7.8 - RHSA-2006:0580

Executive Summary

Summary
Title	kernel security update

Informations
Name	RHSA-2006:0580	First vendor Publication	2006-07-13
Vendor	RedHat	Last vendor Modification	2006-07-13
Severity (Vendor)	Moderate	Revision	01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score	7.8	Attack Range	Network
Cvss Impact Score	6.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated kernel packages that fix a number of security issues as well as other bugs are now available for Red Hat Enterprise Linux 2.1 (64 bit architectures)

This security advisory has been rated as having important security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - ia64 Red Hat Linux Advanced Workstation 2.1 - ia64

3. Problem description:

The Linux kernel handles the basic functions of the operating system.

These new kernel packages contain fixes for the security issues described below:

* a flaw in the USB devio handling of device removal that allowed a local user to cause a denial of service (crash) (CVE-2005-3055, moderate)

* a flaw in ROSE due to missing verification of the ndigis argument of new routes (CVE-2005-3273, moderate)

* a minor info leak in socket name handling in the network code (CVE-2006-1342, low)

* a minor info leak in socket option handling in the network code (CVE-2006-1343, low)

* a directory traversal vulnerability in smbfs that allowed a local user to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences (CVE-2006-1864, moderate)

* a flaw in the mprotect system call that allowed to give write permission to a readonly attachment of shared memory (CVE-2006-2071, moderate)

* a flaw in IPv4 netfilter handling for the unlikely use of SNMP NAT processing that allowed a remote user to cause a denial of service (crash) or potential memory corruption (CVE-2006-2444, moderate)

All Red Hat Enterprise Linux 2.1 users are advised to upgrade their kernels to these updated packages, which contain backported fixes to correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

155363 - CVE-2005-3273 ROSE ndigis verification 169263 - CVE-2005-3055 async usb devio oops (ipf) 186247 - CVE-2006-1342 Small information leak in SO_ORIGINAL_DST and getname() (CVE-2006-1343) 189439 - CVE-2006-1864 smbfs chroot issue 190077 - CVE-2006-2071 mprotect gives write permission to a readonly attachment 192634 - CVE-2006-2444 SNMP NAT netfilter memory corruption

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2006-0580.html

CWE : Common Weakness Enumeration

%	Id	Name
50 %	CWE-264	Permissions, Privileges, and Access Controls
50 %	CWE-20	Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10875

Oval ID:	oval:org.mitre.oval:def:10875
Title:	net/ipv4/netfilter/ip_conntrack_core.c in Linux kernel 2.4 and 2.6, and possibly net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c in 2.6, does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the getsockopt function with SO_ORIGINAL_DST, which allows local users to obtain portions of potentially sensitive memory.
Description:	net/ipv4/netfilter/ip_conntrack_core.c in Linux kernel 2.4 and 2.6, and possibly net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c in 2.6, does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the getsockopt function with SO_ORIGINAL_DST, which allows local users to obtain portions of potentially sensitive memory.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2006-1343	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section kernel-BOOT is earlier than 0:2.4.21-47.EL AND kernel-unsupported is earlier than 0:2.4.21-47.EL AND kernel-smp-unsupported is earlier than 0:2.4.21-47.EL AND kernel-hugemem-unsupported is earlier than 0:2.4.21-47.EL AND kernel-hugemem is earlier than 0:2.4.21-47.EL AND kernel is earlier than 0:2.4.21-47.EL AND kernel-source is earlier than 0:2.4.21-47.EL AND kernel-doc is earlier than 0:2.4.21-47.EL AND kernel-smp is earlier than 0:2.4.21-47.EL OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section kernel-hugemem is earlier than 0:2.6.9-42.EL AND kernel-hugemem-devel is earlier than 0:2.6.9-42.EL AND kernel-smp-devel is earlier than 0:2.6.9-42.EL AND kernel-largesmp-devel is earlier than 0:2.6.9-42.EL AND kernel is earlier than 0:2.6.9-42.EL AND kernel-devel is earlier than 0:2.6.9-42.EL AND kernel-doc is earlier than 0:2.6.9-42.EL AND kernel-largesmp is earlier than 0:2.6.9-42.EL AND kernel-smp is earlier than 0:2.6.9-42.EL

