Executive Summary
Summary | |
---|---|
Title | kernel security update |
Informations | |||
---|---|---|---|
Name | RHSA-2006:0140 | First vendor Publication | 2006-01-19 |
Vendor | RedHat | Last vendor Modification | 2006-01-19 |
Severity (Vendor) | Important | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 3 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below: - - a flaw in network IGMP processing that a allowed a remote user on the local network to cause a denial of service (disabling of multicast reports) if the system is running multicast applications (CVE-2002-2185, moderate) - - a flaw in remap_page_range() with O_DIRECT writes that allowed a local user to cause a denial of service (crash) (CVE-2004-1057, important) - - a flaw in exec() handling on some 64-bit architectures that allowed a local user to cause a denial of service (crash) (CVE-2005-2708, important) - - a flaw in procfs handling during unloading of modules that allowed a local user to cause a denial of service or potentially gain privileges (CVE-2005-2709, moderate) - - a flaw in IPv6 network UDP port hash table lookups that allowed a local user to cause a denial of service (hang) (CVE-2005-2973, important) - - a flaw in 32-bit-compat handling of the TIOCGDEV ioctl that allowed a local user to cause a denial of service (crash) (CVE-2005-3044, important) - - a network buffer info leak using the orinoco driver that allowed a remote user to possibly view uninitialized data (CVE-2005-3180, important) - - a flaw in IPv4 network TCP and UDP netfilter handling that allowed a local user to cause a denial of service (crash) (CVE-2005-3275, important) - - a flaw in the IPv6 flowlabel code that allowed a local user to cause a denial of service (crash) (CVE-2005-3806, important) - - a flaw in network ICMP processing that allowed a local user to cause a denial of service (memory exhaustion) (CVE-2005-3848, important) - - a flaw in file lease time-out handling that allowed a local user to cause a denial of service (log file overflow) (CVE-2005-3857, moderate) - - a flaw in network IPv6 xfrm handling that allowed a local user to cause a denial of service (memory exhaustion) (CVE-2005-3858, important) All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architecture and configurations as listed in this erratum. 4. Solution: Before applying this update, make sure that all previously released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 137820 - CVE-2004-1057 VM_IO refcount issue 161925 - CVE-2005-2708 user code panics kernel in exec.c 168661 - CVE-2005-3044 lost fput could lead to DoS 168925 - CVE-2005-2709 More sysctl flaws 170278 - CVE-2005-3180 orinoco driver information leakage 170774 - CVE-2005-2973 ipv6 infinite loop 171386 - CVE-2005-3275 NAT DoS 174082 - CVE-2005-3806 ipv6 DOS 174338 - CVE-2005-3857 lease printk DoS 174344 - CVE-2005-3858 ip6_input_finish DoS 174347 - CVE-2005-3848 dst_entry leak DoS 174808 - CVE-2002-2185 IGMP DoS |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2006-0140.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10142 | |||
Oval ID: | oval:org.mitre.oval:def:10142 | ||
Title: | The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in Linux kernel 2.6 before 2.6.13 and 2.4 before 2.4.32-rc1 incorrectly declares a variable to be static, which allows remote attackers to cause a denial of service (memory corruption) by causing two packets for the same protocol to be NATed at the same time, which leads to memory corruption. | ||
Description: | The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in Linux kernel 2.6 before 2.6.13 and 2.4 before 2.4.32-rc1 incorrectly declares a variable to be static, which allows remote attackers to cause a denial of service (memory corruption) by causing two packets for the same protocol to be NATed at the same time, which leads to memory corruption. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-3275 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10649 | |||
Oval ID: | oval:org.mitre.oval:def:10649 | ||
Title: | The search_binary_handler function in exec.c in Linux 2.4 kernel on 64-bit x86 architectures does not check a return code for a particular function call when virtual memory is low, which allows local users to cause a denial of service (panic), as demonstrated by running a process using the bash ulimit -v command. | ||
Description: | The search_binary_handler function in exec.c in Linux 2.4 kernel on 64-bit x86 architectures does not check a return code for a particular function call when virtual memory is low, which allows local users to cause a denial of service (panic), as demonstrated by running a process using the bash ulimit -v command. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2708 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10736 | |||
Oval ID: | oval:org.mitre.oval:def:10736 | ||
Title: | The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from the network. | ||
Description: | The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from the network. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2002-2185 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10746 | |||
