Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2003-419.NASL
HistoryJul 06, 2004 - 12:00 a.m.

RHEL 2.1 : kernel (RHSA-2003:419)

2004-07-0600:00:00
This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS

0

Percentile

9.7%

JSON

Updated kernel packages are now available that fix a security vulnerability which may allow local users to gain root privileges.

The Linux kernel handles the basic functions of the operating system.

Paul Starzetz discovered a flaw in bounds checking in mremap() in the Linux kernel versions 2.4.23 and previous which may allow a local attacker to gain root privileges. No exploit is currently available;
however, it is believed that this issue is exploitable (although not trivially.) The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0985 to this issue.

All users are advised to upgrade to these errata packages, which contain a backported security patch that corrects this issue.

Red Hat would like to thank Paul Starzetz from ISEC for disclosing this issue as well as Andrea Arcangeli and Solar Designer for working on the patch.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2003:419. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(12444);
  script_version("1.27");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2003-0985");
  script_xref(name:"RHSA", value:"2003:419");

  script_name(english:"RHEL 2.1 : kernel (RHSA-2003:419)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated kernel packages are now available that fix a security
vulnerability which may allow local users to gain root privileges.

The Linux kernel handles the basic functions of the operating system.

Paul Starzetz discovered a flaw in bounds checking in mremap() in the
Linux kernel versions 2.4.23 and previous which may allow a local
attacker to gain root privileges. No exploit is currently available;
however, it is believed that this issue is exploitable (although not
trivially.) The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2003-0985 to this issue.

All users are advised to upgrade to these errata packages, which
contain a backported security patch that corrects this issue.

Red Hat would like to thank Paul Starzetz from ISEC for disclosing
this issue as well as Andrea Arcangeli and Solar Designer for working
on the patch."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2003-0985"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2003:419"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-BOOT");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-enterprise");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-summit");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2004/01/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2004/01/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
include("ksplice.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2003-0985");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2003:419");
  }
  else
  {
    __rpm_report = ksplice_reporting_text();
  }
}

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2003:419";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL2.1", cpu:"i686", reference:"kernel-2.4.9-e.35")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kernel-BOOT-2.4.9-e.35")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i686", reference:"kernel-debug-2.4.9-e.35")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kernel-doc-2.4.9-e.35")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i686", reference:"kernel-enterprise-2.4.9-e.35")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kernel-headers-2.4.9-e.35")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i686", reference:"kernel-smp-2.4.9-e.35")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kernel-source-2.4.9-e.35")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i686", reference:"kernel-summit-2.4.9-e.35")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-BOOT / kernel-debug / kernel-doc / etc");
  }
}
VendorProductVersionCPE
redhatenterprise_linuxkernelp-cpe:/a:redhat:enterprise_linux:kernel
redhatenterprise_linuxkernel-bootp-cpe:/a:redhat:enterprise_linux:kernel-boot
redhatenterprise_linuxkernel-debugp-cpe:/a:redhat:enterprise_linux:kernel-debug
redhatenterprise_linuxkernel-docp-cpe:/a:redhat:enterprise_linux:kernel-doc
redhatenterprise_linuxkernel-enterprisep-cpe:/a:redhat:enterprise_linux:kernel-enterprise
redhatenterprise_linuxkernel-headersp-cpe:/a:redhat:enterprise_linux:kernel-headers
redhatenterprise_linuxkernel-smpp-cpe:/a:redhat:enterprise_linux:kernel-smp
redhatenterprise_linuxkernel-sourcep-cpe:/a:redhat:enterprise_linux:kernel-source
redhatenterprise_linuxkernel-summitp-cpe:/a:redhat:enterprise_linux:kernel-summit
redhatenterprise_linux2.1cpe:/o:redhat:enterprise_linux:2.1