Definition Id: oval:org.mitre.oval:def:11318

Oval ID:	oval:org.mitre.oval:def:11318
Title:	The snmp_trap_decode function in the SNMP NAT helper for Linux kernel before 2.6.16.18 allows remote attackers to cause a denial of service (crash) via unspecified remote attack vectors that cause failures in snmp_trap_decode that trigger (1) frees of random memory or (2) frees of previously-freed memory (double-free) by snmp_trap_decode as well as its calling function, as demonstrated via certain test cases of the PROTOS SNMP test suite.
Description:	The snmp_trap_decode function in the SNMP NAT helper for Linux kernel before 2.6.16.18 allows remote attackers to cause a denial of service (crash) via unspecified remote attack vectors that cause failures in snmp_trap_decode that trigger (1) frees of random memory or (2) frees of previously-freed memory (double-free) by snmp_trap_decode as well as its calling function, as demonstrated via certain test cases of the PROTOS SNMP test suite.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2006-2444	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section kernel-BOOT is earlier than 0:2.4.21-47.EL AND kernel-unsupported is earlier than 0:2.4.21-47.EL AND kernel-smp-unsupported is earlier than 0:2.4.21-47.EL AND kernel-hugemem-unsupported is earlier than 0:2.4.21-47.EL AND kernel-hugemem is earlier than 0:2.4.21-47.EL AND kernel is earlier than 0:2.4.21-47.EL AND kernel-source is earlier than 0:2.4.21-47.EL AND kernel-doc is earlier than 0:2.4.21-47.EL AND kernel-smp is earlier than 0:2.4.21-47.EL OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section kernel-hugemem is earlier than 0:2.6.9-42.0.2.EL AND kernel-hugemem-devel is earlier than 0:2.6.9-42.0.2.EL AND kernel-smp-devel is earlier than 0:2.6.9-42.0.2.EL AND kernel-largesmp-devel is earlier than 0:2.6.9-42.0.2.EL AND kernel is earlier than 0:2.6.9-42.0.2.EL AND kernel-devel is earlier than 0:2.6.9-42.0.2.EL AND kernel-doc is earlier than 0:2.6.9-42.0.2.EL AND kernel-largesmp is earlier than 0:2.6.9-42.0.2.EL AND kernel-smp is earlier than 0:2.6.9-42.0.2.EL

Definition Id: oval:org.mitre.oval:def:11327

Oval ID:	oval:org.mitre.oval:def:11327
Title:	Directory traversal vulnerability in smbfs in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences, a similar vulnerability to CVE-2006-1863.
Description:	Directory traversal vulnerability in smbfs in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences, a similar vulnerability to CVE-2006-1863.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2006-1864	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section kernel-BOOT is earlier than 0:2.4.21-47.0.1.EL AND kernel-unsupported is earlier than 0:2.4.21-47.0.1.EL AND kernel-smp-unsupported is earlier than 0:2.4.21-47.0.1.EL AND kernel-hugemem-unsupported is earlier than 0:2.4.21-47.0.1.EL AND kernel-hugemem is earlier than 0:2.4.21-47.0.1.EL AND kernel is earlier than 0:2.4.21-47.0.1.EL AND kernel-source is earlier than 0:2.4.21-47.0.1.EL AND kernel-doc is earlier than 0:2.4.21-47.0.1.EL AND kernel-smp is earlier than 0:2.4.21-47.0.1.EL OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section kernel-hugemem is earlier than 0:2.6.9-34.0.1.EL AND kernel-hugemem-devel is earlier than 0:2.6.9-34.0.1.EL AND kernel-smp-devel is earlier than 0:2.6.9-34.0.1.EL AND kernel-largesmp-devel is earlier than 0:2.6.9-34.0.1.EL AND kernel is earlier than 0:2.6.9-34.0.1.EL AND kernel-devel is earlier than 0:2.6.9-34.0.1.EL AND kernel-doc is earlier than 0:2.6.9-34.0.1.EL AND kernel-largesmp is earlier than 0:2.6.9-34.0.1.EL AND kernel-smp is earlier than 0:2.6.9-34.0.1.EL

Definition Id: oval:org.mitre.oval:def:9472

Oval ID:	oval:org.mitre.oval:def:9472
Title:	Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial of service (kernel OOPS) via a userspace process that issues a USB Request Block (URB) to a USB device and terminates before the URB is finished, which leads to a stale pointer reference.
Description:	Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial of service (kernel OOPS) via a userspace process that issues a USB Request Block (URB) to a USB device and terminates before the URB is finished, which leads to a stale pointer reference.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2005-3055	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section kernel-BOOT is earlier than 0:2.4.21-47.EL AND kernel-unsupported is earlier than 0:2.4.21-47.EL AND kernel-smp-unsupported is earlier than 0:2.4.21-47.EL AND kernel-hugemem-unsupported is earlier than 0:2.4.21-47.EL AND kernel-hugemem is earlier than 0:2.4.21-47.EL AND kernel is earlier than 0:2.4.21-47.EL AND kernel-source is earlier than 0:2.4.21-47.EL AND kernel-doc is earlier than 0:2.4.21-47.EL AND kernel-smp is earlier than 0:2.4.21-47.EL OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section kernel-hugemem is earlier than 0:2.6.9-42.EL AND kernel-hugemem-devel is earlier than 0:2.6.9-42.EL AND kernel-smp-devel is earlier than 0:2.6.9-42.EL AND kernel-largesmp-devel is earlier than 0:2.6.9-42.EL AND kernel is earlier than 0:2.6.9-42.EL AND kernel-devel is earlier than 0:2.6.9-42.EL AND kernel-doc is earlier than 0:2.6.9-42.EL AND kernel-largesmp is earlier than 0:2.6.9-42.EL AND kernel-smp is earlier than 0:2.6.9-42.EL

