The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context.
{"ubuntucve": [{"lastseen": "2021-11-22T21:52:19", "description": "The security_context_to_sid_core function in security/selinux/ss/services.c\nin the Linux kernel before 3.13.4 allows local users to cause a denial of\nservice (system crash) by leveraging the CAP_MAC_ADMIN capability to set a\nzero-length security context.\n\n#### Bugs\n\n * <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-1874>\n * <https://launchpad.net/bugs/1279985>\n", "cvss3": {}, "published": "2014-02-07T00:00:00", "type": "ubuntucve", "title": "CVE-2014-1874", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1874"], "modified": "2014-02-07T00:00:00", "id": "UB:CVE-2014-1874", "href": "https://ubuntu.com/security/CVE-2014-1874", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "cve": [{"lastseen": "2022-03-23T12:28:22", "description": "The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context.", "cvss3": {}, "published": "2014-02-28T06:18:00", "type": "cve", "title": "CVE-2014-1874", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1874"], "modified": "2020-08-26T13:33:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/o:suse:linux_enterprise_server:10", "cpe:/o:canonical:ubuntu_linux:10.04", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:13.10"], "id": "CVE-2014-1874", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1874", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-08-19T12:51:05", "description": "The 3.13.3 stable update contains a number of important fixes across the tree. The 3.13.2 rebase contains support for additional hardware, some new features and a number of important bug fixes across the tree.\nFixes CVE-2014-0069 cifs: incorrect handling of bogus user pointers\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-02-18T00:00:00", "type": "nessus", "title": "Fedora 20 : kernel-3.13.3-201.fc20 (2014-2576)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0069", "CVE-2014-1874"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-2576.NASL", "href": "https://www.tenable.com/plugins/nessus/72546", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-2576.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72546);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-0069\", \"CVE-2014-1874\");\n script_bugtraq_id(65459, 65588);\n script_xref(name:\"FEDORA\", value:\"2014-2576\");\n\n script_name(english:\"Fedora 20 : kernel-3.13.3-201.fc20 (2014-2576)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 3.13.3 stable update contains a number of important fixes across\nthe tree. The 3.13.2 rebase contains support for additional hardware,\nsome new features and a number of important bug fixes across the tree.\nFixes CVE-2014-0069 cifs: incorrect handling of bogus user pointers\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1062356\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1064253\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128498.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ea5482b5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"kernel-3.13.3-201.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:50:57", "description": "An information leak was discovered in the Linux kernel when built with the NetFilter Connection Tracking (NF_CONNTRACK) support for IRC protocol (NF_NAT_IRC). A remote attacker could exploit this flaw to obtain potentially sensitive kernel information when communicating over a client- to-client IRC connection(/dcc) via a NAT-ed network.\n(CVE-2014-1690)\n\nMatthew Thode reported a denial of service vulnerability in the Linux kernel when SELinux support is enabled. A local user with the CAP_MAC_ADMIN capability (and the SELinux mac_admin permission if running in enforcing mode) could exploit this flaw to cause a denial of service (kernel crash). (CVE-2014-1874)\n\nAn information leak was discovered in the Linux kernel's NFS filesystem. A local users with write access to an NFS share could exploit this flaw to obtain potential sensative information from kernel memory. (CVE-2014-2038).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-03-10T00:00:00", "type": "nessus", "title": "Ubuntu 13.10 : linux vulnerabilities (USN-2140-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1690", "CVE-2014-1874", "CVE-2014-2038"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.11-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.11-generic-lpae", "cpe:/o:canonical:ubuntu_linux:13.10"], "id": "UBUNTU_USN-2140-1.NASL", "href": "https://www.tenable.com/plugins/nessus/72902", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2140-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72902);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-1690\", \"CVE-2014-1874\", \"CVE-2014-2038\");\n script_bugtraq_id(65180, 65688);\n script_xref(name:\"USN\", value:\"2140-1\");\n\n script_name(english:\"Ubuntu 13.10 : linux vulnerabilities (USN-2140-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An information leak was discovered in the Linux kernel when built with\nthe NetFilter Connection Tracking (NF_CONNTRACK) support for IRC\nprotocol (NF_NAT_IRC). A remote attacker could exploit this flaw to\nobtain potentially sensitive kernel information when communicating\nover a client- to-client IRC connection(/dcc) via a NAT-ed network.\n(CVE-2014-1690)\n\nMatthew Thode reported a denial of service vulnerability in the Linux\nkernel when SELinux support is enabled. A local user with the\nCAP_MAC_ADMIN capability (and the SELinux mac_admin permission if\nrunning in enforcing mode) could exploit this flaw to cause a denial\nof service (kernel crash). (CVE-2014-1874)\n\nAn information leak was discovered in the Linux kernel's NFS\nfilesystem. A local users with write access to an NFS share could\nexploit this flaw to obtain potential sensative information from\nkernel memory. (CVE-2014-2038).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2140-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.11-generic and / or\nlinux-image-3.11-generic-lpae packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.11-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.11-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(13\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 13.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-1690\", \"CVE-2014-1874\", \"CVE-2014-2038\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2140-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"13.10\", pkgname:\"linux-image-3.11.0-18-generic\", pkgver:\"3.11.0-18.32\")) flag++;\nif (ubuntu_check(osver:\"13.10\", pkgname:\"linux-image-3.11.0-18-generic-lpae\", pkgver:\"3.11.0-18.32\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.11-generic / linux-image-3.11-generic-lpae\");\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:50:58", "description": "An information leak was discovered in the Linux kernel when built with the NetFilter Connection Tracking (NF_CONNTRACK) support for IRC protocol (NF_NAT_IRC). A remote attacker could exploit this flaw to obtain potentially sensitive kernel information when communicating over a client- to-client IRC connection(/dcc) via a NAT-ed network.\n(CVE-2014-1690)\n\nMatthew Thode reported a denial of service vulnerability in the Linux kernel when SELinux support is enabled. A local user with the CAP_MAC_ADMIN capability (and the SELinux mac_admin permission if running in enforcing mode) could exploit this flaw to cause a denial of service (kernel crash). (CVE-2014-1874)\n\nAn information leak was discovered in the Linux kernel's NFS filesystem. A local users with write access to an NFS share could exploit this flaw to obtain potential sensative information from kernel memory. (CVE-2014-2038).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-03-10T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS : linux-lts-saucy vulnerabilities (USN-2137-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1690", "CVE-2014-1874", "CVE-2014-2038"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.11-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.11-generic-lpae", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-2137-1.NASL", "href": "https://www.tenable.com/plugins/nessus/72900", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2137-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72900);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-1690\", \"CVE-2014-1874\", \"CVE-2014-2038\");\n script_bugtraq_id(65180, 65688);\n script_xref(name:\"USN\", value:\"2137-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux-lts-saucy vulnerabilities (USN-2137-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An information leak was discovered in the Linux kernel when built with\nthe NetFilter Connection Tracking (NF_CONNTRACK) support for IRC\nprotocol (NF_NAT_IRC). A remote attacker could exploit this flaw to\nobtain potentially sensitive kernel information when communicating\nover a client- to-client IRC connection(/dcc) via a NAT-ed network.\n(CVE-2014-1690)\n\nMatthew Thode reported a denial of service vulnerability in the Linux\nkernel when SELinux support is enabled. A local user with the\nCAP_MAC_ADMIN capability (and the SELinux mac_admin permission if\nrunning in enforcing mode) could exploit this flaw to cause a denial\nof service (kernel crash). (CVE-2014-1874)\n\nAn information leak was discovered in the Linux kernel's NFS\nfilesystem. A local users with write access to an NFS share could\nexploit this flaw to obtain potential sensative information from\nkernel memory. (CVE-2014-2038).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2137-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.11-generic and / or\nlinux-image-3.11-generic-lpae packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.11-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.11-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-1690\", \"CVE-2014-1874\", \"CVE-2014-2038\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2137-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.11.0-18-generic\", pkgver:\"3.11.0-18.32~precise1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.11.0-18-generic-lpae\", pkgver:\"3.11.0-18.32~precise1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.11-generic / linux-image-3.11-generic-lpae\");\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2021-10-16T02:00:32", "description": "The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.\n\nThe security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context.\n\nThe Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c.\n\nThe cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer.", "cvss3": {"score": null, "vector": null}, "published": "2014-03-02T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2014-289)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7263", "CVE-2013-7265", "CVE-2014-0069", "CVE-2014-1874"], "modified": "2020-08-27T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-doc", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2014-289.NASL", "href": "https://www.tenable.com/plugins/nessus/72745", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-289.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72745);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/27\");\n\n script_cve_id(\"CVE-2013-7263\", \"CVE-2013-7265\", \"CVE-2014-0069\", \"CVE-2014-1874\");\n script_xref(name:\"ALAS\", value:\"2014-289\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2014-289)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel\nbefore 3.12.4 updates a certain length value before ensuring that an\nassociated data structure has been initialized, which allows local\nusers to obtain sensitive information from kernel stack memory via a\n(1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.\n\nThe security_context_to_sid_core function in\nsecurity/selinux/ss/services.c in the Linux kernel before 3.13.4\nallows local users to cause a denial of service (system crash) by\nleveraging the CAP_MAC_ADMIN capability to set a zero-length security\ncontext.\n\nThe Linux kernel before 3.12.4 updates certain length values before\nensuring that associated data structures have been initialized, which\nallows local users to obtain sensitive information from kernel stack\nmemory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call,\nrelated to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c,\nnet/ipv6/raw.c, and net/ipv6/udp.c.\n\nThe cifs_iovec_write function in fs/cifs/file.c in the Linux kernel\nthrough 3.13.5 does not properly handle uncached write operations that\ncopy fewer than the requested number of bytes, which allows local\nusers to obtain sensitive information from kernel memory, cause a\ndenial of service (memory corruption and system crash), or possibly\ngain privileges via a writev system call with a crafted pointer.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-289.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Run 'yum update kernel' to update your system. You will need to reboot\nyour system in order for the new kernel to be running.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/01/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"kernel-3.4.82-69.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-debuginfo-3.4.82-69.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-3.4.82-69.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.4.82-69.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-devel-3.4.82-69.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-doc-3.4.82-69.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-headers-3.4.82-69.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-3.4.82-69.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-debuginfo-3.4.82-69.112.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-09T01:52:37", "description": "The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-3042 advisory.\n\n - The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device. (CVE-2014-1737)\n\n - The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device. (CVE-2014-1738)\n\n - The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero- length write operation. (CVE-2013-6378)\n\n - The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context. (CVE-2014-1874)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": null, "vector": null}, "published": "2014-06-23T00:00:00", "type": "nessus", "title": "Oracle Linux 5 / 6 : unbreakable enterprise kernel (ELSA-2014-3042)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-6378", "CVE-2014-1737", "CVE-2014-1738", "CVE-2014-1874"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2014-3042.NASL", "href": "https://www.tenable.com/plugins/nessus/76185", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2014-3042.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76185);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2013-6378\",\n \"CVE-2014-1737\",\n \"CVE-2014-1738\",\n \"CVE-2014-1874\"\n );\n script_bugtraq_id(\n 63886,\n 65459,\n 67300,\n 67302\n );\n\n script_name(english:\"Oracle Linux 5 / 6 : unbreakable enterprise kernel (ELSA-2014-3042)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2014-3042 advisory.\n\n - The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly\n handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger\n kfree operations and gain privileges by leveraging write access to a /dev/fd device. (CVE-2014-1737)\n\n - The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not\n properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows\n local users to obtain sensitive information from kernel heap memory by leveraging write access to a\n /dev/fd device. (CVE-2014-1738)\n\n - The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through\n 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-\n length write operation. (CVE-2013-6378)\n\n - The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before\n 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN\n capability to set a zero-length security context. (CVE-2014-1874)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2014-3042.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-1737\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 5 / 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.39-400.215.3.el5uek', '2.6.39-400.215.3.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2014-3042');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-2.6.39-400.215.3.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-2.6.39-400.215.3.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.215.3.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.215.3.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.215.3.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.215.3.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.215.3.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.215.3.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-doc-2.6.39-400.215.3.el5uek', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.39'},\n {'reference':'kernel-uek-firmware-2.6.39-400.215.3.el5uek', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.39'},\n {'reference':'kernel-uek-2.6.39-400.215.3.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-2.6.39-400.215.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.215.3.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.215.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.215.3.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.215.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.215.3.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.215.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-doc-2.6.39-400.215.3.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.39'},\n {'reference':'kernel-uek-firmware-2.6.39-400.215.3.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.39'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-09T01:53:35", "description": "The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-3043 advisory.\n\n - The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device. (CVE-2014-1737)\n\n - The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device. (CVE-2014-1738)\n\n - The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero- length write operation. (CVE-2013-6378)\n\n - The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context. (CVE-2014-1874)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.5, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2014-06-23T00:00:00", "type": "nessus", "title": "Oracle Linux 5 / 6 : unbreakable enterprise kernel (ELSA-2014-3043)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-6378", "CVE-2014-0203", "CVE-2014-1737", "CVE-2014-1738", "CVE-2014-1874"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.36.3.el5uek", "p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.36.3.el5uekdebug", "p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.36.3.el6uek", "p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.36.3.el6uekdebug", "p-cpe:/a:oracle:linux:ofa-2.6.32-400.36.3.el5uek", "p-cpe:/a:oracle:linux:ofa-2.6.32-400.36.3.el5uekdebug", "p-cpe:/a:oracle:linux:ofa-2.6.32-400.36.3.el6uek", "p-cpe:/a:oracle:linux:ofa-2.6.32-400.36.3.el6uekdebug"], "id": "ORACLELINUX_ELSA-2014-3043.NASL", "href": "https://www.tenable.com/plugins/nessus/76186", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2014-3043.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76186);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2013-6378\",\n \"CVE-2014-0203\",\n \"CVE-2014-1737\",\n \"CVE-2014-1738\",\n \"CVE-2014-1874\"\n );\n script_bugtraq_id(\n 63886,\n 65459,\n 67300,\n 67302,\n 68125\n );\n\n script_name(english:\"Oracle Linux 5 / 6 : unbreakable enterprise kernel (ELSA-2014-3043)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2014-3043 advisory.\n\n - The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly\n handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger\n kfree operations and gain privileges by leveraging write access to a /dev/fd device. (CVE-2014-1737)\n\n - The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not\n properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows\n local users to obtain sensitive information from kernel heap memory by leveraging write access to a\n /dev/fd device. (CVE-2014-1738)\n\n - The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through\n 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-\n length write operation. (CVE-2013-6378)\n\n - The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before\n 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN\n capability to set a zero-length security context. (CVE-2014-1874)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2014-3043.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-1737\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.36.3.el5uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.36.3.el5uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.36.3.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.36.3.el6uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-400.36.3.el5uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-400.36.3.el5uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-400.36.3.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-400.36.3.el6uekdebug\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 5 / 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.32-400.36.3.el5uek', '2.6.32-400.36.3.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2014-3043');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-2.6.32-400.36.3.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-2.6.32-400.36.3.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-400.36.3.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-400.36.3.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-400.36.3.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-400.36.3.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-400.36.3.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-400.36.3.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-doc-2.6.32-400.36.3.el5uek', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.32'},\n {'reference':'kernel-uek-firmware-2.6.32-400.36.3.el5uek', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.32'},\n {'reference':'kernel-uek-headers-2.6.32-400.36.3.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-2.6.32'},\n {'reference':'kernel-uek-headers-2.6.32-400.36.3.