ID CVE-2008-2812
Summary The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.
References
Vulnerable Configurations
  • Linux Kernel 1.2
    cpe:2.3:o:linux:linux_kernel:1.2.0
  • Linux Kernel 1.3
    cpe:2.3:o:linux:linux_kernel:1.3.0
  • cpe:2.3:o:linux:linux_kernel:2.0
    cpe:2.3:o:linux:linux_kernel:2.0
  • Linux Kernel 2.0.1
    cpe:2.3:o:linux:linux_kernel:2.0.1
  • Linux Kernel 2.0.2
    cpe:2.3:o:linux:linux_kernel:2.0.2
  • Linux Kernel 2.0.3
    cpe:2.3:o:linux:linux_kernel:2.0.3
  • Linux Kernel 2.0.4
    cpe:2.3:o:linux:linux_kernel:2.0.4
  • Linux Kernel 2.0.5
    cpe:2.3:o:linux:linux_kernel:2.0.5
  • Linux Kernel 2.0.6
    cpe:2.3:o:linux:linux_kernel:2.0.6
  • Linux Kernel 2.0.7
    cpe:2.3:o:linux:linux_kernel:2.0.7
  • Linux Kernel 2.0.8
    cpe:2.3:o:linux:linux_kernel:2.0.8
  • Linux Kernel 2.0.9
    cpe:2.3:o:linux:linux_kernel:2.0.9
  • cpe:2.3:o:linux:linux_kernel:2.0.9.9
    cpe:2.3:o:linux:linux_kernel:2.0.9.9
  • Linux Kernel 2.0.10
    cpe:2.3:o:linux:linux_kernel:2.0.10
  • Linux Kernel 2.0.11
    cpe:2.3:o:linux:linux_kernel:2.0.11
  • Linux Kernel 2.0.12
    cpe:2.3:o:linux:linux_kernel:2.0.12
  • Linux Kernel 2.0.13
    cpe:2.3:o:linux:linux_kernel:2.0.13
  • Linux Kernel 2.0.14
    cpe:2.3:o:linux:linux_kernel:2.0.14
  • Linux Kernel 2.0.15
    cpe:2.3:o:linux:linux_kernel:2.0.15
  • Linux Kernel 2.0.16
    cpe:2.3:o:linux:linux_kernel:2.0.16
  • Linux Kernel 2.0.17
    cpe:2.3:o:linux:linux_kernel:2.0.17
  • Linux Kernel 2.0.18
    cpe:2.3:o:linux:linux_kernel:2.0.18
  • Linux Kernel 2.0.19
    cpe:2.3:o:linux:linux_kernel:2.0.19
  • Linux Kernel 2.0.20
    cpe:2.3:o:linux:linux_kernel:2.0.20
  • Linux Kernel 2.0.21
    cpe:2.3:o:linux:linux_kernel:2.0.21
  • Linux Kernel 2.0.22
    cpe:2.3:o:linux:linux_kernel:2.0.22
  • Linux Kernel 2.0.23
    cpe:2.3:o:linux:linux_kernel:2.0.23
  • Linux Kernel 2.0.24
    cpe:2.3:o:linux:linux_kernel:2.0.24
  • Linux Kernel 2.0.25
    cpe:2.3:o:linux:linux_kernel:2.0.25
  • Linux Kernel 2.0.26
    cpe:2.3:o:linux:linux_kernel:2.0.26
  • Linux Kernel 2.0.27
    cpe:2.3:o:linux:linux_kernel:2.0.27
  • Linux Kernel 2.0.28
    cpe:2.3:o:linux:linux_kernel:2.0.28
  • Linux Kernel 2.0.29
    cpe:2.3:o:linux:linux_kernel:2.0.29
  • Linux Kernel 2.0.30
    cpe:2.3:o:linux:linux_kernel:2.0.30
  • Linux Kernel 2.0.31
    cpe:2.3:o:linux:linux_kernel:2.0.31
  • Linux Kernel 2.0.32
    cpe:2.3:o:linux:linux_kernel:2.0.32
  • Linux Kernel 2.0.33
    cpe:2.3:o:linux:linux_kernel:2.0.33
  • Linux Kernel 2.0.34
    cpe:2.3:o:linux:linux_kernel:2.0.34
  • Linux Kernel 2.0.35
    cpe:2.3:o:linux:linux_kernel:2.0.35
  • Linux Kernel 2.0.36
    cpe:2.3:o:linux:linux_kernel:2.0.36
  • Linux Kernel 2.0.37
    cpe:2.3:o:linux:linux_kernel:2.0.37
  • Linux Kernel 2.0.38
    cpe:2.3:o:linux:linux_kernel:2.0.38
  • Linux Kernel 2.0.39
    cpe:2.3:o:linux:linux_kernel:2.0.39
  • cpe:2.3:o:linux:linux_kernel:2.1
    cpe:2.3:o:linux:linux_kernel:2.1
  • Linux Kernel 2.1.89
    cpe:2.3:o:linux:linux_kernel:2.1.89
  • Linux Kernel 2.1.132
    cpe:2.3:o:linux:linux_kernel:2.1.132
  • Linux Kernel 2.2
    cpe:2.3:o:linux:linux_kernel:2.2.0
  • Linux Kernel 2.2.1
    cpe:2.3:o:linux:linux_kernel:2.2.1
  • Linux Kernel 2.2.2
    cpe:2.3:o:linux:linux_kernel:2.2.2
  • Linux Kernel 2.2.3
    cpe:2.3:o:linux:linux_kernel:2.2.3
  • Linux Kernel 2.2.4
    cpe:2.3:o:linux:linux_kernel:2.2.4
  • Linux Kernel 2.2.4 rc1
    cpe:2.3:o:linux:linux_kernel:2.2.4:rc1
  • Linux Kernel 2.2.5
    cpe:2.3:o:linux:linux_kernel:2.2.5
  • Linux Kernel 2.2.6
    cpe:2.3:o:linux:linux_kernel:2.2.6
  • Linux Kernel 2.2.7
    cpe:2.3:o:linux:linux_kernel:2.2.7
  • Linux Kernel 2.2.8
    cpe:2.3:o:linux:linux_kernel:2.2.8
  • Linux Kernel 2.2.9
    cpe:2.3:o:linux:linux_kernel:2.2.9
  • Linux Kernel 2.2.10
    cpe:2.3:o:linux:linux_kernel:2.2.10
  • Linux Kernel 2.2.11
    cpe:2.3:o:linux:linux_kernel:2.2.11
  • Linux Kernel 2.2.12
    cpe:2.3:o:linux:linux_kernel:2.2.12
  • Linux Kernel 2.2.13
    cpe:2.3:o:linux:linux_kernel:2.2.13
  • Linux Kernel 2.2.13 pre15
    cpe:2.3:o:linux:linux_kernel:2.2.13:pre15
  • Linux Kernel 2.2.14
    cpe:2.3:o:linux:linux_kernel:2.2.14
  • Linux Kernel 2.2.15
    cpe:2.3:o:linux:linux_kernel:2.2.15
  • Linux Kernel 2.2.15 pre16
    cpe:2.3:o:linux:linux_kernel:2.2.15:pre16
  • cpe:2.3:o:linux:linux_kernel:2.2.15_pre20
    cpe:2.3:o:linux:linux_kernel:2.2.15_pre20
  • Linux Kernel 2.2.16
    cpe:2.3:o:linux:linux_kernel:2.2.16
  • Linux Kernel 2.2.16 pre5
    cpe:2.3:o:linux:linux_kernel:2.2.16:pre5
  • Linux Kernel 2.2.16 pre6
    cpe:2.3:o:linux:linux_kernel:2.2.16:pre6
  • Linux Kernel 2.2.17
    cpe:2.3:o:linux:linux_kernel:2.2.17
  • Linux Kernel 2.2.17.14
    cpe:2.3:o:linux:linux_kernel:2.2.17:pre14
  • Linux Kernel 2.2.18
    cpe:2.3:o:linux:linux_kernel:2.2.18
  • Linux Kernel 2.2.19
    cpe:2.3:o:linux:linux_kernel:2.2.19
  • Linux Kernel 2.2.20
    cpe:2.3:o:linux:linux_kernel:2.2.20
  • Linux Kernel 2.2.21
    cpe:2.3:o:linux:linux_kernel:2.2.21
  • Linux Kernel 2.2.21 pre1
    cpe:2.3:o:linux:linux_kernel:2.2.21:pre1
  • Linux Kernel 2.2.21 pre2
    cpe:2.3:o:linux:linux_kernel:2.2.21:pre2
  • Linux Kernel 2.2.21 pre3
    cpe:2.3:o:linux:linux_kernel:2.2.21:pre3
  • Linux Kernel 2.2.21 pre4
    cpe:2.3:o:linux:linux_kernel:2.2.21:pre4
  • Linux Kernel 2.2.21 rc1
    cpe:2.3:o:linux:linux_kernel:2.2.21:rc1
  • Linux Kernel 2.2.21 rc2
    cpe:2.3:o:linux:linux_kernel:2.2.21:rc2
  • Linux Kernel 2.2.21 rc3
    cpe:2.3:o:linux:linux_kernel:2.2.21:rc3
  • Linux Kernel 2.2.21 rc4
    cpe:2.3:o:linux:linux_kernel:2.2.21:rc4
  • Linux Kernel 2.2.22
    cpe:2.3:o:linux:linux_kernel:2.2.22
  • Linux Kernel 2.2.22 rc1
    cpe:2.3:o:linux:linux_kernel:2.2.22:rc1
  • Linux Kernel 2.2.22 rc2
    cpe:2.3:o:linux:linux_kernel:2.2.22:rc2
  • Linux Kernel 2.2.22 rc3
    cpe:2.3:o:linux:linux_kernel:2.2.22:rc3
  • Linux Kernel 2.2.23
    cpe:2.3:o:linux:linux_kernel:2.2.23
  • Linux Kernel 2.2.23 rc1
    cpe:2.3:o:linux:linux_kernel:2.2.23:rc1
  • Linux Kernel 2.2.23 rc2
    cpe:2.3:o:linux:linux_kernel:2.2.23:rc2
  • Linux Kernel 2.2.24
    cpe:2.3:o:linux:linux_kernel:2.2.24
  • Linux Kernel 2.2.24 rc2
    cpe:2.3:o:linux:linux_kernel:2.2.24:rc2
  • Linux Kernel 2.2.24 rc3
    cpe:2.3:o:linux:linux_kernel:2.2.24:rc3
  • Linux Kernel 2.2.24 rc4
    cpe:2.3:o:linux:linux_kernel:2.2.24:rc4
  • Linux Kernel 2.2.24 rc5
    cpe:2.3:o:linux:linux_kernel:2.2.24:rc5
  • Linux Kernel 2.2.25
    cpe:2.3:o:linux:linux_kernel:2.2.25
  • Linux Kernel 2.2.26
    cpe:2.3:o:linux:linux_kernel:2.2.26
  • Linux Kernel 2.2.27 pre1
    cpe:2.3:o:linux:linux_kernel:2.2.27:pre1
  • Linux Kernel 2.2.27 pre2
    cpe:2.3:o:linux:linux_kernel:2.2.27:pre2
  • Linux Kernel 2.2.27 rc1
    cpe:2.3:o:linux:linux_kernel:2.2.27:rc1
  • Linux Kernel 2.2.27 rc2
    cpe:2.3:o:linux:linux_kernel:2.2.27:rc2
  • Linux Kernel 2.3
    cpe:2.3:o:linux:linux_kernel:2.3.0
  • Linux Kernel 2.3.1
    cpe:2.3:o:linux:linux_kernel:2.3.1
  • Linux Kernel 2.3.2
    cpe:2.3:o:linux:linux_kernel:2.3.2
  • Linux Kernel 2.3.3
    cpe:2.3:o:linux:linux_kernel:2.3.3
  • Linux Kernel 2.3.4
    cpe:2.3:o:linux:linux_kernel:2.3.4
  • Linux Kernel 2.3.5
    cpe:2.3:o:linux:linux_kernel:2.3.5
  • Linux Kernel 2.3.6
    cpe:2.3:o:linux:linux_kernel:2.3.6
  • Linux Kernel 2.3.7
    cpe:2.3:o:linux:linux_kernel:2.3.7
  • Linux Kernel 2.3.8
    cpe:2.3:o:linux:linux_kernel:2.3.8
  • Linux Kernel 2.3.9
    cpe:2.3:o:linux:linux_kernel:2.3.9
  • Linux Kernel 2.3.10
    cpe:2.3:o:linux:linux_kernel:2.3.10
  • Linux Kernel 2.3.11
    cpe:2.3:o:linux:linux_kernel:2.3.11
  • Linux Kernel 2.3.12
    cpe:2.3:o:linux:linux_kernel:2.3.12
  • Linux Kernel 2.3.13
    cpe:2.3:o:linux:linux_kernel:2.3.13
  • Linux Kernel 2.3.14
    cpe:2.3:o:linux:linux_kernel:2.3.14
  • Linux Kernel 2.3.15
    cpe:2.3:o:linux:linux_kernel:2.3.15
  • Linux Kernel 2.3.16
    cpe:2.3:o:linux:linux_kernel:2.3.16
  • Linux Kernel 2.3.17
    cpe:2.3:o:linux:linux_kernel:2.3.17
  • Linux Kernel 2.3.18
    cpe:2.3:o:linux:linux_kernel:2.3.18
  • Linux Kernel 2.3.19
    cpe:2.3:o:linux:linux_kernel:2.3.19
  • Linux Kernel 2.3.20
    cpe:2.3:o:linux:linux_kernel:2.3.20
  • Linux Kernel 2.3.21
    cpe:2.3:o:linux:linux_kernel:2.3.21
  • Linux Kernel 2.3.22
    cpe:2.3:o:linux:linux_kernel:2.3.22
  • Linux Kernel 2.3.23
    cpe:2.3:o:linux:linux_kernel:2.3.23
  • Linux Kernel 2.3.24
    cpe:2.3:o:linux:linux_kernel:2.3.24
  • Linux Kernel 2.3.25
    cpe:2.3:o:linux:linux_kernel:2.3.25
  • Linux Kernel 2.3.26
    cpe:2.3:o:linux:linux_kernel:2.3.26
  • Linux Kernel 2.3.27
    cpe:2.3:o:linux:linux_kernel:2.3.27
  • Linux Kernel 2.3.28
    cpe:2.3:o:linux:linux_kernel:2.3.28
  • Linux Kernel 2.3.29
    cpe:2.3:o:linux:linux_kernel:2.3.29
  • Linux Kernel 2.3.30
    cpe:2.3:o:linux:linux_kernel:2.3.30
  • Linux Kernel 2.3.31
    cpe:2.3:o:linux:linux_kernel:2.3.31
  • Linux Kernel 2.3.32
    cpe:2.3:o:linux:linux_kernel:2.3.32
  • Linux Kernel 2.3.33
    cpe:2.3:o:linux:linux_kernel:2.3.33
  • Linux Kernel 2.3.34
    cpe:2.3:o:linux:linux_kernel:2.3.34
  • Linux Kernel 2.3.35
    cpe:2.3:o:linux:linux_kernel:2.3.35
  • Linux Kernel 2.3.36
    cpe:2.3:o:linux:linux_kernel:2.3.36
  • Linux Kernel 2.3.37
    cpe:2.3:o:linux:linux_kernel:2.3.37
  • Linux Kernel 2.3.38
    cpe:2.3:o:linux:linux_kernel:2.3.38
  • Linux Kernel 2.3.39
    cpe:2.3:o:linux:linux_kernel:2.3.39
  • Linux Kernel 2.3.40
    cpe:2.3:o:linux:linux_kernel:2.3.40
  • Linux Kernel 2.3.41
    cpe:2.3:o:linux:linux_kernel:2.3.41
  • Linux Kernel 2.3.42
    cpe:2.3:o:linux:linux_kernel:2.3.42
  • Linux Kernel 2.3.43
    cpe:2.3:o:linux:linux_kernel:2.3.43
  • Linux Kernel 2.3.44
    cpe:2.3:o:linux:linux_kernel:2.3.44
  • Linux Kernel 2.3.45
    cpe:2.3:o:linux:linux_kernel:2.3.45
  • Linux Kernel 2.3.46
    cpe:2.3:o:linux:linux_kernel:2.3.46
  • Linux Kernel 2.3.47
    cpe:2.3:o:linux:linux_kernel:2.3.47
  • Linux Kernel 2.3.48
    cpe:2.3:o:linux:linux_kernel:2.3.48
  • Linux Kernel 2.3.49
    cpe:2.3:o:linux:linux_kernel:2.3.49
  • Linux Kernel 2.3.50
    cpe:2.3:o:linux:linux_kernel:2.3.50
  • Linux Kernel 2.3.51
    cpe:2.3:o:linux:linux_kernel:2.3.51
  • Linux Kernel 2.3.99
    cpe:2.3:o:linux:linux_kernel:2.3.99
  • Linux Kernel 2.3.99 pre1
    cpe:2.3:o:linux:linux_kernel:2.3.99:pre1
  • Linux Kernel 2.3.99 pre2
    cpe:2.3:o:linux:linux_kernel:2.3.99:pre2
  • Linux Kernel 2.3.99 pre3
    cpe:2.3:o:linux:linux_kernel:2.3.99:pre3
  • Linux Kernel 2.3.99 pre4
    cpe:2.3:o:linux:linux_kernel:2.3.99:pre4
  • Linux Kernel 2.3.99 pre5
    cpe:2.3:o:linux:linux_kernel:2.3.99:pre5
  • Linux Kernel 2.3.99 pre6
    cpe:2.3:o:linux:linux_kernel:2.3.99:pre6
  • Linux Kernel 2.3.99 pre7
    cpe:2.3:o:linux:linux_kernel:2.3.99:pre7
  • Linux Kernel 2.3.99 pre8
    cpe:2.3:o:linux:linux_kernel:2.3.99:pre8
  • Linux Kernel 2.3.99 pre9
    cpe:2.3:o:linux:linux_kernel:2.3.99:pre9
  • Linux Kernel 2.4.0
    cpe:2.3:o:linux:linux_kernel:2.4.0
  • Linux Kernel 2.4.0 test1
    cpe:2.3:o:linux:linux_kernel:2.4.0:test1
  • Linux Kernel 2.4.0 test10
    cpe:2.3:o:linux:linux_kernel:2.4.0:test10
  • Linux Kernel 2.4.0 test11
    cpe:2.3:o:linux:linux_kernel:2.4.0:test11
  • Linux Kernel 2.4.0 test12
    cpe:2.3:o:linux:linux_kernel:2.4.0:test12
  • Linux Kernel 2.4.0 test2
    cpe:2.3:o:linux:linux_kernel:2.4.0:test2
  • Linux Kernel 2.4.0 test3