Oval ID: | oval:org.mitre.oval:def:10746 | ||
Title: | The sysctl functionality (sysctl.c) in Linux kernel before 2.6.14.1 allows local users to cause a denial of service (kernel oops) and possibly execute code by opening an interface file in /proc/sys/net/ipv4/conf/, waiting until the interface is unregistered, then obtaining and modifying function pointers in memory that was used for the ctl_table. | ||
Description: | The sysctl functionality (sysctl.c) in Linux kernel before 2.6.14.1 allows local users to cause a denial of service (kernel oops) and possibly execute code by opening an interface file in /proc/sys/net/ipv4/conf/, waiting until the interface is unregistered, then obtaining and modifying function pointers in memory that was used for the ctl_table. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2709 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11332 | |||
Oval ID: | oval:org.mitre.oval:def:11332 | ||
Title: | The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does not properly clear memory from a previously used packet whose length is increased, which allows remote attackers to obtain sensitive information. | ||
Description: | The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does not properly clear memory from a previously used packet whose length is increased, which allows remote attackers to obtain sensitive information. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-3180 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11346 | |||
Oval ID: | oval:org.mitre.oval:def:11346 | ||
Title: | Memory leak in the icmp_push_reply function in Linux 2.6 before 2.6.12.6 and 2.6.13 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted packets that cause the ip_append_data function to fail, aka "DST leak in icmp_push_reply." | ||
Description: | Memory leak in the icmp_push_reply function in Linux 2.6 before 2.6.12.6 and 2.6.13 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted packets that cause the ip_append_data function to fail, aka "DST leak in icmp_push_reply." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-3848 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11474 | |||
Oval ID: | oval:org.mitre.oval:def:11474 | ||
Title: | Multiple drivers in Linux kernel 2.4.19 and earlier do not properly mark memory with the VM_IO flag, which causes incorrect reference counts and may lead to a denial of service (kernel panic) when accessing freed kernel pages. | ||
Description: | Multiple drivers in Linux kernel 2.4.19 and earlier do not properly mark memory with the VM_IO flag, which causes incorrect reference counts and may lead to a denial of service (kernel panic) when accessing freed kernel pages. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-1057 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9396 | |||
Oval ID: | oval:org.mitre.oval:def:9396 | ||
Title: | Memory leak in the ip6_input_finish function in ip6_input.c in Linux kernel 2.6.12 and earlier might allow attackers to cause a denial of service via malformed IPv6 packets with unspecified parameter problems, which prevents the SKB from being freed. | ||
Description: | Memory leak in the ip6_input_finish function in ip6_input.c in Linux kernel 2.6.12 and earlier might allow attackers to cause a denial of service via malformed IPv6 packets with unspecified parameter problems, which prevents the SKB from being freed. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-3858 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9561 | |||
Oval ID: | oval:org.mitre.oval:def:9561 | ||
Title: | Multiple vulnerabilities in Linux kernel before 2.6.13.2 allow local users to cause a denial of service (kernel OOPS from null dereference) via (1) fput in a 32-bit ioctl on 64-bit x86 systems or (2) sockfd_put in the 32-bit routing_ioctl function on 64-bit systems. | ||
Description: | Multiple vulnerabilities in Linux kernel before 2.6.13.2 allow local users to cause a denial of service (kernel OOPS from null dereference) via (1) fput in a 32-bit ioctl on 64-bit x86 systems or (2) sockfd_put in the 32-bit routing_ioctl function on 64-bit systems. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-3044 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9727 | |||
Oval ID: | oval:org.mitre.oval:def:9727 | ||
Title: | The time_out_leases function in locks.c for Linux kernel before 2.6.15-rc3 allows local users to cause a denial of service (kernel log message consumption) by causing a large number of broken leases, which is recorded to the log using the printk function. | ||
Description: | The time_out_leases function in locks.c for Linux kernel before 2.6.15-rc3 allows local users to cause a denial of service (kernel log message consumption) by causing a large number of broken leases, which is recorded to the log using the printk function. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-3857 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9903 | |||
Oval ID: | oval:org.mitre.oval:def:9903 | ||
Title: | The IPv6 flow label handling code (ip6_flowlabel.c) in Linux kernels 2.4 up to 2.4.32 and 2.6 before 2.6.14 modifies the wrong variable in certain circumstances, which allows local users to corrupt kernel memory or cause a denial of service (crash) by triggering a free of non-allocated memory. | ||