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-2.6.32'},\n {'reference':'mlnx_en-2.6.32-400.36.3.el5uek-1.5.7-2', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mlnx_en-2.6.32-400.36.3.el5uek-1.5.7-2', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mlnx_en-2.6.32-400.36.3.el5uekdebug-1.5.7-2', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mlnx_en-2.6.32-400.36.3.el5uekdebug-1.5.7-2', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-400.36.3.el5uek-1.5.1-4.0.58', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-400.36.3.el5uek-1.5.1-4.0.58', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-400.36.3.el5uekdebug-1.5.1-4.0.58', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-400.36.3.el5uekdebug-1.5.1-4.0.58', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-2.6.32-400.36.3.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-2.6.32-400.36.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-400.36.3.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-400.36.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-400.36.3.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-400.36.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-400.36.3.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-400.36.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-doc-2.6.32-400.36.3.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.32'},\n {'reference':'kernel-uek-firmware-2.6.32-400.36.3.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.32'},\n {'reference':'kernel-uek-headers-2.6.32-400.36.3.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-2.6.32'},\n {'reference':'kernel-uek-headers-2.6.32-400.36.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-2.6.32'},\n {'reference':'mlnx_en-2.6.32-400.36.3.el6uek-1.5.7-0.1', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mlnx_en-2.6.32-400.36.3.el6uek-1.5.7-0.1', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mlnx_en-2.6.32-400.36.3.el6uekdebug-1.5.7-0.1', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mlnx_en-2.6.32-400.36.3.el6uekdebug-1.5.7-0.1', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-400.36.3.el6uek-1.5.1-4.0.58', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-400.36.3.el6uek-1.5.1-4.0.58', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-400.36.3.el6uekdebug-1.5.1-4.0.58', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-400.36.3.el6uekdebug-1.5.1-4.0.58', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:50:46", "description": "Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker could exploit this error to discover the original MAC address after a spoofing atack.\n(CVE-2013-4579)\n\nAndrew Honig reported an error in the Linux Kernel's Kernel Virtual Machine (KVM) VAPIC synchronization operation. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash). (CVE-2013-6368)\n\nhalfdog reported an error in the AMD K7 and K8 platform support in the Linux kernel. An unprivileged local user could exploit this flaw on AMD based systems to cause a denial of service (task kill) or possibly gain privileges via a crafted application. (CVE-2014-1438)\n\nAn information leak was discovered in the Linux kernel's hamradio YAM driver for AX.25 packet radio. A local user with the CAP_NET_ADMIN capability could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2014-1446)\n\nMatthew Thode reported a denial of service vulnerability in the Linux kernel when SELinux support is enabled. A local user with the CAP_MAC_ADMIN capability (and the SELinux mac_admin permission if running in enforcing mode) could exploit this flaw to cause a denial of service (kernel crash). (CVE-2014-1874).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-03-10T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS : linux vulnerabilities (USN-2133-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4579", "CVE-2013-6368", "CVE-2014-1438", "CVE-2014-1446", "CVE-2014-1874"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-2133-1.NASL", "href": "https://www.tenable.com/plugins/nessus/72897", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2133-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72897);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-4579\", \"CVE-2013-6368\", \"CVE-2014-1438\", \"CVE-2014-1446\", \"CVE-2014-1874\");\n script_xref(name:\"USN\", value:\"2133-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux vulnerabilities (USN-2133-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mathy Vanhoef discovered an error in the the way the ath9k driver was\nhandling the BSSID masking. A remote attacker could exploit this error\nto discover the original MAC address after a spoofing atack.\n(CVE-2013-4579)\n\nAndrew Honig reported an error in the Linux Kernel's Kernel Virtual\nMachine (KVM) VAPIC synchronization operation. A local user could\nexploit this flaw to gain privileges or cause a denial of service\n(system crash). (CVE-2013-6368)\n\nhalfdog reported an error in the AMD K7 and K8 platform support in the\nLinux kernel. An unprivileged local user could exploit this flaw on\nAMD based systems to cause a denial of service (task kill) or possibly\ngain privileges via a crafted application. (CVE-2014-1438)\n\nAn information leak was discovered in the Linux kernel's hamradio YAM\ndriver for AX.25 packet radio. A local user with the CAP_NET_ADMIN\ncapability could exploit this flaw to obtain sensitive information\nfrom kernel memory. (CVE-2014-1446)\n\nMatthew Thode reported a denial of service vulnerability in the Linux\nkernel when SELinux support is enabled. A local user with the\nCAP_MAC_ADMIN capability (and the SELinux mac_admin permission if\nrunning in enforcing mode) could exploit this flaw to cause a denial\nof service (kernel crash). (CVE-2014-1874).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2133-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-4579\", \"CVE-2013-6368\", \"CVE-2014-1438\", \"CVE-2014-1446\", \"CVE-2014-1874\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2133-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-60-generic\", pkgver:\"3.2.0-60.91\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-60-generic-pae\", pkgver:\"3.2.0-60.91\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-60-highbank\", pkgver:\"3.2.0-60.91\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-60-virtual\", pkgver:\"3.2.0-60.91\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.2-generic / linux-image-3.2-generic-pae / etc\");\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-10T17:29:38", "description": "The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-0771 advisory.\n\n - The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. (CVE-2014-3153)\n\n - The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device. (CVE-2014-1737)\n\n - The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device. (CVE-2014-1738)\n\n - The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero- length write operation. (CVE-2013-6378)\n\n - The __do_follow_link function in fs/namei.c in the Linux kernel before 2.6.33 does not properly handle the last pathname component during use of certain filesystems, which allows local users to cause a denial of service (incorrect free operations and system crash) via an open system call. (CVE-2014-0203)\n\n - The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context. (CVE-2014-1874)\n\n - arch/s390/kernel/head64.S in the Linux kernel before 3.13.5 on the s390 platform does not properly handle attempted use of the linkage stack, which allows local users to cause a denial of service (system crash) by executing a crafted instruction. (CVE-2014-2039)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.5, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2014-06-20T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : kernel (ELSA-2014-0771)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-6378", "CVE-2014-0203", "CVE-2014-1737", "CVE-2014-1738", "CVE-2014-1874", "CVE-2014-2039", "CVE-2014-3153"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-firmware", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2014-0771.NASL", "href": "https://www.tenable.com/plugins/nessus/76155", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2014-0771.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76155);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2013-6378\",\n \"CVE-2014-0203\",\n \"CVE-2014-1737\",\n \"CVE-2014-1738\",\n \"CVE-2014-1874\",\n \"CVE-2014-2039\",\n \"CVE-2014-3153\"\n );\n script_bugtraq_id(\n 63886,\n 65459,\n 65700,\n 67300,\n 67302,\n 67906,\n 68125\n );\n script_xref(name:\"RHSA\", value:\"2014:0771\");\n\n script_name(english:\"Oracle Linux 6 : kernel (ELSA-2014-0771)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2014-0771 advisory.\n\n - The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls\n have two different futex addresses, which allows local users to gain privileges via a crafted\n FUTEX_REQUEUE command that facilitates unsafe waiter modification. (CVE-2014-3153)\n\n - The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly\n handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger\n kfree operations and gain privileges by leveraging write access to a /dev/fd device. (CVE-2014-1737)\n\n - The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not\n properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows\n local users to obtain sensitive information from kernel heap memory by leveraging write access to a\n /dev/fd device. (CVE-2014-1738)\n\n - The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through\n 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-\n length write operation. (CVE-2013-6378)\n\n - The __do_follow_link function in fs/namei.c in the Linux kernel before 2.6.33 does not properly handle the\n last pathname component during use of certain filesystems, which allows local users to cause a denial of\n service (incorrect free operations and system crash) via an open system call. (CVE-2014-0203)\n\n - The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before\n 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN\n capability to set a zero-length security context. (CVE-2014-1874)\n\n - arch/s390/kernel/head64.S in the Linux kernel before 3.13.5 on the s390 platform does not properly handle\n attempted use of the linkage stack, which allows local users to cause a denial of service (system crash)\n by executing a crafted instruction. (CVE-2014-2039)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2014-0771.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-3153\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Android \"Towelroot\" Futex Requeue Kernel Exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.32-431.20.3.el6'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2014-0771');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-2.6.32-431.20.3.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.32'},\n {'reference':'kernel-2.6.32-431.20.3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.32'},\n {'reference':'kernel-abi-whitelists-2.6.32-431.20.3.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-2.6.32'},\n {'reference':'kernel-debug-2.6.32-431.20.3.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.32'},\n {'reference':'kernel-debug-2.6.32-431.20.3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.32'},\n {'reference':'kernel-debug-devel-2.6.32-431.20.3.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.32'},\n {'reference':'kernel-debug-devel-2.6.32-431.20.3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.32'},\n {'reference':'kernel-devel-2.6.32-431.20.3.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.32'},\n {'reference':'kernel-devel-2.6.32-431.20.3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.32'},\n {'reference':'kernel-firmware-2.6.32-431.20.3.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-firmware-2.6.32'},\n {'reference':'kernel-headers-2.6.32-431.20.3.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.32'},\n {'reference':'kernel-headers-2.6.32-431.20.3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.32'},\n {'reference':'perf-2.6.32-431.20.3.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-2.6.32-431.20.3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-2.6.32-431.20.3.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-2.6.32-431.20.3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-debug / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-10T17:29:47", "description": "Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\n* A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance (PI) futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-3153, Important)\n\n* A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. (CVE-2014-1737, Important)\n\n* It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement. (CVE-2014-1738, Low)\n\nNote: A local user with write access to /dev/fdX could use these two flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate their privileges on the system.\n\n* It was discovered that the proc_ns_follow_link() function did not properly return the LAST_BIND value in the last pathname component as is expected for procfs symbolic links, which could lead to excessive freeing of memory and consequent slab corruption. A local, unprivileged user could use this flaw to crash the system.\n(CVE-2014-0203, Moderate)\n\n* A flaw was found in the way the Linux kernel handled exceptions when user-space applications attempted to use the linkage stack. On IBM S/390 systems, a local, unprivileged user could use this flaw to crash the system. (CVE-2014-2039, Moderate)\n\n* An invalid pointer dereference flaw was found in the Marvell 8xxx Libertas WLAN (libertas) driver in the Linux kernel. A local user able to write to a file that is provided by the libertas driver and located on the debug file system (debugfs) could use this flaw to crash the system. Note: The debugfs file system must be mounted locally to exploit this issue. It is not mounted by default. (CVE-2013-6378, Low)\n\n* A denial of service flaw was discovered in the way the Linux kernel's SELinux implementation handled files with an empty SELinux security context. A local user who has the CAP_MAC_ADMIN capability could use this flaw to crash the system. (CVE-2014-1874, Low)\n\nRed Hat would like to thank Kees Cook of Google for reporting CVE-2014-3153, Matthew Daley for reporting CVE-2014-1737 and CVE-2014-1738, and Vladimir Davydov of Parallels for reporting CVE-2014-0203. Google acknowledges Pinkie Pie as the original reporter of CVE-2014-3153.\n\nThis update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section.\n\nAll kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "cvss3": {"score": 5.5, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2014-06-20T00:00:00", "type": "nessus", "title": "RHEL 6 : kernel (RHSA-2014:0771)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-6378", "CVE-2014-0203", "CVE-2014-1737", "CVE-2014-1738", "CVE-2014-1874", "CVE-2014-2039", "CVE-2014-3153"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.5"], "id": "REDHAT-RHSA-2014-0771.NASL", "href": "https://www.tenable.com/plugins/nessus/76156", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0771. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76156);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-6378\", \"CVE-2014-0203\", \"CVE-2014-1737\", \"CVE-2014-1738\", \"CVE-2014-1874\", \"CVE-2014-2039\", \"CVE-2014-3153\");\n script_bugtraq_id(63886, 65459, 65700, 67300, 67302, 67906, 68125);\n script_xref(name:\"RHSA\", value:\"2014:0771\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2014:0771)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Updated kernel packages that fix multiple security issues and several\nbugs are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's futex subsystem\nhandled the requeuing of certain Priority Inheritance (PI) futexes. A\nlocal, unprivileged user could use this flaw to escalate their\nprivileges on the system. (CVE-2014-3153, Important)\n\n* A flaw was found in the way the Linux kernel's floppy driver handled\nuser space provided data in certain error code paths while processing\nFDRAWCMD IOCTL commands. A local user with write access to /dev/fdX\ncould use this flaw to free (using the kfree() function) arbitrary\nkernel memory. (CVE-2014-1737, Important)\n\n* It was found that the Linux kernel's floppy driver leaked internal\nkernel memory addresses to user space during the processing of the\nFDRAWCMD IOCTL command. A local user with write access to /dev/fdX\ncould use this flaw to obtain information about the kernel heap\narrangement. (CVE-2014-1738, Low)\n\nNote: A local user with write access to /dev/fdX could use these two\nflaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate\ntheir privileges on the system.\n\n* It was discovered that the proc_ns_follow_link() function did not\nproperly return the LAST_BIND value in the last pathname component as\nis expected for procfs symbolic links, which could lead to excessive\nfreeing of memory and consequent slab corruption. A local,\nunprivileged user could use this flaw to crash the system.\n(CVE-2014-0203, Moderate)\n\n* A flaw was found in the way the Linux kernel handled exceptions when\nuser-space applications attempted to use the linkage stack. On IBM\nS/390 systems, a local, unprivileged user could use this flaw to crash\nthe system. (CVE-2014-2039, Moderate)\n\n* An invalid pointer dereference flaw was found in the Marvell 8xxx\nLibertas WLAN (libertas) driver in the Linux kernel. A local user able\nto write to a file that is provided by the libertas driver and located\non the debug file system (debugfs) could use this flaw to crash the\nsystem. Note: The debugfs file system must be mounted locally to\nexploit this issue. It is not mounted by default. (CVE-2013-6378, Low)\n\n* A denial of service flaw was discovered in the way the Linux\nkernel's SELinux implementation handled files with an empty SELinux\nsecurity context. A local user who has the CAP_MAC_ADMIN capability\ncould use this flaw to crash the system. (CVE-2014-1874, Low)\n\nRed Hat would like to thank Kees Cook of Google for reporting\nCVE-2014-3153, Matthew Daley for reporting CVE-2014-1737 and\nCVE-2014-1738, and Vladimir Davydov of Parallels for reporting\nCVE-2014-0203. Google acknowledges Pinkie Pie as the original reporter\nof CVE-2014-3153.\n\nThis update also fixes several bugs. Documentation for these changes\nwill be available shortly from the Technical Notes document linked to\nin the References section.\n\nAll kernel users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The system\nmust be rebooted for this update to take effect.\"\n );\n # https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c6b506c4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0771\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-6378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-1874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-1737\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-1738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-2039\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0203\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Android \"Towelroot\" Futex Requeue Kernel Exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-6378\", \"CVE-2014-0203\", \"CVE-2014-1737\", \"CVE-2014-1738\", \"CVE-2014-1874\", \"CVE-2014-2039\", \"CVE-2014-3153\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2014:0771\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0771\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-2.6.32-431.20.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-2.6.32-431.20.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-2.6.32-431.20.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-abi-whitelists-2.6.32-431.20.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-2.6.32-431.20.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-2.6.32-431.20.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-431.20.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-2.6.32-431.20.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-2.6.32-431.20.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-431.20.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.32-431.20.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.32-431.20.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-431.20.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-2.6.32-431.20.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-2.6.32-431.20.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-431.20.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-2.6.32-431.20.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-2.6.32-431.20.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-431.20.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-devel-2.6.32-431.20.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-devel-2.6.32-431.20.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-431.20.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-doc-2.6.32-431.20.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-firmware-2.6.32-431.20.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-headers-2.6.32-431.20.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-headers-2.6.32-431.20.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-431.20.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.32-431.20.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-2.6.32-431.20.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.32-431.20.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-2.6.32-431.20.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-2.6.32-431.20.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-2.6.32-431.20.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-debuginfo-2.6.32-431.20.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-debuginfo-2.6.32-431.20.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-431.20.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-perf-2.6.32-431.20.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-perf-2.6.32-431.20.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-perf-2.6.32-431.20.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-perf-debuginfo-2.6.32-431.20.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-perf-debuginfo-2.6.32-431.20.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-2.6.32-431.20.3.el6\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-10T17:29:55", "description": "Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\n* A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance (PI) futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-3153, Important)\n\n* A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. (CVE-2014-1737, Important)\n\n* It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement. (CVE-2014-1738, Low)\n\nNote: A local user with write access to /dev/fdX could use these two flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate their privileges on the system.