripped-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-xen0-2.6.17.15mdv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-xen0-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-xenU-2.6.17.15mdv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-xenU-latest");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2007/08/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/09/03");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK2007.0", reference:"kernel-2.6.17.15mdv-1-1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", reference:"kernel-doc-2.6.17.15mdv-1-1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"kernel-enterprise-2.6.17.15mdv-1-1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"kernel-legacy-2.6.17.15mdv-1-1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", reference:"kernel-source-2.6.17.15mdv-1-1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", reference:"kernel-source-stripped-2.6.17.15mdv-1-1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", reference:"kernel-xen0-2.6.17.15mdv-1-1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", reference:"kernel-xenU-2.6.17.15mdv-1-1mdv2007.0", yank:"mdv")) flag++;

if (rpm_check(release:"MDK2007.1", reference:"kernel-2.6.17.15mdv-1-1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"kernel-doc-2.6.17.15mdv-1-1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"kernel-doc-latest-2.6.17-15mdv", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"kernel-enterprise-2.6.17.15mdv-1-1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"kernel-enterprise-latest-2.6.17-15mdv", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"kernel-latest-2.6.17-15mdv", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"kernel-legacy-2.6.17.15mdv-1-1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"kernel-legacy-latest-2.6.17-15mdv", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"kernel-source-2.6.17.15mdv-1-1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"kernel-source-latest-2.6.17-15mdv", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"kernel-source-stripped-2.6.17.15mdv-1-1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"kernel-source-stripped-latest-2.6.17-15mdv", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"kernel-xen0-2.6.17.15mdv-1-1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"kernel-xen0-latest-2.6.17-15mdv", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"kernel-xenU-2.6.17.15mdv-1-1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"kernel-xenU-latest-2.6.17-15mdv", yank:"mdv")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxkernel-2.6.17.15mdvp-cpe:/a:mandriva:linux:kernel-2.6.17.15mdv
mandrivalinuxkernel-doc-2.6.17.15mdvp-cpe:/a:mandriva:linux:kernel-doc-2.6.17.15mdv
mandrivalinuxkernel-doc-latestp-cpe:/a:mandriva:linux:kernel-doc-latest
mandrivalinuxkernel-enterprise-2.6.17.15mdvp-cpe:/a:mandriva:linux:kernel-enterprise-2.6.17.15mdv
mandrivalinuxkernel-enterprise-latestp-cpe:/a:mandriva:linux:kernel-enterprise-latest
mandrivalinuxkernel-latestp-cpe:/a:mandriva:linux:kernel-latest
mandrivalinuxkernel-legacy-2.6.17.15mdvp-cpe:/a:mandriva:linux:kernel-legacy-2.6.17.15mdv
mandrivalinuxkernel-legacy-latestp-cpe:/a:mandriva:linux:kernel-legacy-latest
mandrivalinuxkernel-source-2.6.17.15mdvp-cpe:/a:mandriva:linux:kernel-source-2.6.17.15mdv
mandrivalinuxkernel-source-latestp-cpe:/a:mandriva:linux:kernel-source-latest
Rows per page:
1-10 of 181