Definition Id: oval:org.mitre.oval:def:9552

Oval ID:	oval:org.mitre.oval:def:9552
Title:	The rose_rt_ioctl function in rose_route.c for Radionet Open Source Environment (ROSE) in Linux 2.6 kernels before 2.6.12, and 2.4 before 2.4.29, does not properly verify the ndigis argument for a new route, which allows attackers to trigger array out-of-bounds errors with a large number of digipeats.
Description:	The rose_rt_ioctl function in rose_route.c for Radionet Open Source Environment (ROSE) in Linux 2.6 kernels before 2.6.12, and 2.4 before 2.4.29, does not properly verify the ndigis argument for a new route, which allows attackers to trigger array out-of-bounds errors with a large number of digipeats.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2005-3273	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3	Product(s):
Definition Synopsis:
RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section kernel-BOOT is earlier than 0:2.4.21-37.EL AND kernel-unsupported is earlier than 0:2.4.21-37.EL AND kernel-smp-unsupported is earlier than 0:2.4.21-37.EL AND kernel-hugemem-unsupported is earlier than 0:2.4.21-37.EL AND kernel-hugemem is earlier than 0:2.4.21-37.EL AND kernel is earlier than 0:2.4.21-37.EL AND kernel-source is earlier than 0:2.4.21-37.EL AND kernel-doc is earlier than 0:2.4.21-37.EL AND kernel-smp is earlier than 0:2.4.21-37.EL

Definition Id: oval:org.mitre.oval:def:9978

Oval ID:	oval:org.mitre.oval:def:9978
Title:	Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass IPC permissions and modify a readonly attachment of shared memory by using mprotect to give write permission to the attachment. NOTE: some original raw sources combined this issue with CVE-2006-1524, but they are different bugs.
Description:	Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass IPC permissions and modify a readonly attachment of shared memory by using mprotect to give write permission to the attachment. NOTE: some original raw sources combined this issue with CVE-2006-1524, but they are different bugs.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2006-2071	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section kernel-BOOT is earlier than 0:2.4.21-47.0.1.EL AND kernel-unsupported is earlier than 0:2.4.21-47.0.1.EL AND kernel-smp-unsupported is earlier than 0:2.4.21-47.0.1.EL AND kernel-hugemem-unsupported is earlier than 0:2.4.21-47.0.1.EL AND kernel-hugemem is earlier than 0:2.4.21-47.0.1.EL AND kernel is earlier than 0:2.4.21-47.0.1.EL AND kernel-source is earlier than 0:2.4.21-47.0.1.EL AND kernel-doc is earlier than 0:2.4.21-47.0.1.EL AND kernel-smp is earlier than 0:2.4.21-47.0.1.EL OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section kernel-hugemem is earlier than 0:2.6.9-42.0.3.EL AND kernel-hugemem-devel is earlier than 0:2.6.9-42.0.3.EL AND kernel-smp-devel is earlier than 0:2.6.9-42.0.3.EL AND kernel-largesmp-devel is earlier than 0:2.6.9-42.0.3.EL AND kernel is earlier than 0:2.6.9-42.0.3.EL AND kernel-devel is earlier than 0:2.6.9-42.0.3.EL AND kernel-doc is earlier than 0:2.6.9-42.0.3.EL AND kernel-largesmp is earlier than 0:2.6.9-42.0.3.EL AND kernel-smp is earlier than 0:2.6.9-42.0.3.EL