\n\n* It was discovered that the proc_ns_follow_link() function did not properly return the LAST_BIND value in the last pathname component as is expected for procfs symbolic links, which could lead to excessive freeing of memory and consequent slab corruption. A local, unprivileged user could use this flaw to crash the system.\n(CVE-2014-0203, Moderate)\n\n* A flaw was found in the way the Linux kernel handled exceptions when user-space applications attempted to use the linkage stack. On IBM S/390 systems, a local, unprivileged user could use this flaw to crash the system. (CVE-2014-2039, Moderate)\n\n* An invalid pointer dereference flaw was found in the Marvell 8xxx Libertas WLAN (libertas) driver in the Linux kernel. A local user able to write to a file that is provided by the libertas driver and located on the debug file system (debugfs) could use this flaw to crash the system. Note: The debugfs file system must be mounted locally to exploit this issue. It is not mounted by default. (CVE-2013-6378, Low)\n\n* A denial of service flaw was discovered in the way the Linux kernel's SELinux implementation handled files with an empty SELinux security context. A local user who has the CAP_MAC_ADMIN capability could use this flaw to crash the system. (CVE-2014-1874, Low)\n\nRed Hat would like to thank Kees Cook of Google for reporting CVE-2014-3153, Matthew Daley for reporting CVE-2014-1737 and CVE-2014-1738, and Vladimir Davydov of Parallels for reporting CVE-2014-0203. Google acknowledges Pinkie Pie as the original reporter of CVE-2014-3153.\n\nThis update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section.\n\nAll kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "cvss3": {"score": 5.5, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2014-06-23T00:00:00", "type": "nessus", "title": "CentOS 6 : kernel (CESA-2014:0771)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-6378", "CVE-2014-0203", "CVE-2014-1737", "CVE-2014-1738", "CVE-2014-1874", "CVE-2014-2039", "CVE-2014-3153"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-firmware", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2014-0771.NASL", "href": "https://www.tenable.com/plugins/nessus/76170", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0771 and \n# CentOS Errata and Security Advisory 2014:0771 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76170);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2013-6378\", \"CVE-2014-0203\", \"CVE-2014-1737\", \"CVE-2014-1738\", \"CVE-2014-1874\", \"CVE-2014-2039\", \"CVE-2014-3153\");\n script_bugtraq_id(63886, 65459, 65700, 67300, 67302, 67906, 68125);\n script_xref(name:\"RHSA\", value:\"2014:0771\");\n\n script_name(english:\"CentOS 6 : kernel (CESA-2014:0771)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Updated kernel packages that fix multiple security issues and several\nbugs are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's futex subsystem\nhandled the requeuing of certain Priority Inheritance (PI) futexes. A\nlocal, unprivileged user could use this flaw to escalate their\nprivileges on the system. (CVE-2014-3153, Important)\n\n* A flaw was found in the way the Linux kernel's floppy driver handled\nuser space provided data in certain error code paths while processing\nFDRAWCMD IOCTL commands. A local user with write access to /dev/fdX\ncould use this flaw to free (using the kfree() function) arbitrary\nkernel memory. (CVE-2014-1737, Important)\n\n* It was found that the Linux kernel's floppy driver leaked internal\nkernel memory addresses to user space during the processing of the\nFDRAWCMD IOCTL command. A local user with write access to /dev/fdX\ncould use this flaw to obtain information about the kernel heap\narrangement. (CVE-2014-1738, Low)\n\nNote: A local user with write access to /dev/fdX could use these two\nflaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate\ntheir privileges on the system.\n\n* It was discovered that the proc_ns_follow_link() function did not\nproperly return the LAST_BIND value in the last pathname component as\nis expected for procfs symbolic links, which could lead to excessive\nfreeing of memory and consequent slab corruption. A local,\nunprivileged user could use this flaw to crash the system.\n(CVE-2014-0203, Moderate)\n\n* A flaw was found in the way the Linux kernel handled exceptions when\nuser-space applications attempted to use the linkage stack. On IBM\nS/390 systems, a local, unprivileged user could use this flaw to crash\nthe system. (CVE-2014-2039, Moderate)\n\n* An invalid pointer dereference flaw was found in the Marvell 8xxx\nLibertas WLAN (libertas) driver in the Linux kernel. A local user able\nto write to a file that is provided by the libertas driver and located\non the debug file system (debugfs) could use this flaw to crash the\nsystem. Note: The debugfs file system must be mounted locally to\nexploit this issue. It is not mounted by default. (CVE-2013-6378, Low)\n\n* A denial of service flaw was discovered in the way the Linux\nkernel's SELinux implementation handled files with an empty SELinux\nsecurity context. A local user who has the CAP_MAC_ADMIN capability\ncould use this flaw to crash the system. (CVE-2014-1874, Low)\n\nRed Hat would like to thank Kees Cook of Google for reporting\nCVE-2014-3153, Matthew Daley for reporting CVE-2014-1737 and\nCVE-2014-1738, and Vladimir Davydov of Parallels for reporting\nCVE-2014-0203. Google acknowledges Pinkie Pie as the original reporter\nof CVE-2014-3153.\n\nThis update also fixes several bugs. Documentation for these changes\nwill be available shortly from the Technical Notes document linked to\nin the References section.\n\nAll kernel users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The system\nmust be rebooted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-June/020379.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6c1ddaba\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-1737\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Android \"Towelroot\" Futex Requeue Kernel Exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-2.6.32-431.20.3.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-abi-whitelists-2.6.32-431.20.3.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-debug-2.6.32-431.20.3.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-debug-devel-2.6.32-431.20.3.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-devel-2.6.32-431.20.3.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-doc-2.6.32-431.20.3.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-firmware-2.6.32-431.20.3.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-headers-2.6.32-431.20.3.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perf-2.6.32-431.20.3.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"python-perf-2.6.32-431.20.3.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-10T17:29:38", "description": "* A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance (PI) futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-3153, Important)\n\n* A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. (CVE-2014-1737, Important)\n\n* It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement. (CVE-2014-1738, Low)\n\nNote: A local user with write access to /dev/fdX could use these two flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate their privileges on the system.\n\n* It was discovered that the proc_ns_follow_link() function did not properly return the LAST_BIND value in the last pathname component as is expected for procfs symbolic links, which could lead to excessive freeing of memory and consequent slab corruption. A local, unprivileged user could use this flaw to crash the system.\n(CVE-2014-0203, Moderate)\n\n* A flaw was found in the way the Linux kernel handled exceptions when user-space applications attempted to use the linkage stack. On IBM S/390 systems, a local, unprivileged user could use this flaw to crash the system. (CVE-2014-2039, Moderate)\n\n* An invalid pointer dereference flaw was found in the Marvell 8xxx Libertas WLAN (libertas) driver in the Linux kernel. A local user able to write to a file that is provided by the libertas driver and located on the debug file system (debugfs) could use this flaw to crash the system. Note: The debugfs file system must be mounted locally to exploit this issue. It is not mounted by default. (CVE-2013-6378, Low)\n\n* A denial of service flaw was discovered in the way the Linux kernel's SELinux implementation handled files with an empty SELinux security context. A local user who has the CAP_MAC_ADMIN capability could use this flaw to crash the system. (CVE-2014-1874, Low)\n\nThe system must be rebooted for this update to take effect.", "cvss3": {"score": 5.5, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2014-06-20T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20140619)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-6378", "CVE-2014-0203", "CVE-2014-1737", "CVE-2014-1738", "CVE-2014-1874", "CVE-2014-2039", "CVE-2014-3153"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-doc", "p-cpe:/a:fermilab:scientific_linux:kernel-firmware", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:perf", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20140619_KERNEL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/76157", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76157);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-6378\", \"CVE-2014-0203\", \"CVE-2014-1737\", \"CVE-2014-1738\", \"CVE-2014-1874\", \"CVE-2014-2039\", \"CVE-2014-3153\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20140619)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"* A flaw was found in the way the Linux kernel's futex subsystem\nhandled the requeuing of certain Priority Inheritance (PI) futexes. A\nlocal, unprivileged user could use this flaw to escalate their\nprivileges on the system. (CVE-2014-3153, Important)\n\n* A flaw was found in the way the Linux kernel's floppy driver handled\nuser space provided data in certain error code paths while processing\nFDRAWCMD IOCTL commands. A local user with write access to /dev/fdX\ncould use this flaw to free (using the kfree() function) arbitrary\nkernel memory. (CVE-2014-1737, Important)\n\n* It was found that the Linux kernel's floppy driver leaked internal\nkernel memory addresses to user space during the processing of the\nFDRAWCMD IOCTL command. A local user with write access to /dev/fdX\ncould use this flaw to obtain information about the kernel heap\narrangement. (CVE-2014-1738, Low)\n\nNote: A local user with write access to /dev/fdX could use these two\nflaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate\ntheir privileges on the system.\n\n* It was discovered that the proc_ns_follow_link() function did not\nproperly return the LAST_BIND value in the last pathname component as\nis expected for procfs symbolic links, which could lead to excessive\nfreeing of memory and consequent slab corruption. A local,\nunprivileged user could use this flaw to crash the system.\n(CVE-2014-0203, Moderate)\n\n* A flaw was found in the way the Linux kernel handled exceptions when\nuser-space applications attempted to use the linkage stack. On IBM\nS/390 systems, a local, unprivileged user could use this flaw to crash\nthe system. (CVE-2014-2039, Moderate)\n\n* An invalid pointer dereference flaw was found in the Marvell 8xxx\nLibertas WLAN (libertas) driver in the Linux kernel. A local user able\nto write to a file that is provided by the libertas driver and located\non the debug file system (debugfs) could use this flaw to crash the\nsystem. Note: The debugfs file system must be mounted locally to\nexploit this issue. It is not mounted by default. (CVE-2013-6378, Low)\n\n* A denial of service flaw was discovered in the way the Linux\nkernel's SELinux implementation handled files with an empty SELinux\nsecurity context. A local user who has the CAP_MAC_ADMIN capability\ncould use this flaw to crash the system. (CVE-2014-1874, Low)\n\nThe system must be rebooted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1406&L=scientific-linux-errata&T=0&P=2228\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5596ce7b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Android \"Towelroot\" Futex Requeue Kernel Exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"kernel-2.6.32-431.20.3.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-abi-whitelists-2.6.32-431.20.3.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-2.6.32-431.20.3.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-debuginfo-2.6.32-431.20.3.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-devel-2.6.32-431.20.3.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debuginfo-2.6.32-431.20.3.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"i386\", reference:\"kernel-debuginfo-common-i686-2.6.32-431.20.3.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-431.20.3.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-devel-2.6.32-431.20.3.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-doc-2.6.32-431.20.3.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-firmware-2.6.32-431.20.3.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-headers-2.6.32-431.20.3.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-2.6.32-431.20.3.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-debuginfo-2.6.32-431.20.3.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-2.6.32-431.20.3.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-debuginfo-2.6.32-431.20.3.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:49:00", "description": "Updated kernel-rt packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise MRG 2.5.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel-rt packages contain the Linux kernel, the core of any Linux operating system.\n\n * A denial of service flaw was found in the way the Linux kernel's IPv6 implementation processed IPv6 router advertisement (RA) packets. An attacker able to send a large number of RA packets to a target system could potentially use this flaw to crash the target system.\n (CVE-2014-2309, Important)\n\n * A flaw was found in the way the Linux kernel's netfilter connection tracking implementation for Datagram Congestion Control Protocol (DCCP) packets used the skb_header_pointer() function. A remote attacker could use this flaw to send a specially crafted DCCP packet to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-2523, Important)\n\n * A flaw was found in the way the Linux kernel's CIFS implementation handled uncached write operations with specially crafted iovec structures. An unprivileged local user with access to a CIFS share could use this flaw to crash the system, leak kernel memory, or, potentially, escalate their privileges on the system.\n (CVE-2014-0069, Moderate)\n\n * A flaw was found in the way the Linux kernel handled pending Floating Pointer Unit (FPU) exceptions during the switching of tasks. A local attacker could use this flaw to terminate arbitrary processes on the system, causing a denial of service, or, potentially, escalate their privileges on the system. Note that this flaw only affected systems using AMD CPUs on both 32-bit and 64-bit architectures. (CVE-2014-1438, Moderate)\n\n * It was found that certain protocol handlers in the Linux kernel's networking implementation could set the addr_len value without initializing the associated data structure. A local, unprivileged user could use this flaw to leak kernel stack memory to user space using the recvmsg, recvfrom, and recvmmsg system calls.\n (CVE-2013-7263, CVE-2013-7265, Low)\n\n * An information leak flaw was found in the Linux kernel's netfilter connection tracking IRC NAT helper implementation that could allow a remote attacker to disclose portions of kernel stack memory during IRC DCC (Direct Client-to-Client) communication over NAT.\n (CVE-2014-1690, Low)\n\n * A denial of service flaw was discovered in the way the Linux kernel's SELinux implementation handled files with an empty SELinux security context. A local user who has the CAP_MAC_ADMIN capability could use this flaw to crash the system. (CVE-2014-1874, Low)\n\nThis update also fixes several bugs and adds multiple enhancements.\nDocumentation for these changes will be available shortly from the Technical Notes document linked to in the References section.\n\nUsers are advised to upgrade to these updated packages, which upgrade the kernel-rt kernel to version kernel-rt-3.10.33-rt32.33, correct these issues, and fix the bugs and add the enhancements noted in the Red Hat Enterprise MRG 2 Technical Notes. The system must be rebooted for this update to take effect.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2014-07-22T00:00:00", "type": "nessus", "title": "RHEL 6 : MRG (RHSA-2014:0439)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4483", "CVE-2013-7263", "CVE-2013-7265", "CVE-2013-7339", "CVE-2014-0069", "CVE-2014-1438", "CVE-2014-1690", "CVE-2014-1874", "CVE-2014-2309", "CVE-2014-2523"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2014-0439.NASL", "href": "https://www.tenable.com/plugins/nessus/76674", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0439. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76674);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\n \"CVE-2013-4483\",\n \"CVE-2013-7263\",\n \"CVE-2013-7265\",\n \"CVE-2013-7339\",\n \"CVE-2014-0069\",\n \"CVE-2014-1438\",\n \"CVE-2014-1690\",\n \"CVE-2014-1874\",\n \"CVE-2014-2309\",\n \"CVE-2014-2523\"\n );\n script_bugtraq_id(\n 64677,\n 64686,\n 64781,\n 65180,\n 65459,\n 65588,\n 66095,\n 66279\n );\n script_xref(name:\"RHSA\", value:\"2014:0439\");\n\n script_name(english:\"RHEL 6 : MRG (RHSA-2014:0439)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Updated kernel-rt packages that fix multiple security issues, several\nbugs, and add various enhancements are now available for Red Hat\nEnterprise MRG 2.5.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\n * A denial of service flaw was found in the way the Linux\n kernel's IPv6 implementation processed IPv6 router\n advertisement (RA) packets. An attacker able to send a\n large number of RA packets to a target system could\n potentially use this flaw to crash the target system.\n (CVE-2014-2309, Important)\n\n * A flaw was found in the way the Linux kernel's netfilter\n connection tracking implementation for Datagram\n Congestion Control Protocol (DCCP) packets used the\n skb_header_pointer() function. A remote attacker could\n use this flaw to send a specially crafted DCCP packet\n to crash the system or, potentially, escalate their\n privileges on the system. (CVE-2014-2523, Important)\n\n * A flaw was found in the way the Linux kernel's CIFS\n implementation handled uncached write operations with\n specially crafted iovec structures. An unprivileged\n local user with access to a CIFS share could use this\n flaw to crash the system, leak kernel memory, or,\n potentially, escalate their privileges on the system.\n (CVE-2014-0069, Moderate)\n\n * A flaw was found in the way the Linux kernel handled\n pending Floating Pointer Unit (FPU) exceptions during\n the switching of tasks. A local attacker could use this\n flaw to terminate arbitrary processes on the system,\n causing a denial of service, or, potentially, escalate\n their privileges on the system. Note that this flaw only\n affected systems using AMD CPUs on both 32-bit and\n 64-bit architectures. (CVE-2014-1438, Moderate)\n\n * It was found that certain protocol handlers in the Linux\n kernel's networking implementation could set the\n addr_len value without initializing the associated data\n structure. A local, unprivileged user could use this\n flaw to leak kernel stack memory to user space using the\n recvmsg, recvfrom, and recvmmsg system calls.\n (CVE-2013-7263, CVE-2013-7265, Low)\n\n * An information leak flaw was found in the Linux kernel's\n netfilter connection tracking IRC NAT helper\n implementation that could allow a remote attacker to\n disclose portions of kernel stack memory during IRC\n DCC (Direct Client-to-Client) communication over NAT.\n (CVE-2014-1690, Low)\n\n * A denial of service flaw was discovered in the way the\n Linux kernel's SELinux implementation handled files with\n an empty SELinux security context. A local user who has\n the CAP_MAC_ADMIN capability could use this flaw to\n crash the system. (CVE-2014-1874, Low)\n\nThis update also fixes several bugs and adds multiple enhancements.\nDocumentation for these changes will be available shortly from the\nTechnical Notes document linked to in the References section.\n\nUsers are advised to upgrade to these updated packages, which upgrade\nthe kernel-rt kernel to version kernel-rt-3.10.33-rt32.33, correct\nthese issues, and fix the bugs and add the enhancements noted in the\nRed Hat Enterprise MRG 2 Technical Notes. The system must be rebooted\nfor this update to take effect.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.redhat.com/security/data/cve/CVE-2013-4483.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.redhat.com/security/data/cve/CVE-2013-7263.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.redhat.com/security/data/cve/CVE-2013-7265.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.redhat.com/security/data/cve/CVE-2013-7339.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.redhat.com/security/data/cve/CVE-2014-0069.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.redhat.com/security/data/cve/CVE-2014-1438.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.redhat.com/security/data/cve/CVE-2014-1690.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.redhat.com/security/data/cve/CVE-2014-1874.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.redhat.com/security/data/cve/CVE-2014-2309.