Related

nessus 16
osv 10
exploitpack 1
slackware 3
redhat 3
openvas 31
ubuntucve 2
debian 22
securityvulns 1
suse 2
exploitdb 1
cert 2
cvelist 2
nvd 3
cve 3
nessus
nessus
Debian DSA-413-2 : linux-kernel-2.4.18 - missing boundary check
2004-09-29 00:00:00
Slackware 8.1 : Slackware 8.1 kernel security update (SSA:2004-008-01)
2005-07-13 00:00:00
Debian DSA-427-1 : linux-kernel-2.4.17-mips+mipsel - missing boundary check
2004-09-29 00:00:00
osv
osv
linux-kernel-2.4.18 - missing boundary check
2004-01-06 00:00:00
linux-kernel-2.4.17-mips+mipsel - missing boundary check
2004-01-19 00:00:00
linux-kernel-2.4.18-powerpc+alpha - missing boundary check
2004-01-07 00:00:00
exploitpack
exploitpack
Linux Kernel 2.2.252.4.242.6.2 - mremap() Validator
2004-02-18 00:00:00
slackware
slackware
Kernel security update
2004-01-06 20:00:02
Slackware 8.1 kernel security update
2004-01-08 20:04:57
Kernel security update
2004-02-18 04:37:55
redhat
redhat
(RHSA-2003:416) kernel security update
2004-01-07 00:00:00
(RHSA-2003:419) kernel security update
2004-01-05 00:00:00
(RHSA-2003:418) kernel security update
2004-01-05 00:00:00
openvas
openvas
Debian Security Advisory DSA 417-1 (kernel-patch-2.4.18-powerpc, kernel-image-2.4.18-1-alpha)
2008-01-17 00:00:00
Slackware: Security Advisory (SSA:2004-006-01)
2012-09-10 00:00:00
Slackware: Security Advisory (SSA:2004-008-01)
2022-04-21 00:00:00
ubuntucve
ubuntucve
CVE-2003-0985
2004-01-20 00:00:00
CVE-2004-0077
2004-03-03 00:00:00
debian
debian
[SECURITY] [DSA 417-1] New Linux 2.4.18 packages fix local root exploit (powerpc+alpha)
2004-01-07 12:26:50
[SECURITY] [DSA 417-2] New Linux 2.4.18 packages fix local root exploit (alpha)
2004-01-09 13:52:19
[SECURITY] [DSA 413-1] New Linux 2.4.18 packages fix locate root exploit
2004-01-06 16:02:49
securityvulns
securityvulns
[Full-Disclosure] Linux kernel mremap vulnerability
2004-01-05 00:00:00
suse
suse
local system compromise in Linux Kernel
2004-01-05 19:31:04
local system compromise in Linux Kernel (x86_64, AMD64)
2004-01-15 15:10:36
exploitdb
exploitdb
Linux Kernel 2.2.25/2.4.24/2.6.2 - &#039;mremap()&#039; Validator
2004-02-18 00:00:00
cert
cert
Linux kernel do_mremap() call creates virtual memory area of 0 bytes in length
2004-03-09 00:00:00
Linux kernel mremap(2) system call does not properly check return value from do_munmap() function
2004-03-10 00:00:00
cvelist
cvelist
CVE-2004-0077
2004-09-01 04:00:00
CVE-2003-0985
2004-09-01 04:00:00
nvd
nvd
CVE-2004-0077
2004-03-03 05:00:00
CVE-2005-0528
2005-12-31 05:00:00
CVE-2003-0985
2004-01-20 05:00:00
cve
cve
CVE-2004-0077
2004-09-01 04:00:00
CVE-2003-0985
2004-09-01 04:00:00
CVE-2005-0528
2022-10-03 16:22:51

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS

0

Percentile

9.7%

JSON
Related for REDHAT-RHSA-2003-419.NASL
nessus16osv10exploitpack1slackware3redhat3openvas31ubuntucve2debian22securityvulns1suse2exploitdb1cert2cvelist2nvd3cve3