ID CVE-2008-0007
Summary Linux kernel before 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allows local users to access kernel memory via an out-of-range offset.
References
Vulnerable Configurations
  • Linux Kernel 2.6.22.16
    cpe:2.3:o:linux:linux_kernel:2.6.22.16
CVSS
Base: 7.2 (as of 08-02-2008 - 13:02)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-618-1.NASL
    description It was discovered that the ALSA /proc interface did not write the correct number of bytes when reporting memory allocations. A local attacker might be able to access sensitive kernel memory, leading to a loss of privacy. (CVE-2007-4571) Multiple buffer overflows were discovered in the handling of CIFS filesystems. A malicious CIFS server could cause a client system crash or possibly execute arbitrary code with kernel privileges. (CVE-2007-5904) It was discovered that PowerPC kernels did not correctly handle reporting certain system details. By requesting a specific set of information, a local attacker could cause a system crash resulting in a denial of service. (CVE-2007-6694) It was discovered that some device driver fault handlers did not correctly verify memory ranges. A local attacker could exploit this to access sensitive kernel memory, possibly leading to a loss of privacy. (CVE-2008-0007) It was discovered that CPU resource limits could be bypassed. A malicious local user could exploit this to avoid administratively imposed resource limits. (CVE-2008-1294) A race condition was discovered between dnotify fcntl() and close() in the kernel. If a local attacker performed malicious dnotify requests, they could cause memory consumption leading to a denial of service, or possibly send arbitrary signals to any process. (CVE-2008-1375) On SMP systems, a race condition existed in fcntl(). Local attackers could perform malicious locks, causing system crashes and leading to a denial of service. (CVE-2008-1669). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 33255
    published 2008-06-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33255
    title Ubuntu 6.06 LTS / 7.04 / 7.10 : linux-source-2.6.15/20/22 vulnerabilities (USN-618-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2008-112.NASL
    description Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel : The Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.18, and probably other versions, does not properly check feature lengths, which might allow remote attackers to execute arbitrary code, related to an unspecified overflow. (CVE-2008-2358) VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before 2.6.23.14, performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass intended permissions and remove directories. (CVE-2008-0001) Linux kernel before 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allows local users to access kernel memory via an out-of-range offset. (CVE-2008-0007) Integer overflow in the hrtimer_start function in kernel/hrtimer.c in the Linux kernel before 2.6.23.10 allows local users to execute arbitrary code or cause a denial of service (panic) via a large relative timeout value. NOTE: some of these details are obtained from third-party information. (CVE-2007-5966) The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances related to tmpfs, which might allow local users to read sensitive kernel data or cause a denial of service (crash). (CVE-2007-6417) The isdn_ioctl function in isdn_common.c in Linux kernel 2.6.23 allows local users to cause a denial of service via a crafted ioctl struct in which iocts is not null terminated, which triggers a buffer overflow. (CVE-2007-6151) The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information. (CVE-2007-6206) Buffer overflow in the isdn_net_setcfg function in isdn_net.c in Linux kernel 2.6.23 allows local users to have an unknown impact via a crafted argument to the isdn_ioctl function. (CVE-2007-6063) The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash) via unspecified vectors. NOTE: some of these details are obtained from third-party information. (CVE-2007-5500) The minix filesystem code in Linux kernel 2.6.x before 2.6.24, including 2.6.18, allows local users to cause a denial of service (hang) via a malformed minix file stream that triggers an infinite loop in the minix_bmap function. NOTE: this issue might be due to an integer overflow or signedness error. (CVE-2006-6058) To update your kernel, please follow the directions located at : http://www.mandriva.com/en/security/kernelupdate
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 36852
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36852
    title Mandriva Linux Security Advisory : kernel (MDVSA-2008:112)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1565.NASL
    description Several local vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-6694 Cyrill Gorcunov reported a NULL pointer dereference in code specific to the CHRP PowerPC platforms. Local users could exploit this issue to achieve a Denial of Service (DoS). - CVE-2008-0007 Nick Piggin of SuSE discovered a number of issues in subsystems which register a fault handler for memory mapped areas. This issue can be exploited by local users to achieve a Denial of Service (DoS) and possibly execute arbitrary code. - CVE-2008-1294 David Peer discovered that users could escape administrator imposed cpu time limitations (RLIMIT_CPU) by setting a limit of 0. - CVE-2008-1375 Alexander Viro discovered a race condition in the directory notification subsystem that allows local users to cause a Denial of Service (oops) and possibly result in an escalation of privileges.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 32127
    published 2008-05-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32127
    title Debian DSA-1565-1 : linux-2.6 - several vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KERNEL-4929.NASL
    description This kernel update fixes the following security problems : CVE-2008-0007: Insufficient range checks in certain fault handlers could be used by local attackers to potentially read or write kernel memory. CVE-2008-0001: Incorrect access mode checks could be used by local attackers to corrupt directory contents and so cause denial of service attacks or potentially execute code. CVE-2007-5966: Integer overflow in the hrtimer_start function in kernel/hrtimer.c in the Linux kernel before 2.6.23.10 allows local users to execute arbitrary code or cause a denial of service (panic) via a large relative timeout value. NOTE: some of these details are obtained from third-party information. CVE-2007-3843: The Linux kernel checked the wrong global variable for the CIFS sec mount option, which might allow remote attackers to spoof CIFS network traffic that the client configured for security signatures, as demonstrated by lack of signing despite sec=ntlmv2i in a SetupAndX request. CVE-2007-2242: The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers. CVE-2007-6417: The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances, which might allow local users to read sensitive kernel data or cause a denial of service (crash). CVE-2007-4308: The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI layer ioctl path in aacraid in the Linux kernel did not check permissions for ioctls, which might have allowed local users to cause a denial of service or gain privileges. CVE-2007-3740: The CIFS filesystem, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges. CVE-2007-3848: The Linux kernel allowed local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death signal (PR_SET_PDEATHSIG). CVE-2007-4997: Integer underflow in the ieee80211_rx function in net/ieee80211/ieee80211_rx.c in the Linux kernel allowed remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set, aka an 'off-by-two error.' CVE-2007-6063: Buffer overflow in the isdn_net_setcfg function in isdn_net.c in the Linux kernel allowed local users to have an unknown impact via a crafted argument to the isdn_ioctl function. CVE-none-yet: A failed change_hat call can result in an apparmored task becoming unconfined (326546). and the following non security bugs : - patches.suse/apparmor-r206-310260.diff: AppArmor - add audit capability names (310260). - patches.suse/apparmor-r326-240982.diff: AppArmor - fix memory corruption if policy load fails (240982). - patches.suse/apparmor-r400-221567.diff: AppArmor - kernel dead locks when audit back log occurs (221567). - patches.suse/apparmor-r405-247679.diff: AppArmor - apparmor fails to log link reject in complain mode (247679). - patches.suse/apparmor-r473-326556.diff: AppArmor - fix race on ambiguous deleted file name (326556). - patches.suse/apparmor-r479-257748.diff: AppArmor - fix kernel crash that can occur on profile removal (257748). - patches.fixes/usb_unusual_292931.diff: add quirk needed for 1652:6600 (292931). - patches.drivers/r8169-perform-a-PHY-reset-before.patch: r8169: perform a PHY reset before any other operation at boot time (345658). - patches.drivers/r8169-more-alignment-for-the-0x8168: refresh. - patches.fixes/usb_336850.diff: fix missing quirk leading to a device disconnecting under load (336850). - patches.fixes/avm-fix-capilib-locking: [ISDN] Fix random hard freeze with AVM cards. (#341894)
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 30142
    published 2008-02-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30142
    title openSUSE 10 Security Update : kernel (kernel-4929)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KERNEL-4970.NASL
    description This kernel update is a respin of a previous one that broke CPUFREQ support (bug 357598). Previous changes : This kernel update fixes the following security problems : CVE-2008-0007: Insufficient range checks in certain fault handlers could be used by local attackers to potentially read or write kernel memory. CVE-2008-0001: Incorrect access mode checks could be used by local attackers to corrupt directory contents and so cause denial of service attacks or potentially execute code. CVE-2007-5966: Integer overflow in the hrtimer_start function in kernel/hrtimer.c in the Linux kernel before 2.6.23.10 allows local users to execute arbitrary code or cause a denial of service (panic) via a large relative timeout value. NOTE: some of these details are obtained from third-party information. CVE-2007-3843: The Linux kernel checked the wrong global variable for the CIFS sec mount option, which might allow remote attackers to spoof CIFS network traffic that the client configured for security signatures, as demonstrated by lack of signing despite sec=ntlmv2i in a SetupAndX request. CVE-2007-6417: The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances, which might allow local users to read sensitive kernel data or cause a denial of service (crash). And the following bugs (numbers are https://bugzilla.novell.com/ references) : - patches.fixes/input-add-amilo-pro-v-to-nomux.patch: Add Fujitsu-Siemens Amilo Pro 2010 to nomux list (345699). - patches.arch/acpica-psd.patch: Changed resolution of named references in packages (https://bugzilla.novell.com/show_bug.cgi?id=346831). - patches.fixes/acpica_sizeof.patch: SizeOf operator ACPI interpreter fix (http://bugzilla.kernel.org/show_bug.cgi?id=9558). - patches.drivers/libata-sata_sis-fix-scr-access: sata_sis: fix SCR access (331610). - patches.drivers/libata-tape-fix: libata: backport tape support fixes (345438). - patches.arch/powernowk8_family_freq_from_fiddid.patch: To find the frequency given the fid and did is family dependent. (#332722). - patches.drivers/libata-force-cable-type: libata: implement libata.force_cbl parameter (337610). - patches.drivers/libata-sata_nv-disable-ADMA: sata_nv: disable ADMA by default (346508). - patches.fixes/via-velocity-dont-oops-on-mtu-change-1: [VIA_VELOCITY]: Don't oops on MTU change. (341537). - patches.fixes/via-velocity-dont-oops-on-mtu-change-2: via-velocity: don't oops on MTU change while down (341537). - patches.fixes/sony-laptop-call-sonypi_compat_init-earlier: s ony-laptop: call sonypi_compat_init earlier (343483). - Updated kABI symbols for 2.6.22.15 changes, and Xen x86_64 changes. - series.conf file cleanup: group together latency tracing patches. - Fix a memory leak and a panic in drivers/block/cciss.c patches.drivers/cciss-panic-in-blk_rq_map_sg: Panic in blk_rq_map_sg() from CCISS driver. - patches.drivers/cciss-fix_memory_leak : - Address missed-interrupt issues discovered upstream. - Update to 2.6.22.15 - fixes CVE-2007-5966 - lots of libata fixes, which cause the following to be removed : - patches.drivers/libata-add-NCQ-spurious-completion-horka ges - patches.drivers/libata-add-ST9120822AS-to-NCQ-blacklist - patches.drivers/libata-disable-NCQ-for-ST9160821AS-3.ALD - removed patches already in this release : - patches.fixes/i4l-avoid-copying-an-overly-long-string.pa tch : - patches.fixes/ramdisk-2.6.23-corruption_fix.diff - patches.fixes/microtek_hal.diff: Delete. - fixed previous poweroff regression from 2.6.22.10 - lots of other fixes and some new pci ids. - Thousands of changes in patches.rt/ for the kernel-rt* kernels. - patches.fixes/usb_336850.diff: fix missing quirk leading to a device disconnecting under load (336850). - patches.fixes/nfs-unmount-leak.patch: NFSv2/v3: Fix a memory leak when using -onolock (336253). - add xenfb-module-param patch to make Xen virtual frame buffer configurable in the guest domains, instead of a fixed resolution of 800x600. - patches.xen/xen3-aux-at_vector_size.patch: Also include x86-64 (310037). - patches.xen/xen3-patch-2.6.18: Fix system lockup (335121). - patches.fixes/acpi_autoload_baydock.patch: autloading of dock module (302482). Fixed a general bug with linux specific hids there. - patches.xen/xen3-patch-2.6.22.11-12: Linux 2.6.22.12. - patches.xen/xen3-fixup-arch-i386: Fix CONFIG_APM=m issue. - patches.xen/xen-x86-no-lapic: Re-diff.