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.redhat.com/security/data/cve/CVE-2014-2523.html\");\n # https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_MRG/2/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ae491241\");\n script_set_attribute(attribute:\"see_also\", value:\"http://rhn.redhat.com/errata/RHSA-2014-0439.html\");\n # https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_MRG/2\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?687515f3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/05/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0439\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL6\", rpm:\"mrg-release\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MRG\");\n\n if (! rpm_exists(release:\"RHEL6\", rpm:\"kernel-rt-3.10.0-\") && rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-3.10.33-rt32.33.el6rt\")) flag++;\n if (! rpm_exists(release:\"RHEL6\", rpm:\"kernel-rt-debug-3.10.0-\") && rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-3.10.33-rt32.33.el6rt\")) flag++;\n if (! rpm_exists(release:\"RHEL6\", rpm:\"kernel-rt-debug-debuginfo-3.10.0-\") && rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-3.10.33-rt32.33.el6rt\")) flag++;\n if (! rpm_exists(release:\"RHEL6\", rpm:\"kernel-rt-debug-devel-3.10.0-\") && rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-3.10.33-rt32.33.el6rt\")) flag++;\n if (! rpm_exists(release:\"RHEL6\", rpm:\"kernel-rt-debuginfo-3.10.0-\") && rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-3.10.33-rt32.33.el6rt\")) flag++;\n if (! rpm_exists(release:\"RHEL6\", rpm:\"kernel-rt-debuginfo-common-x86_64-3.10.0-\") && rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-3.10.33-rt32.33.el6rt\")) flag++;\n if (! rpm_exists(release:\"RHEL6\", rpm:\"kernel-rt-devel-3.10.0-\") && rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-devel-3.10.33-rt32.33.el6rt\")) flag++;\n if (! rpm_exists(release:\"RHEL6\", rpm:\"kernel-rt-doc-3.10.0-\") && rpm_check(release:\"RHEL6\", reference:\"kernel-rt-doc-3.10.33-rt32.33.el6rt\")) flag++;\n if (! rpm_exists(release:\"RHEL6\", rpm:\"kernel-rt-firmware-3.10.0-\") && rpm_check(release:\"RHEL6\", reference:\"kernel-rt-firmware-3.10.33-rt32.33.el6rt\")) flag++;\n if (! rpm_exists(release:\"RHEL6\", rpm:\"kernel-rt-trace-3.10.0-\") && rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-3.10.33-rt32.33.el6rt\")) flag++;\n if (! rpm_exists(release:\"RHEL6\", rpm:\"kernel-rt-trace-debuginfo-3.10.0-\") && rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-3.10.33-rt32.33.el6rt\")) flag++;\n if (! rpm_exists(release:\"RHEL6\", rpm:\"kernel-rt-trace-devel-3.10.0-\") && rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-3.10.33-rt32.33.el6rt\")) flag++;\n if (! rpm_exists(release:\"RHEL6\", rpm:\"kernel-rt-vanilla-3.10.0-\") && rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-3.10.33-rt32.33.el6rt\")) flag++;\n if (! rpm_exists(release:\"RHEL6\", rpm:\"kernel-rt-vanilla-debuginfo-3.10.0-\") && rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-debuginfo-3.10.33-rt32.33.el6rt\")) flag++;\n if (! rpm_exists(release:\"RHEL6\", rpm:\"kernel-rt-vanilla-devel-3.10.0-\") && rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-devel-3.10.33-rt32.33.el6rt\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-16T14:12:03", "description": "An updated rhev-hypervisor6 package that fixes several security issues is now available.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions.\n\nA flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the client application to crash or, possibly, execute arbitrary code. (CVE-2014-3466)\n\nIt was discovered that the asn1_get_bit_der() function of the libtasn1 library incorrectly reported the length of ASN.1-encoded data.\nSpecially crafted ASN.1 input could cause an application using libtasn1 to perform an out-of-bounds access operation, causing the application to crash or, possibly, execute arbitrary code.\n(CVE-2014-3468)\n\nMultiple incorrect buffer boundary check issues were discovered in libtasn1. Specially crafted ASN.1 input could cause an application using libtasn1 to crash. (CVE-2014-3467)\n\nMultiple NULL pointer dereference flaws were found in libtasn1's asn1_read_value() function. Specially crafted ASN.1 input could cause an application using libtasn1 to crash, if the application used the aforementioned function in a certain way. (CVE-2014-3469)\n\nRed Hat would like to thank GnuTLS upstream for reporting CVE-2014-3466, CVE-2014-3468, CVE-2014-3467, and CVE-2014-3469.\nUpstream acknowledges Joonas Kuorilehto of Codenomicon as the original reporter of CVE-2014-3466.\n\nThis updated package provides an updated kernel component that includes fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers :\n\nCVE-2013-6378, CVE-2014-0203, CVE-2014-1737, CVE-2014-1738, CVE-2014-1874, CVE-2014-2039 and CVE-2014-3153 (kernel issues)\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package.", "cvss3": {"score": null, "vector": null}, "published": "2014-11-11T00:00:00", "type": "nessus", "title": "RHEL 6 : rhev-hypervisor6 (RHSA-2014:0815)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-6378", "CVE-2014-0203", "CVE-2014-1737", "CVE-2014-1738", "CVE-2014-1874", "CVE-2014-2039", "CVE-2014-3153", "CVE-2014-3466", "CVE-2014-3467", "CVE-2014-3468", "CVE-2014-3469"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2014-0815.NASL", "href": "https://www.tenable.com/plugins/nessus/79108", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0815. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79108);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-3466\", \"CVE-2014-3467\", \"CVE-2014-3468\", \"CVE-2014-3469\");\n script_bugtraq_id(67741, 67745, 67748, 67749);\n script_xref(name:\"RHSA\", value:\"2014:0815\");\n\n script_name(english:\"RHEL 6 : rhev-hypervisor6 (RHSA-2014:0815)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated rhev-hypervisor6 package that fixes several security issues\nis now available.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe rhev-hypervisor6 package provides a Red Hat Enterprise\nVirtualization Hypervisor ISO disk image. The Red Hat Enterprise\nVirtualization Hypervisor is a dedicated Kernel-based Virtual Machine\n(KVM) hypervisor. It includes everything necessary to run and manage\nvirtual machines: a subset of the Red Hat Enterprise Linux operating\nenvironment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available\nfor the Intel 64 and AMD64 architectures with virtualization\nextensions.\n\nA flaw was found in the way GnuTLS parsed session IDs from ServerHello\nmessages of the TLS/SSL handshake. A malicious server could use this\nflaw to send an excessively long session ID value, which would trigger\na buffer overflow in a connecting TLS/SSL client application using\nGnuTLS, causing the client application to crash or, possibly, execute\narbitrary code. (CVE-2014-3466)\n\nIt was discovered that the asn1_get_bit_der() function of the libtasn1\nlibrary incorrectly reported the length of ASN.1-encoded data.\nSpecially crafted ASN.1 input could cause an application using\nlibtasn1 to perform an out-of-bounds access operation, causing the\napplication to crash or, possibly, execute arbitrary code.\n(CVE-2014-3468)\n\nMultiple incorrect buffer boundary check issues were discovered in\nlibtasn1. Specially crafted ASN.1 input could cause an application\nusing libtasn1 to crash. (CVE-2014-3467)\n\nMultiple NULL pointer dereference flaws were found in libtasn1's\nasn1_read_value() function. Specially crafted ASN.1 input could cause\nan application using libtasn1 to crash, if the application used the\naforementioned function in a certain way. (CVE-2014-3469)\n\nRed Hat would like to thank GnuTLS upstream for reporting\nCVE-2014-3466, CVE-2014-3468, CVE-2014-3467, and CVE-2014-3469.\nUpstream acknowledges Joonas Kuorilehto of Codenomicon as the original\nreporter of CVE-2014-3466.\n\nThis updated package provides an updated kernel component that\nincludes fixes for various security issues. These issues have no\nsecurity impact on Red Hat Enterprise Virtualization Hypervisor\nitself, however. The security fixes included in this update address\nthe following CVE numbers :\n\nCVE-2013-6378, CVE-2014-0203, CVE-2014-1737, CVE-2014-1738,\nCVE-2014-1874, CVE-2014-2039 and CVE-2014-3153 (kernel issues)\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised\nto upgrade to this updated package.\"\n );\n # https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c6b506c4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0815\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3467\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3466\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3468\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rhev-hypervisor6 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0815\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"rhev-hypervisor6-6.5-20140624.0.el6ev\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rhev-hypervisor6\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-17T15:16:28", "description": "The Linux Kernel was updated to fix various security issues and bugs.\n\nMain security issues fixed :\n\nA security issue in the tty layer that was fixed that could be used by local attackers for code execution (CVE-2014-0196).\n\nTwo security issues in the floppy driver were fixed that could be used by local attackers on machines with the floppy to crash the kernel or potentially execute code in the kernel (CVE-2014-1737 CVE-2014-1738).\n\nOther security issues and bugs that were fixed :\n\n - netfilter: nf_nat: fix access to uninitialized buffer in IRC NAT helper (bnc#860835 CVE-2014-1690).\n\n - net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH (bnc#866102, CVE-2014-0101).\n\n - n_tty: Fix a n_tty_write crash and code execution when echoing in raw mode (bnc#871252 bnc#875690 CVE-2014-0196).\n\n - netfilter: nf_ct_sip: support Cisco 7941/7945 IP phones (bnc#873717).\n\n - Update config files: re-enable twofish crypto support Software twofish crypto support was disabled in several architectures since openSUSE 10.3. For i386 and x86_64 it was on purpose, because hardware-accelerated alternatives exist. However for all other architectures it was by accident. Re-enable software twofish crypto support in arm, ia64 and ppc configuration files, to guarantee that at least one implementation is always available (bnc#871325).\n\n - Update config files: disable CONFIG_TOUCHSCREEN_W90X900 The w90p910_ts driver only makes sense on the W90x900 architecture, which we do not support.\n\n - ath9k: protect tid->sched check (bnc#871148,CVE-2014-2672).\n\n - Fix dst_neigh_lookup/dst_neigh_lookup_skb return value handling bug (bnc#869898).\n\n - SELinux: Fix kernel BUG on empty security contexts (bnc#863335,CVE-2014-1874).\n\n - hamradio/yam: fix info leak in ioctl (bnc#858872, CVE-2014-1446).\n\n - wanxl: fix info leak in ioctl (bnc#858870, CVE-2014-1445).\n\n - farsync: fix info leak in ioctl (bnc#858869, CVE-2014-1444).\n\n - ARM: 7809/1: perf: fix event validation for software group leaders (CVE-2013-4254, bnc#837111).\n\n - netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages (bnc#868653, CVE-2014-2523).\n\n - ath9k_htc: properly set MAC address and BSSID mask (bnc#851426, CVE-2013-4579).\n\n - drm/ttm: don't oops if no invalidate_caches() (bnc#869414).\n\n - Apply missing patches.fixes/drm-nouveau-hwmon-rename-fan0-to-fan1.patc h\n\n - xfs: growfs: use uncached buffers for new headers (bnc#858233).\n\n - xfs: use btree block initialisation functions in growfs (bnc#858233).\n\n - Revert 'Delete patches.fixes/xfs-fix-xfs_buf_find-oops-on-blocks-beyond\n -the-filesystem-end.' (bnc#858233) Put back again the patch patches.fixes/xfs-fix-xfs_buf_find-oops-on-blocks-beyond\n -the-filesystem-end back as there is a better fix than reverting the affecting patch.\n\n - Delete patches.fixes/xfs-fix-xfs_buf_find-oops-on-blocks-beyond\n -the-filesystem-end. It turned out that this patch causes regressions (bnc#858233) The upstream 3.7.x also reverted it in the end (commit c3793e0d94af2).\n\n - tcp: syncookies: reduce cookie lifetime to 128 seconds (bnc#833968).\n\n - tcp: syncookies: reduce mss table to four values (bnc#833968).\n\n - x86, cpu, amd: Add workaround for family 16h, erratum 793 (bnc#852967 CVE-2013-6885).\n\n - cifs: ensure that uncached writes handle unmapped areas correctly (bnc#864025 CVE-2014-0691).\n\n - x86, fpu, amd: Clear exceptions in AMD FXSAVE workaround (bnc#858638 CVE-2014-1438).\n\n - xencons: generalize use of add_preferred_console() (bnc#733022, bnc#852652).\n\n - balloon: don't crash in HVM-with-PoD guests.\n\n - hwmon: (coretemp) Fix truncated name of alarm attributes.\n\n - NFS: Avoid PUTROOTFH when managing leases (bnc#811746).\n\n - cifs: delay super block destruction until all cifsFileInfo objects are gone (bnc#862145).", "cvss3": {"score": 7.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : kernel (openSUSE-SU-2014:0677-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4254", "CVE-2013-4579", "CVE-2013-6885", "CVE-2014-0101", "CVE-2014-0196", "CVE-2014-0691", "CVE-2014-1438", "CVE-2014-1444", "CVE-2014-1445", "CVE-2014-1446", "CVE-2014-1690", "CVE-2014-1737", "CVE-2014-1738", "CVE-2014-1874", "CVE-2014-2523", "CVE-2014-2672"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop", "p-cpe:/a:novell:opensuse:kernel-desktop-base", "p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-debugsource", "p-cpe:/a:novell:opensuse:kernel-desktop-devel", "p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-ec2", "p-cpe:/a:novell:opensuse:kernel-ec2-base", "p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debugsource", "p-cpe:/a:novell:opensuse:kernel-ec2-devel", "p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:kernel-pae-base", "p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debugsource", "p-cpe:/a:novell:opensuse:kernel-pae-devel", "p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-trace", "p-cpe:/a:novell:opensuse:kernel-trace-base", "p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-trace-debuginfo", "p-cpe:/a:novell:opensuse:kernel-trace-debugsource", "p-cpe:/a:novell:opensuse:kernel-trace-devel", "p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-xen-base", "p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debugsource", "p-cpe:/a:novell:opensuse:kernel-xen-devel", "p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo", "cpe:/o:novell:opensuse:12.3"], "id": "OPENSUSE-2014-376.NASL", "href": "https://www.tenable.com/plugins/nessus/75364", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-376.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75364);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-4254\", \"CVE-2013-4579\", \"CVE-2013-6885\", \"CVE-2014-0101\", \"CVE-2014-0196\", \"CVE-2014-0691\", \"CVE-2014-1438\", \"CVE-2014-1444\", \"CVE-2014-1445\", \"CVE-2014-1446\", \"CVE-2014-1690\", \"CVE-2014-1737\", \"CVE-2014-1738\", \"CVE-2014-1874\", \"CVE-2014-2523\", \"CVE-2014-2672\");\n\n script_name(english:\"openSUSE Security Update : kernel (openSUSE-SU-2014:0677-1)\");\n script_summary(english:\"Check for the openSUSE-2014-376 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Linux Kernel was updated to fix various security issues and bugs.\n\nMain security issues fixed :\n\nA security issue in the tty layer that was fixed that could be used by\nlocal attackers for code execution (CVE-2014-0196).\n\nTwo security issues in the floppy driver were fixed that could be used\nby local attackers on machines with the floppy to crash the kernel or\npotentially execute code in the kernel (CVE-2014-1737 CVE-2014-1738).\n\nOther security issues and bugs that were fixed :\n\n - netfilter: nf_nat: fix access to uninitialized buffer in\n IRC NAT helper (bnc#860835 CVE-2014-1690).\n\n - net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer\n is AUTH (bnc#866102, CVE-2014-0101).\n\n - n_tty: Fix a n_tty_write crash and code execution when\n echoing in raw mode (bnc#871252 bnc#875690\n CVE-2014-0196).\n\n - netfilter: nf_ct_sip: support Cisco 7941/7945 IP phones\n (bnc#873717).\n\n - Update config files: re-enable twofish crypto support\n Software twofish crypto support was disabled in several\n architectures since openSUSE 10.3. For i386 and x86_64\n it was on purpose, because hardware-accelerated\n alternatives exist. However for all other architectures\n it was by accident. Re-enable software twofish crypto\n support in arm, ia64 and ppc configuration files, to\n guarantee that at least one implementation is always\n available (bnc#871325).\n\n - Update config files: disable CONFIG_TOUCHSCREEN_W90X900\n The w90p910_ts driver only makes sense on the W90x900\n architecture, which we do not support.\n\n - ath9k: protect tid->sched check\n (bnc#871148,CVE-2014-2672).\n\n - Fix dst_neigh_lookup/dst_neigh_lookup_skb return value\n handling bug (bnc#869898).\n\n - SELinux: Fix kernel BUG on empty security contexts\n (bnc#863335,CVE-2014-1874).\n\n - hamradio/yam: fix info leak in ioctl (bnc#858872,\n CVE-2014-1446).\n\n - wanxl: fix info leak in ioctl (bnc#858870,\n CVE-2014-1445).\n\n - farsync: fix info leak in ioctl (bnc#858869,\n CVE-2014-1444).\n\n - ARM: 7809/1: perf: fix event validation for software\n group leaders (CVE-2013-4254, bnc#837111).\n\n - netfilter: nf_conntrack_dccp: fix skb_header_pointer API\n usages (bnc#868653, CVE-2014-2523).\n\n - ath9k_htc: properly set MAC address and BSSID mask\n (bnc#851426, CVE-2013-4579).\n\n - drm/ttm: don't oops if no invalidate_caches()\n (bnc#869414).\n\n - Apply missing\n patches.fixes/drm-nouveau-hwmon-rename-fan0-to-fan1.patc\n h\n\n - xfs: growfs: use uncached buffers for new headers\n (bnc#858233).\n\n - xfs: use btree block initialisation functions in growfs\n (bnc#858233).\n\n - Revert 'Delete\n patches.fixes/xfs-fix-xfs_buf_find-oops-on-blocks-beyond\n -the-filesystem-end.' (bnc#858233) Put back again the\n patch\n patches.fixes/xfs-fix-xfs_buf_find-oops-on-blocks-beyond\n -the-filesystem-end back as there is a better fix than\n reverting the affecting patch.\n\n - Delete\n patches.fixes/xfs-fix-xfs_buf_find-oops-on-blocks-beyond\n -the-filesystem-end. It turned out that this patch\n causes regressions (bnc#858233) The upstream 3.7.x also\n reverted it in the end (commit c3793e0d94af2).\n\n - tcp: syncookies: reduce cookie lifetime to 128 seconds\n (bnc#833968).\n\n - tcp: syncookies: reduce mss table to four values\n (bnc#833968).\n\n - x86, cpu, amd: Add workaround for family 16h, erratum\n 793 (bnc#852967 CVE-2013-6885).\n\n - cifs: ensure that uncached writes handle unmapped areas\n correctly (bnc#864025 CVE-2014-0691).\n\n - x86, fpu, amd: Clear exceptions in AMD FXSAVE workaround\n (bnc#858638 CVE-2014-1438).\n\n - xencons: generalize use of add_preferred_console()\n (bnc#733022, bnc#852652).\n\n - balloon: don't crash in HVM-with-PoD guests.\n\n - hwmon: (coretemp) Fix truncated name of alarm\n attributes.\n\n - NFS: Avoid PUTROOTFH when managing leases (bnc#811746).\n\n - cifs: delay super block destruction until all\n cifsFileInfo objects are gone (bnc#862145).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=733022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=811746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=833968\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=837111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=851426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=852652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=852967\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=858233\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=858638\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=858869\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=858870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=858872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=860835\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=862145\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=863335\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=864025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=866102\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=868653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=869414\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=869898\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=871148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=871252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=871325\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=873717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=875690\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=875798\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-05/msg00055.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"kernel-default-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"kernel-default-base-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"kernel-default-base-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"kernel-default-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"kernel-default-debugsource-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"kernel-default-devel-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"kernel-default-devel-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"kernel-devel-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"kernel-source-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"kernel-source-vanilla-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"kernel-syms-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-debug-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-debug-base-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-debug-base-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-debug-debugsource-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-debug-devel-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-debug-devel-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-desktop-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-desktop-base-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-desktop-base-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-desktop-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-desktop-debugsource-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-desktop-devel-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-desktop-devel-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-ec2-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-ec2-base-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-ec2-base-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-ec2-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-ec2-debugsource-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-ec2-devel-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-ec2-devel-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-pae-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-pae-base-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-pae-base-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-pae-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-pae-debugsource-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-pae-devel-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-pae-devel-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-trace-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-trace-base-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-trace-base-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-trace-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-trace-debugsource-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-trace-devel-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-trace-devel-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-vanilla-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-vanilla-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-vanilla-debugsource-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-vanilla-devel-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-vanilla-devel-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-xen-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-xen-base-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-xen-base-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-xen-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-xen-debugsource-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-xen-devel-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"i686\", reference:\"kernel-xen-devel-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-debug-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-debug-base-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-desktop-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-desktop-base-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-desktop-base-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-desktop-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-desktop-debugsource-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-desktop-devel-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-desktop-devel-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-ec2-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-ec2-base-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-ec2-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-ec2-debugsource-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-pae-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-pae-base-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-pae-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-pae-debugsource-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-pae-devel-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-trace-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-trace-base-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-trace-base-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-trace-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-trace-debugsource-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-trace-devel-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-trace-devel-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-vanilla-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-vanilla-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-vanilla-debugsource-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-vanilla-devel-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-vanilla-devel-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-xen-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.7.10-1.