Debian DSA-312-1 : kernel-patch-2.4.18-powerpc - several vulnerabilities - Nessus
Critical Plugin ID: 15149This page contains detailed information about the Debian DSA-312-1 : kernel-patch-2.4.18-powerpc - several vulnerabilities Nessus plugin including available exploits and PoCs found on GitHub, in Metasploit or Exploit-DB for verifying of this vulnerability.
Plugin Overview
ID: 15149
Name: Debian DSA-312-1 : kernel-patch-2.4.18-powerpc - several vulnerabilities
Filename: debian_DSA-312.nasl
Vulnerability Published: 2003-06-03
This Plugin Published: 2004-09-29
Last Modification Time: 2021-01-04
Plugin Version: 1.26
Plugin Type: local
Plugin Family: Debian Local Security Checks
Dependencies:
ssh_get_info.nasl
Required KB Items [?]: Host/Debian/dpkg-l, Host/Debian/release, Host/local_checks_enabled
Vulnerability Information
Severity: Critical
Vulnerability Published: 2003-06-03
Patch Published: 2003-06-09
CVE [?]: CVE-2002-0429, CVE-2003-0001, CVE-2003-0127, CVE-2003-0244, CVE-2003-0246, CVE-2003-0247, CVE-2003-0248, CVE-2003-0364
CPE [?]: cpe:/o:debian:debian_linux:3.0, p-cpe:/a:debian:debian_linux:kernel-patch-2.4.18-powerpc
Exploited by Malware: True
Synopsis
The remote Debian host is missing a security-related update.
Description
A number of vulnerabilities have been discovered in the Linux kernel.
CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a binary compatibility interface (lcall).
CAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets.
CAN-2003-0127: The kernel module loader allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel.
CAN-2003-0244: The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain.
CAN-2003-0246: The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports.
CAN-2003-0247: Vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service ('kernel oops').
CAN-2003-0248: The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address.
CAN-2003-0364: The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions.
This advisory covers only the powerpc architecture. Other architectures will be covered by separate advisories.
Solution
For the stable distribution (woody) on the powerpc architecture, these problems have been fixed in version 2.4.18-1woody1.
We recommend that you update your kernel packages.
NOTE: A system reboot will be required immediately after the upgrade in order to replace the running kernel. Remember to read carefully and follow the instructions given during the kernel upgrade process.
Public Exploits
Target Network Port(s): N/A
Target Asset(s): N/A
Exploit Available: True (Exploit-DB, GitHub)
Exploit Ease: Exploits are available
Here's the list of publicly known exploits and PoCs for verifying the Debian DSA-312-1 : kernel-patch-2.4.18-powerpc - several vulnerabilities vulnerability:
- Exploit-DB: exploits/hardware/dos/26076.py
[EDB-26076: Cisco ASA < 8.4.4.6 < 8.2.5.32 - Ethernet Information Leak] - Exploit-DB: exploits/multiple/remote/3555.pl
[EDB-3555: Ethernet Device Drivers Frame Padding - 'Etherleak' Infomation Leakage] - Exploit-DB: exploits/bsd/remote/22131.pl
[EDB-22131: Linux Kernel 2.0.x/2.2.x/2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure] - GitHub: https://github.com/hackerhouse-opensource/exploits
[CVE-2003-0001] - GitHub: https://github.com/3sc4p3/oscp-notes
[CVE-2003-0127] - GitHub: https://github.com/DotSight7/Cheatsheet
[CVE-2003-0127] - GitHub: https://github.com/Drift-Security/Shadow_Brokers-Vs-NSA
[CVE-2003-0127] - GitHub: https://github.com/R3K1NG/ShadowBrokersFiles
[CVE-2003-0127] - GitHub: https://github.com/Snoopy-Sec/Localroot-ALL-CVE
[CVE-2003-0127] - GitHub: https://github.com/alizain51/OSCP-Notes-ALL-CREDITS-TO-OPTIXAL-
[CVE-2003-0127] - GitHub: https://github.com/antiscammerarmy/ShadowBrokersFiles
[CVE-2003-0127] - GitHub: https://github.com/bl4ck4t/Tools
[CVE-2003-0127] - GitHub: https://github.com/cipherreborn/SB--.-HACK-the-EQGRP-1
[CVE-2003-0127] - GitHub: https://github.com/cpardue/OSCP-PWK-Notes-Public
[CVE-2003-0127] - GitHub: https://github.com/happysmack/x0rzEQGRP
[CVE-2003-0127] - GitHub: https://github.com/kongjiexi/leaked2
[CVE-2003-0127] - GitHub: https://github.com/maxcvnd/bdhglopoj
[CVE-2003-0127] - GitHub: https://github.com/r3p3r/x0rz-EQGRP
[CVE-2003-0127] - GitHub: https://github.com/shakenetwork/shadowbrokerstuff
[CVE-2003-0127] - GitHub: https://github.com/sphinxs329/OSCP-PWK-Notes-Public
[CVE-2003-0127] - GitHub: https://github.com/thePevertedSpartan/EQ1
[CVE-2003-0127] - GitHub: https://github.com/thetrentusdev/shadowbrokerstuff
[CVE-2003-0127] - GitHub: https://github.com/thetrentus/ShadowBrokersStuff
[CVE-2003-0127] - GitHub: https://github.com/wuvuw/EQGR
[CVE-2003-0127] - GitHub: https://github.com/x0rz/EQGRP
[CVE-2003-0127] - GitHub: https://github.com/xcsrf/OSCP-PWK-Notes-Public
[CVE-2003-0127]
Before running any exploit against any system, make sure you are authorized by the owner of the target system(s) to perform such activity. In any other case, this would be considered as an illegal activity.