Related

openvas 41
nessus 35
redhat 4
centos 4
suse 3
osv 4
debian 5
ubuntu 5
oraclelinux 4
fedora 5
securityvulns 14
veracode 11
cve 12
ubuntucve 11
nvd 12
cvelist 11
f5 4
freebsd 1
prion 10
checkpoint_advisories 1
freebsd_advisory 1
cert 1
openvas
openvas
Mandriva Update for kernel MDKSA-2007:171 (kernel)
2009-04-09 00:00:00
Mandriva Update for kernel MDKSA-2007:171 (kernel)
2009-04-09 00:00:00
SuSE Update for kernel SUSE-SA:2007:043
2009-01-28 00:00:00
nessus
nessus
openSUSE 10 Security Update : kernel (kernel-3760)
2007-10-17 00:00:00
RHEL 5 : kernel (RHSA-2007:0347)
2007-05-25 00:00:00
Oracle Linux 5 : kernel (ELSA-2007-0347)
2013-07-12 00:00:00
redhat
redhat
(RHSA-2007:0347) Important: kernel security and bug fix update
2007-05-16 00:00:00
(RHSA-2007:0376) Important: kernel security and bug fix update
2007-06-14 00:00:00
(RHSA-2007:0488) Important: kernel security update
2007-06-25 00:00:00
centos
centos
kernel security update
2007-05-20 02:21:06
kernel security update
2007-06-15 23:44:48
kernel security update
2007-06-26 23:50:36
suse
suse
remote denial of service in kernel
2007-07-09 14:31:09
remote denial of service in kernel
2007-09-06 17:18:55
local privilege escalation in kernel
2007-10-12 16:04:36
osv
osv
linux-2.6
2007-05-13 00:00:00
linux-2.6 - several vulnerabilities
2007-08-15 00:00:00
linux-2.6
2007-08-31 00:00:00
debian
debian
[SECURITY] [DSA 1289-1] New Linux 2.6.18 packages fix several vulnerabilities
2007-05-13 11:33:16
[SECURITY] [DSA 1356-1] New Linux 2.6.18 packages fix several vulnerabilities
2007-08-16 01:00:53
[SECURITY] [DSA 1363-1] New Linux 2.6.18 packages fix several vulnerabilities
2007-08-31 23:33:55
ubuntu
ubuntu
Linux kernel vulnerabilities
2007-07-18 00:00:00
Linux kernel vulnerabilities
2007-07-19 00:00:00
Linux kernel vulnerabilities
2007-05-24 00:00:00
oraclelinux
oraclelinux
Important: kernel security and bug fix update
2007-06-26 00:00:00
Important: kernel security and bug fix update
2007-06-26 00:00:00
Important: kernel security update
2007-06-26 00:00:00
fedora
fedora
[SECURITY] Fedora Core 6 Update: kernel-2.6.20-1.2962.fc6
2007-06-25 17:41:33
[SECURITY] Fedora Core 6 Update: kernel-2.6.20-1.2948.fc6
2007-05-01 16:21:51
[SECURITY] Fedora 7 Update: kernel-2.6.21-1.3228.fc7
2007-06-13 21:07:55
securityvulns
securityvulns
Linux netfilter multiple security vulnerabilities
2007-03-18 00:00:00
[USN-489-1] Linux kernel vulnerabilities
2007-07-19 00:00:00
[SECURITY] [DSA 1356-1] New Linux 2.6.18 packages fix several vulnerabilities
2007-08-17 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:18:10
Denial Of Service (DoS)
2020-04-10 00:27:57
Denial Of Service (DoS)
2020-04-10 00:20:01
cve
cve
CVE-2006-7203
2007-05-14 17:19:00
CVE-2006-5755
2007-01-09 01:00:00
CVE-2007-2242
2007-04-25 16:19:00
ubuntucve
ubuntucve
CVE-2006-5755
2006-12-31 00:00:00
CVE-2006-7203
2007-05-14 00:00:00
CVE-2007-2242
2007-04-25 00:00:00
nvd
nvd
CVE-2006-5755
2006-12-31 05:00:00
CVE-2007-2875
2007-06-11 22:30:00
CVE-2006-7203
2007-05-14 17:19:00
cvelist
cvelist
CVE-2006-5755
2007-01-09 01:00:00
CVE-2007-2242
2007-04-25 16:00:00
CVE-2006-7203
2007-05-14 17:00:00
f5
f5
K8923 : Linux kernel vulnerability CVE-2007-2875
2013-03-18 00:00:00
K8920 : Linux kernel vulnerability CVE-2007-2876
2013-03-18 00:00:00
SOL8920 - Linux kernel vulnerability CVE-2007-2876
2008-06-30 00:00:00
freebsd
freebsd
FreeBSD -- IPv6 Routing Header 0 is dangerous
2007-04-26 00:00:00
prion
prion
Integer overflow
2007-06-11 22:30:00
Null pointer dereference
2007-06-11 23:30:00
Null pointer dereference
2007-03-16 22:19:00
checkpoint_advisories
checkpoint_advisories
Linux Kernel NetFilter SCTP Unknown Chunk Types Denial of Service (CVE-2007-2876)
2010-03-17 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-07:03.ipv6
2007-04-26 00:00:00
cert
cert
IPv6 Type 0 Route Headers allow sender to control routing
2007-06-01 00:00:00

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

EPSS

0.146

Percentile

95.9%

JSON
Related for MANDRAKE_MDKSA-2007-171.NASL
openvas41nessus35redhat4centos4suse3osv4debian5ubuntu5oraclelinux4fedora5securityvulns14veracode11cve12ubuntucve11nvd12cvelist11f54freebsd1prion10checkpoint_advisories1freebsd_advisory1cert1