CPE : Common Platform Enumeration

Type	Description	Count
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:3.1:::::::*	1
Os	Linux Linux Kernel cpe:2.3:o:linux:linux_kernel:2.6.9:::::::* cpe:2.3:o:linux:linux_kernel:2.6.9:rc1:::::: cpe:2.3:o:linux:linux_kernel:2.6.9:rc4:::::: cpe:2.3:o:linux:linux_kernel:2.6.9:rc2:::::: cpe:2.3:o:linux:linux_kernel:2.6.9:rc3:::::: cpe:2.3:o:linux:linux_kernel:2.6.9:2.6.20:::::: cpe:2.3:o:linux:linux_kernel:2.6.8.1.5:::::::* cpe:2.3:o:linux:linux_kernel:2.6.8.1.5::power4::::: cpe:2.3:o:linux:linux_kernel:2.6.8.1.5::amd64_k8::::: cpe:2.3:o:linux:linux_kernel:2.6.8.1.5::686::::: cpe:2.3:o:linux:linux_kernel:2.6.8.1.5::powerpc::::: cpe:2.3:o:linux:linux_kernel:2.6.8.1.5::amd64::::: cpe:2.3:o:linux:linux_kernel:2.6.8.1.5::power3_smp::::: cpe:2.3:o:linux:linux_kernel:2.6.8.1.5::k7::::: cpe:2.3:o:linux:linux_kernel:2.6.8.1.5::amd64_k8_smp::::: cpe:2.3:o:linux:linux_kernel:2.6.8.1.5::686_smp::::: cpe:2.3:o:linux:linux_kernel:2.6.8.1.5::amd64_xeon::::: cpe:2.3:o:linux:linux_kernel:2.6.8.1.5::k7_smp::::: cpe:2.3:o:linux:linux_kernel:2.6.8.1.5::386::::: cpe:2.3:o:linux:linux_kernel:2.6.8.1.5::powerpc_smp::::: cpe:2.3:o:linux:linux_kernel:2.6.8.1.5::power4_smp::::: cpe:2.3:o:linux:linux_kernel:2.6.8.1.5::power3::::: cpe:2.3:o:linux:linux_kernel:2.6.8.1:::::::* cpe:2.3:o:linux:linux_kernel:2.6.8:::::::* cpe:2.3:o:linux:linux_kernel:2.6.8:rc3:::::: cpe:2.3:o:linux:linux_kernel:2.6.8:rc2:::::: cpe:2.3:o:linux:linux_kernel:2.6.8:rc1:::::: cpe:2.3:o:linux:linux_kernel:2.6.8:rc4:::::: cpe:2.3:o:linux:linux_kernel:2.6.7:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.7:rc1:::::: cpe:2.3:o:linux:linux_kernel:2.6.7:rc3:::::: cpe:2.3:o:linux:linux_kernel:2.6.7:rc2:::::: cpe:2.3:o:linux:linux_kernel:2.6.6:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.6:rc1:::::: cpe:2.3:o:linux:linux_kernel:2.6.6:rc2:::::: cpe:2.3:o:linux:linux_kernel:2.6.6:rc3:::::: cpe:2.3:o:linux:linux_kernel:2.6.5:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.5:rc3:::::: cpe:2.3:o:linux:linux_kernel:2.6.5:rc2:::::: cpe:2.3:o:linux:linux_kernel:2.6.5:rc1:::::: cpe:2.3:o:linux:linux_kernel:2.6.4:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.4:rc3:::::: cpe:2.3:o:linux:linux_kernel:2.6.4:rc2:::::: cpe:2.3:o:linux:linux_kernel:2.6.4:rc1:::::: cpe:2.3:o:linux:linux_kernel:2.6.3:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.3:rc1:::::: cpe:2.3:o:linux:linux_kernel:2.6.3:rc3:::::: cpe:2.3:o:linux:linux_kernel:2.6.3:rc2:::::: cpe:2.3:o:linux:linux_kernel:2.6.3:rc4:::::: cpe:2.3:o:linux:linux_kernel:2.6.2:rc3:::::: cpe:2.3:o:linux:linux_kernel:2.6.2:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.2:rc1:::::: cpe:2.3:o:linux:linux_kernel:2.6.2:rc2:::::: cpe:2.3:o:linux:linux_kernel:2.6.16.9:::::::* cpe:2.3:o:linux:linux_kernel:2.6.16.8:::::::* cpe:2.3:o:linux:linux_kernel:2.6.16.7:::::::* cpe:2.3:o:linux:linux_kernel:2.6.16.6:::::::* cpe:2.3:o:linux:linux_kernel:2.6.16.5:::::::* cpe:2.3:o:linux:linux_kernel:2.6.16.4:::::::* cpe:2.3:o:linux:linux_kernel:2.6.16.3:::::::* cpe:2.3:o:linux:linux_kernel:2.6.16.2:::::::* cpe:2.3:o:linux:linux_kernel:2.6.16.16:::::::* cpe:2.3:o:linux:linux_kernel:2.6.16.15:::::::* cpe:2.3:o:linux:linux_kernel:2.6.16.14:::::::* cpe:2.3:o:linux:linux_kernel:2.6.16.13:::::::* cpe:2.3:o:linux:linux_kernel:2.6.16.12:::::::* cpe:2.3:o:linux:linux_kernel:2.6.16.11:::::::* cpe:2.3:o:linux:linux_kernel:2.6.16.10:::::::* cpe:2.3:o:linux:linux_kernel:2.6.16.1:::::::* cpe:2.3:o:linux:linux_kernel:2.6.16_rc7:::::::* cpe:2.3:o:linux:linux_kernel:2.6.16:rc1:::::: cpe:2.3:o:linux:linux_kernel:2.6.16:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.16:rc5:::::: cpe:2.3:o:linux:linux_kernel:2.6.16:rc3:::::: cpe:2.3:o:linux:linux_kernel:2.6.16:rc2:::::: cpe:2.3:o:linux:linux_kernel:2.6.16:rc6:::::: cpe:2.3:o:linux:linux_kernel:2.6.16:rc4:::::: cpe:2.3:o:linux:linux_kernel:2.6.15.7:::::::* cpe:2.3:o:linux:linux_kernel:2.6.15.6:::::::* cpe:2.3:o:linux:linux_kernel:2.6.15.5:::::::* cpe:2.3:o:linux:linux_kernel:2.6.15.4:::::::* cpe:2.3:o:linux:linux_kernel:2.6.15.3:::::::* cpe:2.3:o:linux:linux_kernel:2.6.15.2:::::::* cpe:2.3:o:linux:linux_kernel:2.6.15.1:::::::* cpe:2.3:o:linux:linux_kernel:2.6.15:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.15:rc4:::::: cpe:2.3:o:linux:linux_kernel:2.6.15:rc1:::::: cpe:2.3:o:linux:linux_kernel:2.6.15:rc5:::::: cpe:2.3:o:linux:linux_kernel:2.6.15:rc7:::::: cpe:2.3:o:linux:linux_kernel:2.6.15:rc3:::::: cpe:2.3:o:linux:linux_kernel:2.6.15:rc6:::::: cpe:2.3:o:linux:linux_kernel:2.6.14.7:::::::* cpe:2.3:o:linux:linux_kernel:2.6.14.6:::::::* cpe:2.3:o:linux:linux_kernel:2.6.14.5:::::::* cpe:2.3:o:linux:linux_kernel:2.6.14.4:::::::* cpe:2.3:o:linux:linux_kernel:2.6.14.3:::::::* cpe:2.3:o:linux:linux_kernel:2.6.14.2:::::::* cpe:2.3:o:linux:linux_kernel:2.6.14.1:::::::* cpe:2.3:o:linux:linux_kernel:2.6.14:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.14:rc4:::::: cpe:2.3:o:linux:linux_kernel:2.6.14:rc3:::::: cpe:2.3:o:linux:linux_kernel:2.6.14:rc1:::::: cpe:2.3:o:linux:linux_kernel:2.6.14:rc2:::::: cpe:2.3:o:linux:linux_kernel:2.6.14:rc5:::::: cpe:2.3:o:linux:linux_kernel:2.6.13.4:::::::* cpe:2.3:o:linux:linux_kernel:2.6.13.3:::::::* cpe:2.3:o:linux:linux_kernel:2.6.13.2:::::::* cpe:2.3:o:linux:linux_kernel:2.6.13.1:::::::* cpe:2.3:o:linux:linux_kernel:2.6.13:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.13:rc1:::::: cpe:2.3:o:linux:linux_kernel:2.6.13:rc3:::::: cpe:2.3:o:linux:linux_kernel:2.6.13:rc7:::::: cpe:2.3:o:linux:linux_kernel:2.6.13:rc4:::::: cpe:2.3:o:linux:linux_kernel:2.6.13:rc2:::::: cpe:2.3:o:linux:linux_kernel:2.6.13:rc5:::::: cpe:2.3:o:linux:linux_kernel:2.6.13:rc6:::::: cpe:2.3:o:linux:linux_kernel:2.6.12.6:::::::* cpe:2.3:o:linux:linux_kernel:2.6.12.5:::::::* cpe:2.3:o:linux:linux_kernel:2.6.12.4:::::::* cpe:2.3:o:linux:linux_kernel:2.6.12.3:::::::* cpe:2.3:o:linux:linux_kernel:2.6.12.2:::::::* cpe:2.3:o:linux:linux_kernel:2.6.12.1:::::::* cpe:2.3:o:linux:linux_kernel:2.6.12:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:::::: cpe:2.3:o:linux:linux_kernel:2.6.12:rc1:::::: cpe:2.3:o:linux:linux_kernel:2.6.12:rc6:::::: cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:::::: cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:::::: cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:::::: cpe:2.3:o:linux:linux_kernel:2.6.11.9:::::::* cpe:2.3:o:linux:linux_kernel:2.6.11.8:::::::* cpe:2.3:o:linux:linux_kernel:2.6.11.7:::::::* cpe:2.3:o:linux:linux_kernel:2.6.11.6:::::::* cpe:2.3:o:linux:linux_kernel:2.6.11.5:::::::* cpe:2.3:o:linux:linux_kernel:2.6.11.4:::::::* cpe:2.3:o:linux:linux_kernel:2.6.11.3:::::::* cpe:2.3:o:linux:linux_kernel:2.6.11.2:::::::* cpe:2.3:o:linux:linux_kernel:2.6.11.12:::::::* cpe:2.3:o:linux:linux_kernel:2.6.11.11:::::::* cpe:2.3:o:linux:linux_kernel:2.6.11.10:::::::* cpe:2.3:o:linux:linux_kernel:2.6.11.1:::::::* cpe:2.3:o:linux:linux_kernel:2.6.11_rc1_bk6:::::::* cpe:2.3:o:linux:linux_kernel:2.6.11:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.11:rc5:::::: cpe:2.3:o:linux:linux_kernel:2.6.11:rc2:::::: cpe:2.3:o:linux:linux_kernel:2.6.11:rc3:::::: cpe:2.3:o:linux:linux_kernel:2.6.11:rc4:::::: cpe:2.3:o:linux:linux_kernel:2.6.11:rc1:::::: cpe:2.3:o:linux:linux_kernel:2.6.11::x86_64::::: cpe:2.3:o:linux:linux_kernel:2.6.10:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.10:rc3:::::: cpe:2.3:o:linux:linux_kernel:2.6.10:rc1:::::: cpe:2.3:o:linux:linux_kernel:2.6.10:rc2:::::: cpe:2.3:o:linux:linux_kernel:2.6.1:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.1:rc1:::::: cpe:2.3:o:linux:linux_kernel:2.6.1:rc3:::::: cpe:2.3:o:linux:linux_kernel:2.6.1:rc2:::::: cpe:2.3:o:linux:linux_kernel:2.6.0:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.0:test2:::::: cpe:2.3:o:linux:linux_kernel:2.6.0:test1:::::: cpe:2.3:o:linux:linux_kernel:2.6.0:test11:::::: cpe:2.3:o:linux:linux_kernel:2.6.0:test6:::::: cpe:2.3:o:linux:linux_kernel:2.6.0:test4:::::: cpe:2.3:o:linux:linux_kernel:2.6.0:test8:::::: cpe:2.3:o:linux:linux_kernel:2.6.0:test10:::::: cpe:2.3:o:linux:linux_kernel:2.6.0:test9:::::: cpe:2.3:o:linux:linux_kernel:2.6.0:test5:::::: cpe:2.3:o:linux:linux_kernel:2.6.0:test7:::::: cpe:2.3:o:linux:linux_kernel:2.6.0:test3:::::: cpe:2.3:o:linux:linux_kernel:2.6.0::64-bit_x86::::: cpe:2.3:o:linux:linux_kernel:2.6.0::itanium_ia64_montecito::::: cpe:2.3:o:linux:linux_kernel:2.6_test9_cvs:::::::* cpe:2.3:o:linux:linux_kernel:2.4.9:::::::* cpe:2.3:o:linux:linux_kernel:2.4.8:::::::* cpe:2.3:o:linux:linux_kernel:2.4.7:::::::* cpe:2.3:o:linux:linux_kernel:2.4.6:::::::* cpe:2.3:o:linux:linux_kernel:2.4.5:::::::* cpe:2.3:o:linux:linux_kernel:2.4.4:::::::* cpe:2.3:o:linux:linux_kernel:2.4.33:pre1:::::: cpe:2.3:o:linux:linux_kernel:2.4.32:-:::::: cpe:2.3:o:linux:linux_kernel:2.4.32:pre2:::::: cpe:2.3:o:linux:linux_kernel:2.4.32:pre1:::::: cpe:2.3:o:linux:linux_kernel:2.4.31:pre1:::::: cpe:2.3:o:linux:linux_kernel:2.4.31:-:::::: cpe:2.3:o:linux:linux_kernel:2.4.30:rc3:::::: cpe:2.3:o:linux:linux_kernel:2.4.30:rc2:::::: cpe:2.3:o:linux:linux_kernel:2.4.30:-:::::: cpe:2.3:o:linux:linux_kernel:2.4.3:-:::::: cpe:2.3:o:linux:linux_kernel:2.4.29:rc2:::::: cpe:2.3:o:linux:linux_kernel:2.4.29:-:::::: cpe:2.3:o:linux:linux_kernel:2.4.29:rc1:::::: cpe:2.3:o:linux:linux_kernel:2.4.28:::::::* cpe:2.3:o:linux:linux_kernel:2.4.27:pre4:::::: cpe:2.3:o:linux:linux_kernel:2.4.27:pre1:::::: cpe:2.3:o:linux:linux_kernel:2.4.27:-:::::: cpe:2.3:o:linux:linux_kernel:2.4.27:pre2:::::: cpe:2.3:o:linux:linux_kernel:2.4.27:pre5:::::: cpe:2.3:o:linux:linux_kernel:2.4.27:pre3:::::: cpe:2.3:o:linux:linux_kernel:2.4.26:::::::* cpe:2.3:o:linux:linux_kernel:2.4.25:::::::* cpe:2.3:o:linux:linux_kernel:2.4.24_ow1:::::::* cpe:2.3:o:linux:linux_kernel:2.4.24:::::::* cpe:2.3:o:linux:linux_kernel:2.4.23_ow2:::::::* cpe:2.3:o:linux:linux_kernel:2.4.23:pre9:::::: cpe:2.3:o:linux:linux_kernel:2.4.23:-:::::: cpe:2.3:o:linux:linux_kernel:2.4.22:-:::::: cpe:2.3:o:linux:linux_kernel:2.4.21:pre1:::::: cpe:2.3:o:linux:linux_kernel:2.4.21:pre4:::::: cpe:2.3:o:linux:linux_kernel:2.4.21:pre7:::::: cpe:2.3:o:linux:linux_kernel:2.4.21:-:::::: cpe:2.3:o:linux:linux_kernel:2.4.20:::::::* cpe:2.3:o:linux:linux_kernel:2.4.2:::::::* cpe:2.3:o:linux:linux_kernel:2.4.19:pre3:::::: cpe:2.3:o:linux:linux_kernel:2.4.19:pre4:::::: cpe:2.3:o:linux:linux_kernel:2.4.19:pre5:::::: cpe:2.3:o:linux:linux_kernel:2.4.19:pre6:::::: cpe:2.3:o:linux:linux_kernel:2.4.19:pre2:::::: cpe:2.3:o:linux:linux_kernel:2.4.19:-:::::: cpe:2.3:o:linux:linux_kernel:2.4.19:pre1:::::: cpe:2.3:o:linux:linux_kernel:2.4.18:pre1:::::: cpe:2.3:o:linux:linux_kernel:2.4.18:pre5:::::: cpe:2.3:o:linux:linux_kernel:2.4.18:pre3:::::: cpe:2.3:o:linux:linux_kernel:2.4.18::x86::::: cpe:2.3:o:linux:linux_kernel:2.4.18:pre7:::::: cpe:2.3:o:linux:linux_kernel:2.4.18:pre4:::::: cpe:2.3:o:linux:linux_kernel:2.4.18:pre8:::::: cpe:2.3:o:linux:linux_kernel:2.4.18:pre6:::::: cpe:2.3:o:linux:linux_kernel:2.4.18:-:::::: cpe:2.3:o:linux:linux_kernel:2.4.18:pre2:::::: cpe:2.3:o:linux:linux_kernel:2.4.17:::::::* cpe:2.3:o:linux:linux_kernel:2.4.16:::::::* cpe:2.3:o:linux:linux_kernel:2.4.15:::::::* cpe:2.3:o:linux:linux_kernel:2.4.14:::::::* cpe:2.3:o:linux:linux_kernel:2.4.13:::::::* cpe:2.3:o:linux:linux_kernel:2.4.12:::::::* cpe:2.3:o:linux:linux_kernel:2.4.11:-:::::: cpe:2.3:o:linux:linux_kernel:2.4.10:::::::* cpe:2.3:o:linux:linux_kernel:2.4.1:::::::* cpe:2.3:o:linux:linux_kernel:2.4.0:-:::::: cpe:2.3:o:linux:linux_kernel:2.4.0:test3:::::: cpe:2.3:o:linux:linux_kernel:2.4.0:test8:::::: cpe:2.3:o:linux:linux_kernel:2.4.0:test10:::::: cpe:2.3:o:linux:linux_kernel:2.4.0:test1:::::: cpe:2.3:o:linux:linux_kernel:2.4.0:test12:::::: cpe:2.3:o:linux:linux_kernel:2.4.0:test2:::::: cpe:2.3:o:linux:linux_kernel:2.4.0:test4:::::: cpe:2.3:o:linux:linux_kernel:2.4.0:test6:::::: cpe:2.3:o:linux:linux_kernel:2.4.0:test7:::::: cpe:2.3:o:linux:linux_kernel:2.4.0:test9:::::: cpe:2.3:o:linux:linux_kernel:2.4.0:test11:::::: cpe:2.3:o:linux:linux_kernel:2.4.0:test5::::::	251

