Lucene search
This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.MANDRAKE_MDKSA-2007-195.NASLHistoryOct 25, 2007 - 12:00 a.m.
Mandrake Linux Security Advisory : kernel (MDKSA-2007:195)
2007-10-2500:00:00
This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18
CVSS2
7.8
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
EPSS
0.069
Percentile
94.0%
Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel :
A stack-based buffer overflow in the random number generator could allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size (CVE-2007-3105).
The lcd_write function did not limit the amount of memory used by a caller, which allows local users to cause a denial of service (memory consumption) (CVE-2007-3513).
The decode_choice function allowed remote attackers to cause a denial of service (crash) via an encoded out-of-range index value for a choice field which triggered a NULL pointer dereference (CVE-2007-3642).
The Linux kernel allowed local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die which delivered an attacker-controlled parent process death signal (PR_SET_PDEATHSIG) (CVE-2007-3848).
The aac_cfg_openm and aac_compat_ioctl functions in the SCSI layer ioctl patch in aacraid did not check permissions for ioctls, which might allow local users to cause a denial of service or gain privileges (CVE-2007-4308).
The IA32 system call emulation functionality, when running on the x86_64 architecture, did not zero extend the eax register after the 32bit entry path to ptrace is used, which could allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register (CVE-2007-4573).
In addition to these security fixes, other fixes have been included such as :
-
More NVidia PCI ids wre added
-
The 3w-9xxx module was updated to version 2.26.02.010
-
Fixed the map entry for ICH8
-
Added the TG3 5786 PCI id
-
Reduced the log verbosity of cx88-mpeg
-
To update your kernel, please follow the directions located at :
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandrake Linux Security Advisory MDKSA-2007:195.
# The text itself is copyright (C) Mandriva S.A.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(27561);
script_version("1.20");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2007-3105", "CVE-2007-3513", "CVE-2007-3642", "CVE-2007-3848", "CVE-2007-4308", "CVE-2007-4573");
script_bugtraq_id(24734, 25216, 25348, 25387, 25774);
script_xref(name:"MDKSA", value:"2007:195");
script_name(english:"Mandrake Linux Security Advisory : kernel (MDKSA-2007:195)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Mandrake Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"Some vulnerabilities were discovered and corrected in the Linux 2.6
kernel :
A stack-based buffer overflow in the random number generator could
allow local root users to cause a denial of service or gain privileges
by setting the default wakeup threshold to a value greater than the
output pool size (CVE-2007-3105).
The lcd_write function did not limit the amount of memory used by a
caller, which allows local users to cause a denial of service (memory
consumption) (CVE-2007-3513).
The decode_choice function allowed remote attackers to cause a denial
of service (crash) via an encoded out-of-range index value for a
choice field which triggered a NULL pointer dereference
(CVE-2007-3642).
The Linux kernel allowed local users to send arbitrary signals to a
child process that is running at higher privileges by causing a
setuid-root parent process to die which delivered an
attacker-controlled parent process death signal (PR_SET_PDEATHSIG)
(CVE-2007-3848).
The aac_cfg_openm and aac_compat_ioctl functions in the SCSI layer
ioctl patch in aacraid did not check permissions for ioctls, which
might allow local users to cause a denial of service or gain
privileges (CVE-2007-4308).
The IA32 system call emulation functionality, when running on the
x86_64 architecture, did not zero extend the eax register after the
32bit entry path to ptrace is used, which could allow local users to
gain privileges by triggering an out-of-bounds access to the system
call table using the %RAX register (CVE-2007-4573).
In addition to these security fixes, other fixes have been included
such as :
- More NVidia PCI ids wre added
- The 3w-9xxx module was updated to version 2.26.02.010
- Fixed the map entry for ICH8
- Added the TG3 5786 PCI id
- Reduced the log verbosity of cx88-mpeg
To update your kernel, please follow the directions located at :
http://www.mandriva.com/en/security/kernelupdate"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(119, 189, 264);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-2.6.17.16mdv");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-doc-2.6.17.16mdv");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-doc-latest");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-enterprise-2.6.17.16mdv");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-enterprise-latest");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-latest");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-legacy-2.6.17.16mdv");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-legacy-latest");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source-2.6.17.16mdv");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source-latest");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source-stripped-2.6.17.16mdv");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source-stripped-latest");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-xen0-2.6.17.16mdv");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-xen0-latest");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-xenU-2.6.17.16mdv");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-xenU-latest");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007.1");
