7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
6.9 Medium
AI Score
Confidence
High
0.167 Low
EPSS
Percentile
96.1%
The remote Redhat Enterprise Linux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2005:514 advisory.
security flaw (CVE-2005-0756, CVE-2005-1265, CVE-2005-1761, CVE-2005-1762, CVE-2005-1763, CVE-2005-2098, CVE-2005-2099, CVE-2005-2100, CVE-2005-2456, CVE-2005-2490, CVE-2005-2492, CVE-2005-2555, CVE-2005-2801, CVE-2005-2872, CVE-2005-3105, CVE-2005-3274, CVE-2005-3275, CVE-2006-5871)
Fix ipv6 exthdr bug causing Oops (CVE-2005-4886)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2005:514. The text
# itself is copyright (C) Red Hat, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(19989);
script_version("1.28");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/27");
script_cve_id(
"CVE-2005-0756",
"CVE-2005-1265",
"CVE-2005-1761",
"CVE-2005-1762",
"CVE-2005-1763",
"CVE-2005-2098",
"CVE-2005-2099",
"CVE-2005-2100",
"CVE-2005-2456",
"CVE-2005-2490",
"CVE-2005-2492",
"CVE-2005-2555",
"CVE-2005-2801",
"CVE-2005-2872",
"CVE-2005-3105",
"CVE-2005-3274",
"CVE-2005-3275",
"CVE-2005-4886",
"CVE-2006-5871"
);
script_xref(name:"RHSA", value:"2005:514");
script_name(english:"RHEL 4 : Updated kernel packages available for Red Hat Enterprise Linux 4 Update 2 (Important) (RHSA-2005:514)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 4 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2005:514 advisory.
- security flaw (CVE-2005-0756, CVE-2005-1265, CVE-2005-1761, CVE-2005-1762, CVE-2005-1763, CVE-2005-2098,
CVE-2005-2099, CVE-2005-2100, CVE-2005-2456, CVE-2005-2490, CVE-2005-2492, CVE-2005-2555, CVE-2005-2801,
CVE-2005-2872, CVE-2005-3105, CVE-2005-3274, CVE-2005-3275, CVE-2006-5871)
- Fix ipv6 exthdr bug causing Oops (CVE-2005-4886)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://access.redhat.com/security/data/csaf/v2/advisories/2005/rhsa-2005_514.json
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?aee68d87");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#important");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=114578");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=130914");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=134790");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=135669");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=137343");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=140002");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=141783");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=142989");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=144668");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=145575");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=145648");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=145659");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=145976");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=146187");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=147233");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=147496");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=149478");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=149919");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=149979");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=150152");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=151222");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=151315");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=151323");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=151429");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=152162");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=152440");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=152619");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=152982");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=154055");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=154100");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=154347");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=154435");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=154442");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=154451");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=154733");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=155278");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=155344");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=155354");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=155706");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=155932");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=156010");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=156705");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=157239");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=157725");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=157900");