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 30250
    published 2008-02-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30250
    title openSUSE 10 Security Update : kernel (kernel-4970)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KERNEL-4935.NASL
    description This kernel update fixes the following security problems : - Insufficient range checks in certain fault handlers could be used by local attackers to potentially read or write kernel memory. (CVE-2008-0007) - Incorrect access mode checks could be used by local attackers to corrupt directory contents and so cause denial of service attacks or potentially execute code. (CVE-2008-0001) - Integer overflow in the hrtimer_start function in kernel/hrtimer.c in the Linux kernel before 2.6.23.10 allows local users to execute arbitrary code or cause a denial of service (panic) via a large relative timeout value. NOTE: some of these details are obtained from third-party information. (CVE-2007-5966) - The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances, which might allow local users to read sensitive kernel data or cause a denial of service (crash). (CVE-2007-6417) Additionally the following bugfixes have been included for all platforms : - patches.suse/bootsplash: Bootsplash for current kernel (none). patch the patch for Bug 345980. - patches.fixes/megaraid-fixup-driver-version: Megaraid driver version out of sync (299740). - OCFS2: Updated to version 1.2.8 - patches.fixes/ocfs2-1.2-svn-r3070.diff: [PATCH] ocfs2: Remove overzealous BUG_ON(). - patches.fixes/ocfs2-1.2-svn-r3072.diff: [PATCH] ocfs2: fix rename vs unlink race. - patches.fixes/ocfs2-1.2-svn-r3074.diff: [PATCH] ocfs2: Remove expensive local alloc bitmap scan code. - patches.fixes/ocfs2-1.2-svn-r3057.diff: [PATCH] ocfs2: Check for cluster locking in ocfs2_readpage. - patches.fixes/ocfs2-1.2-svn-r2975.diff: ocfs2_dlm: make functions static. - patches.fixes/ocfs2-1.2-svn-r2976.diff: [PATCH] ocfs2_dlm: make tot_backoff more descriptive. - patches.fixes/ocfs2-1.2-svn-r3002.diff: [PATCH] ocfs2: Remove the printing of harmless ERRORS like ECONNRESET, EPIPE.. - patches.fixes/ocfs2-1.2-svn-r3004.diff: [PATCH] ocfs2_dlm: Call cond_resched_lock() once per hash bucket scan. - patches.fixes/ocfs2-1.2-svn-r3006.diff: [PATCH] ocfs2_dlm: Silence compiler warnings. - patches.fixes/ocfs2-1.2-svn-r3062.diff: [PATCH] ocfs2_dlm: Fix double increment of migrated lockres' owner count. - patches.fixes/hugetlb-get_user_pages-corruption.patch: hugetlb: follow_hugetlb_page() for write access (345239). - enable patches.fixes/reiserfs-fault-in-pages.patch (333412) - patches.drivers/usb-update-evdo-driver-ids.patch: USB: update evdo driver ids. Get the module to build... - patches.drivers/usb-add-usb_device_and_interface_info.pa tch: USB: add USB_DEVICE_AND_INTERFACE_INFO(). This is needed to get the HUAWEI devices to work properly, and to get patches.drivers/usb-update-evdo-driver-ids.patch to build without errors. - patches.drivers/usb-update-evdo-driver-ids.patch: USB: update evdo driver ids on request from our IT department (345438). - patches.suse/kdump-dump_after_notifier.patch: Add dump_after_notifier sysctl (265764). - patches.drivers/libata-sata_nv-disable-ADMA: sata_nv: disable ADMA by default (346508). - patches.fixes/cpufreq-fix-ondemand-deadlock.patch: Cpufreq fix ondemand deadlock (337439). - patches.fixes/eliminate-cpufreq_userspace-scaling_setspe ed-deadlock.patch: Eliminate cpufreq_userspace scaling_setspeed deadlock (337439). - patches.xen/15181-dma-tracking.patch: Fix issue preventing Xen KMPs from building. - patches.drivers/r8169-perform-a-PHY-reset-before.patch: r8169: perform a PHY reset before any other operation at boot time (345658). - patches.drivers/r8169-more-alignment-for-the-0x8168: refresh. - patches.fixes/lockd-grant-shutdown: Stop GRANT callback from crashing if NFS server has been stopped. (292478). There was a problem with this patch which would cause apparently random crashes when lockd was in use. The offending change has been removed. - patches.fixes/usb_336850.diff: fix missing quirk leading to a device disconnecting under load (336850). - patches.fixes/cifs-incomplete-recv.patch: fix incorrect session reconnects (279783). - patches.fixes/megaraid_mbox-dell-cerc-support: Fix so that it applies properly. I extended the context to 6 lines to help patch find where to apply the patch (267134). - patches.fixes/md-idle-test: md: improve the is_mddev_idle test fix (326591).
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 30249
    published 2008-02-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30249
    title SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 4935)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0211.NASL
    description Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * the absence of a protection mechanism when attempting to access a critical section of code has been found in the Linux kernel open file descriptors control mechanism, fcntl. This could allow a local unprivileged user to simultaneously execute code, which would otherwise be protected against parallel execution. As well, a race condition when handling locks in the Linux kernel fcntl functionality, may have allowed a process belonging to a local unprivileged user to gain re-ordered access to the descriptor table. (CVE-2008-1669, Important) * the absence of a protection mechanism when attempting to access a critical section of code, as well as a race condition, have been found in the Linux kernel file system event notifier, dnotify. This could allow a local unprivileged user to get inconsistent data, or to send arbitrary signals to arbitrary system processes. (CVE-2008-1375, Important) Red Hat would like to thank Nick Piggin for responsibly disclosing the following issue : * when accessing kernel memory locations, certain Linux kernel drivers registering a fault handler did not perform required range checks. A local unprivileged user could use this flaw to gain read or write access to arbitrary kernel memory, or possibly cause a kernel crash. (CVE-2008-0007, Important) * a flaw was found when performing asynchronous input or output operations on a FIFO special file. A local unprivileged user could use this flaw to cause a kernel panic. (CVE-2007-5001, Important) * a flaw was found in the way core dump files were created. If a local user could get a root-owned process to dump a core file into a directory, which the user has write access to, they could gain read access to that core file. This could potentially grant unauthorized access to sensitive information. (CVE-2007-6206, Moderate) * a buffer overflow was found in the Linux kernel ISDN subsystem. A local unprivileged user could use this flaw to cause a denial of service. (CVE-2007-6151, Moderate) * a race condition found in the mincore system core could allow a local user to cause a denial of service (system hang). (CVE-2006-4814, Moderate) * it was discovered that the Linux kernel handled string operations in the opposite way to the GNU Compiler Collection (GCC). This could allow a local unprivileged user to cause memory corruption. (CVE-2008-1367, Low) As well, these updated packages fix the following bugs : * a bug, which caused long delays when unmounting mounts containing a large number of unused dentries, has been resolved. * in the previous kernel packages, the kernel was unable to handle certain floating point instructions on Itanium(R) architectures. * on certain Intel CPUs, the Translation Lookaside Buffer (TLB) was not flushed correctly, which caused machine check errors. Red Hat Enterprise Linux 3 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 32160
    published 2008-05-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32160
    title RHEL 3 : kernel (RHSA-2008:0211)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0211.NASL
    description Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * the absence of a protection mechanism when attempting to access a critical section of code has been found in the Linux kernel open file descriptors control mechanism, fcntl. This could allow a local unprivileged user to simultaneously execute code, which would otherwise be protected against parallel execution. As well, a race condition when handling locks in the Linux kernel fcntl functionality, may have allowed a process belonging to a local unprivileged user to gain re-ordered access to the descriptor table. (CVE-2008-1669, Important) * the absence of a protection mechanism when attempting to access a critical section of code, as well as a race condition, have been found in the Linux kernel file system event notifier, dnotify. This could allow a local unprivileged user to get inconsistent data, or to send arbitrary signals to arbitrary system processes. (CVE-2008-1375, Important) Red Hat would like to thank Nick Piggin for responsibly disclosing the following issue : * when accessing kernel memory locations, certain Linux kernel drivers registering a fault handler did not perform required range checks. A local unprivileged user could use this flaw to gain read or write access to arbitrary kernel memory, or possibly cause a kernel crash. (CVE-2008-0007, Important) * a flaw was found when performing asynchronous input or output operations on a FIFO special file. A local unprivileged user could use this flaw to cause a kernel panic. (CVE-2007-5001, Important) * a flaw was found in the way core dump files were created. If a local user could get a root-owned process to dump a core file into a directory, which the user has write access to, they could gain read access to that core file. This could potentially grant unauthorized access to sensitive information. (CVE-2007-6206, Moderate) * a buffer overflow was found in the Linux kernel ISDN subsystem. A local unprivileged user could use this flaw to cause a denial of service. (CVE-2007-6151, Moderate) * a race condition found in the mincore system core could allow a local user to cause a denial of service (system hang). (CVE-2006-4814, Moderate) * it was discovered that the Linux kernel handled string operations in the opposite way to the GNU Compiler Collection (GCC). This could allow a local unprivileged user to cause memory corruption. (CVE-2008-1367, Low) As well, these updated packages fix the following bugs : * a bug, which caused long delays when unmounting mounts containing a large number of unused dentries, has been resolved. * in the previous kernel packages, the kernel was unable to handle certain floating point instructions on Itanium(R) architectures. * on certain Intel CPUs, the Translation Lookaside Buffer (TLB) was not flushed correctly, which caused machine check errors. Red Hat Enterprise Linux 3 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 32139
    published 2008-05-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32139
    title CentOS 3 : kernel (CESA-2008:0211)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0211.NASL