    cpe:2.3:o:linux:linux_kernel:2.4.0:test3
  • Linux Kernel 2.4.0 test4
    cpe:2.3:o:linux:linux_kernel:2.4.0:test4
  • Linux Kernel 2.4.0 test5
    cpe:2.3:o:linux:linux_kernel:2.4.0:test5
  • Linux Kernel 2.4.0 test6
    cpe:2.3:o:linux:linux_kernel:2.4.0:test6
  • Linux Kernel 2.4.0 test7
    cpe:2.3:o:linux:linux_kernel:2.4.0:test7
  • Linux Kernel 2.4.0 test8
    cpe:2.3:o:linux:linux_kernel:2.4.0:test8
  • Linux Kernel 2.4.0 test9
    cpe:2.3:o:linux:linux_kernel:2.4.0:test9
  • Linux Kernel 2.4.1
    cpe:2.3:o:linux:linux_kernel:2.4.1
  • Linux Kernel 2.4.2
    cpe:2.3:o:linux:linux_kernel:2.4.2
  • Linux Kernel 2.4.3
    cpe:2.3:o:linux:linux_kernel:2.4.3
  • Linux Kernel 2.4.3 pre3
    cpe:2.3:o:linux:linux_kernel:2.4.3:pre3
  • Linux Kernel 2.4.4
    cpe:2.3:o:linux:linux_kernel:2.4.4
  • Linux Kernel 2.4.5
    cpe:2.3:o:linux:linux_kernel:2.4.5
  • Linux Kernel 2.4.6
    cpe:2.3:o:linux:linux_kernel:2.4.6
  • Linux Kernel 2.4.7
    cpe:2.3:o:linux:linux_kernel:2.4.7
  • Linux Kernel 2.4.8
    cpe:2.3:o:linux:linux_kernel:2.4.8
  • Linux Kernel 2.4.9
    cpe:2.3:o:linux:linux_kernel:2.4.9
  • cpe:2.3:o:linux:linux_kernel:2.4.9_pre5
    cpe:2.3:o:linux:linux_kernel:2.4.9_pre5
  • Linux Kernel 2.4.10
    cpe:2.3:o:linux:linux_kernel:2.4.10
  • Linux Kernel 2.4.11
    cpe:2.3:o:linux:linux_kernel:2.4.11
  • Linux Kernel 2.4.11 pre3
    cpe:2.3:o:linux:linux_kernel:2.4.11:pre3
  • Linux Kernel 2.4.12
    cpe:2.3:o:linux:linux_kernel:2.4.12
  • Linux Kernel 2.4.13
    cpe:2.3:o:linux:linux_kernel:2.4.13
  • Linux Kernel 2.4.14
    cpe:2.3:o:linux:linux_kernel:2.4.14
  • Linux Kernel 2.4.15
    cpe:2.3:o:linux:linux_kernel:2.4.15
  • Linux Kernel 2.4.16
    cpe:2.3:o:linux:linux_kernel:2.4.16
  • Linux Kernel 2.4.17
    cpe:2.3:o:linux:linux_kernel:2.4.17
  • Linux Kernel 2.4.18
    cpe:2.3:o:linux:linux_kernel:2.4.18
  • Linux Kernel 2.4.18 pre1
    cpe:2.3:o:linux:linux_kernel:2.4.18:pre1
  • Linux Kernel 2.4.18 pre2
    cpe:2.3:o:linux:linux_kernel:2.4.18:pre2
  • Linux Kernel 2.4.18 pre3
    cpe:2.3:o:linux:linux_kernel:2.4.18:pre3
  • Linux Kernel 2.4.18 pre4
    cpe:2.3:o:linux:linux_kernel:2.4.18:pre4
  • Linux Kernel 2.4.18 pre5
    cpe:2.3:o:linux:linux_kernel:2.4.18:pre5
  • Linux Kernel 2.4.18 pre6
    cpe:2.3:o:linux:linux_kernel:2.4.18:pre6
  • Linux Kernel 2.4.18 pre7
    cpe:2.3:o:linux:linux_kernel:2.4.18:pre7
  • Linux Kernel 2.4.18 pre8
    cpe:2.3:o:linux:linux_kernel:2.4.18:pre8
  • Linux Kernel 2.4.18 pre9
    cpe:2.3:o:linux:linux_kernel:2.4.18:pre9
  • Linux Kernel 2.4.19
    cpe:2.3:o:linux:linux_kernel:2.4.19
  • Linux Kernel 2.4.19 pre1
    cpe:2.3:o:linux:linux_kernel:2.4.19:pre1
  • Linux Kernel 2.4.19 pre2
    cpe:2.3:o:linux:linux_kernel:2.4.19:pre2
  • Linux Kernel 2.4.19 pre3
    cpe:2.3:o:linux:linux_kernel:2.4.19:pre3
  • Linux Kernel 2.4.19 pre4
    cpe:2.3:o:linux:linux_kernel:2.4.19:pre4
  • Linux Kernel 2.4.19 pre5
    cpe:2.3:o:linux:linux_kernel:2.4.19:pre5
  • Linux Kernel 2.4.19 pre6
    cpe:2.3:o:linux:linux_kernel:2.4.19:pre6
  • Linux Kernel 2.4.20
    cpe:2.3:o:linux:linux_kernel:2.4.20
  • Linux Kernel 2.4.21
    cpe:2.3:o:linux:linux_kernel:2.4.21
  • Linux Kernel 2.4.21 pre1
    cpe:2.3:o:linux:linux_kernel:2.4.21:pre1
  • Linux Kernel 2.4.21 pre4
    cpe:2.3:o:linux:linux_kernel:2.4.21:pre4
  • Linux Kernel 2.4.21 pre7
    cpe:2.3:o:linux:linux_kernel:2.4.21:pre7
  • Linux Kernel 2.4.22
    cpe:2.3:o:linux:linux_kernel:2.4.22
  • Linux Kernel 2.4.22 pre10
    cpe:2.3:o:linux:linux_kernel:2.4.22:pre10
  • Linux Kernel 2.4.23
    cpe:2.3:o:linux:linux_kernel:2.4.23
  • Linux Kernel 2.4.23 pre9
    cpe:2.3:o:linux:linux_kernel:2.4.23:pre9
  • cpe:2.3:o:linux:linux_kernel:2.4.23_ow2
    cpe:2.3:o:linux:linux_kernel:2.4.23_ow2
  • Linux Kernel 2.4.24
    cpe:2.3:o:linux:linux_kernel:2.4.24
  • cpe:2.3:o:linux:linux_kernel:2.4.24_ow1
    cpe:2.3:o:linux:linux_kernel:2.4.24_ow1
  • Linux Kernel 2.4.25
    cpe:2.3:o:linux:linux_kernel:2.4.25
  • Linux Kernel 2.4.26
    cpe:2.3:o:linux:linux_kernel:2.4.26
  • Linux Kernel 2.4.27
    cpe:2.3:o:linux:linux_kernel:2.4.27
  • Linux Kernel 2.4.27 pre1
    cpe:2.3:o:linux:linux_kernel:2.4.27:pre1
  • Linux Kernel 2.4.27 pre2
    cpe:2.3:o:linux:linux_kernel:2.4.27:pre2
  • Linux Kernel 2.4.27 pre3
    cpe:2.3:o:linux:linux_kernel:2.4.27:pre3
  • Linux Kernel 2.4.27 pre4
    cpe:2.3:o:linux:linux_kernel:2.4.27:pre4
  • Linux Kernel 2.4.27 pre5
    cpe:2.3:o:linux:linux_kernel:2.4.27:pre5
  • Linux Kernel 2.4.28
    cpe:2.3:o:linux:linux_kernel:2.4.28
  • Linux Kernel 2.4.29
    cpe:2.3:o:linux:linux_kernel:2.4.29
  • Linux Kernel 2.4.29 rc1
    cpe:2.3:o:linux:linux_kernel:2.4.29:rc1
  • Linux Kernel 2.4.29 rc2
    cpe:2.3:o:linux:linux_kernel:2.4.29:rc2
  • Linux Kernel 2.4.30
    cpe:2.3:o:linux:linux_kernel:2.4.30
  • Linux Kernel 2.4.30 rc2
    cpe:2.3:o:linux:linux_kernel:2.4.30:rc2
  • Linux Kernel 2.4.30 rc3
    cpe:2.3:o:linux:linux_kernel:2.4.30:rc3
  • Linux Kernel 2.4.31
    cpe:2.3:o:linux:linux_kernel:2.4.31
  • Linux Kernel 2.4.31 pre1
    cpe:2.3:o:linux:linux_kernel:2.4.31:pre1
  • Linux Kernel 2.4.32
    cpe:2.3:o:linux:linux_kernel:2.4.32
  • Linux Kernel 2.4.32 pre1
    cpe:2.3:o:linux:linux_kernel:2.4.32:pre1
  • Linux Kernel 2.4.32 pre2
    cpe:2.3:o:linux:linux_kernel:2.4.32:pre2
  • Linux Kernel 2.4.33
    cpe:2.3:o:linux:linux_kernel:2.4.33
  • Linux Kernel 2.4.33 pre1
    cpe:2.3:o:linux:linux_kernel:2.4.33:pre1
  • Linux Kernel 2.4.33.2
    cpe:2.3:o:linux:linux_kernel:2.4.33.2
  • Linux Kernel 2.4.33.3
    cpe:2.3:o:linux:linux_kernel:2.4.33.3
  • Linux Kernel 2.4.33.4
    cpe:2.3:o:linux:linux_kernel:2.4.33.4
  • Linux Kernel 2.4.33.5
    cpe:2.3:o:linux:linux_kernel:2.4.33.5
  • Linux Kernel 2.4.34
    cpe:2.3:o:linux:linux_kernel:2.4.34
  • Linux Kernel 2.4.34 rc3
    cpe:2.3:o:linux:linux_kernel:2.4.34:rc3
  • Linux Kernel 2.4.34.1
    cpe:2.3:o:linux:linux_kernel:2.4.34.1
  • Linux Kernel 2.4.34.2
    cpe:2.3:o:linux:linux_kernel:2.4.34.2
  • Linux Kernel 2.4.35
    cpe:2.3:o:linux:linux_kernel:2.4.35
  • Linux Kernel 2.4.35.2
    cpe:2.3:o:linux:linux_kernel:2.4.35.2
  • cpe:2.3:o:linux:linux_kernel:2.4.36
    cpe:2.3:o:linux:linux_kernel:2.4.36
  • cpe:2.3:o:linux:linux_kernel:2.4.36.1
    cpe:2.3:o:linux:linux_kernel:2.4.36.1
  • cpe:2.3:o:linux:linux_kernel:2.4.36.2
    cpe:2.3:o:linux:linux_kernel:2.4.36.2
  • cpe:2.3:o:linux:linux_kernel:2.4.36.3
    cpe:2.3:o:linux:linux_kernel:2.4.36.3
  • cpe:2.3:o:linux:linux_kernel:2.4.36.4
    cpe:2.3:o:linux:linux_kernel:2.4.36.4
  • cpe:2.3:o:linux:linux_kernel:2.4.36.5
    cpe:2.3:o:linux:linux_kernel:2.4.36.5
  • Linux Kernel 2.5.0
    cpe:2.3:o:linux:linux_kernel:2.5.0
  • Linux Kernel 2.5.1
    cpe:2.3:o:linux:linux_kernel:2.5.1
  • Linux Kernel 2.5.2
    cpe:2.3:o:linux:linux_kernel:2.5.2
  • Linux Kernel 2.5.3
    cpe:2.3:o:linux:linux_kernel:2.5.3
  • Linux Kernel 2.5.4
    cpe:2.3:o:linux:linux_kernel:2.5.4
  • Linux Kernel 2.5.5
    cpe:2.3:o:linux:linux_kernel:2.5.5
  • Linux Kernel 2.5.6
    cpe:2.3:o:linux:linux_kernel:2.5.6
  • Linux Kernel 2.5.7
    cpe:2.3:o:linux:linux_kernel:2.5.7
  • Linux Kernel 2.5.8
    cpe:2.3:o:linux:linux_kernel:2.5.8
  • Linux Kernel 2.5.9
    cpe:2.3:o:linux:linux_kernel:2.5.9
  • Linux Kernel 2.5.10
    cpe:2.3:o:linux:linux_kernel:2.5.10
  • Linux Kernel 2.5.11
    cpe:2.3:o:linux:linux_kernel:2.5.11
  • Linux Kernel 2.5.12
    cpe:2.3:o:linux:linux_kernel:2.5.12
  • Linux Kernel 2.5.13
    cpe:2.3:o:linux:linux_kernel:2.5.13
  • Linux Kernel 2.5.14
    cpe:2.3:o:linux:linux_kernel:2.5.14
  • Linux Kernel 2.5.15
    cpe:2.3:o:linux:linux_kernel:2.5.15
  • Linux Kernel 2.5.16
    cpe:2.3:o:linux:linux_kernel:2.5.16
  • Linux Kernel 2.5.17
    cpe:2.3:o:linux:linux_kernel:2.5.17
  • Linux Kernel 2.5.18
    cpe:2.3:o:linux:linux_kernel:2.5.18
  • Linux Kernel 2.5.19
    cpe:2.3:o:linux:linux_kernel:2.5.19
  • Linux Kernel 2.5.20
    cpe:2.3:o:linux:linux_kernel:2.5.20
  • Linux Kernel 2.5.21
    cpe:2.3:o:linux:linux_kernel:2.5.21
  • Linux Kernel 2.5.22
    cpe:2.3:o:linux:linux_kernel:2.5.22
  • Linux Kernel 2.5.23
    cpe:2.3:o:linux:linux_kernel:2.5.23
  • Linux Kernel 2.5.24
    cpe:2.3:o:linux:linux_kernel:2.5.24
  • Linux Kernel 2.5.25
    cpe:2.3:o:linux:linux_kernel:2.5.25
  • Linux Kernel 2.5.26
    cpe:2.3:o:linux:linux_kernel:2.5.26
  • Linux Kernel 2.5.27
    cpe:2.3:o:linux:linux_kernel:2.5.27
  • Linux Kernel 2.5.28
    cpe:2.3:o:linux:linux_kernel:2.5.28
  • Linux Kernel 2.5.29
    cpe:2.3:o:linux:linux_kernel:2.5.29
  • Linux Kernel 2.5.30
    cpe:2.3:o:linux:linux_kernel:2.5.30
  • Linux Kernel 2.5.31
    cpe:2.3:o:linux:linux_kernel:2.5.31
  • Linux Kernel 2.5.32
    cpe:2.3:o:linux:linux_kernel:2.5.32
  • Linux Kernel 2.5.33
    cpe:2.3:o:linux:linux_kernel:2.5.33
  • Linux Kernel 2.5.34
    cpe:2.3:o:linux:linux_kernel:2.5.34
  • Linux Kernel 2.5.35
    cpe:2.3:o:linux:linux_kernel:2.5.35
  • Linux Kernel 2.5.36
    cpe:2.3:o:linux:linux_kernel:2.5.36
  • Linux Kernel 2.5.37
    cpe:2.3:o:linux:linux_kernel:2.5.37
  • Linux Kernel 2.5.38
    cpe:2.3:o:linux:linux_kernel:2.5.38
  • Linux Kernel 2.5.39
    cpe:2.3:o:linux:linux_kernel:2.5.39
  • Linux Kernel 2.5.40
    cpe:2.3:o:linux:linux_kernel:2.5.40
  • Linux Kernel 2.5.41
    cpe:2.3:o:linux:linux_kernel:2.5.41
  • Linux Kernel 2.5.42
    cpe:2.3:o:linux:linux_kernel:2.5.42
  • Linux Kernel 2.5.43
    cpe:2.3:o:linux:linux_kernel:2.5.43
  • Linux Kernel 2.5.44
    cpe:2.3:o:linux:linux_kernel:2.5.44
  • Linux Kernel 2.5.45
    cpe:2.3:o:linux:linux_kernel:2.5.45
  • Linux Kernel 2.5.46
    cpe:2.3:o:linux:linux_kernel:2.5.46
  • Linux Kernel 2.5.47
    cpe:2.3:o:linux:linux_kernel:2.5.47
  • Linux Kernel 2.5.48
    cpe:2.3:o:linux:linux_kernel:2.5.48
  • Linux Kernel 2.5.49
    cpe:2.3:o:linux:linux_kernel:2.5.49
  • Linux Kernel 2.5.50
    cpe:2.3:o:linux:linux_kernel:2.5.50
  • Linux Kernel 2.5.51
    cpe:2.3:o:linux:linux_kernel:2.5.51
  • Linux Kernel 2.5.52
    cpe:2.3:o:linux:linux_kernel:2.5.52
  • Linux Kernel 2.5.53
    cpe:2.3:o:linux:linux_kernel:2.5.53
  • Linux Kernel 2.5.54
    cpe:2.3:o:linux:linux_kernel:2.5.54
  • Linux Kernel 2.5.55
    cpe:2.3:o:linux:linux_kernel:2.5.55
  • Linux Kernel 2.5.56
    cpe:2.3:o:linux:linux_kernel:2.5.56
  • Linux Kernel 2.5.57
    cpe:2.3:o:linux:linux_kernel:2.5.57
  • Linux Kernel 2.5.58
    cpe:2.3:o:linux:linux_kernel:2.5.58
  • Linux Kernel 2.5.59
    cpe:2.3:o:linux:linux_kernel:2.5.59
  • Linux Kernel 2.5.60
    cpe:2.3:o:linux:linux_kernel:2.5.60
  • Linux Kernel 2.5.61
    cpe:2.3:o:linux:linux_kernel:2.5.61
  • Linux Kernel 2.5.62
    cpe:2.3:o:linux:linux_kernel:2.5.62
  • Linux Kernel 2.5.63
    cpe:2.3:o:linux:linux_kernel:2.5.63
  • Linux Kernel 2.5.64
    cpe:2.3:o:linux:linux_kernel:2.5.64
  • Linux Kernel 2.5.65
    cpe:2.3:o:linux:linux_kernel:2.5.65
  • Linux Kernel 2.5.66
    cpe:2.3:o:linux:linux_kernel:2.5.66
  • Linux Kernel 2.5.67
    cpe:2.3:o:linux:linux_kernel:2.5.67
  • Linux Kernel 2.5.68
    cpe:2.3:o:linux:linux_kernel:2.5.68
  • Linux Kernel 2.5.69
    cpe:2.3:o:linux:linux_kernel:2.5.69
  • Linux Kernel 2.6.0
    cpe:2.3:o:linux:linux_kernel:2.6.0
  • Linux Kernel 2.6 test1
    cpe:2.3:o:linux:linux_kernel:2.6.0:test1
  • Linux Kernel 2.6 test10
    cpe:2.3:o:linux:linux_kernel:2.6.0:test10
  • Linux Kernel 2.6 test11
    cpe:2.3:o:linux:linux_kernel:2.6.0:test11
  • Linux Kernel 2.6 test2