ExploitDB Exploits

id	Description
2006-06-05	Linux Kernel < 2.6.16.18 - (Netfilter NAT SNMP Module) Remote DoS Exploit

OpenVAS Exploits

Date	Description
2009-10-10	Name : SLES9: Security update for Linux kernel File : nvt/sles9p5015723.nasl
2009-10-10	Name : SLES9: Security update for Linux kernel File : nvt/sles9p5020521.nasl
2008-01-17	Name : Debian Security Advisory DSA 1017-1 (kernel-source-2.6.8) File : nvt/deb_1017_1.nasl
2008-01-17	Name : Debian Security Advisory DSA 1097-1 (kernel-source-2.4.27) File : nvt/deb_1097_1.nasl
2008-01-17	Name : Debian Security Advisory DSA 1103-1 (kernel-source-2.6.8) File : nvt/deb_1103_1.nasl
2008-01-17	Name : Debian Security Advisory DSA 1183-1 (kernel-source-2.4.27) File : nvt/deb_1183_1.nasl
2008-01-17	Name : Debian Security Advisory DSA 1184-1 (kernel-source-2.6.8) File : nvt/deb_1184_1.nasl
2008-01-17	Name : Debian Security Advisory DSA 1184-2 (kernel-source-2.6.8) File : nvt/deb_1184_2.nasl
2008-01-17	Name : Debian Security Advisory DSA 922-1 (kernel-source-2.4.27) File : nvt/deb_922_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
29841	Linux Kernel net/ipv4/netfilter/ IPv4 Socket Name Return Arbitrary Memory Dis... The Linux kernel contains a flaw that may lead to local memory disclosure. The issue is due to net/ipv4/netfilter/ip_conntrack_core.c, net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c and net/ipv4/af_inet.c not properly clearing the 'sockaddr_in.sin_zero' struct. The resulting 6 byte leak to userspace occurs when returning IPv4 socket names from getsockopt(), getpeername(), accept() and getsockname() functions. This could allow a local attacker to possibly obtain sensitive information.
25750	Linux Kernel SNMP NAT Helper snmp_trap_decode() Function DoS The Linux kernel contains a flaw that may allow a remote denial of service. The issue is triggered when the 'ip_nat_snmp_basic' module is loaded and NAT is performed on ports 161 or 162. The 'snmp_trap_decode()' function is the cause for potential multiple freeing of memory, which will result in memory corruption and hence loss of availability for the platform.
25139	Linux Kernel mprotect() Function Memory Manipulation
25067	Linux Kernel SMBFS SMB Mount Traversal chroot Restriction Bypass The Linux Kernel contains a flaw that may allow a malicious user to escape a chroot environment. The issue is triggered when a user attempts to change to a working directory outside a chroot environment in a SMBFS file system using a double backslash, e.g. 'cd ..\\'. It is possible that the flaw may allow unauthorised access to file system resources, resulting in a loss of confidentiality and/or integrity.
24071	Linux Kernel IPv4 sockaddr_in.sin_zero Local Information Disclosure
19702	Linux Kernel USB Malformed URB Local DoS
14864	Linux Kernel ROSE rose_rt_ioctl Function ndigis Argument Error