    description From Red Hat Security Advisory 2008:0211 : Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * the absence of a protection mechanism when attempting to access a critical section of code has been found in the Linux kernel open file descriptors control mechanism, fcntl. This could allow a local unprivileged user to simultaneously execute code, which would otherwise be protected against parallel execution. As well, a race condition when handling locks in the Linux kernel fcntl functionality, may have allowed a process belonging to a local unprivileged user to gain re-ordered access to the descriptor table. (CVE-2008-1669, Important) * the absence of a protection mechanism when attempting to access a critical section of code, as well as a race condition, have been found in the Linux kernel file system event notifier, dnotify. This could allow a local unprivileged user to get inconsistent data, or to send arbitrary signals to arbitrary system processes. (CVE-2008-1375, Important) Red Hat would like to thank Nick Piggin for responsibly disclosing the following issue : * when accessing kernel memory locations, certain Linux kernel drivers registering a fault handler did not perform required range checks. A local unprivileged user could use this flaw to gain read or write access to arbitrary kernel memory, or possibly cause a kernel crash. (CVE-2008-0007, Important) * a flaw was found when performing asynchronous input or output operations on a FIFO special file. A local unprivileged user could use this flaw to cause a kernel panic. (CVE-2007-5001, Important) * a flaw was found in the way core dump files were created. If a local user could get a root-owned process to dump a core file into a directory, which the user has write access to, they could gain read access to that core file. This could potentially grant unauthorized access to sensitive information. (CVE-2007-6206, Moderate) * a buffer overflow was found in the Linux kernel ISDN subsystem. A local unprivileged user could use this flaw to cause a denial of service. (CVE-2007-6151, Moderate) * a race condition found in the mincore system core could allow a local user to cause a denial of service (system hang). (CVE-2006-4814, Moderate) * it was discovered that the Linux kernel handled string operations in the opposite way to the GNU Compiler Collection (GCC). This could allow a local unprivileged user to cause memory corruption. (CVE-2008-1367, Low) As well, these updated packages fix the following bugs : * a bug, which caused long delays when unmounting mounts containing a large number of unused dentries, has been resolved. * in the previous kernel packages, the kernel was unable to handle certain floating point instructions on Itanium(R) architectures. * on certain Intel CPUs, the Translation Lookaside Buffer (TLB) was not flushed correctly, which caused machine check errors. Red Hat Enterprise Linux 3 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67678
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67678
    title Oracle Linux 3 : kernel (ELSA-2008-0211)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-0001.NASL
    description Updated kernel packages that fix a number of security issues are now available for Red Hat Enterprise Linux 2.1 running on 32-bit architectures. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * a flaw was found in the IPv4 forwarding base. This could allow a local, unprivileged user to cause a denial of service. (CVE-2007-2172, Important) * a flaw was found in the handling of process death signals. This allowed a local, unprivileged user to send arbitrary signals to the suid-process executed by that user. Successful exploitation of this flaw depends on the structure of the suid-program and its signal handling. (CVE-2007-3848, Important) * when accessing kernel memory locations, certain Linux kernel drivers registering a fault handler did not perform required range checks. A local, unprivileged user could use this flaw to gain read or write access to arbitrary kernel memory, or possibly cause a denial of service. (CVE-2008-0007, Important) * a possible kernel memory leak was found in the Linux kernel Simple Internet Transition (SIT) INET6 implementation. This could allow a local, unprivileged user to cause a denial of service. (CVE-2008-2136, Important) * missing capability checks were found in the SBNI WAN driver which could allow a local, unprivileged user to bypass intended capability restrictions. (CVE-2008-3525, Important) * a flaw was found in the way files were written using truncate() or ftruncate(). This could allow a local, unprivileged user to acquire the privileges of a different group and obtain access to sensitive information. (CVE-2008-4210, Important) * a race condition in the mincore system core allowed a local, unprivileged user to cause a denial of service. (CVE-2006-4814, Moderate) * a flaw was found in the aacraid SCSI driver. This allowed a local, unprivileged user to make ioctl calls to the driver which should otherwise be restricted to privileged users. (CVE-2007-4308, Moderate) * two buffer overflow flaws were found in the Integrated Services Digital Network (ISDN) subsystem. A local, unprivileged user could use these flaws to cause a denial of service. (CVE-2007-6063, CVE-2007-6151, Moderate) * a flaw was found in the way core dump files were created. If a local, unprivileged user could make a root-owned process dump a core file into a user-writable directory, the user could gain read access to that core file, potentially compromising sensitive information. (CVE-2007-6206, Moderate) * a deficiency was found in the Linux kernel virtual file system (VFS) implementation. This could allow a local, unprivileged user to attempt file creation within deleted directories, possibly causing a denial of service. (CVE-2008-3275, Moderate) All users of Red Hat Enterprise Linux 2.1 on 32-bit architectures should upgrade to these updated packages which address these vulnerabilities. For this update to take effect, the system must be rebooted.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 35323
    published 2009-01-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35323
    title RHEL 2.1 : kernel (RHSA-2009:0001)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0237.NASL
    description Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * the absence of a protection mechanism when attempting to access a critical section of code has been found in the Linux kernel open file descriptors control mechanism, fcntl. This could allow a local unprivileged user to simultaneously execute code, which would otherwise be protected against parallel execution. As well, a race condition when handling locks in the Linux kernel fcntl functionality, may have allowed a process belonging to a local unprivileged user to gain re-ordered access to the descriptor table. (CVE-2008-1669, Important) * on AMD64 architectures, the possibility of a kernel crash was discovered by testing the Linux kernel process-trace ability. This could allow a local unprivileged user to cause a denial of service (kernel crash). (CVE-2008-1615, Important) * the absence of a protection mechanism when attempting to access a critical section of code, as well as a race condition, have been found in the Linux kernel file system event notifier, dnotify. This could allow a local unprivileged user to get inconsistent data, or to send arbitrary signals to arbitrary system processes. (CVE-2008-1375, Important) Red Hat would like to thank Nick Piggin for responsibly disclosing the following issue : * when accessing kernel memory locations, certain Linux kernel drivers registering a fault handler did not perform required range checks. A local unprivileged user could use this flaw to gain read or write access to arbitrary kernel memory, or possibly cause a kernel crash. (CVE-2008-0007, Important) * the possibility of a kernel crash was found in the Linux kernel IPsec protocol implementation, due to improper handling of fragmented ESP packets. When an attacker controlling an intermediate router fragmented these packets into very small pieces, it would cause a kernel crash on the receiving node during packet reassembly. (CVE-2007-6282, Important) * a flaw in the MOXA serial driver could allow a local unprivileged user to perform privileged operations, such as replacing firmware. (CVE-2005-0504, Important) As well, these updated packages fix the following bugs : * multiple buffer overflows in the neofb driver have been resolved. It was not possible for an unprivileged user to exploit these issues, and as such, they have not been handled as security issues. * a kernel panic, due to inconsistent detection of AGP aperture size, has been resolved. * a race condition in UNIX domain sockets may have caused 'recv()' to return zero. In clustered configurations, this may have caused unexpected failovers. * to prevent link storms, network link carrier events were delayed by up to one second, causing unnecessary packet loss. Now, link carrier events are scheduled immediately. * a client-side race on blocking locks caused large time delays on NFS file systems. * in certain situations, the libATA sata_nv driver may have sent commands with duplicate tags, which were rejected by SATA devices. This may have caused infinite reboots. * running the 'service network restart' command may have caused networking to fail. * a bug in NFS caused cached information about directories to be stored for too long, causing wrong attributes to be read. * on systems with a large highmem/lowmem ratio, NFS write performance may have been very slow when using small files. * a bug, which caused network hangs when the system clock was wrapped around zero, has been resolved. Red Hat Enterprise Linux 4 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 32162
    published 2008-05-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32162
    title RHEL 4 : kernel (RHSA-2008:0237)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20080507_KERNEL_ON_SL3_X.NASL
    description These updated packages fix the following security issues : - the absence of a protection mechanism when attempting to access a critical section of code has been found in the Linux kernel open file descriptors control mechanism, fcntl. This could allow a local unprivileged user to simultaneously execute code, which would otherwise be protected against parallel execution. As well, a race condition when handling locks in the Linux kernel fcntl functionality, may have allowed a process belonging to a local unprivileged user to gain re-ordered access to the descriptor table. (CVE-2008-1669, Important) - the absence of a protection mechanism when attempting to access a critical section of code, as well as a race condition, have been found in the Linux kernel file system event notifier, dnotify. This could allow a local unprivileged user to get inconsistent data, or to send arbitrary signals to arbitrary system processes. (CVE-2008-1375, Important) - when accessing kernel memory locations, certain Linux kernel drivers registering a fault handler did not perform required range checks. A local unprivileged user could use this flaw to gain read or write access to arbitrary kernel memory, or possibly cause a kernel crash. (CVE-2008-0007, Important) - a flaw was found when performing asynchronous input or output operations on a FIFO special file. A local unprivileged user could use this flaw to cause a kernel panic. (CVE-2007-5001, Important) - a flaw was found in the way core dump files were created. If a local user could get a root-owned process to dump a core file into a directory, which the user has write access to, they could gain read access to that core file. This could potentially grant unauthorized access to sensitive information. (CVE-2007-6206, Moderate) - a buffer overflow was found in the Linux kernel ISDN subsystem. A local unprivileged user could use this flaw to cause a denial of service. (CVE-2007-6151, Moderate) - a race condition found in the mincore system core could allow a local user to cause a denial of service (system hang). (CVE-2006-4814, Moderate) - it was discovered that the Linux kernel handled string operations in the opposite way to the GNU Compiler Collection (GCC). This could allow a local unprivileged user to cause memory corruption. (CVE-2008-1367, Low) As well, these updated packages fix the following bugs : - a bug, which caused long delays when unmounting mounts containing a large number of unused dentries, has been resolved. - in the previous kernel packages, the kernel was unable to handle certain floating point instructions on Itanium(R) architectures. - on certain Intel CPUs, the Translation Lookaside Buffer (TLB) was not flushed correctly, which caused machine check errors.