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"kernel-xen-devel-debuginfo-3.7.10-1.32.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:50:57", "description": "An information leak was discovered in the Linux kernel when inotify is used to monitor the /dev/ptmx device. A local user could exploit this flaw to discover keystroke timing and potentially discover sensitive information like password length. (CVE-2013-0160)\n\nVasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2929)\n\nAndrew Honig reported a flaw in the Linux Kernel's kvm_vm_ioctl_create_vcpu function of the Kernel Virtual Machine (KVM) subsystem. A local user could exploit this flaw to gain privileges on the host machine. (CVE-2013-4587)\n\nAndrew Honig reported a flaw in the apic_get_tmcct function of the Kernel Virtual Machine (KVM) subsystem if the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service or host OS system crash. (CVE-2013-6367)\n\nNico Golde and Fabian Yamaguchi reported a flaw in the driver for Adaptec AACRAID scsi raid devices in the Linux kernel. A local user could use this flaw to cause a denial of service or possibly other unspecified impact. (CVE-2013-6380)\n\nNico Golde and Fabian Yamaguchi reported buffer underflow errors in the implementation of the XFS filesystem in the Linux kernel. A local user with CAP_SYS_ADMIN could exploit these flaw to cause a denial of service (memory corruption) or possibly other unspecified issues.\n(CVE-2013-6382)\n\nEvan Huus reported a buffer overflow in the Linux kernel's radiotap header parsing. A remote attacker could cause a denial of service (buffer over- read) via a specially crafted header. (CVE-2013-7027)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with ISDN sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7266)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with apple talk sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7267)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with ipx protocol sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7268)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with the netrom address family in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7269)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with packet address family sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7270)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with x25 protocol sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7271)\n\nAn information leak was discovered in the Linux kernel's SIOCWANDEV ioctl call. A local user with the CAP_NET_ADMIN capability could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-1444)\n\nAn information leak was discovered in the wanxl ioctl function the Linux kernel. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-1445)\n\nAn information leak was discovered in the Linux kernel's hamradio YAM driver for AX.25 packet radio. A local user with the CAP_NET_ADMIN capability could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2014-1446)\n\nMatthew Thode reported a denial of service vulnerability in the Linux kernel when SELinux support is enabled. A local user with the CAP_MAC_ADMIN capability (and the SELinux mac_admin permission if running in enforcing mode) could exploit this flaw to cause a denial of service (kernel crash). (CVE-2014-1874).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-03-06T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-2129-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0160", "CVE-2013-2929", "CVE-2013-4587", "CVE-2013-6367", "CVE-2013-6380", "CVE-2013-6382", "CVE-2013-7027", "CVE-2013-7266", "CVE-2013-7267", "CVE-2013-7268", "CVE-2013-7269", "CVE-2013-7270", "CVE-2013-7271", "CVE-2014-1444", "CVE-2014-1445", "CVE-2014-1446", "CVE-2014-1874"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ec2", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts"], "id": "UBUNTU_USN-2129-1.NASL", "href": "https://www.tenable.com/plugins/nessus/72858", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2129-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72858);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-0160\", \"CVE-2013-2929\", \"CVE-2013-4587\", \"CVE-2013-6367\", \"CVE-2013-6380\", \"CVE-2013-6382\", \"CVE-2013-7027\", \"CVE-2013-7266\", \"CVE-2013-7267\", \"CVE-2013-7268\", \"CVE-2013-7269\", \"CVE-2013-7270\", \"CVE-2013-7271\", \"CVE-2014-1444\", \"CVE-2014-1445\", \"CVE-2014-1446\", \"CVE-2014-1874\");\n script_bugtraq_id(57176, 63887, 63889, 64013, 64111, 64270, 64328, 64739, 64741, 64742, 64743, 64744, 64746, 64952, 64953, 64954, 65459);\n script_xref(name:\"USN\", value:\"2129-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-2129-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An information leak was discovered in the Linux kernel when inotify is\nused to monitor the /dev/ptmx device. A local user could exploit this\nflaw to discover keystroke timing and potentially discover sensitive\ninformation like password length. (CVE-2013-0160)\n\nVasily Kulikov reported a flaw in the Linux kernel's implementation of\nptrace. An unprivileged local user could exploit this flaw to obtain\nsensitive information from kernel memory. (CVE-2013-2929)\n\nAndrew Honig reported a flaw in the Linux Kernel's\nkvm_vm_ioctl_create_vcpu function of the Kernel Virtual Machine (KVM)\nsubsystem. A local user could exploit this flaw to gain privileges on\nthe host machine. (CVE-2013-4587)\n\nAndrew Honig reported a flaw in the apic_get_tmcct function of the\nKernel Virtual Machine (KVM) subsystem if the Linux kernel. A guest OS\nuser could exploit this flaw to cause a denial of service or host OS\nsystem crash. (CVE-2013-6367)\n\nNico Golde and Fabian Yamaguchi reported a flaw in the driver for\nAdaptec AACRAID scsi raid devices in the Linux kernel. A local user\ncould use this flaw to cause a denial of service or possibly other\nunspecified impact. (CVE-2013-6380)\n\nNico Golde and Fabian Yamaguchi reported buffer underflow errors in\nthe implementation of the XFS filesystem in the Linux kernel. A local\nuser with CAP_SYS_ADMIN could exploit these flaw to cause a denial of\nservice (memory corruption) or possibly other unspecified issues.\n(CVE-2013-6382)\n\nEvan Huus reported a buffer overflow in the Linux kernel's radiotap\nheader parsing. A remote attacker could cause a denial of service\n(buffer over- read) via a specially crafted header. (CVE-2013-7027)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with ISDN sockets in the Linux kernel. A\nlocal user could exploit this leak to obtain potentially sensitive\ninformation from kernel memory. (CVE-2013-7266)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with apple talk sockets in the Linux\nkernel. A local user could exploit this leak to obtain potentially\nsensitive information from kernel memory. (CVE-2013-7267)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with ipx protocol sockets in the Linux\nkernel. A local user could exploit this leak to obtain potentially\nsensitive information from kernel memory. (CVE-2013-7268)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with the netrom address family in the\nLinux kernel. A local user could exploit this leak to obtain\npotentially sensitive information from kernel memory. (CVE-2013-7269)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with packet address family sockets in\nthe Linux kernel. A local user could exploit this leak to obtain\npotentially sensitive information from kernel memory. (CVE-2013-7270)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with x25 protocol sockets in the Linux\nkernel. A local user could exploit this leak to obtain potentially\nsensitive information from kernel memory. (CVE-2013-7271)\n\nAn information leak was discovered in the Linux kernel's SIOCWANDEV\nioctl call. A local user with the CAP_NET_ADMIN capability could\nexploit this flaw to obtain potentially sensitive information from\nkernel memory. (CVE-2014-1444)\n\nAn information leak was discovered in the wanxl ioctl function the\nLinux kernel. A local user could exploit this flaw to obtain\npotentially sensitive information from kernel memory. (CVE-2014-1445)\n\nAn information leak was discovered in the Linux kernel's hamradio YAM\ndriver for AX.25 packet radio. A local user with the CAP_NET_ADMIN\ncapability could exploit this flaw to obtain sensitive information\nfrom kernel memory. (CVE-2014-1446)\n\nMatthew Thode reported a denial of service vulnerability in the Linux\nkernel when SELinux support is enabled. A local user with the\nCAP_MAC_ADMIN capability (and the SELinux mac_admin permission if\nrunning in enforcing mode) could exploit this flaw to cause a denial\nof service (kernel crash). (CVE-2014-1874).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2129-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected linux-image-2.6-ec2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-0160\", \"CVE-2013-2929\", \"CVE-2013-4587\", \"CVE-2013-6367\", \"CVE-2013-6380\", \"CVE-2013-6382\", \"CVE-2013-7027\", \"CVE-2013-7266\", \"CVE-2013-7267\", \"CVE-2013-7268\", \"CVE-2013-7269\", \"CVE-2013-7270\", \"CVE-2013-7271\", \"CVE-2014-1444\", \"CVE-2014-1445\", \"CVE-2014-1446\", \"CVE-2014-1874\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2129-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-362-ec2\", pkgver:\"2.6.32-362.75\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-ec2\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:50:57", "description": "An information leak was discovered in the Linux kernel when inotify is used to monitor the /dev/ptmx device. A local user could exploit this flaw to discover keystroke timing and potentially discover sensitive information like password length. (CVE-2013-0160)\n\nVasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2929)\n\nAndrew Honig reported a flaw in the Linux Kernel's kvm_vm_ioctl_create_vcpu function of the Kernel Virtual Machine (KVM) subsystem. A local user could exploit this flaw to gain privileges on the host machine. (CVE-2013-4587)\n\nAndrew Honig reported a flaw in the apic_get_tmcct function of the Kernel Virtual Machine (KVM) subsystem if the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service or host OS system crash. (CVE-2013-6367)\n\nNico Golde and Fabian Yamaguchi reported a flaw in the driver for Adaptec AACRAID scsi raid devices in the Linux kernel. A local user could use this flaw to cause a denial of service or possibly other unspecified impact. (CVE-2013-6380)\n\nNico Golde and Fabian Yamaguchi reported buffer underflow errors in the implementation of the XFS filesystem in the Linux kernel. A local user with CAP_SYS_ADMIN could exploit these flaw to cause a denial of service (memory corruption) or possibly other unspecified issues.\n(CVE-2013-6382)\n\nEvan Huus reported a buffer overflow in the Linux kernel's radiotap header parsing. A remote attacker could cause a denial of service (buffer over- read) via a specially crafted header. (CVE-2013-7027)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with ISDN sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7266)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with apple talk sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7267)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with ipx protocol sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7268)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with the netrom address family in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7269)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with packet address family sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7270)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with x25 protocol sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7271)\n\nAn information leak was discovered in the Linux kernel's SIOCWANDEV ioctl call. A local user with the CAP_NET_ADMIN capability could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-1444)\n\nAn information leak was discovered in the wanxl ioctl function the the Linux kernel. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-1445)\n\nAn information leak was discovered in the Linux kernel's hamradio YAM driver for AX.25 packet radio. A local user with the CAP_NET_ADMIN capability could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2014-1446)\n\nMatthew Thode reported a denial of service vulnerability in the Linux kernel when SELinux support is enabled. A local user with the CAP_MAC_ADMIN capability (and the SELinux mac_admin permission if running in enforcing mode) could exploit this flaw to cause a denial of service (kernel crash). (CVE-2014-1874).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-03-06T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS : linux vulnerabilities (USN-2128-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0160", "CVE-2013-2929", "CVE-2013-4587", "CVE-2013-6367", "CVE-2013-6380", "CVE-2013-6382", "CVE-2013-7027", "CVE-2013-7266", "CVE-2013-7267", "CVE-2013-7268", "CVE-2013-7269", "CVE-2013-7270", "CVE-2013-7271", "CVE-2014-1444", "CVE-2014-1445", "CVE-2014-1446", "CVE-2014-1874"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts"], "id": "UBUNTU_USN-2128-1.NASL", "href": "https://www.tenable.com/plugins/nessus/72857", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2128-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72857);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-0160\", \"CVE-2013-2929\", \"CVE-2013-4587\", \"CVE-2013-6367\", \"CVE-2013-6380\", \"CVE-2013-6382\", \"CVE-2013-7027\", \"CVE-2013-7266\", \"CVE-2013-7267\", \"CVE-2013-7268\", \"CVE-2013-7269\", \"CVE-2013-7270\", \"CVE-2013-7271\", \"CVE-2014-1444\", \"CVE-2014-1445\", \"CVE-2014-1446\", \"CVE-2014-1874\");\n script_bugtraq_id(57176, 63887, 63889, 64013, 64111, 64270, 64328, 64739, 64741, 64742, 64743, 64744, 64746, 64952, 64953, 64954, 65459);\n script_xref(name:\"USN\", value:\"2128-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux vulnerabilities (USN-2128-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An information leak was discovered in the Linux kernel when inotify is\nused to monitor the /dev/ptmx device. A local user could exploit this\nflaw to discover keystroke timing and potentially discover sensitive\ninformation like password length. (CVE-2013-0160)\n\nVasily Kulikov reported a flaw in the Linux kernel's implementation of\nptrace. An unprivileged local user could exploit this flaw to obtain\nsensitive information from kernel memory. (CVE-2013-2929)\n\nAndrew Honig reported a flaw in the Linux Kernel's\nkvm_vm_ioctl_create_vcpu function of the Kernel Virtual Machine (KVM)\nsubsystem. A local user could exploit this flaw to gain privileges on\nthe host machine. (CVE-2013-4587)\n\nAndrew Honig reported a flaw in the apic_get_tmcct function of the\nKernel Virtual Machine (KVM) subsystem if the Linux kernel. A guest OS\nuser could exploit this flaw to cause a denial of service or host OS\nsystem crash. (CVE-2013-6367)\n\nNico Golde and Fabian Yamaguchi reported a flaw in the driver for\nAdaptec AACRAID scsi raid devices in the Linux kernel. A local user\ncould use this flaw to cause a denial of service or possibly other\nunspecified impact. (CVE-2013-6380)\n\nNico Golde and Fabian Yamaguchi reported buffer underflow errors in\nthe implementation of the XFS filesystem in the Linux kernel. A local\nuser with CAP_SYS_ADMIN could exploit these flaw to cause a denial of\nservice (memory corruption) or possibly other unspecified issues.\n(CVE-2013-6382)\n\nEvan Huus reported a buffer overflow in the Linux kernel's radiotap\nheader parsing. A remote attacker could cause a denial of service\n(buffer over- read) via a specially crafted header. (CVE-2013-7027)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with ISDN sockets in the Linux kernel. A\nlocal user could exploit this leak to obtain potentially sensitive\ninformation from kernel memory. (CVE-2013-7266)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with apple talk sockets in the Linux\nkernel. A local user could exploit this leak to obtain potentially\nsensitive information from kernel memory. (CVE-2013-7267)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with ipx protocol sockets in the Linux\nkernel. A local user could exploit this leak to obtain potentially\nsensitive information from kernel memory. (CVE-2013-7268)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with the netrom address family in the\nLinux kernel. A local user could exploit this leak to obtain\npotentially sensitive information from kernel memory. (CVE-2013-7269)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with packet address family sockets in\nthe Linux kernel. A local user could exploit this leak to obtain\npotentially sensitive information from kernel memory. (CVE-2013-7270)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with x25 protocol sockets in the Linux\nkernel. A local user could exploit this leak to obtain potentially\nsensitive information from kernel memory. (CVE-2013-7271)\n\nAn information leak was discovered in the Linux kernel's SIOCWANDEV\nioctl call. A local user with the CAP_NET_ADMIN capability could\nexploit this flaw to obtain potentially sensitive information from\nkernel memory. (CVE-2014-1444)\n\nAn information leak was discovered in the wanxl ioctl function the the\nLinux kernel. A local user could exploit this flaw to obtain\npotentially sensitive information from kernel memory. (CVE-2014-1445)\n\nAn information leak was discovered in the Linux kernel's hamradio YAM\ndriver for AX.25 packet radio. A local user with the CAP_NET_ADMIN\ncapability could exploit this flaw to obtain sensitive information\nfrom kernel memory. (CVE-2014-1446)\n\nMatthew Thode reported a denial of service vulnerability in the Linux\nkernel when SELinux support is enabled. A local user with the\nCAP_MAC_ADMIN capability (and the SELinux mac_admin permission if\nrunning in enforcing mode) could exploit this flaw to cause a denial\nof service (kernel crash). (CVE-2014-1874).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2128-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-0160\", \"CVE-2013-2929\", \"CVE-2013-4587\", \"CVE-2013-6367\", \"CVE-2013-6380\", \"CVE-2013-6382\", \"CVE-2013-7027\", \"CVE-2013-7266\", \"CVE-2013-7267\", \"CVE-2013-7268\", \"CVE-2013-7269\", \"CVE-2013-7270\", \"CVE-2013-7271\", \"CVE-2014-1444\", \"CVE-2014-1445\", \"CVE-2014-1446\", \"CVE-2014-1874\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2128-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-57-386\", pkgver:\"2.6.32-57.119\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-57-generic\", pkgver:\"2.6.32-57.119\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-57-generic-pae\", pkgver:\"2.6.32-57.119\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-57-lpia\", pkgver:\"2.6.32-57.119\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-57-preempt\", pkgver:\"2.6.32-57.119\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-57-server\", pkgver:\"2.6.32-57.119\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-57-versatile\", pkgver:\"2.6.32-57.119\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-57-virtual\", pkgver:\"2.6.32-57.119\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-386 / linux-image-2.6-generic / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-17T15:13:19", "description": "This Linux kernel security update fixes various security issues and bugs.\n\nThe Linux Kernel was updated to fix various security issues and bugs.\n\nMain security issues fixed :\n\nA security issue in the tty layer that was fixed that could be used by local attackers for code execution (CVE-2014-0196).\n\nTwo security issues in the floppy driver were fixed that could be used by local attackers on machines with the floppy to crash the kernel or potentially execute code in the kernel (CVE-2014-1737 CVE-2014-1738).\n\nOther security issues and bugfixes :\n\n - netfilter: nf_nat: fix access to uninitialized buffer in IRC NAT helper (bnc#860835 CVE-2014-1690).\n\n - net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH (bnc#866102, CVE-2014-0101).