Snort® IPS/IDS

Date	Description
2014-01-10	Linux Kernel SNMP Netfilter Memory Corruption attempt RuleID : 17738 - Revision : 8 - Type : SERVER-OTHER
2014-01-10	Linux Kernel snmp nat netfilter memory corruption attempt RuleID : 13773 - Revision : 8 - Type : OS-LINUX

Nessus® Vulnerability Scanner

Date	Description
2013-07-12	Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2006-0617.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2006-0710.nasl - Type : ACT_GATHER_INFO
2013-03-09	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-219-1.nasl - Type : ACT_GATHER_INFO
2007-11-10	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-302-1.nasl - Type : ACT_GATHER_INFO
2007-01-17	Name : The remote Fedora Core host is missing a security update. File : fedora_2006-517.nasl - Type : ACT_GATHER_INFO
2006-12-16	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-151.nasl - Type : ACT_GATHER_INFO
2006-10-25	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0710.nasl - Type : ACT_GATHER_INFO
2006-10-20	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0710.nasl - Type : ACT_GATHER_INFO
2006-10-14	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1017.nasl - Type : ACT_GATHER_INFO
2006-10-14	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1097.nasl - Type : ACT_GATHER_INFO
2006-10-14	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1103.nasl - Type : ACT_GATHER_INFO
2006-10-14	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1183.nasl - Type : ACT_GATHER_INFO
2006-10-14	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1184.nasl - Type : ACT_GATHER_INFO
2006-10-14	Name : The remote Debian host is missing a security-related update. File : debian_DSA-922.nasl - Type : ACT_GATHER_INFO
2006-10-10	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0689.nasl - Type : ACT_GATHER_INFO
2006-10-10	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0689.nasl - Type : ACT_GATHER_INFO
2006-08-30	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0575.nasl - Type : ACT_GATHER_INFO
2006-08-30	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0617.nasl - Type : ACT_GATHER_INFO
2006-08-23	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0617.nasl - Type : ACT_GATHER_INFO
2006-08-14	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0575.nasl - Type : ACT_GATHER_INFO
2006-08-04	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0437.nasl - Type : ACT_GATHER_INFO
2006-07-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0437.nasl - Type : ACT_GATHER_INFO
2006-07-18	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-123.nasl - Type : ACT_GATHER_INFO
2006-07-17	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0579.nasl - Type : ACT_GATHER_INFO
2006-07-05	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0493.nasl - Type : ACT_GATHER_INFO
2006-07-03	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-663.nasl - Type : ACT_GATHER_INFO
2006-05-27	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-087.nasl - Type : ACT_GATHER_INFO
2006-05-24	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0493.nasl - Type : ACT_GATHER_INFO
2006-05-19	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-086.nasl - Type : ACT_GATHER_INFO
2006-05-13	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-281-1.nasl - Type : ACT_GATHER_INFO
2006-01-15	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-235.nasl - Type : ACT_GATHER_INFO
2006-01-15	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-219.nasl - Type : ACT_GATHER_INFO
2005-12-08	Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_067.nasl - Type : ACT_GATHER_INFO
2005-10-05	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-663.nasl - Type : ACT_GATHER_INFO

Global Informations

Type	Count
CWE ID(s)	2
Oval ID(s)	6
CPE ID(s)	252
osvdb(s)	7
ExploitDB Exploit(s)	1
Openvas Exploit(s)	9
Snort® Rule(s)	2
Nessus® Exploit(s)	34

	Related
7.8	CVE-2006-2444
5	CVE-2005-3273
4.6	CVE-2006-1864
2.1	CVE-2006-2071
2.1	CVE-2006-1343
2.1	CVE-2006-1342
2.1	CVE-2005-3055
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 7 more Alert(s)