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60393
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60393
    title Scientific Linux Security Update : kernel on SL3.x i386/x86_64
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20080507_KERNEL_ON_SL5_X.NASL
    description These updated packages fix the following security issues : - the absence of a protection mechanism when attempting to access a critical section of code has been found in the Linux kernel open file descriptors control mechanism, fcntl. This could allow a local unprivileged user to simultaneously execute code, which would otherwise be protected against parallel execution. As well, a race condition when handling locks in the Linux kernel fcntl functionality, may have allowed a process belonging to a local unprivileged user to gain re-ordered access to the descriptor table. (CVE-2008-1669, Important) - a possible hypervisor panic was found in the Linux kernel. A privileged user of a fully virtualized guest could initiate a stress-test File Transfer Protocol (FTP) transfer between the guest and the hypervisor, possibly leading to hypervisor panic. (CVE-2008-1619, Important) - the absence of a protection mechanism when attempting to access a critical section of code, as well as a race condition, have been found in the Linux kernel file system event notifier, dnotify. This could allow a local unprivileged user to get inconsistent data, or to send arbitrary signals to arbitrary system processes. (CVE-2008-1375, Important) - when accessing kernel memory locations, certain Linux kernel drivers registering a fault handler did not perform required range checks. A local unprivileged user could use this flaw to gain read or write access to arbitrary kernel memory, or possibly cause a kernel crash. (CVE-2008-0007, Important) - the absence of sanity-checks was found in the hypervisor block backend driver, when running 32-bit paravirtualized guests on a 64-bit host. The number of blocks to be processed per one request from guest to host, or vice-versa, was not checked for its maximum value, which could have allowed a local privileged user of the guest operating system to cause a denial of service. (CVE-2007-5498, Important) - it was discovered that the Linux kernel handled string operations in the opposite way to the GNU Compiler Collection (GCC). This could allow a local unprivileged user to cause memory corruption. (CVE-2008-1367, Low) As well, these updated packages fix the following bugs : - on IBM System z architectures, when running QIOASSIST enabled QDIO devices in an IBM z/VM environment, the output queue stalled under heavy load. This caused network performance to degrade, possibly causing network hangs and outages. - multiple buffer overflows were discovered in the neofb video driver. It was not possible for an unprivileged user to exploit these issues, and as such, they have not been handled as security issues. - when running Microsoft Windows in a HVM, a bug in vmalloc/vfree caused network performance to degrade. - on certain architectures, a bug in the libATA sata_nv driver may have caused infinite reboots, and an 'ata1: CPB flags CMD err flags 0x11' error. - repeatedly hot-plugging a PCI Express card may have caused 'Bad DLLP' errors. - a NULL pointer dereference in NFS, which may have caused applications to crash, has been resolved. - when attempting to kexec reboot, either manually or via a panic-triggered kdump, the Unisys ES7000/one hanged after rebooting in the new kernel, after printing the 'Memory: 32839688k/33685504k available' line.
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60395
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60395
    title Scientific Linux Security Update : kernel on SL5.x i386/x86_64
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1504.NASL
    description Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-5823 LMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted cramfs filesystem. - CVE-2006-6054 LMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted ext2 filesystem. - CVE-2006-6058 LMH reported an issue in the minix filesystem that allows local users with mount privileges to create a DoS (printk flood) by mounting a specially crafted corrupt filesystem. - CVE-2006-7203 OpenVZ Linux kernel team reported an issue in the smbfs filesystem which can be exploited by local users to cause a DoS (oops) during mount. - CVE-2007-1353 Ilja van Sprundel discovered that kernel memory could be leaked via the Bluetooth setsockopt call due to an uninitialized stack buffer. This could be used by local attackers to read the contents of sensitive kernel memory. - CVE-2007-2172 Thomas Graf reported a typo in the DECnet protocol handler that could be used by a local attacker to overrun an array via crafted packets, potentially resulting in a Denial of Service (system crash). A similar issue exists in the IPV4 protocol handler and will be fixed in a subsequent update. - CVE-2007-2525 Florian Zumbiehl discovered a memory leak in the PPPOE subsystem caused by releasing a socket before PPPIOCGCHAN is called upon it. This could be used by a local user to DoS a system by consuming all available memory. - CVE-2007-3105 The PaX Team discovered a potential buffer overflow in the random number generator which may permit local users to cause a denial of service or gain additional privileges. This issue is not believed to effect default Debian installations where only root has sufficient privileges to exploit it. - CVE-2007-3739 Adam Litke reported a potential local denial of service (oops) on powerpc platforms resulting from unchecked VMA expansion into address space reserved for hugetlb pages. - CVE-2007-3740 Steve French reported that CIFS filesystems with CAP_UNIX enabled were not honoring a process' umask which may lead to unintentionally relaxed permissions. - CVE-2007-3848 Wojciech Purczynski discovered that pdeath_signal was not being reset properly under certain conditions which may allow local users to gain privileges by sending arbitrary signals to suid binaries. - CVE-2007-4133 Hugh Dickins discovered a potential local DoS (panic) in hugetlbfs. A misconversion of hugetlb_vmtruncate_list to prio_tree may allow local users to trigger a BUG_ON() call in exit_mmap. - CVE-2007-4308 Alan Cox reported an issue in the aacraid driver that allows unprivileged local users to make ioctl calls which should be restricted to admin privileges. - CVE-2007-4573 Wojciech Purczynski discovered a vulnerability that can be exploited by a local user to obtain superuser privileges on x86_64 systems. This resulted from improper clearing of the high bits of registers during ia32 system call emulation. This vulnerability is relevant to the Debian amd64 port as well as users of the i386 port who run the amd64 linux-image flavour. - CVE-2007-5093 Alex Smith discovered an issue with the pwc driver for certain webcam devices. If the device is removed while a userspace application has it open, the driver will wait for userspace to close the device, resulting in a blocked USB subsystem. This issue is of low security impact as it requires the attacker to either have physical access to the system or to convince a user with local access to remove the device on their behalf. - CVE-2007-6063 Venustech AD-LAB discovered a a buffer overflow in the isdn ioctl handling, exploitable by a local user. - CVE-2007-6151 ADLAB discovered a possible memory overrun in the ISDN subsystem that may permit a local user to overwrite kernel memory by issuing ioctls with unterminated data. - CVE-2007-6206 Blake Frantz discovered that when a core file owned by a non-root user exists, and a root-owned process dumps core over it, the core file retains its original ownership. This could be used by a local user to gain access to sensitive information. - CVE-2007-6694 Cyrill Gorcunov reported a NULL pointer dereference in code specific to the CHRP PowerPC platforms. Local users could exploit this issue to achieve a Denial of Service (DoS). - CVE-2008-0007 Nick Piggin of SuSE discovered a number of issues in subsystems which register a fault handler for memory mapped areas. This issue can be exploited by local users to achieve a Denial of Service (DoS) and possibly execute arbitrary code. The following matrix lists additional packages that were rebuilt for compatibility with or to take advantage of this update : Debian 3.1 (sarge) kernel-image-2.6.8-alpha 2.6.8-17sarge1 kernel-image-2.6.8-amd64 2.6.8-17sarge1 kernel-image-2.6.8-hppa 2.6.8-7sarge1 kernel-image-2.6.8-i386 2.6.8-17sarge1 kernel-image-2.6.8-ia64 2.6.8-15sarge1 kernel-image-2.6.8-m68k 2.6.8-5sarge1 kernel-image-2.6.8-s390 2.6.8-6sarge1 kernel-image-2.6.8-sparc 2.6.8-16sarge1 kernel-patch-powerpc-2.6.8 2.6.8-13sarge1 fai-kernels 1.9.1sarge8
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 31148
    published 2008-02-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31148
    title Debian DSA-1504-1 : kernel-source-2.6.8 - several vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KERNEL-4941.NASL