\n\n - [media] ivtv: Fix Oops when no firmware is loaded (bnc#875440).\n\n - ALSA: hda - Add dock pin setups for Thinkpad T440 (bnc#876699).\n\n - ip6tnl: fix double free of fb_tnl_dev on exit (bnc#876531).\n\n - Update arm config files: Enable all USB-to-serial drivers Specifically, enable USB_SERIAL_WISHBONE and USB_SERIAL_QT2 on all arm flavors.\n\n - mei: limit the number of consecutive resets (bnc#821619,bnc#852656).\n\n - mei: revamp mei reset state machine (bnc#821619,bnc#852656).\n\n - mei: use hbm idle state to prevent spurious resets (bnc#821619).\n\n - mei: do not run reset flow from the interrupt thread (bnc#821619,bnc#852656).\n\n - mei: don't get stuck in select during reset (bnc#821619).\n\n - mei: wake also writers on reset (bnc#821619).\n\n - mei: remove flash_work_queue (bnc#821619,bnc#852656).\n\n - mei: me: do not load the driver if the FW doesn't support MEI interface (bnc#821619).\n\n - Update ec2 config files: Disable CONFIG_CAN CAN support is disabled everywhere else, so disable it in ec2 too.\n\n - Refresh Xen patches (bnc#851244).\n\n - Update arm/exynos config file: disable AHCI_IMX This driver is only used on Freescale i.MX systems so it isn't needed on Exynos.\n\n - drm: Prefer noninterlace cmdline mode unless explicitly specified (bnc#853350).\n\n - kabi/severities: add exception for irda. The changes resulted in a 4x performance increase. Any external users of this API will also want to rebuild their modules.\n\n - i7core_edac: Fix PCI device reference count.\n\n - KABI: revert tcp: TSO packets automatic sizing.\n\n - KABI: revert tcp: TSQ can use a dynamic limit.\n\n - kabi: add exceptions for kvm and l2tp\n\n - patches.fixes/sunrpc-add-an-info-file-for-the-dummy-gssd\n -pipe.patch: Move include of utsname.h to where it's needed to avoid kABI breakage due to utsname becoming defined.\n\n - Update kabi files. The kABI references were never establishd at release.\n\n - Refresh patches.rpmify/chipidea-clean-up-dependencies Replace OF_DEVICE by OF (OF_DEVICE does not exist anymore.)\n\n - inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu functions (bnc#857643 CVE-2013-7263 CVE-2013-7264 CVE-2013-7265).\n\n - inet: prevent leakage of uninitialized memory to user in recv syscalls (bnc#857643 CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 CVE-2013-7281).\n\n - Update config files: re-enable twofish crypto support Software twofish crypto support was disabled in several architectures since openSUSE 10.3. For i386 and x86_64 it was on purpose, because hardware-accelerated alternatives exist. However for all other architectures it was by accident. Re-enable software twofish crypto support in arm, ia64 and ppc configuration files, to guarantee that at least one implementation is always available (bnc#871325).\n\n - kvm: optimize away THP checks in kvm_is_mmio_pfn() (bnc#871160).\n\n - Update patches.fixes/mm-close-PageTail-race.patch (bnc#871160).\n\n - Update patches.fixes/mm-hugetlbfs-fix-hugetlbfs-optimization.pa tch (bnc#871160).\n\n - mm: close PageTail race (bnc#81660).\n\n - mm: hugetlbfs: fix hugetlbfs optimization (bnc#81660).\n\n - Update config files: disable CONFIG_TOUCHSCREEN_W90X900 The w90p910_ts driver only makes sense on the W90x900 architecture, which we do not support.\n\n - ath9k: protect tid->sched check (bnc#871148,CVE-2014-2672).\n\n - Update ec2 config files: disable CONFIG_INPUT_FF_MEMLESS This helper module is useless on EC2.\n\n - SELinux: Fix kernel BUG on empty security contexts (bnc#863335,CVE-2014-1874).\n\n - hamradio/yam: fix info leak in ioctl (bnc#858872,CVE-2014-1446).\n\n - netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages (bnc#868653 CVE-2014-2523).\n\n - ath9k_htc: properly set MAC address and BSSID mask (bnc#851426,CVE-2013-4579).\n\n - drm/ttm: don't oops if no invalidate_caches() (bnc#869414).\n\n - Btrfs: do not bug_on if we try to cow a free space cache inode (bnc#863235).\n\n - Update vanilla config files: enable console rotation It's enabled in all other kernel flavors so it should be enabled in vanilla too.\n\n - Update config files. (CONFIG_EFIVAR_FS=m) Due to systemd can auto-load efivarfs.ko, so wet CONFIG_EFIVAR_FS to module on x86_64.\n\n - libata, freezer: avoid block device removal while system is frozen (bnc#849334).\n\n - Enable CONFIG_IRDA_FAST_RR=y (bnc#860502)\n\n - [media] bttv: don't setup the controls if there are no video devices (bnc#861750).\n\n - drm/i915/dp: add native aux defer retry limit (bnc#867718).\n\n - drm/i915/dp: increase native aux defer retry timeout (bnc#867718).\n\n - rpc_pipe: fix cleanup of dummy gssd directory when notification fails (bnc#862746).\n\n - sunrpc: add an 'info' file for the dummy gssd pipe (bnc#862746).\n\n - rpc_pipe: remove the clntXX dir if creating the pipe fails (bnc#862746).\n\n - Delete rpm/_constraints after mismerge\n\nSat Mar 8 00:41:07 CET 2014 - jbohac@suse.cz\n\n - Refresh patches.fixes/tcp-syncookies-reduce-cookie-lifetime-to-1 28-seconds.patch.\n\n - tcp: syncookies: reduce cookie lifetime to 128 seconds (bnc#833968).\n\n - tcp: syncookies: reduce mss table to four values (bnc#833968).\n\n - rpm/mkspec: Generate a per-architecture per-package\n _constraints file\n\n - rpm/mkspec: Remove dead code\n\n - Refresh patches.fixes/rtc-cmos-add-an-alarm-disable-quirk.patch.\n\n - rtc-cmos: Add an alarm disable quirk (bnc#812592).\n\n - Refresh patches.xen/xen-x86-EFI.\n\n - Refresh patches.apparmor/apparmor-compatibility-patch-for-v5-net work-control.\n patches.drivers/pstore_disable_efi_backend_by_default.pa tch. patches.fixes/dm-table-switch-to-readonly.\n patches.fixes/kvm-ioapic.patch.\n patches.fixes/kvm-macos.patch.\n patches.fixes/remount-no-shrink-dcache.\n patches.fixes/scsi-dh-queuedata-accessors.\n patches.suse/0001-vfs-Hooks-for-more-fine-grained-direct ory-permission.patch.\n patches.suse/ovl01-vfs-add-i_op-dentry_open.patch.\n patches.suse/sd_init.mark_majors_busy.patch.\n\n - rpm/mkspec: Fix whitespace in NoSource lines\n\n - rpm/kernel-binary.spec.in: Do not zero modules.dep before using it (bnc#866075)\n\n - rpm/kernel-obs-build.spec: Drop useless ExclusiveArch statement\n\n - Update config files. Set CONFIG_EFIVAR_FS to build-in for MOK support Update config files. Set CONFIG_EFIVAR_FS to build-in for MOK support\n\n - nfs: always make sure page is up-to-date before extending a write to cover the entire page (bnc#864867 bnc#865075).\n\n - x86, cpu, amd: Add workaround for family 16h, erratum 793 (bnc#852967 CVE-2013-6885).\n\n - Refresh patches.xen/xen3-patch-3.10.\n\n - cifs: ensure that uncached writes handle unmapped areas correctly (bnc#864025 CVE-2014-0069).\n\n - x86, fpu, amd: Clear exceptions in AMD FXSAVE workaround (bnc#858638 CVE-2014-1438).\n\n - rpm/kernel-obs-build.spec: Do not mount /sys, the build script does it\n\n - Update config files: Disable TS5500-specific drivers These drivers are useless without TS5500 board support:\n mtd-ts5500, gpio-ts5500 and max197.\n\n - balloon: don't crash in HVM-with-PoD guests.\n\n - usbback: fix after c/s 1232:8806dfb939d4 (bnc#842553).\n\n - hwmon: (coretemp) Fix truncated name of alarm attributes.\n\n - rpm/kernel-obs-build.spec: Fix for ppc64le\n\n - Scripts: .nosrc.rpm should contain only the specfile (bnc #639379)\n\n - config: update arm7hl/exynos\n\n - Enhances exynos support :\n\n - Add USB support\n\n - Add sound support\n\n - Add devices (accelerometer, etc.) on arndale board\n\n - drm/cirrus: Fix cirrus drm driver for fbdev + qemu (bnc#856760).\n\n - Spec: zeroing modules.dep to get identical builds among different machines\n\n - doc/README.SUSE: Update to match the current package layout\n\n - Add the README.SUSE file to the packaging branch\n\n - lockd: send correct lock when granting a delayed lock (bnc#859342).\n\n - mm/page-writeback.c: do not count anon pages as dirtyable memory (reclaim stalls).\n\n - mm/page-writeback.c: fix dirty_balance_reserve subtraction from dirtyable memory (reclaim stalls).", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : kernel (openSUSE-SU-2014:0678-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4579", "CVE-2013-6885", "CVE-2013-7263", "CVE-2013-7264", "CVE-2013-7265", "CVE-2013-7281", "CVE-2014-0069", "CVE-2014-0101", "CVE-2014-0196", "CVE-2014-1438", "CVE-2014-1446", "CVE-2014-1690", "CVE-2014-1737", "CVE-2014-1738", "CVE-2014-1874", "CVE-2014-2523", "CVE-2014-2672"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:cloop", "p-cpe:/a:novell:opensuse:cloop-debuginfo", "p-cpe:/a:novell:opensuse:cloop-debugsource", "p-cpe:/a:novell:opensuse:cloop-kmp-default", "p-cpe:/a:novell:opensuse:cloop-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:cloop-kmp-desktop", "p-cpe:/a:novell:opensuse:cloop-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:cloop-kmp-pae", "p-cpe:/a:novell:opensuse:cloop-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:cloop-kmp-xen", "p-cpe:/a:novell:opensuse:cloop-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:crash", "p-cpe:/a:novell:opensuse:crash-debuginfo", "p-cpe:/a:novell:opensuse:crash-debugsource", "p-cpe:/a:novell:opensuse:crash-devel", "p-cpe:/a:novell:opensuse:crash-eppic", "p-cpe:/a:novell:opensuse:crash-eppic-debuginfo", "p-cpe:/a:novell:opensuse:crash-gcore", "p-cpe:/a:novell:opensuse:crash-gcore-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-default", "p-cpe:/a:novell:opensuse:crash-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-desktop", "p-cpe:/a:novell:opensuse:crash-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-pae", "p-cpe:/a:novell:opensuse:crash-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-xen", "p-cpe:/a:novell:opensuse:crash-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-debugsource", "p-cpe:/a:novell:opensuse:hdjmod-kmp-default", "p-cpe:/a:novell:opensuse:hdjmod-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop", "p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-kmp-pae", "p-cpe:/a:novell:opensuse:hdjmod-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-kmp-xen", "p-cpe:/a:novell:opensuse:hdjmod-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:ipset", "p-cpe:/a:novell:opensuse:ipset-debuginfo", "p-cpe:/a:novell:opensuse:ipset-debugsource", "p-cpe:/a:novell:opensuse:ipset-devel", "p-cpe:/a:novell:opensuse:ipset-kmp-default", "p-cpe:/a:novell:opensuse:ipset-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-desktop", "p-cpe:/a:novell:opensuse:ipset-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-pae", "p-cpe:/a:novell:opensuse:ipset-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-xen", "p-cpe:/a:novell:opensuse:ipset-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:iscsitarget", "p-cpe:/a:novell:opensuse:iscsitarget-debuginfo", "p-cpe:/a:novell:opensuse:iscsitarget-debugsource", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-default", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-desktop", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-pae", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-xen", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop", "p-cpe:/a:novell:opensuse:kernel-desktop-base", "p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-debugsource", "p-cpe:/a:novell:opensuse:kernel-desktop-devel", "p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-ec2", "p-cpe:/a:novell:opensuse:kernel-ec2-base", "p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debugsource", "p-cpe:/a:novell:opensuse:kernel-ec2-devel", "p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:kernel-pae-base", "p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debugsource", "p-cpe:/a:novell:opensuse:kernel-pae-devel", "p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-trace", "p-cpe:/a:novell:opensuse:kernel-trace-base", "p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-trace-debuginfo", "p-cpe:/a:novell:opensuse:kernel-trace-debugsource", "p-cpe:/a:novell:opensuse:kernel-trace-devel", "p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-xen-base", "p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debugsource", "p-cpe:/a:novell:opensuse:kernel-xen-devel", "p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo", "p-cpe:/a:novell:opensuse:libipset3", "p-cpe:/a:novell:opensuse:libipset3-debuginfo", "p-cpe:/a:novell:opensuse:ndiswrapper", "p-cpe:/a:novell:opensuse:ndiswrapper-debuginfo", "p-cpe:/a:novell:opensuse:ndiswrapper-debugsource", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-default", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-desktop", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-pae", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch", "p-cpe:/a:novell:opensuse:openvswitch-controller", "p-cpe:/a:novell:opensuse:openvswitch-controller-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch-debugsource", "p-cpe:/a:novell:opensuse:openvswitch-kmp-default", "p-cpe:/a:novell:opensuse:openvswitch-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch-kmp-desktop", "p-cpe:/a:novell:opensuse:openvswitch-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch-kmp-pae", "p-cpe:/a:novell:opensuse:openvswitch-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch-kmp-xen", "p-cpe:/a:novell:opensuse:openvswitch-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch-pki", "p-cpe:/a:novell:opensuse:openvswitch-switch", "p-cpe:/a:novell:opensuse:openvswitch-switch-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch-test", "p-cpe:/a:novell:opensuse:pcfclock", "p-cpe:/a:novell:opensuse:pcfclock-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock-debugsource", "p-cpe:/a:novell:opensuse:pcfclock-kmp-default", "p-cpe:/a:novell:opensuse:pcfclock-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop", "p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock-kmp-pae", "p-cpe:/a:novell:opensuse:pcfclock-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:python-openvswitch", "p-cpe:/a:novell:opensuse:python-openvswitch-test", "p-cpe:/a:novell:opensuse:python-virtualbox", "p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox", "p-cpe:/a:novell:opensuse:virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-debugsource", "p-cpe:/a:novell:opensuse:virtualbox-devel", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-tools", "p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-x11", "p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-qt", "p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-websrv", "p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo", "p-cpe:/a:novell:opensuse:xen", "p-cpe:/a:novell:opensuse:xen-debugsource", "p-cpe:/a:novell:opensuse:xen-devel", "p-cpe:/a:novell:opensuse:xen-doc-html", "p-cpe:/a:novell:opensuse:xen-kmp-default", "p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:xen-kmp-desktop", "p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:xen-kmp-pae", "p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs", "p-cpe:/a:novell:opensuse:xen-libs-32bit", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:xen-tools", "p-cpe:/a:novell:opensuse:xen-tools-debuginfo", "p-cpe:/a:novell:opensuse:xen-tools-domU", "p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo", "p-cpe:/a:novell:opensuse:xen-xend-tools", "p-cpe:/a:novell:opensuse:xen-xend-tools-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons", "p-cpe:/a:novell:opensuse:xtables-addons-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-debugsource", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-default", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen-debuginfo", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2014-375.NASL", "href": "https://www.tenable.com/plugins/nessus/75363", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-375.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75363);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-4579\", \"CVE-2013-6885\", \"CVE-2013-7263\", \"CVE-2013-7264\", \"CVE-2013-7265\", \"CVE-2013-7281\", \"CVE-2014-0069\", \"CVE-2014-0101\", \"CVE-2014-0196\", \"CVE-2014-1438\", \"CVE-2014-1446\", \"CVE-2014-1690\", \"CVE-2014-1737\", \"CVE-2014-1738\", \"CVE-2014-1874\", \"CVE-2014-2523\", \"CVE-2014-2672\");\n\n script_name(english:\"openSUSE Security Update : kernel (openSUSE-SU-2014:0678-1)\");\n script_summary(english:\"Check for the openSUSE-2014-375 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This Linux kernel security update fixes various security issues and\nbugs.\n\nThe Linux Kernel was updated to fix various security issues and bugs.\n\nMain security issues fixed :\n\nA security issue in the tty layer that was fixed that could be used by\nlocal attackers for code execution (CVE-2014-0196).\n\nTwo security issues in the floppy driver were fixed that could be used\nby local attackers on machines with the floppy to crash the kernel or\npotentially execute code in the kernel (CVE-2014-1737 CVE-2014-1738).\n\nOther security issues and bugfixes :\n\n - netfilter: nf_nat: fix access to uninitialized buffer in\n IRC NAT helper (bnc#860835 CVE-2014-1690).\n\n - net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer\n is AUTH (bnc#866102, CVE-2014-0101).\n\n - [media] ivtv: Fix Oops when no firmware is loaded\n (bnc#875440).\n\n - ALSA: hda - Add dock pin setups for Thinkpad T440\n (bnc#876699).\n\n - ip6tnl: fix double free of fb_tnl_dev on exit\n (bnc#876531).\n\n - Update arm config files: Enable all USB-to-serial\n drivers Specifically, enable USB_SERIAL_WISHBONE and\n USB_SERIAL_QT2 on all arm flavors.\n\n - mei: limit the number of consecutive resets\n (bnc#821619,bnc#852656).\n\n - mei: revamp mei reset state machine\n (bnc#821619,bnc#852656).\n\n - mei: use hbm idle state to prevent spurious resets\n (bnc#821619).\n\n - mei: do not run reset flow from the interrupt thread\n (bnc#821619,bnc#852656).\n\n - mei: don't get stuck in select during reset\n (bnc#821619).\n\n - mei: wake also writers on reset (bnc#821619).\n\n - mei: remove flash_work_queue (bnc#821619,bnc#852656).\n\n - mei: me: do not load the driver if the FW doesn't\n support MEI interface (bnc#821619).\n\n - Update ec2 config files: Disable CONFIG_CAN CAN support\n is disabled everywhere else, so disable it in ec2 too.\n\n - Refresh Xen patches (bnc#851244).\n\n - Update arm/exynos config file: disable AHCI_IMX This\n driver is only used on Freescale i.MX systems so it\n isn't needed on Exynos.\n\n - drm: Prefer noninterlace cmdline mode unless explicitly\n specified (bnc#853350).\n\n - kabi/severities: add exception for irda. The changes\n resulted in a 4x performance increase. Any external\n users of this API will also want to rebuild their\n modules.\n\n - i7core_edac: Fix PCI device reference count.\n\n - KABI: revert tcp: TSO packets automatic sizing.\n\n - KABI: revert tcp: TSQ can use a dynamic limit.\n\n - kabi: add exceptions for kvm and l2tp\n\n -\n patches.fixes/sunrpc-add-an-info-file-for-the-dummy-gssd\n -pipe.patch: Move include of utsname.h to where it's\n needed to avoid kABI breakage due to utsname becoming\n defined.\n\n - Update kabi files. The kABI references were never\n establishd at release.\n\n - Refresh patches.rpmify/chipidea-clean-up-dependencies\n Replace OF_DEVICE by OF (OF_DEVICE does not exist\n anymore.)\n\n - inet: fix addr_len/msg->msg_namelen assignment in\n recv_error and rxpmtu functions (bnc#857643\n CVE-2013-7263 CVE-2013-7264 CVE-2013-7265).\n\n - inet: prevent leakage of uninitialized memory to user in\n recv syscalls (bnc#857643 CVE-2013-7263 CVE-2013-7264\n CVE-2013-7265 CVE-2013-7281).\n\n - Update config files: re-enable twofish crypto support\n Software twofish crypto support was disabled in several\n architectures since openSUSE 10.3. For i386 and x86_64\n it was on purpose, because hardware-accelerated\n alternatives exist. However for all other architectures\n it was by accident. Re-enable software twofish crypto\n support in arm, ia64 and ppc configuration files, to\n guarantee that at least one implementation is always\n available (bnc#871325).\n\n - kvm: optimize away THP checks in kvm_is_mmio_pfn()\n (bnc#871160).\n\n - Update patches.fixes/mm-close-PageTail-race.patch\n (bnc#871160).\n\n - Update\n patches.fixes/mm-hugetlbfs-fix-hugetlbfs-optimization.pa\n tch (bnc#871160).\n\n - mm: close PageTail race (bnc#81660).\n\n - mm: hugetlbfs: fix hugetlbfs optimization (bnc#81660).\n\n - Update config files: disable CONFIG_TOUCHSCREEN_W90X900\n The w90p910_ts driver only makes sense on the W90x900\n architecture, which we do not support.\n\n - ath9k: protect tid->sched check\n (bnc#871148,CVE-2014-2672).\n\n - Update ec2 config files: disable CONFIG_INPUT_FF_MEMLESS\n This helper module is useless on EC2.\n\n - SELinux: Fix kernel BUG on empty security contexts\n (bnc#863335,CVE-2014-1874).\n\n - hamradio/yam: fix info leak in ioctl\n (bnc#858872,CVE-2014-1446).\n\n - netfilter: nf_conntrack_dccp: fix skb_header_pointer API\n usages (bnc#868653 CVE-2014-2523).\n\n - ath9k_htc: properly set MAC address and BSSID mask\n (bnc#851426,CVE-2013-4579).\n\n - drm/ttm: don't oops if no invalidate_caches()\n (bnc#869414).\n\n - Btrfs: do not bug_on if we try to cow a free space cache\n inode (bnc#863235).\n\n - Update vanilla config files: enable console rotation\n It's enabled in all other kernel flavors so it should be\n enabled in vanilla too.\n\n - Update config files. (CONFIG_EFIVAR_FS=m) Due to systemd\n can auto-load efivarfs.ko, so wet CONFIG_EFIVAR_FS to\n module on x86_64.\n\n - libata, freezer: avoid block device removal while system\n is frozen (bnc#849334).\n\n - Enable CONFIG_IRDA_FAST_RR=y (bnc#860502)\n\n - [media] bttv: don't setup the controls if there are no\n video devices (bnc#861750).\n\n - drm/i915/dp: add native aux defer retry limit\n (bnc#867718).\n\n - drm/i915/dp: increase native aux defer retry timeout\n (bnc#867718).\n\n - rpc_pipe: fix cleanup of dummy gssd directory when\n notification fails (bnc#862746).\n\n - sunrpc: add an 'info' file for the dummy gssd pipe\n (bnc#862746).\n\n - rpc_pipe: remove the clntXX dir if creating the pipe\n fails (bnc#862746).\n\n - Delete rpm/_constraints after mismerge\n\nSat Mar 8 00:41:07 CET 2014 - jbohac@suse.cz\n\n - Refresh\n patches.fixes/tcp-syncookies-reduce-cookie-lifetime-to-1\n 28-seconds.patch.\n\n - tcp: syncookies: reduce cookie lifetime to 128 seconds\n (bnc#833968).\n\n - tcp: syncookies: reduce mss table to four values\n (bnc#833968).\n\n - rpm/mkspec: Generate a per-architecture per-package\n _constraints file\n\n - rpm/mkspec: Remove dead code\n\n - Refresh\n patches.fixes/rtc-cmos-add-an-alarm-disable-quirk.patch.\n\n - rtc-cmos: Add an alarm disable quirk (bnc#812592).\n\n - Refresh patches.xen/xen-x86-EFI.\n\n - Refresh\n patches.apparmor/apparmor-compatibility-patch-for-v5-net\n work-control.\n patches.drivers/pstore_disable_efi_backend_by_default.pa\n tch. patches.fixes/dm-table-switch-to-readonly.\n patches.fixes/kvm-ioapic.patch.\n patches.fixes/kvm-macos.patch.