    cpe:2.3:o:linux:linux_kernel:2.6.0:test2
  • Linux Kernel 2.6 test3
    cpe:2.3:o:linux:linux_kernel:2.6.0:test3
  • Linux Kernel 2.6 test4
    cpe:2.3:o:linux:linux_kernel:2.6.0:test4
  • Linux Kernel 2.6 test5
    cpe:2.3:o:linux:linux_kernel:2.6.0:test5
  • Linux Kernel 2.6 test6
    cpe:2.3:o:linux:linux_kernel:2.6.0:test6
  • Linux Kernel 2.6 test7
    cpe:2.3:o:linux:linux_kernel:2.6.0:test7
  • Linux Kernel 2.6 test8
    cpe:2.3:o:linux:linux_kernel:2.6.0:test8
  • Linux Kernel 2.6 test9
    cpe:2.3:o:linux:linux_kernel:2.6.0:test9
  • Linux Kernel 2.6.1
    cpe:2.3:o:linux:linux_kernel:2.6.1
  • Linux Kernel 2.6.1 Release Candidate 1
    cpe:2.3:o:linux:linux_kernel:2.6.1:rc1
  • Linux Kernel 2.6.1 Release Candidate 2
    cpe:2.3:o:linux:linux_kernel:2.6.1:rc2
  • Linux Kernel 2.6.1 Release Candidate 3
    cpe:2.3:o:linux:linux_kernel:2.6.1:rc3
  • Linux Kernel 2.6.2
    cpe:2.3:o:linux:linux_kernel:2.6.2
  • Linux Kernel 2.6.2 Release Candidate 1
    cpe:2.3:o:linux:linux_kernel:2.6.2:rc1
  • Linux Kernel 2.6.2 Release Candidate 2
    cpe:2.3:o:linux:linux_kernel:2.6.2:rc2
  • Linux Kernel 2.6.2 Release Candidate 3
    cpe:2.3:o:linux:linux_kernel:2.6.2:rc3
  • Linux Kernel 2.6.10
    cpe:2.3:o:linux:linux_kernel:2.6.10
  • Linux Kernel 2.6.10 Release Candidate 1
    cpe:2.3:o:linux:linux_kernel:2.6.10:rc1
  • Linux Kernel 2.6.10 Release Candidate 2
    cpe:2.3:o:linux:linux_kernel:2.6.10:rc2
  • Linux Kernel 2.6.10 Release Candidate 3
    cpe:2.3:o:linux:linux_kernel:2.6.10:rc3
  • Linux Kernel 2.6.11
    cpe:2.3:o:linux:linux_kernel:2.6.11
  • Linux Kernel 2.6.11 Release Candidate 1
    cpe:2.3:o:linux:linux_kernel:2.6.11:rc1
  • Linux Kernel 2.6.11 Release Candidate 2
    cpe:2.3:o:linux:linux_kernel:2.6.11:rc2
  • Linux Kernel 2.6.11 Release Candidate 3
    cpe:2.3:o:linux:linux_kernel:2.6.11:rc3
  • Linux Kernel 2.6.11 Release Candidate 4
    cpe:2.3:o:linux:linux_kernel:2.6.11:rc4
  • Linux Kernel 2.6.11 Release Candidate 5
    cpe:2.3:o:linux:linux_kernel:2.6.11:rc5
  • Linux Kernel 2.6.11.1
    cpe:2.3:o:linux:linux_kernel:2.6.11.1
  • Linux Kernel 2.6.11.2
    cpe:2.3:o:linux:linux_kernel:2.6.11.2
  • Linux Kernel 2.6.11.3
    cpe:2.3:o:linux:linux_kernel:2.6.11.3
  • Linux Kernel 2.6.11.4
    cpe:2.3:o:linux:linux_kernel:2.6.11.4
  • Linux Kernel 2.6.11.5
    cpe:2.3:o:linux:linux_kernel:2.6.11.5
  • Linux Kernel 2.6.11.6
    cpe:2.3:o:linux:linux_kernel:2.6.11.6
  • Linux Kernel 2.6.11.7
    cpe:2.3:o:linux:linux_kernel:2.6.11.7
  • Linux Kernel 2.6.11.8
    cpe:2.3:o:linux:linux_kernel:2.6.11.8
  • Linux Kernel 2.6.11.9
    cpe:2.3:o:linux:linux_kernel:2.6.11.9
  • Linux Kernel 2.6.11.10
    cpe:2.3:o:linux:linux_kernel:2.6.11.10
  • Linux Kernel 2.6.11.11
    cpe:2.3:o:linux:linux_kernel:2.6.11.11
  • Linux Kernel 2.6.11.12
    cpe:2.3:o:linux:linux_kernel:2.6.11.12
  • cpe:2.3:o:linux:linux_kernel:2.6.11_rc1_bk6
    cpe:2.3:o:linux:linux_kernel:2.6.11_rc1_bk6
  • Linux Kernel 2.6.12
    cpe:2.3:o:linux:linux_kernel:2.6.12
  • Linux Kernel 2.6.12 Release Candidate 1
    cpe:2.3:o:linux:linux_kernel:2.6.12:rc1
  • Linux Kernel 2.6.12 Release Candidate 2
    cpe:2.3:o:linux:linux_kernel:2.6.12:rc2
  • Linux Kernel 2.6.12 Release Candidate 3
    cpe:2.3:o:linux:linux_kernel:2.6.12:rc3
  • Linux Kernel 2.6.12 Release Candidate 4
    cpe:2.3:o:linux:linux_kernel:2.6.12:rc4
  • Linux Kernel 2.6.12 Release Candidate 5
    cpe:2.3:o:linux:linux_kernel:2.6.12:rc5
  • Linux Kernel 2.6.12 Release Candidate 6
    cpe:2.3:o:linux:linux_kernel:2.6.12:rc6
  • Linux Kernel 2.6.12.1
    cpe:2.3:o:linux:linux_kernel:2.6.12.1
  • Linux Kernel 2.6.12.2
    cpe:2.3:o:linux:linux_kernel:2.6.12.2
  • Linux Kernel 2.6.12.3
    cpe:2.3:o:linux:linux_kernel:2.6.12.3
  • Linux Kernel 2.6.12.4
    cpe:2.3:o:linux:linux_kernel:2.6.12.4
  • Linux Kernel 2.6.12.5
    cpe:2.3:o:linux:linux_kernel:2.6.12.5
  • Linux Kernel 2.6.12.6
    cpe:2.3:o:linux:linux_kernel:2.6.12.6
  • cpe:2.3:o:linux:linux_kernel:2.6.12.12
    cpe:2.3:o:linux:linux_kernel:2.6.12.12
  • cpe:2.3:o:linux:linux_kernel:2.6.12.22
    cpe:2.3:o:linux:linux_kernel:2.6.12.22
  • Linux Kernel 2.6.13
    cpe:2.3:o:linux:linux_kernel:2.6.13
  • Linux Kernel 2.6.13 Release Candidate 1
    cpe:2.3:o:linux:linux_kernel:2.6.13:rc1
  • Linux Kernel 2.6.13 Release Candidate 2
    cpe:2.3:o:linux:linux_kernel:2.6.13:rc2
  • Linux Kernel 2.6.13 Release Candidate 3
    cpe:2.3:o:linux:linux_kernel:2.6.13:rc3
  • Linux Kernel 2.6.13 Release Candidate 4
    cpe:2.3:o:linux:linux_kernel:2.6.13:rc4
  • Linux Kernel 2.6.13 Release Candidate 5
    cpe:2.3:o:linux:linux_kernel:2.6.13:rc5
  • Linux Kernel 2.6.13 Release Candidate 6
    cpe:2.3:o:linux:linux_kernel:2.6.13:rc6
  • Linux Kernel 2.6.13 Release Candidate 7
    cpe:2.3:o:linux:linux_kernel:2.6.13:rc7
  • Linux Kernel 2.6.13.1
    cpe:2.3:o:linux:linux_kernel:2.6.13.1
  • Linux Kernel 2.6.13.2
    cpe:2.3:o:linux:linux_kernel:2.6.13.2
  • Linux Kernel 2.6.13.3
    cpe:2.3:o:linux:linux_kernel:2.6.13.3
  • Linux Kernel 2.6.13.4
    cpe:2.3:o:linux:linux_kernel:2.6.13.4
  • Linux Kernel 2.6.13.5
    cpe:2.3:o:linux:linux_kernel:2.6.13.5
  • Linux Kernel 2.6.14
    cpe:2.3:o:linux:linux_kernel:2.6.14
  • Linux Kernel 2.6.14 Release Candidate 1
    cpe:2.3:o:linux:linux_kernel:2.6.14:rc1
  • Linux Kernel 2.6.14 Release Candidate 2
    cpe:2.3:o:linux:linux_kernel:2.6.14:rc2
  • Linux Kernel 2.6.14 Release Candidate 3
    cpe:2.3:o:linux:linux_kernel:2.6.14:rc3
  • Linux Kernel 2.6.14 Release Candidate 4
    cpe:2.3:o:linux:linux_kernel:2.6.14:rc4
  • Linux Kernel 2.6.14 Release Candidate 5
    cpe:2.3:o:linux:linux_kernel:2.6.14:rc5
  • Linux Kernel 2.6.14.1
    cpe:2.3:o:linux:linux_kernel:2.6.14.1
  • Linux Kernel 2.6.14.2
    cpe:2.3:o:linux:linux_kernel:2.6.14.2
  • Linux Kernel 2.6.14.3
    cpe:2.3:o:linux:linux_kernel:2.6.14.3
  • Linux Kernel 2.6.14.4
    cpe:2.3:o:linux:linux_kernel:2.6.14.4
  • Linux Kernel 2.6.14.5
    cpe:2.3:o:linux:linux_kernel:2.6.14.5
  • Linux Kernel 2.6.14.6
    cpe:2.3:o:linux:linux_kernel:2.6.14.6
  • Linux Kernel 2.6.14.7
    cpe:2.3:o:linux:linux_kernel:2.6.14.7
  • Linux Kernel 2.6.15
    cpe:2.3:o:linux:linux_kernel:2.6.15
  • Linux Kernel 2.6.15 Release Candidate 1
    cpe:2.3:o:linux:linux_kernel:2.6.15:rc1
  • Linux Kernel 2.6.15 Release Candidate 2
    cpe:2.3:o:linux:linux_kernel:2.6.15:rc2
  • Linux Kernel 2.6.15 Release Candidate 3
    cpe:2.3:o:linux:linux_kernel:2.6.15:rc3
  • Linux Kernel 2.6.15 Release Candidate 4
    cpe:2.3:o:linux:linux_kernel:2.6.15:rc4
  • Linux Kernel 2.6.15 Release Candidate 5
    cpe:2.3:o:linux:linux_kernel:2.6.15:rc5
  • Linux Kernel 2.6.15 Release Candidate 6
    cpe:2.3:o:linux:linux_kernel:2.6.15:rc6
  • Linux Kernel 2.6.15 Release Candidate 7
    cpe:2.3:o:linux:linux_kernel:2.6.15:rc7
  • Linux Kernel 2.6.15.1
    cpe:2.3:o:linux:linux_kernel:2.6.15.1
  • Linux Kernel 2.6.15.2
    cpe:2.3:o:linux:linux_kernel:2.6.15.2
  • Linux Kernel 2.6.15.3
    cpe:2.3:o:linux:linux_kernel:2.6.15.3
  • Linux Kernel 2.6.15.4
    cpe:2.3:o:linux:linux_kernel:2.6.15.4
  • Linux Kernel 2.6.15.5
    cpe:2.3:o:linux:linux_kernel:2.6.15.5
  • Linux Kernel 2.6.15.6
    cpe:2.3:o:linux:linux_kernel:2.6.15.6
  • Linux Kernel 2.6.15.7
    cpe:2.3:o:linux:linux_kernel:2.6.15.7
  • Linux Kernel 2.6.15.11
    cpe:2.3:o:linux:linux_kernel:2.6.15.11
  • Linux Kernel 2.6.16
    cpe:2.3:o:linux:linux_kernel:2.6.16
  • Linux Kernel 2.6.16 Release Candidate 1
    cpe:2.3:o:linux:linux_kernel:2.6.16:rc1
  • Linux Kernel 2.6.16 Release Candidate 2
    cpe:2.3:o:linux:linux_kernel:2.6.16:rc2
  • Linux Kernel 2.6.16 Release Candidate 3
    cpe:2.3:o:linux:linux_kernel:2.6.16:rc3
  • Linux Kernel 2.6.16 Release Candidate 4
    cpe:2.3:o:linux:linux_kernel:2.6.16:rc4
  • Linux Kernel 2.6.16 Release Candidate 5
    cpe:2.3:o:linux:linux_kernel:2.6.16:rc5
  • Linux Kernel 2.6.16 Release Candidate 6
    cpe:2.3:o:linux:linux_kernel:2.6.16:rc6
  • Linux Kernel 2.6.16.1
    cpe:2.3:o:linux:linux_kernel:2.6.16.1
  • Linux Kernel 2.6.16.2
    cpe:2.3:o:linux:linux_kernel:2.6.16.2
  • Linux Kernel 2.6.16.3
    cpe:2.3:o:linux:linux_kernel:2.6.16.3
  • Linux Kernel 2.6.16.4
    cpe:2.3:o:linux:linux_kernel:2.6.16.4
  • Linux Kernel 2.6.16.5
    cpe:2.3:o:linux:linux_kernel:2.6.16.5
  • Linux Kernel 2.6.16.6
    cpe:2.3:o:linux:linux_kernel:2.6.16.6
  • Linux Kernel 2.6.16.7
    cpe:2.3:o:linux:linux_kernel:2.6.16.7
  • Linux Kernel 2.6.16.8
    cpe:2.3:o:linux:linux_kernel:2.6.16.8
  • Linux Kernel 2.6.16.9
    cpe:2.3:o:linux:linux_kernel:2.6.16.9
  • Linux Kernel 2.6.16.10
    cpe:2.3:o:linux:linux_kernel:2.6.16.10
  • Linux Kernel 2.6.16.11
    cpe:2.3:o:linux:linux_kernel:2.6.16.11
  • Linux Kernel 2.6.16.12
    cpe:2.3:o:linux:linux_kernel:2.6.16.12
  • Linux Kernel 2.6.16.13
    cpe:2.3:o:linux:linux_kernel:2.6.16.13
  • Linux Kernel 2.6.16.14
    cpe:2.3:o:linux:linux_kernel:2.6.16.14
  • Linux Kernel 2.6.16.15
    cpe:2.3:o:linux:linux_kernel:2.6.16.15
  • Linux Kernel 2.6.16.16
    cpe:2.3:o:linux:linux_kernel:2.6.16.16
  • Linux Kernel 2.6.16.17
    cpe:2.3:o:linux:linux_kernel:2.6.16.17
  • Linux Kernel 2.6.16.18
    cpe:2.3:o:linux:linux_kernel:2.6.16.18
  • Linux Kernel 2.6.16.19
    cpe:2.3:o:linux:linux_kernel:2.6.16.19
  • Linux Kernel 2.6.16.20
    cpe:2.3:o:linux:linux_kernel:2.6.16.20
  • Linux Kernel 2.6.16.21
    cpe:2.3:o:linux:linux_kernel:2.6.16.21
  • Linux Kernel 2.6.16.22
    cpe:2.3:o:linux:linux_kernel:2.6.16.22
  • Linux Kernel 2.6.16.23
    cpe:2.3:o:linux:linux_kernel:2.6.16.23
  • Linux Kernel 2.6.16.24
    cpe:2.3:o:linux:linux_kernel:2.6.16.24
  • Linux Kernel 2.6.16.25
    cpe:2.3:o:linux:linux_kernel:2.6.16.25
  • Linux Kernel 2.6.16.26
    cpe:2.3:o:linux:linux_kernel:2.6.16.26
  • Linux Kernel 2.6.16.27
    cpe:2.3:o:linux:linux_kernel:2.6.16.27
  • Linux Kernel 2.6.16.28
    cpe:2.3:o:linux:linux_kernel:2.6.16.28
  • Linux Kernel 2.6.16.29
    cpe:2.3:o:linux:linux_kernel:2.6.16.29
  • Linux Kernel 2.6.16.30
    cpe:2.3:o:linux:linux_kernel:2.6.16.30
  • Linux Kernel 2.6.16.31
    cpe:2.3:o:linux:linux_kernel:2.6.16.31
  • Linux Kernel 2.6.16.32
    cpe:2.3:o:linux:linux_kernel:2.6.16.32
  • Linux Kernel 2.6.16.33
    cpe:2.3:o:linux:linux_kernel:2.6.16.33
  • Linux Kernel 2.6.16.34
    cpe:2.3:o:linux:linux_kernel:2.6.16.34
  • Linux Kernel 2.6.16.35
    cpe:2.3:o:linux:linux_kernel:2.6.16.35
  • Linux Kernel 2.6.16.36
    cpe:2.3:o:linux:linux_kernel:2.6.16.36
  • Linux Kernel 2.6.16.37
    cpe:2.3:o:linux:linux_kernel:2.6.16.37
  • Linux Kernel 2.6.16.38
    cpe:2.3:o:linux:linux_kernel:2.6.16.38
  • Linux Kernel 2.6.16.39
    cpe:2.3:o:linux:linux_kernel:2.6.16.39
  • Linux Kernel 2.6.16.40
    cpe:2.3:o:linux:linux_kernel:2.6.16.40
  • Linux Kernel 2.6.16.41
    cpe:2.3:o:linux:linux_kernel:2.6.16.41
  • Linux Kernel 2.6.16.43
    cpe:2.3:o:linux:linux_kernel:2.6.16.43
  • Linux Kernel 2.6.16.44
    cpe:2.3:o:linux:linux_kernel:2.6.16.44
  • Linux Kernel 2.6.16.45
    cpe:2.3:o:linux:linux_kernel:2.6.16.45
  • Linux Kernel 2.6.16.46
    cpe:2.3:o:linux:linux_kernel:2.6.16.46
  • Linux Kernel 2.6.16.47
    cpe:2.3:o:linux:linux_kernel:2.6.16.47
  • Linux Kernel 2.6.16.48
    cpe:2.3:o:linux:linux_kernel:2.6.16.48
  • Linux Kernel 2.6.16.49
    cpe:2.3:o:linux:linux_kernel:2.6.16.49
  • Linux Kernel 2.6.16.50
    cpe:2.3:o:linux:linux_kernel:2.6.16.50
  • Linux Kernel 2.6.16.51