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=158107");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=158293");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=158878");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=158883");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=158930");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=158974");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=159640");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=159671");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=159739");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=159765");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=159918");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=159921");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=160028");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=160117");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=160518");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=160522");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=160524");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=160526");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=160528");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=160547");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=160548");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=160654");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=160663");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=160812");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=160882");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=161143");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=161156");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=161314");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=161789");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=161995");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=162108");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=162257");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=162548");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=162728");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=163528");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=164094");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=164228");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=164338");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=164449");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=164450");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=164628");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=164630");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=164979");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=164991");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=165127");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=165163");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=165242");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=165384");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=165547");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=165560");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=165717");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=166131");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=166248");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=166830");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=167126");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=167412");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=167668");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=167703");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=167711");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2005:514");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2005-1763");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2005-2801");
script_set_attribute(attribute:"vendor_severity", value:"Important");
script_set_attribute(attribute:"vuln_publication_date", value:"2005/06/08");
script_set_attribute(attribute:"patch_publication_date", value:"2005/10/05");
script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/11");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2005-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl", "redhat_repos.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
include('ksplice.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '4')) audit(AUDIT_OS_NOT, 'Red Hat 4.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
if (get_one_kb_item('Host/ksplice/kernel-cves'))
{
rm_kb_item(name:'Host/uptrack-uname-r');
var cve_list = make_list('CVE-2005-0756', 'CVE-2005-1265', 'CVE-2005-1761', 'CVE-2005-1762', 'CVE-2005-1763', 'CVE-2005-2098', 'CVE-2005-2099', 'CVE-2005-2100', 'CVE-2005-2456', 'CVE-2005-2490', 'CVE-2005-2492', 'CVE-2005-2555', 'CVE-2005-2801', 'CVE-2005-2872', 'CVE-2005-3105', 'CVE-2005-3274', 'CVE-2005-3275', 'CVE-2005-4886', 'CVE-2006-5871');
if (ksplice_cves_check(cve_list))
{
audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2005:514');
}
else
{
__rpm_report = ksplice_reporting_text();
}
}
var constraints = [
{
'repo_relative_urls': [
'content/dist/rhel/as/4/4AS/i386/os',
'content/dist/rhel/as/4/4AS/i386/source/SRPMS',
'content/dist/rhel/as/4/4AS/x86_64/os',
'content/dist/rhel/as/4/4AS/x86_64/source/SRPMS',
'content/dist/rhel/desktop/4/4Desktop/i386/os',
'content/dist/rhel/desktop/4/4Desktop/i386/source/SRPMS',
'content/dist/rhel/desktop/4/4Desktop/x86_64/os',
'content/dist/rhel/desktop/4/4Desktop/x86_64/source/SRPMS',
'content/dist/rhel/es/4/4ES/i386/os',
'content/dist/rhel/es/4/4ES/i386/source/SRPMS',
'content/dist/rhel/es/4/4ES/x86_64/os',
'content/dist/rhel/es/4/4ES/x86_64/source/SRPMS',
'content/dist/rhel/system-z/4/4AS/s390/os',
'content/dist/rhel/system-z/4/4AS/s390/source/SRPMS',
'content/dist/rhel/system-z/4/4AS/s390x/os',
'content/dist/rhel/system-z/4/4AS/s390x/source/SRPMS',
'content/dist/rhel/ws/4/4WS/i386/os',
'content/dist/rhel/ws/4/4WS/i386/source/SRPMS',
'content/dist/rhel/ws/4/4WS/x86_64/os',
'content/dist/rhel/ws/4/4WS/x86_64/source/SRPMS'
],
'pkgs': [
{'reference':'kernel-2.6.9-22.EL', 'cpu':'i686', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-2.6.9-22.EL', 'cpu':'ppc64', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-2.6.9-22.EL', 'cpu':'ppc64iseries', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-2.6.9-22.EL', 'cpu':'s390', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-2.6.9-22.EL', 'cpu':'s390x', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-2.6.9-22.EL', 'cpu':'x86_64', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-devel-2.6.9-22.EL', 'cpu':'i686', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-devel-2.6.9-22.EL', 'cpu':'ppc64', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-devel-2.6.9-22.EL', 'cpu':'ppc64iseries', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-devel-2.6.9-22.EL', 'cpu':'s390', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-devel-2.6.9-22.EL', 'cpu':'s390x', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-devel-2.6.9-22.EL', 'cpu':'x86_64', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-hugemem-2.6.9-22.EL', 'cpu':'i686', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-hugemem-devel-2.6.9-22.EL', 'cpu':'i686', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-smp-2.6.9-22.EL', 'cpu':'i686', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-smp-2.6.9-22.EL', 'cpu':'x86_64', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-smp-devel-2.6.9-22.EL', 'cpu':'i686', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-smp-devel-2.6.9-22.EL', 'cpu':'x86_64', 'release':'4', 'rpm_spec_vers_cmp':TRUE}
]
}
];
var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
foreach var pkg ( constraint_array['pkgs'] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
_release &&
rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
(applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
else extra = rpm_report_get();
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : extra
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-devel / kernel-hugemem / kernel-hugemem-devel / etc');
}
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | enterprise_linux | kernel | p-cpe:/a:redhat:enterprise_linux:kernel |
redhat | enterprise_linux | kernel-devel | p-cpe:/a:redhat:enterprise_linux:kernel-devel |
redhat | enterprise_linux | kernel-hugemem | p-cpe:/a:redhat:enterprise_linux:kernel-hugemem |
redhat | enterprise_linux | kernel-hugemem-devel | p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-devel |
redhat | enterprise_linux | kernel-smp | p-cpe:/a:redhat:enterprise_linux:kernel-smp |
redhat | enterprise_linux | kernel-smp-devel | p-cpe:/a:redhat:enterprise_linux:kernel-smp-devel |
redhat | enterprise_linux | 4 | cpe:/o:redhat:enterprise_linux:4 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0756
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1265
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1761
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1762
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1763
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2098
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2099
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2100
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2456
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2490
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2492
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2555
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2801
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2872
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3105