script_set_attribute(attribute:"patch_publication_date", value:"2007/10/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/25");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Mandriva Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK2007.0", reference:"kernel-2.6.17.16mdv-1-1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", reference:"kernel-doc-2.6.17.16mdv-1-1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"kernel-enterprise-2.6.17.16mdv-1-1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"kernel-legacy-2.6.17.16mdv-1-1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", reference:"kernel-source-2.6.17.16mdv-1-1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", reference:"kernel-source-stripped-2.6.17.16mdv-1-1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", reference:"kernel-xen0-2.6.17.16mdv-1-1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", reference:"kernel-xenU-2.6.17.16mdv-1-1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"kernel-2.6.17.16mdv-1-1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"kernel-doc-2.6.17.16mdv-1-1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"kernel-doc-latest-2.6.17-16mdv", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"kernel-enterprise-2.6.17.16mdv-1-1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"kernel-enterprise-latest-2.6.17-16mdv", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"kernel-latest-2.6.17-16mdv", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"kernel-legacy-2.6.17.16mdv-1-1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"kernel-legacy-latest-2.6.17-16mdv", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"kernel-source-2.6.17.16mdv-1-1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"kernel-source-latest-2.6.17-16mdv", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"kernel-source-stripped-2.6.17.16mdv-1-1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"kernel-source-stripped-latest-2.6.17-16mdv", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"kernel-xen0-2.6.17.16mdv-1-1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"kernel-xen0-latest-2.6.17-16mdv", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"kernel-xenU-2.6.17.16mdv-1-1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"kernel-xenU-latest-2.6.17-16mdv", yank:"mdv")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mandriva | linux | kernel-2.6.17.16mdv | p-cpe:/a:mandriva:linux:kernel-2.6.17.16mdv |
| mandriva | linux | kernel-doc-2.6.17.16mdv | p-cpe:/a:mandriva:linux:kernel-doc-2.6.17.16mdv |
| mandriva | linux | kernel-doc-latest | p-cpe:/a:mandriva:linux:kernel-doc-latest |
| mandriva | linux | kernel-enterprise-2.6.17.16mdv | p-cpe:/a:mandriva:linux:kernel-enterprise-2.6.17.16mdv |
| mandriva | linux | kernel-enterprise-latest | p-cpe:/a:mandriva:linux:kernel-enterprise-latest |
| mandriva | linux | kernel-latest | p-cpe:/a:mandriva:linux:kernel-latest |
| mandriva | linux | kernel-legacy-2.6.17.16mdv | p-cpe:/a:mandriva:linux:kernel-legacy-2.6.17.16mdv |
| mandriva | linux | kernel-legacy-latest | p-cpe:/a:mandriva:linux:kernel-legacy-latest |
| mandriva | linux | kernel-source-2.6.17.16mdv | p-cpe:/a:mandriva:linux:kernel-source-2.6.17.16mdv |
| mandriva | linux | kernel-source-latest | p-cpe:/a:mandriva:linux:kernel-source-latest |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3105
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3513
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3642
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3848
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4308
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4573
Related
openvas
openvas
Mandriva Update for kernel MDKSA-2007:195 (kernel)
2009-04-09 00:00:00
Mandriva Update for kernel MDKSA-2007:195 (kernel)
2009-04-09 00:00:00
Ubuntu Update for linux-source-2.6.17 vulnerabilities USN-509-1
2009-03-23 00:00:00
nessus
nessus
Ubuntu 6.10 : linux-source-2.6.17 vulnerabilities (USN-509-1)
2007-11-10 00:00:00
Ubuntu 7.04 : linux-source-2.6.20 vulnerabilities (USN-510-1)
2007-11-10 00:00:00
Oracle Linux 5 : kernel (ELSA-2007-0940)
2013-07-12 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2007-08-30 00:00:00
Linux kernel vulnerabilities
2007-08-31 00:00:00
Linux kernel vulnerabilities
2007-08-31 00:00:00
oraclelinux
oraclelinux
Important: kernel security update
2007-09-28 00:00:00
Important:kernel security update
2007-10-23 00:00:00
Important: kernel security update
2007-09-30 00:00:00
securityvulns
securityvulns
Multiple Linux kernel vulnerabilities
2007-08-17 00:00:00
Linux aacraid driver IOCTL privilege escalation
2007-08-31 00:00:00
centos
centos
kernel security update
2007-10-23 22:22:36
kernel security update
2007-11-03 02:32:41
kernel security update
2007-12-03 19:44:42
redhat
redhat
(RHSA-2007:0940) Important: kernel security update
2007-10-22 00:00:00
(RHSA-2007:0939) Important: kernel security update
2007-11-01 00:00:00
(RHSA-2007:0936) Important: kernel security update
2007-09-27 00:00:00
debian
debian
[SECURITY] [DSA 1504-1] New Linux kernel 2.6.8 packages fix several issues
2008-02-22 21:27:33
suse
suse
local privilege escalation in kernel
2007-10-12 16:04:36
remote denial of service in kernel
2008-03-28 14:11:32
remote denial of service in kernel
2007-09-06 17:18:55
osv
osv
linux-2.6
2007-08-31 00:00:00
linux-2.6 - several vulnerabilities
2007-08-15 00:00:00
kernel-image-2.6.8 - several issues
2008-02-22 00:00:00
cvelist
cvelist
cve
cve
fedora
fedora
[SECURITY] Fedora Core 6 Update: kernel-2.6.22.1-32.fc6
2007-08-09 14:24:05
[SECURITY] Fedora 7 Update: kernel-2.6.22.4-65.fc7
2007-08-24 05:44:00
[SECURITY] Fedora 7 Update: kernel-2.6.22.1-27.fc7
2007-07-20 19:34:57
ubuntucve
ubuntucve
prion
prion
Null pointer dereference
2007-07-10 01:30:00
Path traversal
2007-08-13 21:17:00
Memory corruption
2007-07-03 10:30:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:21:21
Privilege Escalation
2020-04-10 00:21:25
Arbitrary Code Execution
2020-04-10 00:19:26
f5
f5
SOL8171 - Linux kernel IA32 System Call vulnerability - CVE-2007-4573
2007-12-20 00:00:00
K8171 : Linux kernel IA32 System Call vulnerability - CVE-2007-4573
2013-03-19 00:00:00
redhatcve
redhatcve
CVE-2007-3642
2015-10-30 10:28:27
nvd
nvd
vmware
vmware
Updated aacraid driver and Samba and Python service console updates
2008-02-04 00:00:00
Updated aacraid driver and Samba and Python service console updates
2008-02-04 00:00:00
CVSS2
7.8
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
EPSS
0.069
Percentile
94.0%
Related for MANDRAKE_MDKSA-2007-195.NASL