    cpe:2.3:o:linux:linux_kernel:2.6.16.51
  • Linux Kernel 2.6.16.52
    cpe:2.3:o:linux:linux_kernel:2.6.16.52
  • Linux Kernel 2.6.16.53
    cpe:2.3:o:linux:linux_kernel:2.6.16.53
  • cpe:2.3:o:linux:linux_kernel:2.6.16_rc7
    cpe:2.3:o:linux:linux_kernel:2.6.16_rc7
  • Linux Kernel 2.6.17
    cpe:2.3:o:linux:linux_kernel:2.6.17
  • Linux Kernel 2.6.17 Release Candidate 1
    cpe:2.3:o:linux:linux_kernel:2.6.17:rc1
  • Linux Kernel 2.6.17 Release Candidate 2
    cpe:2.3:o:linux:linux_kernel:2.6.17:rc2
  • Linux Kernel 2.6.17 Release Candidate 3
    cpe:2.3:o:linux:linux_kernel:2.6.17:rc3
  • Linux Kernel 2.6.17 Release Candidate 4
    cpe:2.3:o:linux:linux_kernel:2.6.17:rc4
  • Linux Kernel 2.6.17 Release Candidate 5
    cpe:2.3:o:linux:linux_kernel:2.6.17:rc5
  • Linux Kernel 2.6.17 Release Candidate 6
    cpe:2.3:o:linux:linux_kernel:2.6.17:rc6
  • Linux Kernel 2.6.17.1
    cpe:2.3:o:linux:linux_kernel:2.6.17.1
  • Linux Kernel 2.6.17.2
    cpe:2.3:o:linux:linux_kernel:2.6.17.2
  • Linux Kernel 2.6.17.3
    cpe:2.3:o:linux:linux_kernel:2.6.17.3
  • Linux Kernel 2.6.17.4
    cpe:2.3:o:linux:linux_kernel:2.6.17.4
  • Linux Kernel 2.6.17.5
    cpe:2.3:o:linux:linux_kernel:2.6.17.5
  • Linux Kernel 2.6.17.6
    cpe:2.3:o:linux:linux_kernel:2.6.17.6
  • Linux Kernel 2.6.17.7
    cpe:2.3:o:linux:linux_kernel:2.6.17.7
  • Linux Kernel 2.6.17.8
    cpe:2.3:o:linux:linux_kernel:2.6.17.8
  • Linux Kernel 2.6.17.9
    cpe:2.3:o:linux:linux_kernel:2.6.17.9
  • Linux Kernel 2.6.17.10
    cpe:2.3:o:linux:linux_kernel:2.6.17.10
  • Linux Kernel 2.6.17.11
    cpe:2.3:o:linux:linux_kernel:2.6.17.11
  • Linux Kernel 2.6.17.12
    cpe:2.3:o:linux:linux_kernel:2.6.17.12
  • Linux Kernel 2.6.17.13
    cpe:2.3:o:linux:linux_kernel:2.6.17.13
  • Linux Kernel 2.6.17.14
    cpe:2.3:o:linux:linux_kernel:2.6.17.14
  • Linux Kernel 2.6.18
    cpe:2.3:o:linux:linux_kernel:2.6.18
  • Linux Kernel 2.6.18 Release Candidate 1
    cpe:2.3:o:linux:linux_kernel:2.6.18:rc1
  • Linux Kernel 2.6.18 Release Candidate 2
    cpe:2.3:o:linux:linux_kernel:2.6.18:rc2
  • Linux Kernel 2.6.18 Release Candidate 3
    cpe:2.3:o:linux:linux_kernel:2.6.18:rc3
  • Linux Kernel 2.6.18 Release Candidate 4
    cpe:2.3:o:linux:linux_kernel:2.6.18:rc4
  • Linux Kernel 2.6.18 Release Candidate 5
    cpe:2.3:o:linux:linux_kernel:2.6.18:rc5
  • Linux Kernel 2.6.18 Release Candidate 6
    cpe:2.3:o:linux:linux_kernel:2.6.18:rc6
  • Linux Kernel 2.6.18 Release Candidate 7
    cpe:2.3:o:linux:linux_kernel:2.6.18:rc7
  • Linux Kernel 2.6.18.1
    cpe:2.3:o:linux:linux_kernel:2.6.18.1
  • Linux Kernel 2.6.18.2
    cpe:2.3:o:linux:linux_kernel:2.6.18.2
  • Linux Kernel 2.6.18.3
    cpe:2.3:o:linux:linux_kernel:2.6.18.3
  • Linux Kernel 2.6.18.4
    cpe:2.3:o:linux:linux_kernel:2.6.18.4
  • Linux Kernel 2.6.18.5
    cpe:2.3:o:linux:linux_kernel:2.6.18.5
  • Linux Kernel 2.6.18.6
    cpe:2.3:o:linux:linux_kernel:2.6.18.6
  • Linux Kernel 2.6.18.7
    cpe:2.3:o:linux:linux_kernel:2.6.18.7
  • Linux Kernel 2.6.18.8
    cpe:2.3:o:linux:linux_kernel:2.6.18.8
  • Linux Kernel 2.6.19
    cpe:2.3:o:linux:linux_kernel:2.6.19
  • Linux Kernel 2.6.19 Release Candidate 1
    cpe:2.3:o:linux:linux_kernel:2.6.19:rc1
  • Linux Kernel 2.6.19 Release Candidate 2
    cpe:2.3:o:linux:linux_kernel:2.6.19:rc2
  • Linux Kernel 2.6.19 Release Candidate 3
    cpe:2.3:o:linux:linux_kernel:2.6.19:rc3
  • Linux Kernel 2.6.19 Release Candidate 4
    cpe:2.3:o:linux:linux_kernel:2.6.19:rc4
  • Linux Kernel 2.6.19.1
    cpe:2.3:o:linux:linux_kernel:2.6.19.1
  • Linux Kernel 2.6.19.2
    cpe:2.3:o:linux:linux_kernel:2.6.19.2
  • Linux Kernel 2.6.19.3
    cpe:2.3:o:linux:linux_kernel:2.6.19.3
  • Linux Kernel 2.6.20
    cpe:2.3:o:linux:linux_kernel:2.6.20
  • Linux Kernel 2.6.20 Release Candidate 2
    cpe:2.3:o:linux:linux_kernel:2.6.20:rc2
  • Linux Kernel 2.6.20.1
    cpe:2.3:o:linux:linux_kernel:2.6.20.1
  • Linux Kernel 2.6.20.2
    cpe:2.3:o:linux:linux_kernel:2.6.20.2
  • Linux Kernel 2.6.20.3
    cpe:2.3:o:linux:linux_kernel:2.6.20.3
  • Linux Kernel 2.6.20.4
    cpe:2.3:o:linux:linux_kernel:2.6.20.4
  • Linux Kernel 2.6.20.5
    cpe:2.3:o:linux:linux_kernel:2.6.20.5
  • Linux Kernel 2.6.20.6
    cpe:2.3:o:linux:linux_kernel:2.6.20.6
  • Linux Kernel 2.6.20.7
    cpe:2.3:o:linux:linux_kernel:2.6.20.7
  • Linux Kernel 2.6.20.8
    cpe:2.3:o:linux:linux_kernel:2.6.20.8
  • Linux Kernel 2.6.20.9
    cpe:2.3:o:linux:linux_kernel:2.6.20.9
  • Linux Kernel 2.6.20.10
    cpe:2.3:o:linux:linux_kernel:2.6.20.10
  • Linux Kernel 2.6.20.11
    cpe:2.3:o:linux:linux_kernel:2.6.20.11
  • Linux Kernel 2.6.20.12
    cpe:2.3:o:linux:linux_kernel:2.6.20.12
  • Linux Kernel 2.6.20.13
    cpe:2.3:o:linux:linux_kernel:2.6.20.13
  • Linux Kernel 2.6.20.14
    cpe:2.3:o:linux:linux_kernel:2.6.20.14
  • Linux Kernel 2.6.20.15
    cpe:2.3:o:linux:linux_kernel:2.6.20.15
  • Linux Kernel 2.6.21
    cpe:2.3:o:linux:linux_kernel:2.6.21
  • Linux Kernel 2.6.21 git1
    cpe:2.3:o:linux:linux_kernel:2.6.21:git1
  • Linux Kernel 2.6.21 git2
    cpe:2.3:o:linux:linux_kernel:2.6.21:git2
  • Linux Kernel 2.6.21 git3
    cpe:2.3:o:linux:linux_kernel:2.6.21:git3
  • Linux Kernel 2.6.21 git4
    cpe:2.3:o:linux:linux_kernel:2.6.21:git4
  • Linux Kernel 2.6.21 git5
    cpe:2.3:o:linux:linux_kernel:2.6.21:git5
  • Linux Kernel 2.6.21 git6
    cpe:2.3:o:linux:linux_kernel:2.6.21:git6
  • Linux Kernel 2.6.21 git7
    cpe:2.3:o:linux:linux_kernel:2.6.21:git7
  • Linux Kernel 2.6.21 Release Candidate 3
    cpe:2.3:o:linux:linux_kernel:2.6.21:rc3
  • Linux Kernel 2.6.21 Release Candidate 4
    cpe:2.3:o:linux:linux_kernel:2.6.21:rc4
  • Linux Kernel 2.6.21 Release Candidate 5
    cpe:2.3:o:linux:linux_kernel:2.6.21:rc5
  • Linux Kernel 2.6.21 Release Candidate 6
    cpe:2.3:o:linux:linux_kernel:2.6.21:rc6
  • Linux Kernel 2.6.21 Release Candidate 7
    cpe:2.3:o:linux:linux_kernel:2.6.21:rc7
  • Linux Kernel 2.6.21.1
    cpe:2.3:o:linux:linux_kernel:2.6.21.1
  • Linux Kernel 2.6.21.2
    cpe:2.3:o:linux:linux_kernel:2.6.21.2
  • Linux Kernel 2.6.21.3
    cpe:2.3:o:linux:linux_kernel:2.6.21.3
  • Linux Kernel 2.6.21.4
    cpe:2.3:o:linux:linux_kernel:2.6.21.4
  • Linux Kernel 2.6.21.6
    cpe:2.3:o:linux:linux_kernel:2.6.21.6
  • Linux Kernel 2.6.21.7
    cpe:2.3:o:linux:linux_kernel:2.6.21.7
  • Linux Kernel 2.6.22
    cpe:2.3:o:linux:linux_kernel:2.6.22
  • Linux Kernel 2.6.22 Release Candidate 6
    cpe:2.3:o:linux:linux_kernel:2.6.22:rc6
  • Linux Kernel 2.6.22.1
    cpe:2.3:o:linux:linux_kernel:2.6.22.1
  • Linux Kernel 2.6.22.2
    cpe:2.3:o:linux:linux_kernel:2.6.22.2
  • Linux Kernel 2.6.22.3
    cpe:2.3:o:linux:linux_kernel:2.6.22.3
  • Linux Kernel 2.6.22.4
    cpe:2.3:o:linux:linux_kernel:2.6.22.4
  • Linux Kernel 2.6.22.5
    cpe:2.3:o:linux:linux_kernel:2.6.22.5
  • Linux Kernel 2.6.22.6
    cpe:2.3:o:linux:linux_kernel:2.6.22.6
  • Linux Kernel 2.6.22.7
    cpe:2.3:o:linux:linux_kernel:2.6.22.7
  • Linux Kernel 2.6.22.8
    cpe:2.3:o:linux:linux_kernel:2.6.22.8
  • Linux Kernel 2.6.22.9
    cpe:2.3:o:linux:linux_kernel:2.6.22.9
  • Linux Kernel 2.6.22.10
    cpe:2.3:o:linux:linux_kernel:2.6.22.10
  • Linux Kernel 2.6.22.11
    cpe:2.3:o:linux:linux_kernel:2.6.22.11
  • Linux Kernel 2.6.22.12
    cpe:2.3:o:linux:linux_kernel:2.6.22.12
  • Linux Kernel 2.6.22.13
    cpe:2.3:o:linux:linux_kernel:2.6.22.13
  • Linux Kernel 2.6.22.14
    cpe:2.3:o:linux:linux_kernel:2.6.22.14
  • Linux Kernel 2.6.22.15
    cpe:2.3:o:linux:linux_kernel:2.6.22.15
  • Linux Kernel 2.6.22.16
    cpe:2.3:o:linux:linux_kernel:2.6.22.16
  • Linux Kernel 2.6.22.17
    cpe:2.3:o:linux:linux_kernel:2.6.22.17
  • Linux Kernel 2.6.22.18
    cpe:2.3:o:linux:linux_kernel:2.6.22.18
  • Linux Kernel 2.6.22.19
    cpe:2.3:o:linux:linux_kernel:2.6.22.19
  • Linux Kernel 2.6.22.20
    cpe:2.3:o:linux:linux_kernel:2.6.22.20
  • Linux Kernel 2.6.22.21
    cpe:2.3:o:linux:linux_kernel:2.6.22.21
  • Linux Kernel 2.6.22.22
    cpe:2.3:o:linux:linux_kernel:2.6.22.22
  • cpe:2.3:o:linux:linux_kernel:2.6.22_rc1
    cpe:2.3:o:linux:linux_kernel:2.6.22_rc1
  • cpe:2.3:o:linux:linux_kernel:2.6.22_rc7
    cpe:2.3:o:linux:linux_kernel:2.6.22_rc7
  • Linux Kernel 2.6.23
    cpe:2.3:o:linux:linux_kernel:2.6.23
  • Linux Kernel 2.6.23 Release Candidate 1
    cpe:2.3:o:linux:linux_kernel:2.6.23:rc1
  • Linux Kernel 2.6.23 release candidate 2
    cpe:2.3:o:linux:linux_kernel:2.6.23:rc2
  • Linux Kernel 2.6.23.1
    cpe:2.3:o:linux:linux_kernel:2.6.23.1
  • Linux Kernel 2.6.23.2
    cpe:2.3:o:linux:linux_kernel:2.6.23.2
  • Linux Kernel 2.6.23.3
    cpe:2.3:o:linux:linux_kernel:2.6.23.3
  • Linux Kernel 2.6.23.4
    cpe:2.3:o:linux:linux_kernel:2.6.23.4
  • Linux Kernel 2.6.23.5
    cpe:2.3:o:linux:linux_kernel:2.6.23.5
  • Linux Kernel 2.6.23.6
    cpe:2.3:o:linux:linux_kernel:2.6.23.6
  • Linux Kernel 2.6.23.7
    cpe:2.3:o:linux:linux_kernel:2.6.23.7
  • Linux Kernel 2.6.23.9
    cpe:2.3:o:linux:linux_kernel:2.6.23.9
  • Linux Kernel 2.6.23.10
    cpe:2.3:o:linux:linux_kernel:2.6.23.10
  • Linux Kernel 2.6.23.14
    cpe:2.3:o:linux:linux_kernel:2.6.23.14
  • cpe:2.3:o:linux:linux_kernel:2.6.23_rc1
    cpe:2.3:o:linux:linux_kernel:2.6.23_rc1
  • Linux Kernel 2.6.24
    cpe:2.3:o:linux:linux_kernel:2.6.24
  • Linux Kernel 2.6.24 Release Candidate 2
    cpe:2.3:o:linux:linux_kernel:2.6.24:rc2
  • Linux Kernel 2.6.24 Release Candidate 3
    cpe:2.3:o:linux:linux_kernel:2.6.24:rc3
  • Linux Kernel 2.6.24.1
    cpe:2.3:o:linux:linux_kernel:2.6.24.1
  • Linux Kernel 2.6.24.2
    cpe:2.3:o:linux:linux_kernel:2.6.24.2
  • Linux Kernel 2.6.24.3
    cpe:2.3:o:linux:linux_kernel:2.6.24.3
  • Linux Kernel 2.6.24.4
    cpe:2.3:o:linux:linux_kernel:2.6.24.4
  • Linux Kernel 2.6.24.5
    cpe:2.3:o:linux:linux_kernel:2.6.24.5
  • Linux Kernel 2.6.24.6
    cpe:2.3:o:linux:linux_kernel:2.6.24.6
  • cpe:2.3:o:linux:linux_kernel:2.6.24_rc1
    cpe:2.3:o:linux:linux_kernel:2.6.24_rc1
  • cpe:2.3:o:linux:linux_kernel:2.6.24_rc4
    cpe:2.3:o:linux:linux_kernel:2.6.24_rc4
  • cpe:2.3:o:linux:linux_kernel:2.6.24_rc5
    cpe:2.3:o:linux:linux_kernel:2.6.24_rc5
  • Linux Kernel 2.6.25
    cpe:2.3:o:linux:linux_kernel:2.6.25
  • Linux Kernel 2.6.25.1
    cpe:2.3:o:linux:linux_kernel:2.6.25.1
  • Linux Kernel 2.6.25.2
    cpe:2.3:o:linux:linux_kernel:2.6.25.2
  • Linux Kernel 2.6.25.3
    cpe:2.3:o:linux:linux_kernel:2.6.25.3
  • Linux Kernel 2.6.25.4
    cpe:2.3:o:linux:linux_kernel:2.6.25.4
  • Linux Kernel 2.6.25.5
    cpe:2.3:o:linux:linux_kernel:2.6.25.5
  • Linux Kernel 2.6.25.6
    cpe:2.3:o:linux:linux_kernel:2.6.25.6
  • Linux Kernel 2.6.25.7
    cpe:2.3:o:linux:linux_kernel:2.6.25.7
  • Linux Kernel 2.6.25.8
    cpe:2.3:o:linux:linux_kernel:2.6.25.8
  • Linux Kernel 2.6.25.9
    cpe:2.3:o:linux:linux_kernel:2.6.25.9
  • cpe:2.3:o:linux:linux_kernel:2.6_test9_cvs
    cpe:2.3:o:linux:linux_kernel:2.6_test9_cvs
CVSS
Base: 7.2 (as of 09-07-2008 - 14:54)
Impact:
Exploitability:
CWE CWE-20
CAPEC
  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Server Side Include (SSI) Injection
    An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
  • Cross Zone Scripting
    An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
  • Cross Site Scripting through Log Files
    An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
  • Command Line Execution through SQL Injection
    An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.