Description: | The IPv6 flow label handling code (ip6_flowlabel.c) in Linux kernels 2.4 up to 2.4.32 and 2.6 before 2.6.14 modifies the wrong variable in certain circumstances, which allows local users to corrupt kernel memory or cause a denial of service (crash) by triggering a free of non-allocated memory. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-3806 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2005-11-09 | Linux Kernel 2.6.x Sysctl Unregistration Local Denial of Service Vulnerability |
2005-10-20 | Linux Kernel 2.6.x IPV6 Local Denial of Service Vulnerability |
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5010939.nasl |
2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5015723.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1017-1 (kernel-source-2.6.8) File : nvt/deb_1017_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1018-1 (kernel-source-2.4.27) File : nvt/deb_1018_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1018-2 (kernel-source-2.4.27) File : nvt/deb_1018_2.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 921-1 (kernel-source-2.4.27) File : nvt/deb_921_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 922-1 (kernel-source-2.4.27) File : nvt/deb_922_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
22668 | Linux Kernel search_binary_handler() Function Local DoS |
22509 | IGMP Spoofed Membership Report DoS |
22507 | Linux Kernel ip6_input_finish Function Crafted IPv6 Packet DoS |
22506 | Linux Kernel icmp_push_reply Function Crafted Packet Remote DoS |
21516 | Linux Kernel IPv6 Flow Label Handling Local DoS |
21285 | Linux Kernel time_out_leases Function Broken Lease Saturation Local DoS |
21279 | Linux Kernel Double Packet NAT Remote DoS |
20676 | Linux Kernel sysctl Interface Unregistration Local DoS The Linux kernel contains a flaw that may allow a local denial of service. The issue is triggered due to an error in sysctl's handling of interface unregistrations, and will result in loss of availability for the service. |
20163 | Linux Kernel IPv6 udp_v6_get_port() Function Local DoS Linux contains a flaw that may allow a local denial of service. The issue is due to an infinite loop error in the "udp_v6_get_port()" function in "net/ipv6/udp.c", and will result in loss of availability. |
19925 | Linux Kernel Orinoco Driver Remote Memory Segment Disclosure |
19598 | Linux Kernel tiocgdev() Reference Counter Overrun Local DoS |
19597 | Linux Kernel on 64bit routing_ioctl() Reference Counter Overrun Local DoS |
13897 | Linux kernel VM_IO DoS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-03-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-219-1.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1017.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1018.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-921.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-922.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-808.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0101.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0493.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-514.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0140.nasl - Type : ACT_GATHER_INFO |
2006-05-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0493.nasl - Type : ACT_GATHER_INFO |
2006-03-23 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-059.nasl - Type : ACT_GATHER_INFO |
2006-02-19 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-040.nasl - Type : ACT_GATHER_INFO |
2006-02-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0191.nasl - Type : ACT_GATHER_INFO |
2006-01-22 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-018.nasl - Type : ACT_GATHER_INFO |
2006-01-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-231-1.nasl - Type : ACT_GATHER_INFO |
2006-01-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0140.nasl - Type : ACT_GATHER_INFO |
2006-01-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0101.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-235.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-219.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-187-1.nasl - Type : ACT_GATHER_INFO |
2005-12-20 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_068.nasl - Type : ACT_GATHER_INFO |
2005-12-08 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_067.nasl - Type : ACT_GATHER_INFO |
2005-10-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-808.nasl - Type : ACT_GATHER_INFO |
2005-10-24 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-1013.nasl - Type : ACT_GATHER_INFO |
2005-10-24 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-1007.nasl - Type : ACT_GATHER_INFO |
2005-10-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-514.nasl - Type : ACT_GATHER_INFO |
2005-01-26 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-022.nasl - Type : ACT_GATHER_INFO |
2005-01-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-016.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:49:52 |
|