WARNING: Beware of using unverified exploits from sources such as GitHub or Exploit-DB. These exploits and PoCs could contain malware. For more information, see how to use exploits safely.
Risk Information
CVSS V2 Vector [?]: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:H/RL:OF/RC:C
| CVSS Base Score: | 10.0 (High) |
| Impact Subscore: | 10.0 |
| Exploitability Subscore: | 10.0 |
| CVSS Temporal Score: | 8.7 (High) |
| CVSS Environmental Score: | NA (None) |
| Modified Impact Subscore: | NA |
| Overall CVSS Score: | 8.7 (High) |
Go back to menu.
Plugin Source
This is the debian_DSA-312.nasl nessus plugin source code. This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DSA-312. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(15149);
script_version("1.26");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");
script_cve_id("CVE-2002-0429", "CVE-2003-0001", "CVE-2003-0127", "CVE-2003-0244", "CVE-2003-0246", "CVE-2003-0247", "CVE-2003-0248", "CVE-2003-0364");
script_bugtraq_id(6535, 7112, 7600, 7601, 7791, 7793, 7797);
script_xref(name:"DSA", value:"312");
script_name(english:"Debian DSA-312-1 : kernel-patch-2.4.18-powerpc - several vulnerabilities");
script_summary(english:"Checks dpkg output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security-related update."
);
script_set_attribute(
attribute:"description",
value:
"A number of vulnerabilities have been discovered in the Linux kernel.
CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for Linux
kernels 2.4.18 and earlier on x86 systems allow local users to kill
arbitrary processes via a binary compatibility interface (lcall).
CAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device
drivers do not pad frames with null bytes, which allows remote
attackers to obtain information from previous packets or kernel memory
by using malformed packets.
CAN-2003-0127: The kernel module loader allows local users to gain
root privileges by using ptrace to attach to a child process that is
spawned by the kernel.
CAN-2003-0244: The route cache implementation in Linux 2.4, and the
Netfilter IP conntrack module, allows remote attackers to cause a
denial of service (CPU consumption) via packets with forged source
addresses that cause a large number of hash table collisions related
to the PREROUTING chain.
CAN-2003-0246: The ioperm system call in Linux kernel 2.4.20 and
earlier does not properly restrict privileges, which allows local
users to gain read or write access to certain I/O ports.
CAN-2003-0247: Vulnerability in the TTY layer of the Linux kernel 2.4
allows attackers to cause a denial of service ('kernel oops').
CAN-2003-0248: The mxcsr code in Linux kernel 2.4 allows attackers to
modify CPU state registers via a malformed address.
CAN-2003-0364: The TCP/IP fragment reassembly handling in the Linux
kernel 2.4 allows remote attackers to cause a denial of service (CPU
consumption) via certain packets that cause a large number of hash
table collisions.
This advisory covers only the powerpc architecture. Other
architectures will be covered by separate advisories."
);
script_set_attribute(
attribute:"see_also",
value:"http://www.debian.org/security/2003/dsa-312"
);
script_set_attribute(
attribute:"solution",
value:
"For the stable distribution (woody) on the powerpc architecture, these
problems have been fixed in version 2.4.18-1woody1.
We recommend that you update your kernel packages.