  • Object Relational Mapping Injection
    An attacker leverages a weakness present in the database access layer code generated with an Object Relational Mapping (ORM) tool or a weakness in the way that a developer used a persistence framework to inject his or her own SQL commands to be executed against the underlying database. The attack here is similar to plain SQL injection, except that the application does not use JDBC to directly talk to the database, but instead it uses a data access layer generated by an ORM tool or framework (e.g. Hibernate). While most of the time code generated by an ORM tool contains safe access methods that are immune to SQL injection, sometimes either due to some weakness in the generated code or due to the fact that the developer failed to use the generated access methods properly, SQL injection is still possible.
  • SQL Injection through SOAP Parameter Tampering
    An attacker modifies the parameters of the SOAP message that is sent from the service consumer to the service provider to initiate a SQL injection attack. On the service provider side, the SOAP message is parsed and parameters are not properly validated before being used to access a database in a way that does not use parameter binding, thus enabling the attacker to control the structure of the executed SQL query. This pattern describes a SQL injection attack with the delivery mechanism being a SOAP message.
  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Format String Injection
    An attacker includes formatting characters in a string input field on the target application. Most applications assume that users will provide static text and may respond unpredictably to the presence of formatting character. For example, in certain functions of the C programming languages such as printf, the formatting character %s will print the contents of a memory location expecting this location to identify a string and the formatting character %n prints the number of DWORD written in the memory. An attacker can use this to read or write to memory locations or files, or simply to manipulate the value of the resulting text in unexpected ways. Reading or writing memory may result in program crashes and writing memory could result in the execution of arbitrary code if the attacker can write to the program stack.
  • LDAP Injection
    An attacker manipulates or crafts an LDAP query for the purpose of undermining the security of the target. Some applications use user input to create LDAP queries that are processed by an LDAP server. For example, a user might provide their username during authentication and the username might be inserted in an LDAP query during the authentication process. An attacker could use this input to inject additional commands into an LDAP query that could disclose sensitive information. For example, entering a * in the aforementioned query might return information about all users on the system. This attack is very similar to an SQL injection attack in that it manipulates a query to gather additional information or coerce a particular return value.
  • Relative Path Traversal
    An attacker exploits a weakness in input validation on the target by supplying a specially constructed path utilizing dot and slash characters for the purpose of obtaining access to arbitrary files or resources. An attacker modifies a known path on the target in order to reach material that is not available through intended channels. These attacks normally involve adding additional path separators (/ or \) and/or dots (.), or encodings thereof, in various combinations in order to reach parent directories or entirely separate trees of the target's directory structure.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Variable Manipulation
    An attacker manipulates variables used by an application to perform a variety of possible attacks. This can either be performed through the manipulation of function call parameters or by manipulating external variables, such as environment variables, that are used by an application. Changing variable values is usually undertaken as part of another attack; for example, a path traversal (inserting relative path modifiers) or buffer overflow (enlarging a variable value beyond an application's ability to store it).
  • Embedding Scripts in Non-Script Elements
    This attack is a form of Cross-Site Scripting (XSS) where malicious scripts are embedded in elements that are not expected to host scripts such as image tags (<img>), comments in XML documents (< !-CDATA->), etc. These tags may not be subject to the same input validation, output validation, and other content filtering and checking routines, so this can create an opportunity for an attacker to tunnel through the application's elements and launch a XSS attack through other elements. As with all remote attacks, it is important to differentiate the ability to launch an attack (such as probing an internal network for unpatched servers) and the ability of the remote attacker to collect and interpret the output of said attack.
  • Flash Injection
    An attacker tricks a victim to execute malicious flash content that executes commands or makes flash calls specified by the attacker. One example of this attack is cross-site flashing, an attacker controlled parameter to a reference call loads from content specified by the attacker.
  • Cross-Site Scripting Using Alternate Syntax
    The attacker uses alternate forms of keywords or commands that result in the same action as the primary form but which may not be caught by filters. For example, many keywords are processed in a case insensitive manner. If the site's web filtering algorithm does not convert all tags into a consistent case before the comparison with forbidden keywords it is possible to bypass filters (e.g., incomplete black lists) by using an alternate case structure. For example, the "script" tag using the alternate forms of "Script" or "ScRiPt" may bypass filters where "script" is the only form tested. Other variants using different syntax representations are also possible as well as using pollution meta-characters or entities that are eventually ignored by the rendering engine. The attack can result in the execution of otherwise prohibited functionality.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • XML Nested Payloads
    Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. By nesting XML data and causing this data to be continuously self-referential, an attacker can cause the XML parser to consume more resources while processing, causing excessive memory consumption and CPU utilization. An attacker's goal is to leverage parser failure to his or her advantage. In most cases this type of an attack will result in a denial of service due to an application becoming unstable, freezing, or crash. However it may be possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [R.230.1].
  • XML Oversized Payloads
    Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. By supplying oversized payloads in input vectors that will be processed by the XML parser, an attacker can cause the XML parser to consume more resources while processing, causing excessive memory consumption and CPU utilization, and potentially cause execution of arbitrary code. An attacker's goal is to leverage parser failure to his or her advantage. In many cases this type of an attack will result in a denial of service due to an application becoming unstable, freezing, or crash. However it is possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [R.231.1].
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • Cross-Site Scripting via Encoded URI Schemes
    An attack of this type exploits the ability of most browsers to interpret "data", "javascript" or other URI schemes as client-side executable content placeholders. This attack consists of passing a malicious URI in an anchor tag HREF attribute or any other similar attributes in other HTML tags. Such malicious URI contains, for example, a base64 encoded HTML content with an embedded cross-site scripting payload. The attack is executed when the browser interprets the malicious content i.e., for example, when the victim clicks on the malicious link.
  • XML Injection
    An attacker utilizes crafted XML user-controllable input to probe, attack, and inject data into the XML database, using techniques similar to SQL injection. The user-controllable input can allow for unauthorized viewing of data, bypassing authentication or the front-end application for direct XML database access, and possibly altering database information.
  • Environment Variable Manipulation
    An attacker manipulates environment variables used by an application to perform a variety of possible attacks. Changing variable values is usually undertaken as part of another attack; for example, a path traversal (inserting relative path modifiers) or buffer overflow (enlarging a variable value beyond an application's ability to store it).
  • Global variable manipulation
    An attacker manipulates global variables used by an application to perform a variety of possible attacks. Changing variable values is usually undertaken as part of another attack; for example, a path traversal (inserting relative path modifiers) or buffer overflow (enlarging a variable value beyond an application's ability to store it).
  • Leverage Alternate Encoding
    This attack leverages the possibility to encode potentially harmful input and submit it to applications not expecting or effective at validating this encoding standard making input filtering difficult.
  • Fuzzing
    Fuzzing is a software testing method that feeds randomly constructed input to the system and looks for an indication that a failure in response to that input has occurred. Fuzzing treats the system as a black box and is totally free from any preconceptions or assumptions about the system. An attacker can leverage fuzzing to try to identify weaknesses in the system. For instance fuzzing can help an attacker discover certain assumptions made in the system about user input. Fuzzing gives an attacker a quick way of potentially uncovering some of these assumptions without really knowing anything about the internals of the system. These assumptions can then be turned against the system by specially crafting user input that may allow an attacker to achieve his goals.
  • Using Leading 'Ghost' Character Sequences to Bypass Input Filters
    An attacker intentionally introduces leading characters that enable getting the input past the filters. The API that is being targeted, ignores the leading "ghost" characters, and therefore processes the attackers' input. This occurs when the targeted API will accept input data in several syntactic forms and interpret it in the equivalent semantic way, while the filter does not take into account the full spectrum of the syntactic forms acceptable to the targeted API. Some APIs will strip certain leading characters from a string of parameters. Perhaps these characters are considered redundant, and for this reason they are removed. Another possibility is the parser logic at the beginning of analysis is specialized in some way that causes some characters to be removed. The attacker can specify multiple types of alternative encodings at the beginning of a string as a set of probes. One commonly used possibility involves adding ghost characters--extra characters that don't affect the validity of the request at the API layer. If the attacker has access to the API libraries being targeted, certain attack ideas can be tested directly in advance. Once alternative ghost encodings emerge through testing, the attacker can move from lab-based API testing to testing real-world service implementations.
  • Accessing/Intercepting/Modifying HTTP Cookies
    This attack relies on the use of HTTP Cookies to store credentials, state information and other critical data on client systems. The first form of this attack involves accessing HTTP Cookies to mine for potentially sensitive data contained therein. The second form of this attack involves intercepting this data as it is transmitted from client to server. This intercepted information is then used by the attacker to impersonate the remote user/session. The third form is when the cookie's content is modified by the attacker before it is sent back to the server. Here the attacker seeks to convince the target server to operate on this falsified information.
  • Embedding Scripts in HTTP Query Strings
    A variant of cross-site scripting called "reflected" cross-site scripting, the HTTP Query Strings attack consists of passing a malicious script inside an otherwise valid HTTP request query string. This is of significant concern for sites that rely on dynamic, user-generated content such as bulletin boards, news sites, blogs, and web enabled administration GUIs. The malicious script may steal session data, browse history, probe files, or otherwise execute attacks on the client side. Once the attacker has prepared the malicious HTTP query it is sent to a victim user (perhaps by email, IM, or posted on an online forum), who clicks on a normal looking link that contains a poison query string. This technique can be made more effective through the use of services like http://tinyurl.com/, which makes very small URLs that will redirect to very large, complex ones. The victim will not know what he is really clicking on.
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
  • Exploiting Multiple Input Interpretation Layers
    An attacker supplies the target software with input data that contains sequences of special characters designed to bypass input validation logic. This exploit relies on the target making multiples passes over the input data and processing a "layer" of special characters with each pass. In this manner, the attacker can disguise input that would otherwise be rejected as invalid by concealing it with layers of special/escape characters that are stripped off by subsequent processing steps. The goal is to first discover cases where the input validation layer executes before one or more parsing layers. That is, user input may go through the following logic in an application: In such cases, the attacker will need to provide input that will pass through the input validator, but after passing through parser2, will be converted into something that the input validator was supposed to stop.
  • Buffer Overflow via Symbolic Links
    This type of attack leverages the use of symbolic links to cause buffer overflows. An attacker can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.
  • Overflow Variables and Tags
    This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.
  • Buffer Overflow via Parameter Expansion
    In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
  • Signature Spoof
    An attacker generates a message or datablock that causes the recipient to believe that the message or datablock was generated and cryptographically signed by an authoritative or reputable source, misleading a victim or victim operating system into performing malicious actions.
  • XML Client-Side Attack
    Client applications such as web browsers that process HTML data often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. These adverse effects may include the parser crashing, consuming too much of a resource, executing too slowly, executing code supplied by an attacker, allowing usage of unintended system functionality, etc. An attacker's goal is to leverage parser failure to his or her advantage. In some cases it may be possible to jump from the data plane to the control plane via bad data being passed to an XML parser. [R.484.1]
  • Embedding NULL Bytes
    An attacker embeds one or more null bytes in input to the target software. This attack relies on the usage of a null-valued byte as a string terminator in many environments. The goal is for certain components of the target software to stop processing the input when it encounters the null byte(s).
  • Postfix, Null Terminate, and Backslash
    If a string is passed through a filter of some kind, then a terminal NULL may not be valid. Using alternate representation of NULL allows an attacker to embed the NULL mid-string while postfixing the proper data so that the filter is avoided. One example is a filter that looks for a trailing slash character. If a string insertion is possible, but the slash must exist, an alternate encoding of NULL in mid-string may be used.
  • Simple Script Injection
    An attacker embeds malicious scripts in content that will be served to web browsers. The goal of the attack is for the target software, the client-side browser, to execute the script with the users' privilege level. An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute code and scripts. Web browsers, for example, have some simple security controls in place, but if a remote attacker is allowed to execute scripts (through injecting them in to user-generated content like bulletin boards) then these controls may be bypassed. Further, these attacks are very difficult for an end user to detect.
  • Using Slashes and URL Encoding Combined to Bypass Validation Logic
    This attack targets the encoding of the URL combined with the encoding of the slash characters. An attacker can take advantage of the multiple way of encoding an URL and abuse the interpretation of the URL. An URL may contain special character that need special syntax handling in order to be interpreted. Special characters are represented using a percentage character followed by two digits representing the octet code of the original character (%HEX-CODE). For instance US-ASCII space character would be represented with %20. This is often referred as escaped ending or percent-encoding. Since the server decodes the URL from the requests, it may restrict the access to some URL paths by validating and filtering out the URL requests it received. An attacker will try to craft an URL with a sequence of special characters which once interpreted by the server will be equivalent to a forbidden URL. It can be difficult to protect against this attack since the URL can contain other format of encoding such as UTF-8 encoding, Unicode-encoding, etc.
  • SQL Injection
    This attack exploits target software that constructs SQL statements based on user input. An attacker crafts input strings so that when the target software constructs SQL statements based on the input, the resulting SQL statement performs actions other than those the application intended. SQL Injection results from failure of the application to appropriately validate input. When specially crafted user-controlled input consisting of SQL syntax is used without proper validation as part of SQL queries, it is possible to glean information from the database in ways not envisaged during application design. Depending upon the database and the design of the application, it may also be possible to leverage injection to have the database execute system-related commands of the attackers' choice. SQL Injection enables an attacker to talk directly to the database, thus bypassing the application completely. Successful injection can cause information disclosure as well as ability to add or modify data in the database. In order to successfully inject SQL and retrieve information from a database, an attacker:
  • String Format Overflow in syslog()
    This attack targets the format string vulnerabilities in the syslog() function. An attacker would typically inject malicious input in the format string parameter of the syslog function. This is a common problem, and many public vulnerabilities and associated exploits have been posted.
  • Blind SQL Injection
    Blind SQL Injection results from an insufficient mitigation for SQL Injection. Although suppressing database error messages are considered best practice, the suppression alone is not sufficient to prevent SQL Injection. Blind SQL Injection is a form of SQL Injection that overcomes the lack of error messages. Without the error messages that facilitate SQL Injection, the attacker constructs input strings that probe the target through simple Boolean SQL expressions. The attacker can determine if the syntax and structure of the injection was successful based on whether the query was executed or not. Applied iteratively, the attacker determines how and where the target is vulnerable to SQL Injection. For example, an attacker may try entering something like "username' AND 1=1; --" in an input field. If the result is the same as when the attacker entered "username" in the field, then the attacker knows that the application is vulnerable to SQL Injection. The attacker can then ask yes/no questions from the database server to extract information from it. For example, the attacker can extract table names from a database using the following types of queries: If the above query executes properly, then the attacker knows that the first character in a table name in the database is a letter between m and z. If it doesn't, then the attacker knows that the character must be between a and l (assuming of course that table names only contain alphabetic characters). By performing a binary search on all character positions, the attacker can determine all table names in the database. Subsequently, the attacker may execute an actual attack and send something like:
  • Using Unicode Encoding to Bypass Validation Logic
    An attacker may provide a Unicode string to a system component that is not Unicode aware and use that to circumvent the filter or cause the classifying mechanism to fail to properly understanding the request. That may allow the attacker to slip malicious data past the content filter and/or possibly cause the application to route the request incorrectly.
  • URL Encoding
    This attack targets the encoding of the URL. An attacker can take advantage of the multiple way of encoding an URL and abuse the interpretation of the URL. An URL may contain special character that need special syntax handling in order to be interpreted. Special characters are represented using a percentage character followed by two digits representing the octet code of the original character (%HEX-CODE). For instance US-ASCII space character would be represented with %20. This is often referred as escaped ending or percent-encoding. Since the server decodes the URL from the requests, it may restrict the access to some URL paths by validating and filtering out the URL requests it received. An attacker will try to craft an URL with a sequence of special characters which once interpreted by the server will be equivalent to a forbidden URL. It can be difficult to protect against this attack since the URL can contain other format of encoding such as UTF-8 encoding, Unicode-encoding, etc. The attacker could also subvert the meaning of the URL string request by encoding the data being sent to the server through a GET request. For instance an attacker may subvert the meaning of parameters used in a SQL request and sent through the URL string (See Example section).
  • User-Controlled Filename
    An attack of this type involves an attacker inserting malicious characters (such as a XSS redirection) into a filename, directly or indirectly that is then used by the target software to generate HTML text or other potentially executable content. Many websites rely on user-generated content and dynamically build resources like files, filenames, and URL links directly from user supplied data. In this attack pattern, the attacker uploads code that can execute in the client browser and/or redirect the client browser to a site that the attacker owns. All XSS attack payload variants can be used to pass and exploit these vulnerabilities.
  • Using Escaped Slashes in Alternate Encoding
    This attack targets the use of the backslash in alternate encoding. An attacker can provide a backslash as a leading character and causes a parser to believe that the next character is special. This is called an escape. By using that trick, the attacker tries to exploit alternate ways to encode the same character which leads to filter problems and opens avenues to attack.