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3274
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3275
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4886
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5871
www.nessus.org/u?aee68d87
access.redhat.com/errata/RHSA-2005:514
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=114578
bugzilla.redhat.com/show_bug.cgi?id=130914
bugzilla.redhat.com/show_bug.cgi?id=134790
bugzilla.redhat.com/show_bug.cgi?id=135669
bugzilla.redhat.com/show_bug.cgi?id=137343
bugzilla.redhat.com/show_bug.cgi?id=140002
bugzilla.redhat.com/show_bug.cgi?id=141783
bugzilla.redhat.com/show_bug.cgi?id=142989
bugzilla.redhat.com/show_bug.cgi?id=144668
bugzilla.redhat.com/show_bug.cgi?id=145575
bugzilla.redhat.com/show_bug.cgi?id=145648
bugzilla.redhat.com/show_bug.cgi?id=145659
bugzilla.redhat.com/show_bug.cgi?id=145976
bugzilla.redhat.com/show_bug.cgi?id=146187
bugzilla.redhat.com/show_bug.cgi?id=147233
bugzilla.redhat.com/show_bug.cgi?id=147496
bugzilla.redhat.com/show_bug.cgi?id=149478
bugzilla.redhat.com/show_bug.cgi?id=149919
bugzilla.redhat.com/show_bug.cgi?id=149979
bugzilla.redhat.com/show_bug.cgi?id=150152
bugzilla.redhat.com/show_bug.cgi?id=151222
bugzilla.redhat.com/show_bug.cgi?id=151315
bugzilla.redhat.com/show_bug.cgi?id=151323
bugzilla.redhat.com/show_bug.cgi?id=151429
bugzilla.redhat.com/show_bug.cgi?id=152162
bugzilla.redhat.com/show_bug.cgi?id=152440
bugzilla.redhat.com/show_bug.cgi?id=152619
bugzilla.redhat.com/show_bug.cgi?id=152982
bugzilla.redhat.com/show_bug.cgi?id=154055
bugzilla.redhat.com/show_bug.cgi?id=154100
bugzilla.redhat.com/show_bug.cgi?id=154347
bugzilla.redhat.com/show_bug.cgi?id=154435
bugzilla.redhat.com/show_bug.cgi?id=154442
bugzilla.redhat.com/show_bug.cgi?id=154451
bugzilla.redhat.com/show_bug.cgi?id=154733
bugzilla.redhat.com/show_bug.cgi?id=155278
bugzilla.redhat.com/show_bug.cgi?id=155344
bugzilla.redhat.com/show_bug.cgi?id=155354
bugzilla.redhat.com/show_bug.cgi?id=155706
bugzilla.redhat.com/show_bug.cgi?id=155932
bugzilla.redhat.com/show_bug.cgi?id=156010
bugzilla.redhat.com/show_bug.cgi?id=156705
bugzilla.redhat.com/show_bug.cgi?id=157239
bugzilla.redhat.com/show_bug.cgi?id=157725
bugzilla.redhat.com/show_bug.cgi?id=157900
bugzilla.redhat.com/show_bug.cgi?id=158107
bugzilla.redhat.com/show_bug.cgi?id=158293
bugzilla.redhat.com/show_bug.cgi?id=158878
bugzilla.redhat.com/show_bug.cgi?id=158883
bugzilla.redhat.com/show_bug.cgi?id=158930
bugzilla.redhat.com/show_bug.cgi?id=158974
bugzilla.redhat.com/show_bug.cgi?id=159640
bugzilla.redhat.com/show_bug.cgi?id=159671
bugzilla.redhat.com/show_bug.cgi?id=159739
bugzilla.redhat.com/show_bug.cgi?id=159765
bugzilla.redhat.com/show_bug.cgi?id=159918
bugzilla.redhat.com/show_bug.cgi?id=159921
bugzilla.redhat.com/show_bug.cgi?id=160028
bugzilla.redhat.com/show_bug.cgi?id=160117
bugzilla.redhat.com/show_bug.cgi?id=160518
bugzilla.redhat.com/show_bug.cgi?id=160522
bugzilla.redhat.com/show_bug.cgi?id=160524
bugzilla.redhat.com/show_bug.cgi?id=160526
bugzilla.redhat.com/show_bug.cgi?id=160528
bugzilla.redhat.com/show_bug.cgi?id=160547
bugzilla.redhat.com/show_bug.cgi?id=160548
bugzilla.redhat.com/show_bug.cgi?id=160654
bugzilla.redhat.com/show_bug.cgi?id=160663
bugzilla.redhat.com/show_bug.cgi?id=160812
bugzilla.redhat.com/show_bug.cgi?id=160882
bugzilla.redhat.com/show_bug.cgi?id=161143
bugzilla.redhat.com/show_bug.cgi?id=161156
bugzilla.redhat.com/show_bug.cgi?id=161314
bugzilla.redhat.com/show_bug.cgi?id=161789
bugzilla.redhat.com/show_bug.cgi?id=161995
bugzilla.redhat.com/show_bug.cgi?id=162108
bugzilla.redhat.com/show_bug.cgi?id=162257
bugzilla.redhat.com/show_bug.cgi?id=162548
bugzilla.redhat.com/show_bug.cgi?id=162728
bugzilla.redhat.com/show_bug.cgi?id=163528
bugzilla.redhat.com/show_bug.cgi?id=164094
bugzilla.redhat.com/show_bug.cgi?id=164228
bugzilla.redhat.com/show_bug.cgi?id=164338
bugzilla.redhat.com/show_bug.cgi?id=164449
bugzilla.redhat.com/show_bug.cgi?id=164450
bugzilla.redhat.com/show_bug.cgi?id=164628
bugzilla.redhat.com/show_bug.cgi?id=164630
bugzilla.redhat.com/show_bug.cgi?id=164979
bugzilla.redhat.com/show_bug.cgi?id=164991
bugzilla.redhat.com/show_bug.cgi?id=165127
bugzilla.redhat.com/show_bug.cgi?id=165163
bugzilla.redhat.com/show_bug.cgi?id=165242
bugzilla.redhat.com/show_bug.cgi?id=165384
bugzilla.redhat.com/show_bug.cgi?id=165547
bugzilla.redhat.com/show_bug.cgi?id=165560
bugzilla.redhat.com/show_bug.cgi?id=165717
bugzilla.redhat.com/show_bug.cgi?id=166131
bugzilla.redhat.com/show_bug.cgi?id=166248
bugzilla.redhat.com/show_bug.cgi?id=166830
bugzilla.redhat.com/show_bug.cgi?id=167126
bugzilla.redhat.com/show_bug.cgi?id=167412
bugzilla.redhat.com/show_bug.cgi?id=167668
bugzilla.redhat.com/show_bug.cgi?id=167703
bugzilla.redhat.com/show_bug.cgi?id=167711
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
6.9 Medium
AI Score
Confidence
High
0.167 Low
EPSS
Percentile
96.1%