NOTE: A system reboot will be required immediately after the upgrade
in order to replace the running kernel. Remember to read carefully and
follow the instructions given during the kernel upgrade process."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-patch-2.4.18-powerpc");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");
script_set_attribute(attribute:"patch_publication_date", value:"2003/06/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
script_set_attribute(attribute:"vuln_publication_date", value:"2003/06/03");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.18", reference:"2.4.18-1woody1")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-newpmac", reference:"2.4.18-1woody1")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-powerpc", reference:"2.4.18-1woody1")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-powerpc-smp", reference:"2.4.18-1woody1")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-patch-2.4.18-powerpc", reference:"2.4.18-1woody1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
The latest version of this script can be found in these locations depending on your platform:
- Linux / Unix:
/opt/nessus/lib/nessus/plugins/debian_DSA-312.nasl - Windows:
C:\ProgramData\Tenable\Nessus\nessus\plugins\debian_DSA-312.nasl - Mac OS X:
/Library/Nessus/run/lib/nessus/plugins/debian_DSA-312.nasl
Go back to menu.
How to Run
Here is how to run the Debian DSA-312-1 : kernel-patch-2.4.18-powerpc - several vulnerabilities as a standalone plugin via the Nessus web user interface (https://localhost:8834/):
- Click to start a New Scan.
- Select Advanced Scan.
- Navigate to the Plugins tab.
- On the top right corner click to Disable All plugins.
- On the left side table select Debian Local Security Checks plugin family.
- On the right side table select Debian DSA-312-1 : kernel-patch-2.4.18-powerpc - several vulnerabilities plugin ID 15149.
- Specify the target on the Settings tab and click to Save the scan.
- Run the scan.
Here are a few examples of how to run the plugin in the command line. Note that the examples below demonstrate the usage on the Linux / Unix platform.
Basic usage:
/opt/nessus/bin/nasl debian_DSA-312.nasl -t <IP/HOST>Run the plugin with audit trail message on the console:
/opt/nessus/bin/nasl -a debian_DSA-312.nasl -t <IP/HOST>Run the plugin with trace script execution written to the console (useful for debugging):
/opt/nessus/bin/nasl -T - debian_DSA-312.nasl -t <IP/HOST>Run the plugin with using a state file for the target and updating it (useful for running multiple plugins on the target):
/opt/nessus/bin/nasl -K /tmp/state debian_DSA-312.nasl -t <IP/HOST>Go back to menu.
References
BID | SecurityFocus Bugtraq ID: DSA | Debian Security Advisory: See also:
- https://www.tenable.com/plugins/nessus/15149
- http://www.debian.org/security/2003/dsa-312
- https://vulners.com/nessus/DEBIAN_DSA-312.NASL
- 15107 - Debian DSA-270-1 : linux-kernel-mips - local privilege escalation
- 15113 - Debian DSA-276-1 : linux-kernel-s390 - local privilege escalation
- 15148 - Debian DSA-311-1 : linux-kernel-2.4.18 - several vulnerabilities
- 15169 - Debian DSA-332-1 : linux-kernel-2.4.17 - several vulnerabilities
- 15173 - Debian DSA-336-1 : linux-kernel-2.2.20 - several vulnerabilities
- 15260 - Debian DSA-423-1 : linux-kernel-2.4.17-ia64 - several vulnerabilities
- 15279 - Debian DSA-442-1 : linux-kernel-2.4.17-s390 - several vulnerabilities
- 15332 - Debian DSA-495-1 : linux-kernel-2.4.16-arm - several vulnerabilities
- 11197 - Multiple Ethernet Driver Frame Padding Information Disclosure (Etherleak)
- 16670 - HP-UX PHNE_28143 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)
- 17417 - HP-UX PHNE_28636 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)
- 16926 - HP-UX PHNE_29244 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)
- 17420 - HP-UX PHNE_29267 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)
- 68912 - Juniper Junos SRX1400/3400/3600 Etherleak Information Disclosure (JSA10579)
- 14022 - Mandrake Linux Security Advisory : kernel (MDKSA-2003:038-1)
- 14023 - Mandrake Linux Security Advisory : kernel22 (MDKSA-2003:039)
- 14049 - Mandrake Linux Security Advisory : kernel (MDKSA-2003:066-2)
- 14057 - Mandrake Linux Security Advisory : kernel (MDKSA-2003:074)
- 12381 - RHEL 2.1 : kernel (RHSA-2003:103)
- 107944 - Solaris 10 (x86) : 125907-02
- 69906 - Solaris 10 (x86) : 125907-02 (deprecated)
- 80936 - Oracle Solaris Critical Patch Update : jan2015_SRU11_1_11_4_0
- 13791 - SUSE-SA:2003:021: kernel
Version
This page has been produced using Nessus Professional 10.1.2 (#68) LINUX, Plugin set 202205072148.
Plugin file debian_DSA-312.nasl version 1.26. For more plugins, visit the Nessus Plugin Library.
Go back to menu.