    description This kernel update fixes the following security problems : CVE-2008-0007: Insufficient range checks in certain fault handlers could be used by local attackers to potentially read or write kernel memory. CVE-2008-0001: Incorrect access mode checks could be used by local attackers to corrupt directory contents and so cause denial of service attacks or potentially execute code. CVE-2007-5966: Integer overflow in the hrtimer_start function in kernel/hrtimer.c in the Linux kernel before 2.6.23.10 allows local users to execute arbitrary code or cause a denial of service (panic) via a large relative timeout value. NOTE: some of these details are obtained from third-party information. CVE-2007-6417: The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances, which might allow local users to read sensitive kernel data or cause a denial of service (crash). Furthermore, this kernel catches up to the SLE 10 state of the kernel, with massive additional fixes. All platforms : - patches.suse/bootsplash: Bootsplash for current kernel (none). patch the patch for Bug number 345980. - patches.fixes/megaraid-fixup-driver-version: Megaraid driver version out of sync (299740). - OCFS2: Updated to version 1.2.8 - patches.fixes/ocfs2-1.2-svn-r3070.diff: [PATCH] ocfs2: Remove overzealous BUG_ON(). - patches.fixes/ocfs2-1.2-svn-r3072.diff: [PATCH] ocfs2: fix rename vs unlink race. - patches.fixes/ocfs2-1.2-svn-r3074.diff: [PATCH] ocfs2: Remove expensive local alloc bitmap scan code. - patches.fixes/ocfs2-1.2-svn-r3057.diff: [PATCH] ocfs2: Check for cluster locking in ocfs2_readpage. - patches.fixes/ocfs2-1.2-svn-r2975.diff: ocfs2_dlm: make functions static. - patches.fixes/ocfs2-1.2-svn-r2976.diff: [PATCH] ocfs2_dlm: make tot_backoff more descriptive. - patches.fixes/ocfs2-1.2-svn-r3002.diff: [PATCH] ocfs2: Remove the printing of harmless ERRORS like ECONNRESET, EPIPE.. - patches.fixes/ocfs2-1.2-svn-r3004.diff: [PATCH] ocfs2_dlm: Call cond_resched_lock() once per hash bucket scan. - patches.fixes/ocfs2-1.2-svn-r3006.diff: [PATCH] ocfs2_dlm: Silence compiler warnings. - patches.fixes/ocfs2-1.2-svn-r3062.diff: [PATCH] ocfs2_dlm: Fix double increment of migrated lockres' owner count. - patches.fixes/hugetlb-get_user_pages-corruption.patch: hugetlb: follow_hugetlb_page() for write access (345239). - enable patches.fixes/reiserfs-fault-in-pages.patch (333412) - patches.drivers/usb-update-evdo-driver-ids.patch: USB: update evdo driver ids. Get the module to build... - patches.drivers/usb-add-usb_device_and_interface_info.patch: USB: add USB_DEVICE_AND_INTERFACE_INFO(). This is needed to get the HUAWEI devices to work properly, and to get patches.drivers/usb-update-evdo-driver-ids.patch to build without errors. - patches.drivers/usb-update-evdo-driver-ids.patch: USB: update evdo driver ids on request from our IT department (345438). - patches.suse/kdump-dump_after_notifier.patch: Add dump_after_notifier sysctl (265764). - patches.drivers/libata-sata_nv-disable-ADMA: sata_nv: disable ADMA by default (346508). - patches.fixes/cpufreq-fix-ondemand-deadlock.patch: Cpufreq fix ondemand deadlock (337439). - patches.fixes/eliminate-cpufreq_userspace-scaling_setspeed-d eadlock.patch: Eliminate cpufreq_userspace scaling_setspeed deadlock (337439). - patches.xen/15181-dma-tracking.patch: Fix issue preventing Xen KMPs from building. - patches.drivers/r8169-perform-a-PHY-reset-before.patch: r8169: perform a PHY reset before any other operation at boot time (345658). - patches.drivers/r8169-more-alignment-for-the-0x8168: refresh. - patches.fixes/lockd-grant-shutdown: Stop GRANT callback from crashing if NFS server has been stopped. (292478). There was a problem with this patch which would cause apparently random crashes when lockd was in use. The offending change has been removed. - patches.fixes/usb_336850.diff: fix missing quirk leading to a device disconnecting under load (336850). - patches.fixes/cifs-incomplete-recv.patch: fix incorrect session reconnects (279783). - patches.fixes/megaraid_mbox-dell-cerc-support: Fix so that it applies properly. I extended the context to 6 lines to help patch find where to apply the patch (267134). - patches.fixes/md-idle-test: md: improve the is_mddev_idle test fix (326591). AMD64/Intel EM64T (x86_64) specific : - patches.arch/x86_64-mce-loop: x86_64: fix misplaced `continue' in mce.c (344239).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 30143
    published 2008-02-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30143
    title openSUSE 10 Security Update : kernel (kernel-4941)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1503.NASL
    description Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2004-2731 infamous41md reported multiple integer overflows in the Sbus PROM driver that would allow for a DoS (Denial of Service) attack by a local user, and possibly the execution of arbitrary code. - CVE-2006-4814 Doug Chapman discovered a potential local DoS (deadlock) in the mincore function caused by improper lock handling. - CVE-2006-5753 Eric Sandeen provided a fix for a local memory corruption vulnerability resulting from a misinterpretation of return values when operating on inodes which have been marked bad. - CVE-2006-5823 LMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted cramfs filesystem. - CVE-2006-6053 LMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted ext3 filesystem. - CVE-2006-6054 LMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted ext2 filesystem. - CVE-2006-6106 Marcel Holtman discovered multiple buffer overflows in the Bluetooth subsystem which can be used to trigger a remote DoS (crash) and potentially execute arbitrary code. - CVE-2007-1353 Ilja van Sprundel discovered that kernel memory could be leaked via the Bluetooth setsockopt call due to an uninitialized stack buffer. This could be used by local attackers to read the contents of sensitive kernel memory. - CVE-2007-1592 Masayuki Nakagawa discovered that flow labels were inadvertently being shared between listening sockets and child sockets. This defect can be exploited by local users to cause a DoS (Oops). - CVE-2007-2172 Thomas Graf reported a typo in the DECnet protocol handler that could be used by a local attacker to overrun an array via crafted packets, potentially resulting in a Denial of Service (system crash). A similar issue exists in the IPV4 protocol handler and will be fixed in a subsequent update. - CVE-2007-2525 Florian Zumbiehl discovered a memory leak in the PPPOE subsystem caused by releasing a socket before PPPIOCGCHAN is called upon it. This could be used by a local user to DoS a system by consuming all available memory. - CVE-2007-3848 Wojciech Purczynski discovered that pdeath_signal was not being reset properly under certain conditions which may allow local users to gain privileges by sending arbitrary signals to suid binaries. - CVE-2007-4308 Alan Cox reported an issue in the aacraid driver that allows unprivileged local users to make ioctl calls which should be restricted to admin privileges. - CVE-2007-4311 PaX team discovered an issue in the random driver where a defect in the reseeding code leads to a reduction in entropy. - CVE-2007-5093 Alex Smith discovered an issue with the pwc driver for certain webcam devices. If the device is removed while a userspace application has it open, the driver will wait for userspace to close the device, resulting in a blocked USB subsystem. This issue is of low security impact as it requires the attacker to either have physical access to the system or to convince a user with local access to remove the device on their behalf. - CVE-2007-6063 Venustech AD-LAB discovered a a buffer overflow in the isdn ioctl handling, exploitable by a local user. - CVE-2007-6151 ADLAB discovered a possible memory overrun in the ISDN subsystem that may permit a local user to overwrite kernel memory by issuing ioctls with unterminated data. - CVE-2007-6206 Blake Frantz discovered that when a core file owned by a non-root user exists, and a root-owned process dumps core over it, the core file retains its original ownership. This could be used by a local user to gain access to sensitive information. - CVE-2007-6694 Cyrill Gorcunov reported a NULL pointer dereference in code specific to the CHRP PowerPC platforms. Local users could exploit this issue to achieve a Denial of Service (DoS). - CVE-2008-0007 Nick Piggin of SuSE discovered a number of issues in subsystems which register a fault handler for memory mapped areas. This issue can be exploited by local users to achieve a Denial of Service (DoS) and possibly execute arbitrary code. The following matrix lists additional packages that were rebuilt for compatibility with or to take advantage of this update : Debian 3.1 (sarge) alsa-modules-i386 1.0.8+2sarge2 kernel-image-2.4.27-arm 2.4.27-2sarge6 kernel-image-2.4.27-m68k 2.4.27-3sarge6 kernel-image-speakup-i386 2.4.27-1.1sarge5 kernel-image-2.4.27-alpha 2.4.27-10sarge6 kernel-image-2.4.27-s390 2.4.27-2sarge6 kernel-image-2.4.27-sparc 2.4.27-9sarge6 kernel-image-2.4.27-i386 2.4.27-10sarge6 kernel-image-2.4.27-ia64 2.4.27-10sarge6 kernel-patch-2.4.27-mips 2.4.27-10.sarge4.040815-3 kernel-patch-powerpc-2.4.27 2.4.27-10sarge6 kernel-latest-2.4-alpha 101sarge3 kernel-latest-2.4-i386 101sarge2 kernel-latest-2.4-s390 2.4.27-1sarge2 kernel-latest-2.4-sparc 42sarge3 i2c 1:2.9.1-1sarge2 lm-sensors 1:2.9.1-1sarge4 mindi-kernel 2.4.27-2sarge5 pcmcia-modules-2.4.27-i386 3.2.5+2sarge2 hostap-modules-i386 1:0.3.7-1sarge3 systemimager 3.2.3-6sarge5
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 31147
    published 2008-02-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31147
    title Debian DSA-1503-1 : kernel-source-2.4.27 - several vulnerabilities
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0233.NASL
    description Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * the absence of a protection mechanism when attempting to access a critical section of code has been found in the Linux kernel open file descriptors control mechanism, fcntl. This could allow a local unprivileged user to simultaneously execute code, which would otherwise be protected against parallel execution. As well, a race condition when handling locks in the Linux kernel fcntl functionality, may have allowed a process belonging to a local unprivileged user to gain re-ordered access to the descriptor table. (CVE-2008-1669, Important) * a possible hypervisor panic was found in the Linux kernel. A privileged user of a fully virtualized guest could initiate a stress-test File Transfer Protocol (FTP) transfer between the guest and the hypervisor, possibly leading to hypervisor panic. (CVE-2008-1619, Important) * the absence of a protection mechanism when attempting to access a critical section of code, as well as a race condition, have been found in the Linux kernel file system event notifier, dnotify. This could allow a local unprivileged user to get inconsistent data, or to send arbitrary signals to arbitrary system processes. (CVE-2008-1375, Important) Red Hat would like to thank Nick Piggin for responsibly disclosing the following issue : * when accessing kernel memory locations, certain Linux kernel drivers registering a fault handler did not perform required range checks. A local unprivileged user could use this flaw to gain read or write access to arbitrary kernel memory, or possibly cause a kernel crash. (CVE-2008-0007, Important) * the absence of sanity-checks was found in the hypervisor block backend driver, when running 32-bit paravirtualized guests on a 64-bit host. The number of blocks to be processed per one request from guest to host, or vice-versa, was not checked for its maximum value, which could have allowed a local privileged user of the guest operating system to cause a denial of service. (CVE-2007-5498, Important) * it was discovered that the Linux kernel handled string operations in the opposite way to the GNU Compiler Collection (GCC). This could allow a local unprivileged user to cause memory corruption. (CVE-2008-1367, Low) As well, these updated packages fix the following bugs : * on IBM System z architectures, when running QIOASSIST enabled QDIO devices in an IBM z/VM environment, the output queue stalled under heavy load. This caused network performance to degrade, possibly causing network hangs and outages. * multiple buffer overflows were discovered in the neofb video driver. It was not possible for an unprivileged user to exploit these issues, and as such, they have not been handled as security issues. * when running Microsoft Windows in a HVM, a bug in vmalloc/vfree caused network performance to degrade. * on certain architectures, a bug in the libATA sata_nv driver may have caused infinite reboots, and an 'ata1: CPB flags CMD err flags 0x11' error. * repeatedly hot-plugging a PCI Express card may have caused 'Bad DLLP' errors. * a NULL pointer dereference in NFS, which may have caused applications to crash, has been resolved. * when attempting to kexec reboot, either manually or via a panic-triggered kdump, the Unisys ES7000/one hanged after rebooting in the new kernel, after printing the 'Memory: 32839688k/33685504k available' line. Red Hat Enterprise Linux 5 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 43681