  • Using Slashes in Alternate Encoding
    This attack targets the encoding of the Slash characters. An attacker would try to exploit common filtering problems related to the use of the slashes characters to gain access to resources on the target host. Directory-driven systems, such as file systems and databases, typically use the slash character to indicate traversal between directories or other container components. For murky historical reasons, PCs (and, as a result, Microsoft OSs) choose to use a backslash, whereas the UNIX world typically makes use of the forward slash. The schizophrenic result is that many MS-based systems are required to understand both forms of the slash. This gives the attacker many opportunities to discover and abuse a number of common filtering problems. The goal of this pattern is to discover server software that only applies filters to one version, but not the other.
  • Buffer Overflow in an API Call
    This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An attacker who has access to an API may try to embed malicious code in the API function call and exploit a buffer overflow vulnerability in the function's implementation. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.
  • Using UTF-8 Encoding to Bypass Validation Logic
    This attack is a specific variation on leveraging alternate encodings to bypass validation logic. This attack leverages the possibility to encode potentially harmful input in UTF-8 and submit it to applications not expecting or effective at validating this encoding standard making input filtering difficult. UTF-8 (8-bit UCS/Unicode Transformation Format) is a variable-length character encoding for Unicode. Legal UTF-8 characters are one to four bytes long. However, early version of the UTF-8 specification got some entries wrong (in some cases it permitted overlong characters). UTF-8 encoders are supposed to use the "shortest possible" encoding, but naive decoders may accept encodings that are longer than necessary. According to the RFC 3629, a particularly subtle form of this attack can be carried out against a parser which performs security-critical validity checks against the UTF-8 encoded form of its input, but interprets certain illegal octet sequences as characters.
  • Web Logs Tampering
    Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.
  • XPath Injection
    An attacker can craft special user-controllable input consisting of XPath expressions to inject the XML database and bypass authentication or glean information that he normally would not be able to. XPath Injection enables an attacker to talk directly to the XML database, thus bypassing the application completely. XPath Injection results from the failure of an application to properly sanitize input used as part of dynamic XPath expressions used to query an XML database. In order to successfully inject XML and retrieve information from a database, an attacker:
  • AJAX Fingerprinting
    This attack utilizes the frequent client-server roundtrips in Ajax conversation to scan a system. While Ajax does not open up new vulnerabilities per se, it does optimize them from an attacker point of view. In many XSS attacks the attacker must get a "hole in one" and successfully exploit the vulnerability on the victim side the first time, once the client is redirected the attacker has many chances to engage in follow on probes, but there is only one first chance. In a widely used web application this is not a major problem because 1 in a 1,000 is good enough in a widely used application. A common first step for an attacker is to footprint the environment to understand what attacks will work. Since footprinting relies on enumeration, the conversational pattern of rapid, multiple requests and responses that are typical in Ajax applications enable an attacker to look for many vulnerabilities, well-known ports, network locations and so on.
  • Embedding Script (XSS) in HTTP Headers
    An attack of this type exploits web applications that generate web content, such as links in a HTML page, based on unvalidated or improperly validated data submitted by other actors. XSS in HTTP Headers attacks target the HTTP headers which are hidden from most users and may not be validated by web applications.
  • OS Command Injection
    In this type of an attack, an adversary injects operating system commands into existing application functions. An application that uses untrusted input to build command strings is vulnerable. An adversary can leverage OS command injection in an application to elevate privileges, execute arbitrary commands and compromise the underlying operating system.
  • Buffer Overflow in Local Command-Line Utilities
    This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.
  • XSS in IMG Tags
    Image tags are an often overlooked, but convenient, means for a Cross Site Scripting attack. The attacker can inject script contents into an image (IMG) tag in order to steal information from a victim's browser and execute malicious scripts.
  • XML Parser Attack
    Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. These adverse effects may include the parser crashing, consuming too much of a resource, executing too slowly, executing code supplied by an attacker, allowing usage of unintended system functionality, etc. An attacker's goal is to leverage parser failure to his or her advantage. In some cases it may be possible to jump from the data plane to the control plane via bad data being passed to an XML parser. [R.99.1]
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2009-0014.NASL
    description a. Service Console update for DHCP and third-party library update for DHCP client. DHCP is an Internet-standard protocol by which a computer can be connected to a local network, ask to be given configuration information, and receive from a server enough information to configure itself as a member of that network. A stack-based buffer overflow in the script_write_params method in ISC DHCP dhclient allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-0692 to this issue. An insecure temporary file use flaw was discovered in the DHCP daemon's init script ('/etc/init.d/dhcpd'). A local attacker could use this flaw to overwrite an arbitrary file with the output of the 'dhcpd -t' command via a symbolic link attack, if a system administrator executed the DHCP init script with the 'configtest', 'restart', or 'reload' option. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1893 to this issue. b. Updated Service Console package kernel Service Console package kernel update to version kernel-2.4.21-58.EL. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-4210, CVE-2008-3275, CVE-2008-0598, CVE-2008-2136, CVE-2008-2812, CVE-2007-6063, CVE-2008-3525 to the security issues fixed in kernel-2.4.21-58.EL c. JRE Security Update JRE update to version 1.5.0_18, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_17: CVE-2008-2086, CVE-2008-5347, CVE-2008-5348, CVE-2008-5349, CVE-2008-5350, CVE-2008-5351, CVE-2008-5352, CVE-2008-5353, CVE-2008-5354, CVE-2008-5356, CVE-2008-5357, CVE-2008-5358, CVE-2008-5359, CVE-2008-5360, CVE-2008-5339, CVE-2008-5342, CVE-2008-5344, CVE-2008-5345, CVE-2008-5346, CVE-2008-5340, CVE-2008-5341, CVE-2008-5343, and CVE-2008-5355. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107.
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 42179
    published 2009-10-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42179
    title VMSA-2009-0014 : VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues
  • NASL family Misc.
    NASL id VMWARE_VMSA-2009-0014_REMOTE.NASL
    description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components : - ISC DHCP dhclient - Integrated Services Digital Network (ISDN) subsystem - Java Runtime Environment (JRE) - Java SE Development Kit (JDK) - Java SE Web Start - Linux kernel - Linux kernel 32-bit and 64-bit emulation - Linux kernel Simple Internet Transition INET6 - Linux kernel tty - Linux kernel virtual file system (VFS) - Red Hat dhcpd init script for DHCP - SBNI WAN driver
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 89116
    published 2016-03-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89116
    title VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0014) (remote check)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KERNEL-5566.NASL
    description This update of the SUSE Linux Enterprise 10 Service Pack 1 kernel contains lots of bugfixes and several security fixes : - Added missing capability checks in sbni_ioctl(). (CVE-2008-3525) - On AMD64 some string operations could leak kernel information into userspace. (CVE-2008-0598) - Added range checking in ASN.1 handling for the CIFS and SNMP NAT netfilter modules. (CVE-2008-1673) - Fixed range checking in the snd_seq OSS ioctl, which could be used to leak information from the kernel. (CVE-2008-3272) - Fixed a memory leak when looking up deleted directories which could be used to run the system out of memory. (CVE-2008-3275) - The do_change_type function in fs/namespace.c did not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint. (CVE-2008-2931) - Various NULL ptr checks have been added to tty op functions, which might have been used by local attackers to execute code. We think that this affects only devices openable by root, so the impact is limited. (CVE-2008-2812)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 34331
    published 2008-10-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34331
    title SuSE 10 Security Update : the Linux Kernel (x86) (ZYPP Patch Number 5566)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2008-2005.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - fix utrace dead_engine ops race - fix ptrace_attach leak - CVE-2007-5093: kernel PWC driver DoS - CVE-2007-6282: IPSec ESP kernel panics - CVE-2007-6712: kernel: infinite loop in highres timers (kernel hang) - CVE-2008-1615: kernel: ptrace: Unprivileged crash on x86_64 %cs corruption - CVE-2008-1294: kernel: setrlimit(RLIMIT_CPUINFO) with zero value doesn't inherit properly across children - CVE-2008-2136: kernel: sit memory leak - CVE-2008-2812: kernel: NULL ptr dereference in multiple network drivers due to missing checks in tty code - restore linux-2.6-x86-clear-df-flag-for-signal-handlers.patch - restore linux-2.6-utrace.patch / linux-2.6-xen-utrace.patch - Kernel security erratas for OVM 2.1.2 from bz#5932 : - CVE-2007-6063: isdn: fix possible isdn_net buffer overflows - CVE-2007-3104 Null pointer to an inode in a dentry can cause an oops in sysfs_readdir - CVE-2008-0598: write system call vulnerability - CVE-2008-1375: kernel: race condition in dnotify - CVE-2008-0001: kernel: filesystem corruption by unprivileged user via directory truncation - CVE-2008-2358: dccp: sanity check feature length - CVE-2007-5938: NULL dereference in iwl driver - RHSA-2008:0508: kernel: [x86_64] The string instruction version didn't zero the output on exception. - kernel: clear df flag for signal handlers - fs: missing dput in do_lookup error leaks dentries - sysfs: fix condition check in sysfs_drop_dentry - sysfs: fix race condition around sd->s_dentry - ieee80211: off-by-two integer underflow
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 79447
    published 2014-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79447
    title OracleVM 2.1 : kernel (OVMSA-2008-2005)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KERNEL-5473.NASL
    description This is a respin of the previous kernel update, which got retracted due to an IDE-CDROM regression, where any IDE CDROM access would hang or crash the system. Only this problem was fixed additionally. This kernel update fixes the following security problems : - On x86_64 a denial of service attack could be used by local attackers to immediately panic / crash the machine. (CVE-2008-1615) - Fixed a SMP ordering problem in fcntl_setlk could potentially allow local attackers to execute code by timing file locking. (CVE-2008-1669) - Fixed a resource starvation problem in the handling of ZERO mmap pages. (CVE-2008-2372) - The asn1 implementation in (a) the Linux kernel, as used in the cifs and ip_nat_snmp_basic modules does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow; (2) an oid length of zero, which can lead to an off-by-one error; or (3) an indefinite length for a primitive encoding. (CVE-2008-1673) - Various tty / serial devices did not check functionpointers for NULL before calling them, leading to potential crashes or code execution. The devices affected are usually only accessible by the root user though. (CVE-2008-2812) - A missing permission check in mount changing was added which could have been used by local attackers to change the mountdirectory. (CVE-2008-2931) Additionally a very large number of bugs was fixed. Details can be found in the RPM changelog of the included packages. OCFS2 has been upgraded to the 1.4.1 release : - Endian fixes - Use slab caches for DLM objects - Export DLM state info to debugfs - Avoid ENOSPC in rare conditions when free inodes are reserved by other nodes - Error handling fix in ocfs2_start_walk_page_trans() - Cleanup lockres printing - Allow merging of extents - Fix to allow changing permissions of symlinks - Merged local fixes upstream (no code change)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 41533
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41533
    title SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5473)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KERNEL-5751.NASL
    description This kernel update fixes various bugs and also several security issues : CVE-2008-4576: Fixed a crash in SCTP INIT-ACK, on mismatch between SCTP AUTH availability. This might be exploited remotely for a denial of service (crash) attack. CVE-2008-3833: The generic_file_splice_write function in fs/splice.c in the Linux kernel does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by splicing into an inode in order to create an executable file in a setgid directory. CVE-2008-4210: fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O. CVE-2008-4302: fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a failure of the add_to_page_cache_lru function, and subsequently attempts to unlock a page that was not locked, which allows local users to cause a denial of service (kernel BUG and system crash), as demonstrated by the fio I/O tool. CVE-2008-3528: The ext[234] filesystem code fails to properly handle corrupted data structures. With a mounted filesystem image or partition that have corrupted dir->i_size and dir->i_blocks, a user performing either a read or write operation on the mounted image or partition can lead to a possible denial of service by spamming the logfile. CVE-2007-6716: fs/direct-io.c in the dio subsystem in the Linux kernel did not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test. CVE-2008-3525: Added missing capability checks in sbni_ioctl(). CVE-2008-3272: Fixed range checking in the snd_seq OSS ioctl, which could be used to leak information from the kernel. CVE-2008-2931: The do_change_type function in fs/namespace.c did not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint. CVE-2008-2812: Various NULL ptr checks have been added to tty op functions, which might have been used by local attackers to execute code. We think that this affects only devices openable by root, so the impact is limited. CVE-2008-1673: Added range checking in ASN.1 handling for the CIFS and SNMP NAT netfilter modules. CVE-2008-3527: arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared Objects (vDSO) implementation in the Linux kernel before 2.6.21 did not properly check boundaries, which allows local users to gain privileges or cause a denial of service via unspecified vectors, related to the install_special_mapping, syscall, and syscall32_nopage functions.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 34755
    published 2008-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34755
    title openSUSE 10 Security Update : kernel (kernel-5751)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1630.NASL
    description Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or arbitrary code execution. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-6282 Dirk Nehring discovered a vulnerability in the IPsec code that allows remote users to cause a denial of service by sending a specially crafted ESP packet. - CVE-2008-0598 Tavis Ormandy discovered a vulnerability that allows local users to access uninitialized kernel memory, possibly leaking sensitive data. This issue is specific to the amd64-flavour kernel images. - CVE-2008-2729 Andi Kleen discovered an issue where uninitialized kernel memory was being leaked to userspace during an exception. This issue may allow local users to gain access to sensitive data. Only the amd64-flavour Debian kernel images are affected. - CVE-2008-2812 Alan Cox discovered an issue in multiple tty drivers that allows local users to trigger a denial of service (NULL pointer dereference) and possibly obtain elevated privileges. - CVE-2008-2826 Gabriel Campana discovered an integer overflow in the sctp code that can be exploited by local users to cause a denial of service. - CVE-2008-2931 Miklos Szeredi reported a missing privilege check in the do_change_type() function. This allows local, unprivileged users to change the properties of mount points. - CVE-2008-3272 Tobias Klein reported a locally exploitable data leak in the snd_seq_oss_synth_make_info() function. This may allow local users to gain access to sensitive information. - CVE-2008-3275 Zoltan Sogor discovered a coding error in the VFS that allows local users to exploit a kernel memory leak resulting in a denial of service.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 34032
    published 2008-08-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34032
    title Debian DSA-1630-1 : linux-2.6 - denial of service/information leak
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KERNEL-5477.NASL
    description This is a respin of the previous kernel update, which got retracted due to an IDE-CDROM regression, where any IDE CDROM access would hang or crash the system. Only this problem was fixed additionally. This kernel update fixes the following security problems : - On x86_64 a denial of service attack could be used by local attackers to immediately panic / crash the machine. (CVE-2008-1615) - Fixed a SMP ordering problem in fcntl_setlk could potentially allow local attackers to execute code by timing file locking. (CVE-2008-1669) - Fixed a resource starvation problem in the handling of ZERO mmap pages. (CVE-2008-2372) - The asn1 implementation in (a) the Linux kernel, as used in the cifs and ip_nat_snmp_basic modules does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow; (2) an oid length of zero, which can lead to an off-by-one error; or (3) an indefinite length for a primitive encoding. (CVE-2008-1673) - Various tty / serial devices did not check functionpointers for NULL before calling them, leading to potential crashes or code execution. The devices affected are usually only accessible by the root user though. (CVE-2008-2812) - A missing permission check in mount changing was added which could have been used by local attackers to change the mountdirectory. (CVE-2008-2931) Additionally a very large number of bugs was fixed. Details can be found in the RPM changelog of the included packages. OCFS2 has been upgraded to the 1.4.1 release : - Endian fixes - Use slab caches for DLM objects - Export DLM state info to debugfs - Avoid ENOSPC in rare conditions when free inodes are reserved by other nodes - Error handling fix in ocfs2_start_walk_page_trans() - Cleanup lockres printing - Allow merging of extents - Fix to allow changing permissions of symlinks - Merged local fixes upstream (no code change)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 59129
    published 2012-05-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59129
    title SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5477)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0973.NASL
    description From Red Hat Security Advisory 2008:0973 : Updated kernel packages that resolve several security issues and fix various bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update addresses the following security issues : * Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and 64-bit emulation. This could allow a local, unprivileged user to prepare and run a specially crafted binary which would use this deficiency to leak uninitialized and potentially sensitive data. (CVE-2008-0598, Important) * a possible kernel memory leak was found in the Linux kernel Simple Internet Transition (SIT) INET6 implementation. This could allow a local, unprivileged user to cause a denial of service. (CVE-2008-2136, Important) * missing capability checks were found in the SBNI WAN driver which could allow a local user to bypass intended capability restrictions. (CVE-2008-3525, Important) * the do_truncate() and generic_file_splice_write() functions did not clear the setuid and setgid bits. This could allow a local, unprivileged user to obtain access to privileged information. (CVE-2008-4210, Important) * a buffer overflow flaw was found in Integrated Services Digital Network (ISDN) subsystem. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2007-6063, Moderate) * multiple NULL pointer dereferences were found in various Linux kernel network drivers. These drivers were missing checks for terminal validity, which could allow privilege escalation. (CVE-2008-2812, Moderate) * a deficiency was found in the Linux kernel virtual filesystem (VFS) implementation. This could allow a local, unprivileged user to attempt file creation within deleted directories, possibly causing a denial of service. (CVE-2008-3275, Moderate) This update also fixes the following bugs : * the incorrect kunmap function was used in nfs_xdr_readlinkres. kunmap() was used where kunmap_atomic() should have been. As a consequence, if an NFSv2 or NFSv3 server exported a volume containing a symlink which included a path equal to or longer than the local system's PATH_MAX, accessing the link caused a kernel oops. This has been corrected in this update. * mptctl_gettargetinfo did not check if pIoc3 was NULL before using it as a pointer. This caused a kernel panic in mptctl_gettargetinfo in some circumstances. A check has been added which prevents this. * lost tick compensation code in the timer interrupt routine triggered without apparent cause. When running as a fully-virtualized client, this spurious triggering caused the 64-bit version of Red Hat Enterprise Linux 3 to present highly inaccurate times. With this update the lost tick compensation code is turned off when the operating system is running as a fully-virtualized client under Xen or VMware(r). All Red Hat Enterprise Linux 3 users should install this updated kernel which addresses these vulnerabilities and fixes these bugs.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67763
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67763
    title Oracle Linux 3 : kernel (ELSA-2008-0973)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20081216_KERNEL_ON_SL3_X.NASL
    description This update addresses the following security issues : - Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and 64-bit emulation. This could allow a local, unprivileged user to prepare and run a specially crafted binary which would use this deficiency to leak uninitialized and potentially sensitive data. (CVE-2008-0598, Important) - a possible kernel memory leak was found in the Linux kernel Simple Internet Transition (SIT) INET6 implementation. This could allow a local, unprivileged user to cause a denial of service. (CVE-2008-2136, Important) - missing capability checks were found in the SBNI WAN driver which could allow a local user to bypass intended capability restrictions. (CVE-2008-3525, Important) - the do_truncate() and generic_file_splice_write() functions did not clear the setuid and setgid bits. This could allow a local, unprivileged user to obtain access to privileged information. (CVE-2008-4210, Important) - a buffer overflow flaw was found in Integrated Services Digital Network (ISDN) subsystem. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2007-6063, Moderate) - multiple NULL pointer dereferences were found in various Linux kernel network drivers. These drivers were missing checks for terminal validity, which could allow privilege escalation. (CVE-2008-2812, Moderate) - a deficiency was found in the Linux kernel virtual filesystem (VFS) implementation. This could allow a local, unprivileged user to attempt file creation within deleted directories, possibly causing a denial of service. (CVE-2008-3275, Moderate) This update also fixes the following bugs : - the incorrect kunmap function was used in nfs_xdr_readlinkres. kunmap() was used where kunmap_atomic() should have been. As a consequence, if an NFSv2 or NFSv3 server exported a volume containing a symlink which included a path equal to or longer than the local system's PATH_MAX, accessing the link caused a kernel oops. This has been corrected in this update. - mptctl_gettargetinfo did not check if pIoc3 was NULL before using it as a pointer. This caused a kernel panic in mptctl_gettargetinfo in some circumstances. A check has been added which prevents this. - lost tick compensation code in the timer interrupt routine triggered without apparent cause. When running as a fully-virtualized client, this spurious triggering caused the 64-bit version of Red Hat Enterprise Linux 3 to present highly inaccurate times. With this update the lost tick compensation code is turned off when the operating system is running as a fully-virtualized client under Xen or VMware®.
