Executive Summary
Summary | |
---|---|
Title | kernel security update |
Informations | |||
---|---|---|---|
Name | RHSA-2006:0689 | First vendor Publication | 2006-10-05 |
Vendor | RedHat | Last vendor Modification | 2006-10-05 |
Severity (Vendor) | Important | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 4 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below: * a flaw in the SCTP support that allowed a local user to cause a denial of service (crash) with a specific SO_LINGER value. (CVE-2006-4535, Important) * a flaw in the hugepage table support that allowed a local user to cause a denial of service (crash). (CVE-2005-4811, Important) * a flaw in the mprotect system call that allowed setting write permission for a read-only attachment of shared memory. (CVE-2006-2071, Moderate) * a flaw in HID0[31] (en_attn) register handling on PowerPC 970 systems that allowed a local user to cause a denial of service. (crash) (CVE-2006-4093, Moderate) * a flaw in the perfmon support of Itanium systems that allowed a local user to cause a denial of service by consuming all file descriptors. (CVE-2006-3741, Moderate) * a flaw in the ATM subsystem. On systems with installed ATM hardware and configured ATM support, a remote user could cause a denial of service (panic) by accessing socket buffers memory after freeing them. (CVE-2006-4997, Moderate) * a flaw in the DVB subsystem. On systems with installed DVB hardware and configured DVB support, a remote user could cause a denial of service (panic) by sending a ULE SNDU packet with length of 0. (CVE-2006-4623, Low) * an information leak in the network subsystem that possibly allowed a local user to read sensitive data from kernel memory. (CVE-2006-0039, Low) In addition, two bugfixes for the IPW-2200 wireless driver were included. The first one ensures that wireless management applications correctly identify IPW-2200 controlled devices, while the second fix ensures that DHCP requests using the IPW-2200 operate correctly. Red Hat would like to thank Olof Johansson, Stephane Eranian and Solar Designer for reporting issues fixed in this erratum. All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 165345 - CVE-2005-4811 Hugepage crash on failing mmap() 190073 - CVE-2006-2071 mprotect gives write permission to a readonly attachment 191698 - CVE-2006-0039 netfilter do_add_counters race 198820 - IPW2200 /proc/net/wireless file fields are empty 201684 - CVE-2006-4093 Local DoS through uncleared HID0[31] 203421 - Grabbing DHCP address via wireless not always successful 204360 - CVE-2006-3741 sys_perfmonctl() file descriptor reference count issue 204460 - CVE-2006-4535 Regression with fix for SCTP abort issue 204912 - CVE-2006-4623 Wrong handling of DVB ULE SNDU with length of 0 206265 - CVE-2006-4997 IP over ATM clip_mkip dereference freed pointer |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2006-0689.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-416 | Use After Free |
33 % | CWE-399 | Resource Management Errors |
33 % | CWE-362 | Race Condition |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10309 | |||
Oval ID: | oval:org.mitre.oval:def:10309 | ||
Title: | Race condition in the do_add_counters function in netfilter for Linux kernel 2.6.16 allows local users with CAP_NET_ADMIN capabilities to read kernel memory by triggering the race condition in a way that produces a size value that is inconsistent with allocated memory, which leads to a buffer over-read in IPT_ENTRY_ITERATE. | ||
Description: | Race condition in the do_add_counters function in netfilter for Linux kernel 2.6.16 allows local users with CAP_NET_ADMIN capabilities to read kernel memory by triggering the race condition in a way that produces a size value that is inconsistent with allocated memory, which leads to a buffer over-read in IPT_ENTRY_ITERATE. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-0039 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10388 | |||
Oval ID: | oval:org.mitre.oval:def:10388 | ||
Title: | The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (freed pointer dereference). | ||
Description: | The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (freed pointer dereference). | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-4997 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10530 | |||
Oval ID: | oval:org.mitre.oval:def:10530 | ||
Title: | The Linux kernel 2.6.17.10 and 2.6.17.11 and 2.6.18-rc5 allows local users to cause a denial of service (crash) via an SCTP socket with a certain SO_LINGER value, possibly related to the patch for CVE-2006-3745. NOTE: older kernel versions for specific Linux distributions are also affected, due to backporting of the CVE-2006-3745 patch. | ||
Description: | The Linux kernel 2.6.17.10 and 2.6.17.11 and 2.6.18-rc5 allows local users to cause a denial of service (crash) via an SCTP socket with a certain SO_LINGER value, possibly related to the patch for CVE-2006-3745. NOTE: older kernel versions for specific Linux distributions are also affected, due to backporting of the CVE-2006-3745 patch. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-4535 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10666 | |||
Oval ID: | oval:org.mitre.oval:def:10666 | ||
Title: | Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on PowerPC PPC970 systems allows local users to cause a denial of service (crash) related to the "HID0 attention enable on PPC970 at boot time." | ||
Description: | Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on PowerPC PPC970 systems allows local users to cause a denial of service (crash) related to the "HID0 attention enable on PPC970 at boot time." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-4093 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10976 | |||
Oval ID: | oval:org.mitre.oval:def:10976 | ||
Title: | The hugepage code (hugetlb.c) in Linux kernel 2.6, possibly 2.6.12 and 2.6.13, in certain configurations, allows local users to cause a denial of service (crash) by triggering an mmap error before a prefault, which causes an error in the unmap_hugepage_area function. | ||
Description: | The hugepage code (hugetlb.c) in Linux kernel 2.6, possibly 2.6.12 and 2.6.13, in certain configurations, allows local users to cause a denial of service (crash) by triggering an mmap error before a prefault, which causes an error in the unmap_hugepage_area function. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-4811 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11250 | |||
Oval ID: | oval:org.mitre.oval:def:11250 | ||
Title: | The perfmonctl system call (sys_perfmonctl) in Linux kernel 2.4.x and 2.6 before 2.6.18, when running on Itanium systems, does not properly track the reference count for file descriptors, which allows local users to cause a denial of service (file descriptor consumption). | ||
Description: | The perfmonctl system call (sys_perfmonctl) in Linux kernel 2.4.x and 2.6 before 2.6.18, when running on Itanium systems, does not properly track the reference count for file descriptors, which allows local users to cause a denial of service (file descriptor consumption). | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-3741 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9775 | |||
Oval ID: | oval:org.mitre.oval:def:9775 | ||
Title: | The Unidirectional Lightweight Encapsulation (ULE) decapsulation component in dvb-core/dvb_net.c in the dvb driver in the Linux kernel 2.6.17.8 allows remote attackers to cause a denial of service (crash) via an SNDU length of 0 in a ULE packet. | ||
Description: | The Unidirectional Lightweight Encapsulation (ULE) decapsulation component in dvb-core/dvb_net.c in the dvb driver in the Linux kernel 2.6.17.8 allows remote attackers to cause a denial of service (crash) via an SNDU length of 0 in a ULE packet. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-4623 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9978 | |||
Oval ID: | oval:org.mitre.oval:def:9978 | ||
Title: | Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass IPC permissions and modify a readonly attachment of shared memory by using mprotect to give write permission to the attachment. NOTE: some original raw sources combined this issue with CVE-2006-1524, but they are different bugs. | ||
Description: | Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass IPC permissions and modify a readonly attachment of shared memory by using mprotect to give write permission to the attachment. NOTE: some original raw sources combined this issue with CVE-2006-1524, but they are different bugs. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-2071 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5012650.nasl |
2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5019905.nasl |
2009-04-09 | Name : Mandriva Update for kernel MDKSA-2007:012 (kernel) File : nvt/gb_mandriva_MDKSA_2007_012.nasl |
2009-03-23 | Name : Ubuntu Update for linux-source-2.6.15 vulnerability USN-489-1 File : nvt/gb_ubuntu_USN_489_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1097-1 (kernel-source-2.4.27) File : nvt/deb_1097_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1103-1 (kernel-source-2.6.8) File : nvt/deb_1103_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1183-1 (kernel-source-2.4.27) File : nvt/deb_1183_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1184-1 (kernel-source-2.6.8) File : nvt/deb_1184_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1184-2 (kernel-source-2.6.8) File : nvt/deb_1184_2.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1233-1 (kernel-source-2.6.8) File : nvt/deb_1233_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1237-1 (kernel-source-2.4.27) File : nvt/deb_1237_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1304-1 (kernel-source-2.6.8) File : nvt/deb_1304_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
29540 | Linux Kernel hugepage unmap_hugepage_area() Function Local DoS |
29539 | Linux Kernel clip_mkip() Function Unspecified Remote DoS |
29538 | Linux Kernel sys_perfmonctl() File Descriptor Consumption Local DoS |
28937 | Linux Kernel SCTP Socket Crafted SO_LINGER Value DoS |
28718 | Linux Kernel ULE Processing Malformed SNDU Value DoS |
28034 | Linux Kernel Uncleared HID0[31] Bit DoS |
25697 | Linux Kernel Netfilter do_add_counters() Function Local Memory Disclosure The Linux kernel contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered because of a race condition in the Linux netfilter code. The 'do_add_counters()' function in 'net/ipv4/netfilter/arp_tables.c' and 'net/ipv6/netfilter/arp_tables.c' lacks a check for a parameter that might allow 'IPT_ENTRY_ITERATE()' to read beyond its intended boundaries, potentially accessing sensitive kernel memory and hence resulting in a loss of confidentiality. |
25139 | Linux Kernel mprotect() Function Memory Manipulation |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2006-0710.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2006-0617.nasl - Type : ACT_GATHER_INFO |
2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-2096.nasl - Type : ACT_GATHER_INFO |
2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-debug-2393.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-2097.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-bigsmp-2399.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-489-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-395-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-347-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-346-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-311-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-302-1.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-2397.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-2099.nasl - Type : ACT_GATHER_INFO |
2007-06-18 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1304.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-012.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-197.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-182.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2006_057.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0013.nasl - Type : ACT_GATHER_INFO |
2006-12-18 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1237.nasl - Type : ACT_GATHER_INFO |
2006-12-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1233.nasl - Type : ACT_GATHER_INFO |
2006-10-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0710.nasl - Type : ACT_GATHER_INFO |
2006-10-20 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0710.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1184.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1183.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1103.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1097.nasl - Type : ACT_GATHER_INFO |
2006-10-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0689.nasl - Type : ACT_GATHER_INFO |
2006-10-10 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0689.nasl - Type : ACT_GATHER_INFO |
2006-07-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0579.nasl - Type : ACT_GATHER_INFO |
2006-05-19 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-086.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:50:15 |
|