    published 2010-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43681
    title CentOS 5 : kernel (CESA-2008:0233)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KERNEL-4938.NASL
    description This kernel update fixes the following security problems : - Insufficient range checks in certain fault handlers could be used by local attackers to potentially read or write kernel memory. (CVE-2008-0007) - Incorrect access mode checks could be used by local attackers to corrupt directory contents and so cause denial of service attacks or potentially execute code. (CVE-2008-0001) - Integer overflow in the hrtimer_start function in kernel/hrtimer.c in the Linux kernel before 2.6.23.10 allows local users to execute arbitrary code or cause a denial of service (panic) via a large relative timeout value. NOTE: some of these details are obtained from third-party information. (CVE-2007-5966) - The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances, which might allow local users to read sensitive kernel data or cause a denial of service (crash). (CVE-2007-6417) Additionally the following bugfixes have been included for all platforms : - patches.suse/bootsplash: Bootsplash for current kernel (none). patch the patch for Bug 345980. - patches.fixes/megaraid-fixup-driver-version: Megaraid driver version out of sync (299740). - OCFS2: Updated to version 1.2.8 - patches.fixes/ocfs2-1.2-svn-r3070.diff: [PATCH] ocfs2: Remove overzealous BUG_ON(). - patches.fixes/ocfs2-1.2-svn-r3072.diff: [PATCH] ocfs2: fix rename vs unlink race. - patches.fixes/ocfs2-1.2-svn-r3074.diff: [PATCH] ocfs2: Remove expensive local alloc bitmap scan code. - patches.fixes/ocfs2-1.2-svn-r3057.diff: [PATCH] ocfs2: Check for cluster locking in ocfs2_readpage. - patches.fixes/ocfs2-1.2-svn-r2975.diff: ocfs2_dlm: make functions static. - patches.fixes/ocfs2-1.2-svn-r2976.diff: [PATCH] ocfs2_dlm: make tot_backoff more descriptive. - patches.fixes/ocfs2-1.2-svn-r3002.diff: [PATCH] ocfs2: Remove the printing of harmless ERRORS like ECONNRESET, EPIPE.. - patches.fixes/ocfs2-1.2-svn-r3004.diff: [PATCH] ocfs2_dlm: Call cond_resched_lock() once per hash bucket scan. - patches.fixes/ocfs2-1.2-svn-r3006.diff: [PATCH] ocfs2_dlm: Silence compiler warnings. - patches.fixes/ocfs2-1.2-svn-r3062.diff: [PATCH] ocfs2_dlm: Fix double increment of migrated lockres' owner count. - patches.fixes/hugetlb-get_user_pages-corruption.patch: hugetlb: follow_hugetlb_page() for write access (345239). - enable patches.fixes/reiserfs-fault-in-pages.patch (333412) - patches.drivers/usb-update-evdo-driver-ids.patch: USB: update evdo driver ids. Get the module to build... - patches.drivers/usb-add-usb_device_and_interface_info.pa tch: USB: add USB_DEVICE_AND_INTERFACE_INFO(). This is needed to get the HUAWEI devices to work properly, and to get patches.drivers/usb-update-evdo-driver-ids.patch to build without errors. - patches.drivers/usb-update-evdo-driver-ids.patch: USB: update evdo driver ids on request from our IT department (345438). - patches.suse/kdump-dump_after_notifier.patch: Add dump_after_notifier sysctl (265764). - patches.drivers/libata-sata_nv-disable-ADMA: sata_nv: disable ADMA by default (346508). - patches.fixes/cpufreq-fix-ondemand-deadlock.patch: Cpufreq fix ondemand deadlock (337439). - patches.fixes/eliminate-cpufreq_userspace-scaling_setspe ed-deadlock.patch: Eliminate cpufreq_userspace scaling_setspeed deadlock (337439). - patches.xen/15181-dma-tracking.patch: Fix issue preventing Xen KMPs from building. - patches.drivers/r8169-perform-a-PHY-reset-before.patch: r8169: perform a PHY reset before any other operation at boot time (345658). - patches.drivers/r8169-more-alignment-for-the-0x8168: refresh. - patches.fixes/lockd-grant-shutdown: Stop GRANT callback from crashing if NFS server has been stopped. (292478). There was a problem with this patch which would cause apparently random crashes when lockd was in use. The offending change has been removed. - patches.fixes/usb_336850.diff: fix missing quirk leading to a device disconnecting under load (336850). - patches.fixes/cifs-incomplete-recv.patch: fix incorrect session reconnects (279783). - patches.fixes/megaraid_mbox-dell-cerc-support: Fix so that it applies properly. I extended the context to 6 lines to help patch find where to apply the patch (267134). - patches.fixes/md-idle-test: md: improve the is_mddev_idle test fix (326591). Fixes for the AMD64/Intel EM64T (x86_64) platform : - patches.arch/x86_64-mce-loop: x86_64: fix misplaced `continue' in mce.c (344239).
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 59126
    published 2012-05-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59126
    title SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 4938)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KERNEL-4943.NASL
    description This kernel update brings the kernel to version 2.6.22.16 and fixes the following security problems : CVE-2008-0007: Insufficient range checks in certain fault handlers could be used by local attackers to potentially read or write kernel memory. CVE-2008-0001: Incorrect access mode checks could be used by local attackers to corrupt directory contents and so cause denial of service attacks or potentially execute code. CVE-2007-5966: Integer overflow in the hrtimer_start function in kernel/hrtimer.c in the Linux kernel before 2.6.23.10 allows local users to execute arbitrary code or cause a denial of service (panic) via a large relative timeout value. NOTE: some of these details are obtained from third-party information. CVE-2007-3843: The Linux kernel checked the wrong global variable for the CIFS sec mount option, which might allow remote attackers to spoof CIFS network traffic that the client configured for security signatures, as demonstrated by lack of signing despite sec=ntlmv2i in a SetupAndX request. CVE-2007-6417: The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances, which might allow local users to read sensitive kernel data or cause a denial of service (crash). And the following bugs (numbers are https://bugzilla.novell.com/ references) : - patches.fixes/input-add-amilo-pro-v-to-nomux.patch: Add Fujitsu-Siemens Amilo Pro 2010 to nomux list (345699). - patches.arch/acpica-psd.patch: Changed resolution of named references in packages (https://bugzilla.novell.com/show_bug.cgi?id=346831). - patches.fixes/acpica_sizeof.patch: SizeOf operator ACPI interpreter fix (http://bugzilla.kernel.org/show_bug.cgi?id=9558). - patches.drivers/libata-sata_sis-fix-scr-access: sata_sis: fix SCR access (331610). - patches.drivers/libata-tape-fix: libata: backport tape support fixes (345438). - patches.arch/powernowk8_family_freq_from_fiddid.patch: To find the frequency given the fid and did is family dependent. (#332722). - patches.drivers/libata-force-cable-type: libata: implement libata.force_cbl parameter (337610). - patches.drivers/libata-sata_nv-disable-ADMA: sata_nv: disable ADMA by default (346508). - patches.fixes/via-velocity-dont-oops-on-mtu-change-1: [VIA_VELOCITY]: Don't oops on MTU change. (341537). - patches.fixes/via-velocity-dont-oops-on-mtu-change-2: via-velocity: don't oops on MTU change while down (341537). - patches.fixes/sony-laptop-call-sonypi_compat_init-earlier: s ony-laptop: call sonypi_compat_init earlier (343483). - Updated kABI symbols for 2.6.22.15 changes, and Xen x86_64 changes. - series.conf file cleanup: group together latency tracing patches. - Fix a memory leak and a panic in drivers/block/cciss.c patches.drivers/cciss-panic-in-blk_rq_map_sg: Panic in blk_rq_map_sg() from CCISS driver. - patches.drivers/cciss-fix_memory_leak : - Address missed-interrupt issues discovered upstream. - Update to 2.6.22.15 - fixes CVE-2007-5966 - lots of libata fixes, which cause the following to be removed : - patches.drivers/libata-add-NCQ-spurious-completion-horka ges - patches.drivers/libata-add-ST9120822AS-to-NCQ-blacklist - patches.drivers/libata-disable-NCQ-for-ST9160821AS-3.ALD - removed patches already in this release : - patches.fixes/i4l-avoid-copying-an-overly-long-string.pa tch : - patches.fixes/ramdisk-2.6.23-corruption_fix.diff - patches.fixes/microtek_hal.diff: Delete. - fixed previous poweroff regression from 2.6.22.10 - lots of other fixes and some new pci ids. - Thousands of changes in patches.rt/ for the kernel-rt* kernels. - patches.fixes/usb_336850.diff: fix missing quirk leading to a device disconnecting under load (336850). - patches.fixes/nfs-unmount-leak.patch: NFSv2/v3: Fix a memory leak when using -onolock (336253). - add xenfb-module-param patch to make Xen virtual frame buffer configurable in the guest domains, instead of a fixed resolution of 800x600. - patches.xen/xen3-aux-at_vector_size.patch: Also include x86-64 (310037). - patches.xen/xen3-patch-2.6.18: Fix system lockup (335121). - patches.fixes/acpi_autoload_baydock.patch: autloading of dock module (302482). Fixed a general bug with linux specific hids there. - patches.xen/xen3-patch-2.6.22.11-12: Linux 2.6.22.12. - patches.xen/xen3-fixup-arch-i386: Fix CONFIG_APM=m issue. - patches.xen/xen-x86-no-lapic: Re-diff.