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60507
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60507
    title Scientific Linux Security Update : kernel on SL3.x i386/x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0612.NASL
    description From Red Hat Security Advisory 2008:0612 : Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * a possible kernel memory leak was found in the Linux kernel Simple Internet Transition (SIT) INET6 implementation. This could allow a local unprivileged user to cause a denial of service. (CVE-2008-2136, Important) * a flaw was found in the Linux kernel setrlimit system call, when setting RLIMIT_CPU to a certain value. This could allow a local unprivileged user to bypass the CPU time limit. (CVE-2008-1294, Moderate) * multiple NULL pointer dereferences were found in various Linux kernel network drivers. These drivers were missing checks for terminal validity, which could allow privilege escalation. (CVE-2008-2812, Moderate) These updated packages fix the following bugs : * the GNU libc stub resolver is a minimal resolver that works with Domain Name System (DNS) servers to satisfy requests from applications for names. The GNU libc stub resolver did not specify a source UDP port, and therefore used predictable port numbers. This could have made DNS spoofing attacks easier. The Linux kernel has been updated to implement random UDP source ports where none are specified by an application. This allows applications, such as those using the GNU libc stub resolver, to use random UDP source ports, helping to make DNS spoofing attacks harder. * when using certain hardware, a bug in UART_BUG_TXEN may have caused incorrect hardware detection, causing data flow to '/dev/ttyS1' to hang. * a 50-75% drop in NFS server rewrite performance, compared to Red Hat Enterprise Linux 4.6, has been resolved. * due a bug in the fast userspace mutex code, while one thread fetched a pointer, another thread may have removed it, causing the first thread to fetch the wrong pointer, possibly causing a system crash. * on certain Hitachi hardware, removing the 'uhci_hcd' module caused a kernel oops, and the following error : BUG: warning at arch/ia64/kernel/iosapic.c:1001/iosapic_unregister_intr() Even after the 'uhci_hcd' module was reloaded, there was no access to USB devices. As well, on systems that have legacy interrupts, 'acpi_unregister_gsi' incorrectly called 'iosapci_unregister_intr()', causing warning messages to be logged. * when a page was mapped with mmap(), and 'PROT_WRITE' was the only 'prot' argument, the first read of that page caused a segmentation fault. If the page was read after it was written to, no fault occurred. This was incompatible with the Red Hat Enterprise Linux 4 behavior. * due to a NULL pointer dereference in powernowk8_init(), a panic may have occurred. * certain error conditions handled by the bonding sysfs interface could have left rtnl_lock() unbalanced, either by locking and returning without unlocking, or by unlocking when it did not lock, possibly causing a 'kernel: RTNL: assertion failed at net/core/fib_rules.c' error. * the kernel currently expects a maximum of six Machine Check Exception (MCE) banks to be exposed by a CPU. Certain CPUs have 7 or more, which may have caused the MCE to be incorrectly reported. * a race condition in UNIX domain sockets may have caused recv() to return zero. For clusters, this may have caused unexpected failovers. * msgrcv() frequently returned an incorrect 'ERESTARTNOHAND (514)' error number. * on certain Intel Itanium-based systems, when kdump was configured to halt the system after a dump operation, after the 'System halted.' output, the kernel continued to output endless 'soft lockup' messages. Red Hat Enterprise Linux 5 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 67730
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67730
    title Oracle Linux 5 : kernel (ELSA-2008-0612)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0612.NASL
    description Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * a possible kernel memory leak was found in the Linux kernel Simple Internet Transition (SIT) INET6 implementation. This could allow a local unprivileged user to cause a denial of service. (CVE-2008-2136, Important) * a flaw was found in the Linux kernel setrlimit system call, when setting RLIMIT_CPU to a certain value. This could allow a local unprivileged user to bypass the CPU time limit. (CVE-2008-1294, Moderate) * multiple NULL pointer dereferences were found in various Linux kernel network drivers. These drivers were missing checks for terminal validity, which could allow privilege escalation. (CVE-2008-2812, Moderate) These updated packages fix the following bugs : * the GNU libc stub resolver is a minimal resolver that works with Domain Name System (DNS) servers to satisfy requests from applications for names. The GNU libc stub resolver did not specify a source UDP port, and therefore used predictable port numbers. This could have made DNS spoofing attacks easier. The Linux kernel has been updated to implement random UDP source ports where none are specified by an application. This allows applications, such as those using the GNU libc stub resolver, to use random UDP source ports, helping to make DNS spoofing attacks harder. * when using certain hardware, a bug in UART_BUG_TXEN may have caused incorrect hardware detection, causing data flow to '/dev/ttyS1' to hang. * a 50-75% drop in NFS server rewrite performance, compared to Red Hat Enterprise Linux 4.6, has been resolved. * due a bug in the fast userspace mutex code, while one thread fetched a pointer, another thread may have removed it, causing the first thread to fetch the wrong pointer, possibly causing a system crash. * on certain Hitachi hardware, removing the 'uhci_hcd' module caused a kernel oops, and the following error : BUG: warning at arch/ia64/kernel/iosapic.c:1001/iosapic_unregister_intr() Even after the 'uhci_hcd' module was reloaded, there was no access to USB devices. As well, on systems that have legacy interrupts, 'acpi_unregister_gsi' incorrectly called 'iosapci_unregister_intr()', causing warning messages to be logged. * when a page was mapped with mmap(), and 'PROT_WRITE' was the only 'prot' argument, the first read of that page caused a segmentation fault. If the page was read after it was written to, no fault occurred. This was incompatible with the Red Hat Enterprise Linux 4 behavior. * due to a NULL pointer dereference in powernowk8_init(), a panic may have occurred. * certain error conditions handled by the bonding sysfs interface could have left rtnl_lock() unbalanced, either by locking and returning without unlocking, or by unlocking when it did not lock, possibly causing a 'kernel: RTNL: assertion failed at net/core/fib_rules.c' error. * the kernel currently expects a maximum of six Machine Check Exception (MCE) banks to be exposed by a CPU. Certain CPUs have 7 or more, which may have caused the MCE to be incorrectly reported. * a race condition in UNIX domain sockets may have caused recv() to return zero. For clusters, this may have caused unexpected failovers. * msgrcv() frequently returned an incorrect 'ERESTARTNOHAND (514)' error number. * on certain Intel Itanium-based systems, when kdump was configured to halt the system after a dump operation, after the 'System halted.' output, the kernel continued to output endless 'soft lockup' messages. Red Hat Enterprise Linux 5 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 43701
    published 2010-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43701
    title CentOS 5 : kernel (CESA-2008:0612)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KERNEL-5608.NASL
    description This update of the SUSE Linux Enterprise 10 Service Pack 1 kernel contains lots of bugfixes and several security fixes : - Added missing capability checks in sbni_ioctl(). (CVE-2008-3525) - On AMD64 some string operations could leak kernel information into userspace. (CVE-2008-0598) - Added range checking in ASN.1 handling for the CIFS and SNMP NAT netfilter modules. (CVE-2008-1673) - Fixed range checking in the snd_seq OSS ioctl, which could be used to leak information from the kernel. (CVE-2008-3272) - Fixed a memory leak when looking up deleted directories which could be used to run the system out of memory. (CVE-2008-3275) - The do_change_type function in fs/namespace.c did not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint. (CVE-2008-2931) - Various NULL ptr checks have been added to the tty ops functions, which might have been used by local attackers to execute code. We think that this affects only devices openable by root, so the impact is limited. (CVE-2008-2812)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 59131
    published 2012-05-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59131
    title SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5608)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0665.NASL
    description Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux 4. This is the seventh regular update. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. Kernel Feature Support: * iostat displays I/O performance for partitions * I/O task accounting added to getrusage(), allowing comprehensive core statistics * page cache pages count added to show_mem() output * tux O_ATOMICLOOKUP flag removed from the open() system call: replaced with O_CLOEXEC * the kernel now exports process limit information to /proc/[PID]/limits * implement udp_poll() to reduce likelihood of false positives returned from select() * the TCP_RTO_MIN parameter can now be configured to a maximum of 3000 milliseconds. This is configured using 'ip route' * update CIFS to version 1.50 Added Features: * nfs.enable_ino64 boot command line parameter: enable and disable 32-bit inode numbers when using NFS * tick 'divider' kernel boot parameter: reduce CPU overhead, and increase efficiency at the cost of lowering timing accuracy * /proc/sys/vm/nfs-writeback-lowmem-only tunable parameter: resolve NFS read performance * /proc/sys/vm/write-mapped tunable option, allowing the option of faster NFS reads * support for Large Receive Offload as a networking module * core dump masking, allowing a core dump process to skip the shared memory segments of a process Virtualization: * para-virtualized network and block device drivers, to increase fully-virtualized guest performance * support for more than three VNIF numbers per guest domain Platform Support: * AMD ATI SB800 SATA controller, AMD ATI SB600 and SB700 40-pin IDE cable * 64-bit DMA support on AMD ATI SB700 * PCI device IDs to support Intel ICH10 * /dev/msr[0-n] device files * powernow-k8 as a module * SLB shadow buffer support for IBM POWER6 systems * support for CPU frequencies greater than 32-bit on IBM POWER5, IBM POWER6 * floating point load and store handler for IBM POWER6 Added Drivers and Updates: * ixgbe 1.1.18, for the Intel 82598 10GB ethernet controller * bnx2x 1.40.22, for network adapters on the Broadcom 5710 chipset * dm-hp-sw 1.0.0, for HP Active/Standby * zfcp version and bug fixes * qdio to fix FCP/SCSI write I/O expiring on LPARs * cio bug fixes * eHEA latest upstream, and netdump and netconsole support * ipr driver support for dual SAS RAID controllers * correct CPU cache info and SATA support for Intel Tolapai * i5000_edac support for Intel 5000 chipsets * i3000_edac support for Intel 3000 and 3010 chipsets * add i2c_piix4 module on 64-bit systems to support AMD ATI SB600, 700 and 800 * i2c-i801 support for Intel Tolapai * qla4xxx: 5.01.01-d2 to 5.01.02-d4-rhel4.7-00 * qla2xxx: 8.01.07-d4 to 8.01.07-d4-rhel4.7-02 * cciss: 2.6.16 to 2.6.20 * mptfusion: 3.02.99.00rh to 3.12.19.00rh * lpfc:0: 8.0.16.34 to 8.0.16.40 * megaraid_sas: 00.00.03.13 to 00.00.03.18-rh1 * stex: 3.0.0.1 to 3.6.0101.2 * arcmsr: 1.20.00.13 to 1.20.00.15.rh4u7 * aacraid: 1.1-5[2441] to 1.1.5[2455] Miscellaneous Updates: * OFED 1.3 support * wacom driver to add support for Cintiq 20WSX, Wacom Intuos3 12x19, 12x12 and 4x6 tablets * sata_svw driver to support Broadcom HT-1100 chipsets * libata to un-blacklist Hitachi drives to enable NCQ * ide driver allows command line option to disable ide drivers * psmouse support for cortps protocol These updated packages fix the following security issues : * NULL pointer access due to missing checks for terminal validity. (CVE-2008-2812, Moderate) * a security flaw was found in the Linux kernel Universal Disk Format file system. (CVE-2006-4145, Low) For further details, refer to the latest Red Hat Enterprise Linux 4.7 release notes: redhat.com/docs/manuals/enterprise
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 33581
    published 2008-07-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33581
    title RHEL 4 : kernel (RHSA-2008:0665)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20080804_KERNEL_ON_SL5_X.NASL
    description These updated packages fix the following security issues : - a possible kernel memory leak was found in the Linux kernel Simple Internet Transition (SIT) INET6 implementation. This could allow a local unprivileged user to cause a denial of service. (CVE-2008-2136, Important) - a flaw was found in the Linux kernel setrlimit system call, when setting RLIMIT_CPU to a certain value. This could allow a local unprivileged user to bypass the CPU time limit. (CVE-2008-1294, Moderate) - multiple NULL pointer dereferences were found in various Linux kernel network drivers. These drivers were missing checks for terminal validity, which could allow privilege escalation. (CVE-2008-2812, Moderate) These updated packages fix the following bugs : - the GNU libc stub resolver is a minimal resolver that works with Domain Name System (DNS) servers to satisfy requests from applications for names. The GNU libc stub resolver did not specify a source UDP port, and therefore used predictable port numbers. This could have made DNS spoofing attacks easier. The Linux kernel has been updated to implement random UDP source ports where none are specified by an application. This allows applications, such as those using the GNU libc stub resolver, to use random UDP source ports, helping to make DNS spoofing attacks harder. - when using certain hardware, a bug in UART_BUG_TXEN may have caused incorrect hardware detection, causing data flow to '/dev/ttyS1' to hang. - a 50-75% drop in NFS server rewrite performance, compared to Red Hat Enterprise Linux 4.6, has been resolved. - due a bug in the fast userspace mutex code, while one thread fetched a pointer, another thread may have removed it, causing the first thread to fetch the wrong pointer, possibly causing a system crash. - on certain Hitachi hardware, removing the 'uhci_hcd' module caused a kernel oops, and the following error : BUG: warning at arch/ia64/kernel/iosapic.c:1001/iosapic_unregister_intr() Even after the 'uhci_hcd' module was reloaded, there was no access to USB devices. As well, on systems that have legacy interrupts, 'acpi_unregister_gsi' incorrectly called 'iosapci_unregister_intr()', causing warning messages to be logged. - when a page was mapped with mmap(), and 'PROT_WRITE' was the only 'prot' argument, the first read of that page caused a segmentation fault. If the page was read after it was written to, no fault occurred. This was incompatible with the Red Hat Enterprise Linux 4 behavior. - due to a NULL pointer dereference in powernowk8_init(), a panic may have occurred. - certain error conditions handled by the bonding sysfs interface could have left rtnl_lock() unbalanced, either by locking and returning without unlocking, or by unlocking when it did not lock, possibly causing a 'kernel: RTNL: assertion failed at net/core/fib_rules.c' error. - the kernel currently expects a maximum of six Machine Check Exception (MCE) banks to be exposed by a CPU. Certain CPUs have 7 or more, which may have caused the MCE to be incorrectly reported. - a race condition in UNIX domain sockets may have caused recv() to return zero. For clusters, this may have caused unexpected failovers. - msgrcv() frequently returned an incorrect 'ERESTARTNOHAND (514)' error number. - on certain Intel Itanium-based systems, when kdump was configured to halt the system after a dump operation, after the 'System halted.' output, the kernel continued to output endless 'soft lockup' messages.
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60459
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60459
    title Scientific Linux Security Update : kernel on SL5.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KERNEL-5700.NASL
    description The openSUSE 10.3 kernel was update to 2.6.22.19. This includes bugs and security fixes. CVE-2008-4576: Fixed a crash in SCTP INIT-ACK, on mismatch between SCTP AUTH availability. This might be exploited remotely for a denial of service (crash) attack. CVE-2008-3528: The ext[234] filesystem code fails to properly handle corrupted data structures. With a mounted filesystem image or partition that have corrupted dir->i_size and dir->i_blocks, a user performing either a read or write operation on the mounted image or partition can lead to a possible denial of service by spamming the logfile. CVE-2007-6716: fs/direct-io.c in the dio subsystem in the Linux kernel did not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test. CVE-2008-3525: Added missing capability checks in sbni_ioctl(). CVE-2008-3272: Fixed range checking in the snd_seq OSS ioctl, which could be used to leak information from the kernel. CVE-2008-3276: An integer overflow flaw was found in the Linux kernel dccp_setsockopt_change() function. An attacker may leverage this vulnerability to trigger a kernel panic on a victim's machine remotely. CVE-2008-1673: Added range checking in ASN.1 handling for the CIFS and SNMP NAT netfilter modules. CVE-2008-2826: A integer overflow in SCTP was fixed, which might have been used by remote attackers to crash the machine or potentially execute code. CVE-2008-2812: Various NULL ptr checks have been added to tty op functions, which might have been used by local attackers to execute code. We think that this affects only devices openable by root, so the impact is limited.