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 30144
    published 2008-02-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30144
    title openSUSE 10 Security Update : kernel (kernel-4943)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2008-0011.NASL
    description I Service Console rpm updates a. Security Update to Service Console Kernel This fix upgrades service console kernel version to 2.4.21-57.EL. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-5001, CVE-2007-6151, CVE-2007-6206, CVE-2008-0007, CVE-2008-1367, CVE-2008-1375, CVE-2006-4814, and CVE-2008-1669 to the security issues fixed in kernel-2.4.21-57.EL. b. Samba Security Update This fix upgrades the service console rpm samba to version 3.0.9-1.3E.15vmw The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-1105 to this issue.
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 40380
    published 2009-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40380
    title VMSA-2008-0011 : Updated ESX service console packages for Samba and vmnix
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0233.NASL
    description Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * the absence of a protection mechanism when attempting to access a critical section of code has been found in the Linux kernel open file descriptors control mechanism, fcntl. This could allow a local unprivileged user to simultaneously execute code, which would otherwise be protected against parallel execution. As well, a race condition when handling locks in the Linux kernel fcntl functionality, may have allowed a process belonging to a local unprivileged user to gain re-ordered access to the descriptor table. (CVE-2008-1669, Important) * a possible hypervisor panic was found in the Linux kernel. A privileged user of a fully virtualized guest could initiate a stress-test File Transfer Protocol (FTP) transfer between the guest and the hypervisor, possibly leading to hypervisor panic. (CVE-2008-1619, Important) * the absence of a protection mechanism when attempting to access a critical section of code, as well as a race condition, have been found in the Linux kernel file system event notifier, dnotify. This could allow a local unprivileged user to get inconsistent data, or to send arbitrary signals to arbitrary system processes. (CVE-2008-1375, Important) Red Hat would like to thank Nick Piggin for responsibly disclosing the following issue : * when accessing kernel memory locations, certain Linux kernel drivers registering a fault handler did not perform required range checks. A local unprivileged user could use this flaw to gain read or write access to arbitrary kernel memory, or possibly cause a kernel crash. (CVE-2008-0007, Important) * the absence of sanity-checks was found in the hypervisor block backend driver, when running 32-bit paravirtualized guests on a 64-bit host. The number of blocks to be processed per one request from guest to host, or vice-versa, was not checked for its maximum value, which could have allowed a local privileged user of the guest operating system to cause a denial of service. (CVE-2007-5498, Important) * it was discovered that the Linux kernel handled string operations in the opposite way to the GNU Compiler Collection (GCC). This could allow a local unprivileged user to cause memory corruption. (CVE-2008-1367, Low) As well, these updated packages fix the following bugs : * on IBM System z architectures, when running QIOASSIST enabled QDIO devices in an IBM z/VM environment, the output queue stalled under heavy load. This caused network performance to degrade, possibly causing network hangs and outages. * multiple buffer overflows were discovered in the neofb video driver. It was not possible for an unprivileged user to exploit these issues, and as such, they have not been handled as security issues. * when running Microsoft Windows in a HVM, a bug in vmalloc/vfree caused network performance to degrade. * on certain architectures, a bug in the libATA sata_nv driver may have caused infinite reboots, and an 'ata1: CPB flags CMD err flags 0x11' error. * repeatedly hot-plugging a PCI Express card may have caused 'Bad DLLP' errors. * a NULL pointer dereference in NFS, which may have caused applications to crash, has been resolved. * when attempting to kexec reboot, either manually or via a panic-triggered kdump, the Unisys ES7000/one hanged after rebooting in the new kernel, after printing the 'Memory: 32839688k/33685504k available' line. Red Hat Enterprise Linux 5 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 32161
    published 2008-05-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32161
    title RHEL 5 : kernel (RHSA-2008:0233)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0233.NASL
    description From Red Hat Security Advisory 2008:0233 : Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * the absence of a protection mechanism when attempting to access a critical section of code has been found in the Linux kernel open file descriptors control mechanism, fcntl. This could allow a local unprivileged user to simultaneously execute code, which would otherwise be protected against parallel execution. As well, a race condition when handling locks in the Linux kernel fcntl functionality, may have allowed a process belonging to a local unprivileged user to gain re-ordered access to the descriptor table. (CVE-2008-1669, Important) * a possible hypervisor panic was found in the Linux kernel. A privileged user of a fully virtualized guest could initiate a stress-test File Transfer Protocol (FTP) transfer between the guest and the hypervisor, possibly leading to hypervisor panic. (CVE-2008-1619, Important) * the absence of a protection mechanism when attempting to access a critical section of code, as well as a race condition, have been found in the Linux kernel file system event notifier, dnotify. This could allow a local unprivileged user to get inconsistent data, or to send arbitrary signals to arbitrary system processes. (CVE-2008-1375, Important) Red Hat would like to thank Nick Piggin for responsibly disclosing the following issue : * when accessing kernel memory locations, certain Linux kernel drivers registering a fault handler did not perform required range checks. A local unprivileged user could use this flaw to gain read or write access to arbitrary kernel memory, or possibly cause a kernel crash. (CVE-2008-0007, Important) * the absence of sanity-checks was found in the hypervisor block backend driver, when running 32-bit paravirtualized guests on a 64-bit host. The number of blocks to be processed per one request from guest to host, or vice-versa, was not checked for its maximum value, which could have allowed a local privileged user of the guest operating system to cause a denial of service. (CVE-2007-5498, Important) * it was discovered that the Linux kernel handled string operations in the opposite way to the GNU Compiler Collection (GCC). This could allow a local unprivileged user to cause memory corruption. (CVE-2008-1367, Low) As well, these updated packages fix the following bugs : * on IBM System z architectures, when running QIOASSIST enabled QDIO devices in an IBM z/VM environment, the output queue stalled under heavy load. This caused network performance to degrade, possibly causing network hangs and outages. * multiple buffer overflows were discovered in the neofb video driver. It was not possible for an unprivileged user to exploit these issues, and as such, they have not been handled as security issues. * when running Microsoft Windows in a HVM, a bug in vmalloc/vfree caused network performance to degrade. * on certain architectures, a bug in the libATA sata_nv driver may have caused infinite reboots, and an 'ata1: CPB flags CMD err flags 0x11' error. * repeatedly hot-plugging a PCI Express card may have caused 'Bad DLLP' errors. * a NULL pointer dereference in NFS, which may have caused applications to crash, has been resolved. * when attempting to kexec reboot, either manually or via a panic-triggered kdump, the Unisys ES7000/one hanged after rebooting in the new kernel, after printing the 'Memory: 32839688k/33685504k available' line. Red Hat Enterprise Linux 5 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67683
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67683
    title Oracle Linux 5 : kernel (ELSA-2008-0233)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2008-044.NASL
    description The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash) via unspecified vectors. NOTE: some of these details are obtained from third-party information. (CVE-2007-5500) The tcp_sacktag_write_queue function in the Linux kernel 2.6.21 through 2.6.23.7 allowed remote attackers to cause a denial of service (crash) via crafted ACK responses that trigger a NULL pointer dereference (CVE-2007-5501). The do_corefump function in fs/exec.c in the Linux kernel prior to 2.6.24-rc3 did not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which could possibly allow local users to obtain sensitive information (CVE-2007-6206). VFS in the Linux kernel before 2.6.22.16 performed tests of access mode by using the flag variable instead of the acc_mode variable, which could possibly allow local users to bypass intended permissions and remove directories (CVE-2008-0001). The Linux kernel prior to 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allowed local users to access kernel memory via an out-of-range offset (CVE-2008-0007). A flaw in the vmsplice system call did not properly verify address arguments passed by user-space processes, which allowed local attackers to overwrite arbitrary kernel memory and gain root privileges (CVE-2008-0600). Mandriva urges all users to upgrade to these new kernels immediately as the CVE-2008-0600 flaw is being actively exploited. This issue only affects 2.6.17 and newer Linux kernels, so neither Corporate 3.0 nor Corporate 4.0 are affected. Additionally, this kernel updates the version from 2.6.22.12 to 2.6.22.18 and fixes numerous other bugs, including : - fix freeze when ejecting a cm40x0 PCMCIA card - fix crash on unloading netrom - fixes alsa-related sound issues on Dell XPS M1210 and M1330 models - the HZ value was increased on the laptop kernel to increase interactivity and reduce latency - netfilter ipset, psd, and ifwlog support was re-enabled - unionfs was reverted to a working 1.4 branch that is less buggy To update your kernel, please follow the directions located at : http://www.mandriva.com/en/security/kernelupdate
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 36924
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36924
    title Mandriva Linux Security Advisory : kernel (MDVSA-2008:044)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20080507_KERNEL_ON_SL4_X.NASL
    description These updated packages fix the following security issues : - the absence of a protection mechanism when attempting to access a critical section of code has been found in the Linux kernel open file descriptors control mechanism, fcntl. This could allow a local unprivileged user to simultaneously execute code, which would otherwise be protected against parallel execution. As well, a race condition when handling locks in the Linux kernel fcntl functionality, may have allowed a process belonging to a local unprivileged user to gain re-ordered access to the descriptor table. (CVE-2008-1669, Important) - on AMD64 architectures, the possibility of a kernel crash was discovered by testing the Linux kernel process-trace ability. This could allow a local unprivileged user to cause a denial of service (kernel crash). (CVE-2008-1615, Important) - the absence of a protection mechanism when attempting to access a critical section of code, as well as a race condition, have been found in the Linux kernel file system event notifier, dnotify. This could allow a local unprivileged user to get inconsistent data, or to send arbitrary signals to arbitrary system processes. (CVE-2008-1375, Important) - when accessing kernel memory locations, certain Linux kernel drivers registering a fault handler did not perform required range checks. A local unprivileged user could use this flaw to gain read or write access to arbitrary kernel memory, or possibly cause a kernel crash. (CVE-2008-0007, Important) - the possibility of a kernel crash was found in the Linux kernel IPsec protocol implementation, due to improper handling of fragmented ESP packets. When an attacker controlling an intermediate router fragmented these packets into very small pieces, it would cause a kernel crash on the receiving node during packet reassembly. (CVE-2007-6282, Important) - a flaw in the MOXA serial driver could allow a local unprivileged user to perform privileged operations, such as replacing firmware. (CVE-2005-0504, Important) As well, these updated packages fix the following bugs : - multiple buffer overflows in the neofb driver have been resolved. It was not possible for an unprivileged user to exploit these issues, and as such, they have not been handled as security issues. - a kernel panic, due to inconsistent detection of AGP aperture size, has been resolved. - a race condition in UNIX domain sockets may have caused 'recv()' to return zero. In clustered configurations, this may have caused unexpected failovers. - to prevent link storms, network link carrier events were delayed by up to one second, causing unnecessary packet loss. Now, link carrier events are scheduled immediately. - a client-side race on blocking locks caused large time delays on NFS file systems. - in certain situations, the libATA sata_nv driver may have sent commands with duplicate tags, which were rejected by SATA devices. This may have caused infinite reboots. - running the 'service network restart' command may have caused networking to fail. - a bug in NFS caused cached information about directories to be stored for too long, causing wrong attributes to be read. - on systems with a large highmem/lowmem ratio, NFS write performance may have been very slow when using small files. - a bug, which caused network hangs when the system clock was wrapped around zero, has been resolved.
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60394
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60394
    title Scientific Linux Security Update : kernel on SL4.x i386/x86_64
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0237.NASL
    description Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * the absence of a protection mechanism when attempting to access a critical section of code has been found in the Linux kernel open file descriptors control mechanism, fcntl. This could allow a local unprivileged user to simultaneously execute code, which would otherwise be protected against parallel execution. As well, a race condition when handling locks in the Linux kernel fcntl functionality, may have allowed a process belonging to a local unprivileged user to gain re-ordered access to the descriptor table. (CVE-2008-1669, Important) * on AMD64 architectures, the possibility of a kernel crash was discovered by testing the Linux kernel process-trace ability. This could allow a local unprivileged user to cause a denial of service (kernel crash). (CVE-2008-1615, Important) * the absence of a protection mechanism when attempting to access a critical section of code, as well as a race condition, have been found in the Linux kernel file system event notifier, dnotify. This could allow a local unprivileged user to get inconsistent data, or to send arbitrary signals to arbitrary system processes. (CVE-2008-1375, Important) Red Hat would like to thank Nick Piggin for responsibly disclosing the following issue : * when accessing kernel memory locations, certain Linux kernel drivers registering a fault handler did not perform required range checks. A local unprivileged user could use this flaw to gain read or write access to arbitrary kernel memory, or possibly cause a kernel crash. (CVE-2008-0007, Important) * the possibility of a kernel crash was found in the Linux kernel IPsec protocol implementation, due to improper handling of fragmented ESP packets. When an attacker controlling an intermediate router fragmented these packets into very small pieces, it would cause a kernel crash on the receiving node during packet reassembly. (CVE-2007-6282, Important) * a flaw in the MOXA serial driver could allow a local unprivileged user to perform privileged operations, such as replacing firmware. (CVE-2005-0504, Important) As well, these updated packages fix the following bugs : * multiple buffer overflows in the neofb driver have been resolved. It was not possible for an unprivileged user to exploit these issues, and as such, they have not been handled as security issues. * a kernel panic, due to inconsistent detection of AGP aperture size, has been resolved. * a race condition in UNIX domain sockets may have caused 'recv()' to return zero. In clustered configurations, this may have caused unexpected failovers. * to prevent link storms, network link carrier events were delayed by up to one second, causing unnecessary packet loss. Now, link carrier events are scheduled immediately. * a client-side race on blocking locks caused large time delays on NFS file systems. * in certain situations, the libATA sata_nv driver may have sent commands with duplicate tags, which were rejected by SATA devices. This may have caused infinite reboots. * running the 'service network restart' command may have caused networking to fail. * a bug in NFS caused cached information about directories to be stored for too long, causing wrong attributes to be read. * on systems with a large highmem/lowmem ratio, NFS write performance may have been very slow when using small files. * a bug, which caused network hangs when the system clock was wrapped around zero, has been resolved. Red Hat Enterprise Linux 4 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 43682
    published 2010-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43682
    title CentOS 4 : kernel (CESA-2008:0237)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0237.NASL
    description From Red Hat Security Advisory 2008:0237 : Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * the absence of a protection mechanism when attempting to access a critical section of code has been found in the Linux kernel open file descriptors control mechanism, fcntl. This could allow a local unprivileged user to simultaneously execute code, which would otherwise be protected against parallel execution. As well, a race condition when handling locks in the Linux kernel fcntl functionality, may have allowed a process belonging to a local unprivileged user to gain re-ordered access to the descriptor table. (CVE-2008-1669, Important) * on AMD64 architectures, the possibility of a kernel crash was discovered by testing the Linux kernel process-trace ability. This could allow a local unprivileged user to cause a denial of service (kernel crash). (CVE-2008-1615, Important) * the absence of a protection mechanism when attempting to access a critical section of code, as well as a race condition, have been found in the Linux kernel file system event notifier, dnotify. This could allow a local unprivileged user to get inconsistent data, or to send arbitrary signals to arbitrary system processes. (CVE-2008-1375, Important) Red Hat would like to thank Nick Piggin for responsibly disclosing the following issue : * when accessing kernel memory locations, certain Linux kernel drivers registering a fault handler did not perform required range checks. A local unprivileged user could use this flaw to gain read or write access to arbitrary kernel memory, or possibly cause a kernel crash. (CVE-2008-0007, Important) * the possibility of a kernel crash was found in the Linux kernel IPsec protocol implementation, due to improper handling of fragmented ESP packets. When an attacker controlling an intermediate router fragmented these packets into very small pieces, it would cause a kernel crash on the receiving node during packet reassembly. (CVE-2007-6282, Important) * a flaw in the MOXA serial driver could allow a local unprivileged user to perform privileged operations, such as replacing firmware. (CVE-2005-0504, Important) As well, these updated packages fix the following bugs : * multiple buffer overflows in the neofb driver have been resolved. It was not possible for an unprivileged user to exploit these issues, and as such, they have not been handled as security issues. * a kernel panic, due to inconsistent detection of AGP aperture size, has been resolved. * a race condition in UNIX domain sockets may have caused 'recv()' to return zero. In clustered configurations, this may have caused unexpected failovers. * to prevent link storms, network link carrier events were delayed by up to one second, causing unnecessary packet loss. Now, link carrier events are scheduled immediately. * a client-side race on blocking locks caused large time delays on NFS file systems. * in certain situations, the libATA sata_nv driver may have sent commands with duplicate tags, which were rejected by SATA devices. This may have caused infinite reboots. * running the 'service network restart' command may have caused networking to fail. * a bug in NFS caused cached information about directories to be stored for too long, causing wrong attributes to be read. * on systems with a large highmem/lowmem ratio, NFS write performance may have been very slow when using small files. * a bug, which caused network hangs when the system clock was wrapped around zero, has been resolved. Red Hat Enterprise Linux 4 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67685
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67685
    title Oracle Linux 4 : kernel (ELSA-2008-0237)
oval via4
accepted 2013-04-29T04:19:14.843-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Linux kernel before 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allows local users to access kernel memory via an out-of-range offset.
family unix
id oval:org.mitre.oval:def:9412
status accepted
submitted 2010-07-09T03:56:16-04:00
title Linux kernel before 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allows local users to access kernel memory via an out-of-range offset.
version 24
redhat via4
advisories
  • rhsa
    id RHSA-2008:0211
  • rhsa
    id RHSA-2008:0233
  • rhsa
    id RHSA-2008:0237
  • rhsa
    id RHSA-2008:0787
rpms
  • kernel-0:2.4.21-57.EL
  • kernel-BOOT-0:2.4.21-57.EL
  • kernel-doc-0:2.4.21-57.EL
  • kernel-hugemem-0:2.4.21-57.EL
  • kernel-hugemem-unsupported-0:2.4.21-57.EL
  • kernel-smp-0:2.4.21-57.EL
  • kernel-smp-unsupported-0:2.4.21-57.EL
  • kernel-source-0:2.4.21-57.EL
  • kernel-unsupported-0:2.4.21-57.EL
  • kernel-0:2.6.18-53.1.19.el5
  • kernel-PAE-0:2.6.18-53.1.19.el5
  • kernel-PAE-devel-0:2.6.18-53.1.19.el5
  • kernel-debug-0:2.6.18-53.1.19.el5
  • kernel-debug-devel-0:2.6.18-53.1.19.el5
  • kernel-devel-0:2.6.18-53.1.19.el5
  • kernel-doc-0:2.6.18-53.1.19.el5
  • kernel-headers-0:2.6.18-53.1.19.el5
  • kernel-kdump-0:2.6.18-53.1.19.el5
  • kernel-kdump-devel-0:2.6.18-53.1.19.el5
  • kernel-xen-0:2.6.18-53.1.19.el5
  • kernel-xen-devel-0:2.6.18-53.1.19.el5
  • kernel-0:2.6.9-67.0.15.EL
  • kernel-devel-0:2.6.9-67.0.15.EL
  • kernel-doc-0:2.6.9-67.0.15.EL
  • kernel-hugemem-0:2.6.9-67.0.15.EL
  • kernel-hugemem-devel-0:2.6.9-67.0.15.EL
  • kernel-largesmp-0:2.6.9-67.0.15.EL
  • kernel-largesmp-devel-0:2.6.9-67.0.15.EL
  • kernel-smp-0:2.6.9-67.0.15.EL
  • kernel-smp-devel-0:2.6.9-67.0.15.EL
  • kernel-xenU-0:2.6.9-67.0.15.EL
  • kernel-xenU-devel-0:2.6.9-67.0.15.EL
refmap via4
bid
  • 27686
  • 27705
bugtraq 20080208 rPSA-2008-0048-1 kernel
confirm
debian
  • DSA-1503
  • DSA-1504
  • DSA-1565
mandriva
  • MDVSA-2008:044
  • MDVSA-2008:072
  • MDVSA-2008:112
  • MDVSA-2008:174
mlist
  • [Security-announce] 20080728 VMSA-2008-00011 Updated ESX service console packages for Samba and vmnix
  • [linux-kernel] 20080206 [patch 60/73] vm audit: add VM_DONTEXPAND to mmap for drivers that need it (CVE-2008-0007)
sectrack 1019357
secunia
  • 28806
  • 28826
  • 29058
  • 29570
  • 30018
  • 30110
  • 30112
  • 30116
  • 30769
  • 31246
  • 33280
suse
  • SUSE-SA:2008:006
  • SUSE-SA:2008:017
ubuntu USN-618-1
vupen
  • ADV-2008-0445
  • ADV-2008-2222
Last major update 07-03-2011 - 22:03
Published 07-02-2008 - 21:00
Last modified 15-10-2018 - 17:56
Back to Top