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 34457
    published 2008-10-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34457
    title openSUSE 10 Security Update : kernel (kernel-5700)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0973.NASL
    description Updated kernel packages that resolve several security issues and fix various bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update addresses the following security issues : * Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and 64-bit emulation. This could allow a local, unprivileged user to prepare and run a specially crafted binary which would use this deficiency to leak uninitialized and potentially sensitive data. (CVE-2008-0598, Important) * a possible kernel memory leak was found in the Linux kernel Simple Internet Transition (SIT) INET6 implementation. This could allow a local, unprivileged user to cause a denial of service. (CVE-2008-2136, Important) * missing capability checks were found in the SBNI WAN driver which could allow a local user to bypass intended capability restrictions. (CVE-2008-3525, Important) * the do_truncate() and generic_file_splice_write() functions did not clear the setuid and setgid bits. This could allow a local, unprivileged user to obtain access to privileged information. (CVE-2008-4210, Important) * a buffer overflow flaw was found in Integrated Services Digital Network (ISDN) subsystem. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2007-6063, Moderate) * multiple NULL pointer dereferences were found in various Linux kernel network drivers. These drivers were missing checks for terminal validity, which could allow privilege escalation. (CVE-2008-2812, Moderate) * a deficiency was found in the Linux kernel virtual filesystem (VFS) implementation. This could allow a local, unprivileged user to attempt file creation within deleted directories, possibly causing a denial of service. (CVE-2008-3275, Moderate) This update also fixes the following bugs : * the incorrect kunmap function was used in nfs_xdr_readlinkres. kunmap() was used where kunmap_atomic() should have been. As a consequence, if an NFSv2 or NFSv3 server exported a volume containing a symlink which included a path equal to or longer than the local system's PATH_MAX, accessing the link caused a kernel oops. This has been corrected in this update. * mptctl_gettargetinfo did not check if pIoc3 was NULL before using it as a pointer. This caused a kernel panic in mptctl_gettargetinfo in some circumstances. A check has been added which prevents this. * lost tick compensation code in the timer interrupt routine triggered without apparent cause. When running as a fully-virtualized client, this spurious triggering caused the 64-bit version of Red Hat Enterprise Linux 3 to present highly inaccurate times. With this update the lost tick compensation code is turned off when the operating system is running as a fully-virtualized client under Xen or VMware(r). All Red Hat Enterprise Linux 3 users should install this updated kernel which addresses these vulnerabilities and fixes these bugs.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 35186
    published 2008-12-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35186
    title CentOS 3 : kernel (CESA-2008:0973)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0973.NASL
    description Updated kernel packages that resolve several security issues and fix various bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update addresses the following security issues : * Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and 64-bit emulation. This could allow a local, unprivileged user to prepare and run a specially crafted binary which would use this deficiency to leak uninitialized and potentially sensitive data. (CVE-2008-0598, Important) * a possible kernel memory leak was found in the Linux kernel Simple Internet Transition (SIT) INET6 implementation. This could allow a local, unprivileged user to cause a denial of service. (CVE-2008-2136, Important) * missing capability checks were found in the SBNI WAN driver which could allow a local user to bypass intended capability restrictions. (CVE-2008-3525, Important) * the do_truncate() and generic_file_splice_write() functions did not clear the setuid and setgid bits. This could allow a local, unprivileged user to obtain access to privileged information. (CVE-2008-4210, Important) * a buffer overflow flaw was found in Integrated Services Digital Network (ISDN) subsystem. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2007-6063, Moderate) * multiple NULL pointer dereferences were found in various Linux kernel network drivers. These drivers were missing checks for terminal validity, which could allow privilege escalation. (CVE-2008-2812, Moderate) * a deficiency was found in the Linux kernel virtual filesystem (VFS) implementation. This could allow a local, unprivileged user to attempt file creation within deleted directories, possibly causing a denial of service. (CVE-2008-3275, Moderate) This update also fixes the following bugs : * the incorrect kunmap function was used in nfs_xdr_readlinkres. kunmap() was used where kunmap_atomic() should have been. As a consequence, if an NFSv2 or NFSv3 server exported a volume containing a symlink which included a path equal to or longer than the local system's PATH_MAX, accessing the link caused a kernel oops. This has been corrected in this update. * mptctl_gettargetinfo did not check if pIoc3 was NULL before using it as a pointer. This caused a kernel panic in mptctl_gettargetinfo in some circumstances. A check has been added which prevents this. * lost tick compensation code in the timer interrupt routine triggered without apparent cause. When running as a fully-virtualized client, this spurious triggering caused the 64-bit version of Red Hat Enterprise Linux 3 to present highly inaccurate times. With this update the lost tick compensation code is turned off when the operating system is running as a fully-virtualized client under Xen or VMware(r). All Red Hat Enterprise Linux 3 users should install this updated kernel which addresses these vulnerabilities and fixes these bugs.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 35190
    published 2008-12-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35190
    title RHEL 3 : kernel (RHSA-2008:0973)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-637-1.NASL
    description It was discovered that there were multiple NULL pointer function dereferences in the Linux kernel terminal handling code. A local attacker could exploit this to execute arbitrary code as root, or crash the system, leading to a denial of service. (CVE-2008-2812) The do_change_type routine did not correctly validation administrative users. A local attacker could exploit this to block mount points or cause private mounts to be shared, leading to denial of service or a possible loss of privacy. (CVE-2008-2931) Tobias Klein discovered that the OSS interface through ALSA did not correctly validate the device number. A local attacker could exploit this to access sensitive kernel memory, leading to a denial of service or a loss of privacy. (CVE-2008-3272) Zoltan Sogor discovered that new directory entries could be added to already deleted directories. A local attacker could exploit this, filling up available memory and disk space, leading to a denial of service. (CVE-2008-3275) In certain situations, the fix for CVE-2008-0598 from USN-623-1 was causing infinite loops in the writev syscall. This update corrects the mistake. We apologize for the inconvenience. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 34048
    published 2008-08-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34048
    title Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : linux, linux-source-2.6.15/20/22 vulnerabilities (USN-637-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_KERNEL-080721.NASL
    description The openSUSE 11.0 kernel was updated to 2.6.25.11. It fixes following security problems: CVE-2008-2812: Various tty / serial devices did not check functionpointers for NULL before calling them, leading to potential crashes or code execution. The devices affected are usually only accessible by the root user though. CVE-2008-2750: The pppol2tp_recvmsg function in drivers/net/pppol2tp.c in the Linux kernel allows remote attackers to cause a denial of service (kernel heap memory corruption and system crash) and possibly have unspecified other impact via a crafted PPPOL2TP packet that results in a large value for a certain length variable. No CVE yet: On x86_64 systems, a incorrect buffersize in LDT handling might lead to local untrusted attackers causing a crash of the machine or potentially execute code with kernel privileges. The update also has lots of other bugfixes that are listed in the RPM changelog.
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 40008
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40008
    title openSUSE Security Update : kernel (kernel-111)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0612.NASL
    description Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * a possible kernel memory leak was found in the Linux kernel Simple Internet Transition (SIT) INET6 implementation. This could allow a local unprivileged user to cause a denial of service. (CVE-2008-2136, Important) * a flaw was found in the Linux kernel setrlimit system call, when setting RLIMIT_CPU to a certain value. This could allow a local unprivileged user to bypass the CPU time limit. (CVE-2008-1294, Moderate) * multiple NULL pointer dereferences were found in various Linux kernel network drivers. These drivers were missing checks for terminal validity, which could allow privilege escalation. (CVE-2008-2812, Moderate) These updated packages fix the following bugs : * the GNU libc stub resolver is a minimal resolver that works with Domain Name System (DNS) servers to satisfy requests from applications for names. The GNU libc stub resolver did not specify a source UDP port, and therefore used predictable port numbers. This could have made DNS spoofing attacks easier. The Linux kernel has been updated to implement random UDP source ports where none are specified by an application. This allows applications, such as those using the GNU libc stub resolver, to use random UDP source ports, helping to make DNS spoofing attacks harder. * when using certain hardware, a bug in UART_BUG_TXEN may have caused incorrect hardware detection, causing data flow to '/dev/ttyS1' to hang. * a 50-75% drop in NFS server rewrite performance, compared to Red Hat Enterprise Linux 4.6, has been resolved. * due a bug in the fast userspace mutex code, while one thread fetched a pointer, another thread may have removed it, causing the first thread to fetch the wrong pointer, possibly causing a system crash. * on certain Hitachi hardware, removing the 'uhci_hcd' module caused a kernel oops, and the following error : BUG: warning at arch/ia64/kernel/iosapic.c:1001/iosapic_unregister_intr() Even after the 'uhci_hcd' module was reloaded, there was no access to USB devices. As well, on systems that have legacy interrupts, 'acpi_unregister_gsi' incorrectly called 'iosapci_unregister_intr()', causing warning messages to be logged. * when a page was mapped with mmap(), and 'PROT_WRITE' was the only 'prot' argument, the first read of that page caused a segmentation fault. If the page was read after it was written to, no fault occurred. This was incompatible with the Red Hat Enterprise Linux 4 behavior. * due to a NULL pointer dereference in powernowk8_init(), a panic may have occurred. * certain error conditions handled by the bonding sysfs interface could have left rtnl_lock() unbalanced, either by locking and returning without unlocking, or by unlocking when it did not lock, possibly causing a 'kernel: RTNL: assertion failed at net/core/fib_rules.c' error. * the kernel currently expects a maximum of six Machine Check Exception (MCE) banks to be exposed by a CPU. Certain CPUs have 7 or more, which may have caused the MCE to be incorrectly reported. * a race condition in UNIX domain sockets may have caused recv() to return zero. For clusters, this may have caused unexpected failovers. * msgrcv() frequently returned an incorrect 'ERESTARTNOHAND (514)' error number. * on certain Intel Itanium-based systems, when kdump was configured to halt the system after a dump operation, after the 'System halted.' output, the kernel continued to output endless 'soft lockup' messages. Red Hat Enterprise Linux 5 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 33830
    published 2008-08-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33830
    title RHEL 5 : kernel (RHSA-2008:0612)
oval via4
  • accepted 2013-04-29T04:15:06.973-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.
    family unix
    id oval:org.mitre.oval:def:11632
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.
    version 24
  • accepted 2010-01-11T04:02:09.076-05:00
    class vulnerability
    contributors
    name Michael Wood
    organization Hewlett-Packard
    definition_extensions
    comment VMware ESX Server 3.5.0 is installed
    oval oval:org.mitre.oval:def:5887
    description The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.
    family unix
    id oval:org.mitre.oval:def:6633
    status accepted
    submitted 2009-09-23T15:39:02.000-04:00
    title Linux Kernel TTY Operations NULL Pointer Dereference Denial of Service Vulnerabilities
    version 4
redhat via4
advisories
  • bugzilla
    id 456117
    title [REG][5.3] Soft lockup is detected
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment kernel is earlier than 0:2.6.18-92.1.10.el5
          oval oval:com.redhat.rhsa:tst:20080612002
        • comment kernel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070099003
      • AND
        • comment kernel-PAE is earlier than 0:2.6.18-92.1.10.el5
          oval oval:com.redhat.rhsa:tst:20080612022
        • comment kernel-PAE is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070099019
      • AND
        • comment kernel-PAE-devel is earlier than 0:2.6.18-92.1.10.el5
          oval oval:com.redhat.rhsa:tst:20080612020
        • comment kernel-PAE-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070099017
      • AND
        • comment kernel-debug is earlier than 0:2.6.18-92.1.10.el5
          oval oval:com.redhat.rhsa:tst:20080612010
        • comment kernel-debug is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070993007
      • AND
        • comment kernel-debug-devel is earlier than 0:2.6.18-92.1.10.el5
          oval oval:com.redhat.rhsa:tst:20080612006
        • comment kernel-debug-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070993013
      • AND
        • comment kernel-devel is earlier than 0:2.6.18-92.1.10.el5
          oval oval:com.redhat.rhsa:tst:20080612014
        • comment kernel-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070099011
      • AND
        • comment kernel-doc is earlier than 0:2.6.18-92.1.10.el5
          oval oval:com.redhat.rhsa:tst:20080612024
        • comment kernel-doc is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070099021
      • AND
        • comment kernel-headers is earlier than 0:2.6.18-92.1.10.el5
          oval oval:com.redhat.rhsa:tst:20080612004
        • comment kernel-headers is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070099005
      • AND
        • comment kernel-kdump is earlier than 0:2.6.18-92.1.10.el5
          oval oval:com.redhat.rhsa:tst:20080612016
        • comment kernel-kdump is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070099015
      • AND
        • comment kernel-kdump-devel is earlier than 0:2.6.18-92.1.10.el5
          oval oval:com.redhat.rhsa:tst:20080612018
        • comment kernel-kdump-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070099013
      • AND
        • comment kernel-xen is earlier than 0:2.6.18-92.1.10.el5
          oval oval:com.redhat.rhsa:tst:20080612008
        • comment kernel-xen is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070099007
      • AND
        • comment kernel-xen-devel is earlier than 0:2.6.18-92.1.10.el5
          oval oval:com.redhat.rhsa:tst:20080612012
        • comment kernel-xen-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070099009
    rhsa
    id RHSA-2008:0612
    released 2008-08-04
    severity Important
    title RHSA-2008:0612: kernel security and bug fix update (Important)
  • bugzilla
    id 453419
    title CVE-2008-2812 kernel: NULL ptr dereference in multiple network drivers due to missing checks in tty code
    oval
    AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhsa:tst:20060016001
    • OR
      • AND
        • comment kernel is earlier than 0:2.6.9-78.EL
          oval oval:com.redhat.rhsa:tst:20080665002
        • comment kernel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060689003
      • AND
        • comment kernel-devel is earlier than 0:2.6.9-78.EL
          oval oval:com.redhat.rhsa:tst:20080665004
        • comment kernel-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060689005
      • AND
        • comment kernel-doc is earlier than 0:2.6.9-78.EL
          oval oval:com.redhat.rhsa:tst:20080665022
        • comment kernel-doc is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060689019
      • AND
        • comment kernel-hugemem is earlier than 0:2.6.9-78.EL
          oval oval:com.redhat.rhsa:tst:20080665020
        • comment kernel-hugemem is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060689017
      • AND
        • comment kernel-hugemem-devel is earlier than 0:2.6.9-78.EL
          oval oval:com.redhat.rhsa:tst:20080665018
        • comment kernel-hugemem-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060689015
      • AND
        • comment kernel-largesmp is earlier than 0:2.6.9-78.EL
          oval oval:com.redhat.rhsa:tst:20080665014
        • comment kernel-largesmp is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060689013
      • AND
        • comment kernel-largesmp-devel is earlier than 0:2.6.9-78.EL
          oval oval:com.redhat.rhsa:tst:20080665012
        • comment kernel-largesmp-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060689009
      • AND
        • comment kernel-smp is earlier than 0:2.6.9-78.EL
          oval oval:com.redhat.rhsa:tst:20080665008
        • comment kernel-smp is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060689011
      • AND
        • comment kernel-smp-devel is earlier than 0:2.6.9-78.EL
          oval oval:com.redhat.rhsa:tst:20080665006
        • comment kernel-smp-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060689007
      • AND
        • comment kernel-xenU is earlier than 0:2.6.9-78.EL
          oval oval:com.redhat.rhsa:tst:20080665016
        • comment kernel-xenU is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070488009
      • AND
        • comment kernel-xenU-devel is earlier than 0:2.6.9-78.EL
          oval oval:com.redhat.rhsa:tst:20080665010
        • comment kernel-xenU-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070488011
    rhsa
    id RHSA-2008:0665
    released 2008-07-24
    severity Moderate
    title RHSA-2008:0665: Updated kernel packages for Red Hat Enterprise Linux 4.7 (Moderate)
  • rhsa
    id RHSA-2008:0973
rpms
  • kernel-0:2.6.18-92.1.10.el5
  • kernel-PAE-0:2.6.18-92.1.10.el5
  • kernel-PAE-devel-0:2.6.18-92.1.10.el5
  • kernel-debug-0:2.6.18-92.1.10.el5
  • kernel-debug-devel-0:2.6.18-92.1.10.el5
  • kernel-devel-0:2.6.18-92.1.10.el5
  • kernel-doc-0:2.6.18-92.1.10.el5
  • kernel-headers-0:2.6.18-92.1.10.el5
  • kernel-kdump-0:2.6.18-92.1.10.el5
  • kernel-kdump-devel-0:2.6.18-92.1.10.el5
  • kernel-xen-0:2.6.18-92.1.10.el5
  • kernel-xen-devel-0:2.6.18-92.1.10.el5
  • kernel-0:2.6.9-78.EL
  • kernel-devel-0:2.6.9-78.EL
  • kernel-doc-0:2.6.9-78.EL
  • kernel-hugemem-0:2.6.9-78.EL
  • kernel-hugemem-devel-0:2.6.9-78.EL
  • kernel-largesmp-0:2.6.9-78.EL
  • kernel-largesmp-devel-0:2.6.9-78.EL
  • kernel-smp-0:2.6.9-78.EL
  • kernel-smp-devel-0:2.6.9-78.EL
  • kernel-xenU-0:2.6.9-78.EL
  • kernel-xenU-devel-0:2.6.9-78.EL
  • kernel-0:2.4.21-58.EL
  • kernel-BOOT-0:2.4.21-58.EL
  • kernel-doc-0:2.4.21-58.EL
  • kernel-hugemem-0:2.4.21-58.EL
  • kernel-hugemem-unsupported-0:2.4.21-58.EL
  • kernel-smp-0:2.4.21-58.EL
  • kernel-smp-unsupported-0:2.4.21-58.EL
  • kernel-source-0:2.4.21-58.EL
  • kernel-unsupported-0:2.4.21-58.EL
refmap via4
bid 30076
confirm
debian DSA-1630
mlist [oss-security] 20080703 2.6.25.10 security fixes, please assign CVE id
secunia
  • 30982
  • 31048
  • 31202
  • 31229
  • 31341
  • 31551
  • 31614
  • 31685
  • 32103
  • 32370
  • 32759
  • 33201
suse
  • SUSE-SA:2008:035
  • SUSE-SA:2008:037
  • SUSE-SA:2008:038
  • SUSE-SA:2008:047
  • SUSE-SA:2008:049
  • SUSE-SA:2008:052
  • SUSE-SR:2008:025
ubuntu USN-637-1
vupen ADV-2008-2063
xf kernel-tty-dos(43687)
Last major update 26-11-2012 - 22:47
Published 08-07-2008 - 20:41
Last modified 30-10-2018 - 12:25
Back to Top