\n patches.fixes/remount-no-shrink-dcache.\n patches.fixes/scsi-dh-queuedata-accessors.\n patches.suse/0001-vfs-Hooks-for-more-fine-grained-direct\n ory-permission.patch.\n patches.suse/ovl01-vfs-add-i_op-dentry_open.patch.\n patches.suse/sd_init.mark_majors_busy.patch.\n\n - rpm/mkspec: Fix whitespace in NoSource lines\n\n - rpm/kernel-binary.spec.in: Do not zero modules.dep\n before using it (bnc#866075)\n\n - rpm/kernel-obs-build.spec: Drop useless ExclusiveArch\n statement\n\n - Update config files. Set CONFIG_EFIVAR_FS to build-in\n for MOK support Update config files. Set\n CONFIG_EFIVAR_FS to build-in for MOK support\n\n - nfs: always make sure page is up-to-date before\n extending a write to cover the entire page (bnc#864867\n bnc#865075).\n\n - x86, cpu, amd: Add workaround for family 16h, erratum\n 793 (bnc#852967 CVE-2013-6885).\n\n - Refresh patches.xen/xen3-patch-3.10.\n\n - cifs: ensure that uncached writes handle unmapped areas\n correctly (bnc#864025 CVE-2014-0069).\n\n - x86, fpu, amd: Clear exceptions in AMD FXSAVE workaround\n (bnc#858638 CVE-2014-1438).\n\n - rpm/kernel-obs-build.spec: Do not mount /sys, the build\n script does it\n\n - Update config files: Disable TS5500-specific drivers\n These drivers are useless without TS5500 board support:\n mtd-ts5500, gpio-ts5500 and max197.\n\n - balloon: don't crash in HVM-with-PoD guests.\n\n - usbback: fix after c/s 1232:8806dfb939d4 (bnc#842553).\n\n - hwmon: (coretemp) Fix truncated name of alarm\n attributes.\n\n - rpm/kernel-obs-build.spec: Fix for ppc64le\n\n - Scripts: .nosrc.rpm should contain only the specfile\n (bnc #639379)\n\n - config: update arm7hl/exynos\n\n - Enhances exynos support :\n\n - Add USB support\n\n - Add sound support\n\n - Add devices (accelerometer, etc.) on arndale board\n\n - drm/cirrus: Fix cirrus drm driver for fbdev + qemu\n (bnc#856760).\n\n - Spec: zeroing modules.dep to get identical builds among\n different machines\n\n - doc/README.SUSE: Update to match the current package\n layout\n\n - Add the README.SUSE file to the packaging branch\n\n - lockd: send correct lock when granting a delayed lock\n (bnc#859342).\n\n - mm/page-writeback.c: do not count anon pages as\n dirtyable memory (reclaim stalls).\n\n - mm/page-writeback.c: fix dirty_balance_reserve\n subtraction from dirtyable memory (reclaim stalls).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=639379\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=812592\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=81660\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=821619\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=833968\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=842553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=849334\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=851244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=851426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=852656\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=852967\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=853350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=856760\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=857643\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=858638\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=858872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=859342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=860502\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=860835\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=861750\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=862746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=863235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=863335\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=864025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=864867\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=865075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=866075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=866102\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=867718\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=868653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=869414\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=871148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=871160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=871252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=871325\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=875440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=875690\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=875798\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=876531\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=876699\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-05/msg00056.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-eppic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-eppic-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-gcore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-gcore-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libipset3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libipset3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-controller\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-controller-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-pki\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-switch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-switch-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-openvswitch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-openvswitch-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-websrv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-xend-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-xend-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-2.639-11.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-debuginfo-2.639-11.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-debugsource-2.639-11.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-default-2.639_k3.11.10_11-11.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-default-debuginfo-2.639_k3.11.10_11-11.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-desktop-2.639_k3.11.10_11-11.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-desktop-debuginfo-2.639_k3.11.10_11-11.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-pae-2.639_k3.11.10_11-11.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-pae-debuginfo-2.639_k3.11.10_11-11.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-xen-2.639_k3.11.10_11-11.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-xen-debuginfo-2.639_k3.11.10_11-11.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-7.0.2-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-debuginfo-7.0.2-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-debugsource-7.0.2-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-devel-7.0.2-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-eppic-7.0.2-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-eppic-debuginfo-7.0.2-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-gcore-7.0.2-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-gcore-debuginfo-7.0.2-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-default-7.0.2_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-default-debuginfo-7.0.2_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-desktop-7.0.2_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-desktop-debuginfo-7.0.2_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-pae-7.0.2_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-pae-debuginfo-7.0.2_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-xen-7.0.2_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-xen-debuginfo-7.0.2_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-debugsource-1.28-16.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-default-1.28_k3.11.10_11-16.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-default-debuginfo-1.28_k3.11.10_11-16.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-desktop-1.28_k3.11.10_11-16.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-desktop-debuginfo-1.28_k3.11.10_11-16.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-pae-1.28_k3.11.10_11-16.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-pae-debuginfo-1.28_k3.11.10_11-16.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-xen-1.28_k3.11.10_11-16.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-xen-debuginfo-1.28_k3.11.10_11-16.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-6.19-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-debuginfo-6.19-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-debugsource-6.19-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-devel-6.19-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-default-6.19_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-default-debuginfo-6.19_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-desktop-6.19_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-desktop-debuginfo-6.19_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-pae-6.19_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-pae-debuginfo-6.19_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-xen-6.19_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-xen-debuginfo-6.19_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-1.4.20.3-13.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-debuginfo-1.4.20.3-13.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-debugsource-1.4.20.3-13.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-default-1.4.20.3_k3.11.10_11-13.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-default-debuginfo-1.4.20.3_k3.11.10_11-13.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-desktop-1.4.20.3_k3.11.10_11-13.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-desktop-debuginfo-1.4.20.3_k3.11.10_11-13.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-pae-1.4.20.3_k3.11.10_11-13.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-pae-debuginfo-1.4.20.3_k3.11.10_11-13.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-xen-1.4.20.3_k3.11.10_11-13.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-xen-debuginfo-1.4.20.3_k3.11.10_11-13.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-base-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-base-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-debugsource-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-devel-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-devel-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-devel-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-source-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-source-vanilla-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-syms-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libipset3-6.19-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libipset3-debuginfo-6.19-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-1.58-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-debuginfo-1.58-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-debugsource-1.58-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-default-1.58_k3.11.10_11-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-default-debuginfo-1.58_k3.11.10_11-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-desktop-1.58_k3.11.10_11-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-desktop-debuginfo-1.58_k3.11.10_11-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-pae-1.58_k3.11.10_11-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-pae-debuginfo-1.58_k3.11.10_11-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-1.11.0-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-controller-1.11.0-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-controller-debuginfo-1.11.0-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-debuginfo-1.11.0-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-debugsource-1.11.0-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-default-1.11.0_k3.11.10_11-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-default-debuginfo-1.11.0_k3.11.10_11-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-desktop-1.11.0_k3.11.10_11-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-desktop-debuginfo-1.11.0_k3.11.10_11-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-pae-1.11.0_k3.11.10_11-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-pae-debuginfo-1.11.0_k3.11.10_11-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-xen-1.11.0_k3.11.10_11-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-xen-debuginfo-1.11.0_k3.11.10_11-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-pki-1.11.0-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-switch-1.11.0-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-switch-debuginfo-1.11.0-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-test-1.11.0-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-0.44-258.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-debuginfo-0.44-258.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-debugsource-0.44-258.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-default-0.44_k3.11.10_11-258.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-default-debuginfo-0.44_k3.11.10_11-258.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-desktop-0.44_k3.11.10_11-258.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-desktop-debuginfo-0.44_k3.11.10_11-258.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-pae-0.44_k3.11.10_11-258.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-pae-debuginfo-0.44_k3.11.10_11-258.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-openvswitch-1.11.0-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-openvswitch-test-1.11.0-0.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-virtualbox-4.2.18-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-virtualbox-debuginfo-4.2.18-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-4.2.18-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-debuginfo-4.2.18-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-debugsource-4.2.18-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-devel-4.2.18-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-default-4.2.18_k3.11.10_11-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-default-debuginfo-4.2.18_k3.11.10_11-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-desktop-4.2.18_k3.11.10_11-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-desktop-debuginfo-4.2.18_k3.11.10_11-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-pae-4.2.18_k3.11.10_11-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-pae-debuginfo-4.2.18_k3.11.10_11-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-tools-4.2.18-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-tools-debuginfo-4.2.18-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-x11-4.2.18-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-x11-debuginfo-4.2.18-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-default-4.2.18_k3.11.10_11-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-default-debuginfo-4.2.18_k3.11.10_11-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-desktop-4.2.18_k3.11.10_11-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-desktop-debuginfo-4.2.18_k3.11.10_11-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-pae-4.2.18_k3.11.10_11-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-pae-debuginfo-4.2.18_k3.11.10_11-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-qt-4.2.18-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-qt-debuginfo-4.2.18-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-websrv-4.2.18-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-websrv-debuginfo-4.2.18-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-debugsource-4.3.2_01-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-devel-4.3.2_01-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-default-4.3.2_01_k3.11.10_11-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-default-debuginfo-4.3.2_01_k3.11.10_11-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-desktop-4.3.2_01_k3.11.10_11-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-desktop-debuginfo-4.3.2_01_k3.11.10_11-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-pae-4.3.2_01_k3.11.10_11-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-pae-debuginfo-4.3.2_01_k3.11.10_11-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-libs-4.3.2_01-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-libs-debuginfo-4.3.2_01-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-tools-domU-4.3.2_01-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-tools-domU-debuginfo-4.3.2_01-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-2.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-debuginfo-2.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-debugsource-2.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-default-2.3_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-default-debuginfo-2.3_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-desktop-2.3_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-desktop-debuginfo-2.3_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-pae-2.3_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-pae-debuginfo-2.3_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-xen-2.3_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-xen-debuginfo-2.3_k3.11.10_11-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-base-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-base-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-debugsource-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-devel-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-devel-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-base-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-base-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-debugsource-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-devel-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-devel-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-base-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-base-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-debugsource-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-devel-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-devel-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-base-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-base-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-debugsource-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-devel-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-devel-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-base-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-base-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-debugsource-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-devel-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-devel-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-vanilla-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-vanilla-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-vanilla-debugsource-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-vanilla-devel-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-vanilla-devel-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-base-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-base-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-debugsource-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-devel-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-devel-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-base-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-base-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-debugsource-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-devel-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-devel-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debugsource-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-debugsource-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-devel-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-base-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-base-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-debugsource-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-devel-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-devel-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debugsource-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-devel-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-devel-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-debuginfo-3.11.10-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-4.3.2_01-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-doc-html-4.3.2_01-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.3.2_01-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.3.2_01-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-tools-4.3.2_01-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.3.2_01-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-xend-tools-4.3.2_01-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-xend-tools-debuginfo-4.3.2_01-15.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:50:53", "description": "Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker could exploit this error to discover the original MAC address after a spoofing atack.\n(CVE-2013-4579)\n\nAndrew Honig reported a flaw in the Linux Kernel's kvm_vm_ioctl_create_vcpu function of the Kernel Virtual Machine (KVM) subsystem. A local user could exploit this flaw to gain privileges on the host machine. (CVE-2013-4587)\n\nAndrew Honig reported a flaw in the apic_get_tmcct function of the Kernel Virtual Machine (KVM) subsystem if the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service or host OS system crash. (CVE-2013-6367)\n\nAndrew Honig reported an error in the Linux Kernel's Kernel Virtual Machine (KVM) VAPIC synchronization operation. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash). (CVE-2013-6368)\n\nNico Golde and Fabian Yamaguchi reported buffer underflow errors in the implementation of the XFS filesystem in the Linux kernel. A local user with CAP_SYS_ADMIN could exploit these flaw to cause a denial of service (memory corruption) or possibly other unspecified issues.\n(CVE-2013-6382)\n\nmpd reported an information leak in the recvfrom, recvmmsg, and recvmsg system calls in the Linux kernel. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7263)\n\nmpb reported an information leak in the Layer Two Tunneling Protocol (l2tp) of the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7264)\n\nmpb reported an information leak in the Phone Network protocol (phonet) in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7265)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with ISDN sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7266)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with apple talk sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7267)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with ipx protocol sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7268)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with the netrom address family in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7269)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with packet address family sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7270)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with x25 protocol sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7271)\n\nmpb reported an information leak in the Low-Rate Wireless Personal Area Networks support (IEEE 802.15.4) in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7281)\n\nhalfdog reported an error in the AMD K7 and K8 platform support in the Linux kernel. An unprivileged local user could exploit this flaw on AMD based systems to cause a denial of service (task kill) or possibly gain privileges via a crafted application. (CVE-2014-1438)\n\nAn information leak was discovered in the Linux kernel's hamradio YAM driver for AX.25 packet radio. A local user with the CAP_NET_ADMIN capability could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2014-1446)\n\nMatthew Thode reported a denial of service vulnerability in the Linux kernel when SELinux support is enabled. A local user with the CAP_MAC_ADMIN capability (and the SELinux mac_admin permission if running in enforcing mode) could exploit this flaw to cause a denial of service (kernel crash). (CVE-2014-1874).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-03-10T00:00:00", "type": "nessus", "title": "Ubuntu 12.10 : linux vulnerabilities (USN-2138-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4579", "CVE-2013-4587", "CVE-2013-6367", "CVE-2013-6368", "CVE-2013-6382", "CVE-2013-7263", "CVE-2013-7264", "CVE-2013-7265", "CVE-2013-7266", "CVE-2013-7267", "CVE-2013-7268", "CVE-2013-7269", "CVE-2013-7270", "CVE-2013-7271", "CVE-2013-7281", "CVE-2014-1438", "CVE-2014-1446", "CVE-2014-1874"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-highbank", "cpe:/o:canonical:ubuntu_linux:12.10"], "id": "UBUNTU_USN-2138-1.NASL", "href": "https://www.tenable.com/plugins/nessus/72901", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2138-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72901);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-4579\", \"CVE-2013-4587\", \"CVE-2013-6367\", \"CVE-2013-6368\", \"CVE-2013-6382\", \"CVE-2013-7263\", \"CVE-2013-7264\", \"CVE-2013-7265\", \"CVE-2013-7266\", \"CVE-2013-7267\", \"CVE-2013-7268\", \"CVE-2013-7269\", \"CVE-2013-7270\", \"CVE-2013-7271\", \"CVE-2013-7281\", \"CVE-2014-1438\", \"CVE-2014-1446\", \"CVE-2014-1874\");\n script_xref(name:\"USN\", value:\"2138-1\");\n\n script_name(english:\"Ubuntu 12.10 : linux vulnerabilities (USN-2138-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mathy Vanhoef discovered an error in the the way the ath9k driver was\nhandling the BSSID masking. A remote attacker could exploit this error\nto discover the original MAC address after a spoofing atack.\n(CVE-2013-4579)\n\nAndrew Honig reported a flaw in the Linux Kernel's\nkvm_vm_ioctl_create_vcpu function of the Kernel Virtual Machine (KVM)\nsubsystem. A local user could exploit this flaw to gain privileges on\nthe host machine. (CVE-2013-4587)\n\nAndrew Honig reported a flaw in the apic_get_tmcct function of the\nKernel Virtual Machine (KVM) subsystem if the Linux kernel. A guest OS\nuser could exploit this flaw to cause a denial of service or host OS\nsystem crash. (CVE-2013-6367)\n\nAndrew Honig reported an error in the Linux Kernel's Kernel Virtual\nMachine (KVM) VAPIC synchronization operation. A local user could\nexploit this flaw to gain privileges or cause a denial of service\n(system crash). (CVE-2013-6368)\n\nNico Golde and Fabian Yamaguchi reported buffer underflow errors in\nthe implementation of the XFS filesystem in the Linux kernel. A local\nuser with CAP_SYS_ADMIN could exploit these flaw to cause a denial of\nservice (memory corruption) or possibly other unspecified issues.\n(CVE-2013-6382)\n\nmpd reported an information leak in the recvfrom, recvmmsg, and\nrecvmsg system calls in the Linux kernel. An unprivileged local user\ncould exploit this flaw to obtain sensitive information from kernel\nstack memory. (CVE-2013-7263)\n\nmpb reported an information leak in the Layer Two Tunneling Protocol\n(l2tp) of the Linux kernel. A local user could exploit this flaw to\nobtain sensitive information from kernel stack memory. (CVE-2013-7264)\n\nmpb reported an information leak in the Phone Network protocol\n(phonet) in the Linux kernel. A local user could exploit this flaw to\nobtain sensitive information from kernel stack memory. (CVE-2013-7265)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with ISDN sockets in the Linux kernel. A\nlocal user could exploit this leak to obtain potentially sensitive\ninformation from kernel memory. (CVE-2013-7266)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with apple talk sockets in the Linux\nkernel. A local user could exploit this leak to obtain potentially\nsensitive information from kernel memory. (CVE-2013-7267)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with ipx protocol sockets in the Linux\nkernel. A local user could exploit this leak to obtain potentially\nsensitive information from kernel memory. (CVE-2013-7268)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with the netrom address family in the\nLinux kernel. A local user could exploit this leak to obtain\npotentially sensitive information from kernel memory. (CVE-2013-7269)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with packet address family sockets in\nthe Linux kernel. A local user could exploit this leak to obtain\npotentially sensitive information from kernel memory. (CVE-2013-7270)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with x25 protocol sockets in the Linux\nkernel. A local user could exploit this leak to obtain potentially\nsensitive information from kernel memory. (CVE-2013-7271)\n\nmpb reported an information leak in the Low-Rate Wireless Personal\nArea Networks support (IEEE 802.15.4) in the Linux kernel. A local\nuser could exploit this flaw to obtain sensitive information from\nkernel stack memory. (CVE-2013-7281)\n\nhalfdog reported an error in the AMD K7 and K8 platform support in the\nLinux kernel. An unprivileged local user could exploit this flaw on\nAMD based systems to cause a denial of service (task kill) or possibly\ngain privileges via a crafted application. (CVE-2014-1438)\n\nAn information leak was discovered in the Linux kernel's hamradio YAM\ndriver for AX.25 packet radio. A local user with the CAP_NET_ADMIN\ncapability could exploit this flaw to obtain sensitive information\nfrom kernel memory. (CVE-2014-1446)\n\nMatthew Thode reported a denial of service vulnerability in the Linux\nkernel when SELinux support is enabled. A local user with the\nCAP_MAC_ADMIN capability (and the SELinux mac_admin permission if\nrunning in enforcing mode) could exploit this flaw to cause a denial\nof service (kernel crash). (CVE-2014-1874).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2138-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.5-generic and / or\nlinux-image-3.5-highbank packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-highbank\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-4579\", \"CVE-2013-4587\", \"CVE-2013-6367\", \"CVE-2013-6368\", \"CVE-2013-6382\", \"CVE-2013-7263\", \"CVE-2013-7264\", \"CVE-2013-7265\", \"CVE-2013-7266\", \"CVE-2013-7267\", \"CVE-2013-7268\", \"CVE-2013-7269\", \"CVE-2013-7270\", \"CVE-2013-7271\", \"CVE-2013-7281\", \"CVE-2014-1438\", \"CVE-2014-1446\", \"CVE-2014-1874\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2138-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.10\", pkgname:\"linux-image-3.5.0-47-generic\", pkgver:\"3.5.0-47.71\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"linux-image-3.5.0-47-highbank\", pkgver:\"3.5.0-47.71\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.5-generic / linux-image-3.5-highbank\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:50:57", "description": "Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker could exploit this error to discover the original MAC address after a spoofing atack.\n(CVE-2013-4579)\n\nAndrew Honig reported a flaw in the Linux Kernel's kvm_vm_ioctl_create_vcpu function of the Kernel Virtual Machine (KVM) subsystem. A local user could exploit this flaw to gain privileges on the host machine. (CVE-2013-4587)\n\nAndrew Honig reported a flaw in the apic_get_tmcct function of the Kernel Virtual Machine (KVM) subsystem if the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service or host OS system crash. (CVE-2013-6367)\n\nAndrew Honig reported an error in the Linux Kernel's Kernel Virtual Machine (KVM) VAPIC synchronization operation. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash). (CVE-2013-6368)\n\nNico Golde and Fabian Yamaguchi reported buffer underflow errors in the implementation of the XFS filesystem in the Linux kernel. A local user with CAP_SYS_ADMIN could exploit these flaw to cause a denial of service (memory corruption) or possibly other unspecified issues.\n(CVE-2013-6382)\n\nmpd reported an information leak in the recvfrom, recvmmsg, and recvmsg system calls in the Linux kernel. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7263)\n\nmpb reported an information leak in the Layer Two Tunneling Protocol (l2tp) of the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7264)\n\nmpb reported an information leak in the Phone Network protocol (phonet) in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7265)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with ISDN sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7266)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with apple talk sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7267)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with ipx protocol sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7268)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with the netrom address family in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7269)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with packet address family sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7270)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with x25 protocol sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7271)\n\nmpb reported an information leak in the Low-Rate Wireless Personal Area Networks support (IEEE 802.15.4) in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7281)\n\nhalfdog reported an error in the AMD K7 and K8 platform support in the Linux kernel. An unprivileged local user could exploit this flaw on AMD based systems to cause a denial of service (task kill) or possibly gain privileges via a crafted application. (CVE-2014-1438)\n\nAn information leak was discovered in the Linux kernel's hamradio YAM driver for AX.25 packet radio. A local user with the CAP_NET_ADMIN capability could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2014-1446)\n\nMatthew Thode reported a denial of service vulnerability in the Linux kernel when SELinux support is enabled. A local user with the CAP_MAC_ADMIN capability (and the SELinux mac_admin permission if running in enforcing mode) could exploit this flaw to cause a denial of service (kernel crash). (CVE-2014-1874).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-03-10T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-2135-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4579", "CVE-2013-4587", "CVE-2013-6367", "CVE-2013-6368", "CVE-2013-6382", "CVE-2013-7263", "CVE-2013-7264", "CVE-2013-7265", "CVE-2013-7266", "CVE-2013-7267", "CVE-2013-7268", "CVE-2013-7269", "CVE-2013-7270", "CVE-2013-7271", "CVE-2013-7281", "CVE-2014-1438", "CVE-2014-1446", "CVE-2014-1874"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-generic", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-2135-1.NASL", "href": "https://www.tenable.com/plugins/nessus/72898", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2135-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72898);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-4579\", \"CVE-2013-4587\", \"CVE-2013-6367\", \"CVE-2013-6368\", \"CVE-2013-6382\", \"CVE-2013-7263\", \"CVE-2013-7264\", \"CVE-2013-7265\", \"CVE-2013-7266\", \"CVE-2013-7267\", \"CVE-2013-7268\", \"CVE-2013-7269\", \"CVE-2013-7270\", \"CVE-2013-7271\", \"CVE-2013-7281\", \"CVE-2014-1438\", \"CVE-2014-1446\", \"CVE-2014-1874\");\n script_xref(name:\"USN\", value:\"2135-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-2135-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mathy Vanhoef discovered an error in the the way the ath9k driver was\nhandling the BSSID masking. A remote attacker could exploit this error\nto discover the original MAC address after a spoofing atack.\n(CVE-2013-4579)\n\nAndrew Honig reported a flaw in the Linux Kernel's\nkvm_vm_ioctl_create_vcpu function of the Kernel Virtual Machine (KVM)\nsubsystem. A local user could exploit this flaw to gain privileges on\nthe host machine. (CVE-2013-4587)\n\nAndrew Honig reported a flaw in the apic_get_tmcct function of the\nKernel Virtual Machine (KVM) subsystem if the Linux kernel. A guest OS\nuser could exploit this flaw to cause a denial of service or host OS\nsystem crash. (CVE-2013-6367)\n\nAndrew Honig reported an error in the Linux Kernel's Kernel Virtual\nMachine (KVM) VAPIC synchronization operation. A local user could\nexploit this flaw to gain privileges or cause a denial of service\n(system crash). (CVE-2013-6368)\n\nNico Golde and Fabian Yamaguchi reported buffer underflow errors in\nthe implementation of the XFS filesystem in the Linux kernel. A local\nuser with CAP_SYS_ADMIN could exploit these flaw to cause a denial of\nservice (memory corruption) or possibly other unspecified issues.\n(CVE-2013-6382)\n\nmpd reported an information leak in the recvfrom, recvmmsg, and\nrecvmsg system calls in the Linux kernel. An unprivileged local user\ncould exploit this flaw to obtain sensitive information from kernel\nstack memory. (CVE-2013-7263)\n\nmpb reported an information leak in the Layer Two Tunneling Protocol\n(l2tp) of the Linux kernel. A local user could exploit this flaw to\nobtain sensitive information from kernel stack memory. (CVE-2013-7264)\n\nmpb reported an information leak in the Phone Network protocol\n(phonet) in the Linux kernel. A local user could exploit this flaw to\nobtain sensitive information from kernel stack memory. (CVE-2013-7265)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with ISDN sockets in the Linux kernel. A\nlocal user could exploit this leak to obtain potentially sensitive\ninformation from kernel memory. (CVE-2013-7266)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with apple talk sockets in the Linux\nkernel. A local user could exploit this leak to obtain potentially\nsensitive information from kernel memory. (CVE-2013-7267)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with ipx protocol sockets in the Linux\nkernel. A local user could exploit this leak to obtain potentially\nsensitive information from kernel memory. (CVE-2013-7268)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with the netrom address family in the\nLinux kernel. A local user could exploit this leak to obtain\npotentially sensitive information from kernel memory. (CVE-2013-7269)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with packet address family sockets in\nthe Linux kernel. A local user could exploit this leak to obtain\npotentially sensitive information from kernel memory. (CVE-2013-7270)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with x25 protocol sockets in the Linux\nkernel. A local user could exploit this leak to obtain potentially\nsensitive information from kernel memory. (CVE-2013-7271)\n\nmpb reported an information leak in the Low-Rate Wireless Personal\nArea Networks support (IEEE 802.15.4) in the Linux kernel. A local\nuser could exploit this flaw to obtain sensitive information from\nkernel stack memory. (CVE-2013-7281)\n\nhalfdog reported an error in the AMD K7 and K8 platform support in the\nLinux kernel. An unprivileged local user could exploit this flaw on\nAMD based systems to cause a denial of service (task kill) or possibly\ngain privileges via a crafted application. (CVE-2014-1438)\n\nAn information leak was discovered in the Linux kernel's hamradio YAM\ndriver for AX.25 packet radio. A local user with the CAP_NET_ADMIN\ncapability could exploit this flaw to obtain sensitive information\nfrom kernel memory. (CVE-2014-1446)\n\nMatthew Thode reported a denial of service vulnerability in the Linux\nkernel when SELinux support is enabled. A local user with the\nCAP_MAC_ADMIN capability (and the SELinux mac_admin permission if\nrunning in enforcing mode) could exploit this flaw to cause a denial\nof service (kernel crash). (CVE-2014-1874).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2135-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected linux-image-3.5-generic package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-4579\", \"CVE-2013-4587\", \"CVE-2013-6367\", \"CVE-2013-6368\", \"CVE-2013-6382\", \"CVE-2013-7263\", \"CVE-2013-7264\", \"CVE-2013-7265\", \"CVE-2013-7266\", \"CVE-2013-7267\", \"CVE-2013-7268\", \"CVE-2013-7269\", \"CVE-2013-7270\", \"CVE-2013-7271\", \"CVE-2013-7281\", \"CVE-2014-1438\", \"CVE-2014-1446\", \"CVE-2014-1874\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2135-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.5.0-47-generic\", pkgver:\"3.5.0-47.71~precise1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.5-generic\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:50:46", "description": "Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker could exploit this error to discover the original MAC address after a spoofing atack.\n(CVE-2013-4579)\n\nAndrew Honig reported a flaw in the Linux Kernel's kvm_vm_ioctl_create_vcpu function of the Kernel Virtual Machine (KVM) subsystem. A local user could exploit this flaw to gain privileges on the host machine. (CVE-2013-4587)\n\nAndrew Honig reported a flaw in the apic_get_tmcct function of the Kernel Virtual Machine (KVM) subsystem if the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service or host OS system crash. (CVE-2013-6367)\n\nAndrew Honig reported an error in the Linux Kernel's Kernel Virtual Machine (KVM) VAPIC synchronization operation. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash). (CVE-2013-6368)\n\nLars Bull discovered a flaw in the recalculate_apic_map function of the Kernel Virtual Machine (KVM) subsystem in the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service (host OS crash). (CVE-2013-6376)\n\nNico Golde and Fabian Yamaguchi reported a flaw in the driver for Adaptec AACRAID scsi raid devices in the Linux kernel. A local user could use this flaw to cause a denial of service or possibly other unspecified impact. (CVE-2013-6380)\n\nmpd reported an information leak in the recvfrom, recvmmsg, and recvmsg system calls in the Linux kernel. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7263)\n\nmpb reported an information leak in the Layer Two Tunneling Protocol (l2tp) of the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7264)\n\nmpb reported an information leak in the Phone Network protocol (phonet) in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7265)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with ISDN sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7266)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with apple talk sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7267)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with ipx protocol sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7268)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with the netrom address family in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7269)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with packet address family sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7270)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with x25 protocol sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7271)\n\nmpb reported an information leak in the Low-Rate Wireless Personal Area Networks support (IEEE 802.15.4) in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7281)\n\nhalfdog reported an error in the AMD K7 and K8 platform support in the Linux kernel. An unprivileged local user could exploit this flaw on AMD based systems to cause a denial of service (task kill) or possibly gain privileges via a crafted application. (CVE-2014-1438)\n\nAn information leak was discovered in the Linux kernel's hamradio YAM driver for AX.25 packet radio. A local user with the CAP_NET_ADMIN capability could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2014-1446)\n\nMatthew Thode reported a denial of service vulnerability in the Linux kernel when SELinux support is enabled. A local user with the CAP_MAC_ADMIN capability (and the SELinux mac_admin permission if running in enforcing mode) could exploit this flaw to cause a denial of service (kernel crash). (CVE-2014-1874).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-03-10T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS : linux-lts-raring vulnerabilities (USN-2136-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4579", "CVE-2013-4587", "CVE-2013-6367", "CVE-2013-6368", "CVE-2013-6376", "CVE-2013-6380", "CVE-2013-7263", "CVE-2013-7264", "CVE-2013-7265", "CVE-2013-7266", "CVE-2013-7267", "CVE-2013-7268", "CVE-2013-7269", "CVE-2013-7270", "CVE-2013-7271", "CVE-2013-7281", "CVE-2014-1438", "CVE-2014-1446", "CVE-2014-1874"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.8-generic", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-2136-1.NASL", "href": "https://www.tenable.com/plugins/nessus/72899", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2136-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72899);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-4579\", \"CVE-2013-4587\", \"CVE-2013-6367\", \"CVE-2013-6368\", \"CVE-2013-6376\", \"CVE-2013-6380\", \"CVE-2013-7263\", \"CVE-2013-7264\", \"CVE-2013-7265\", \"CVE-2013-7266\", \"CVE-2013-7267\", \"CVE-2013-7268\", \"CVE-2013-7269\", \"CVE-2013-7270\", \"CVE-2013-7271\", \"CVE-2013-7281\", \"CVE-2014-1438\", \"CVE-2014-1446\", \"CVE-2014-1874\");\n script_bugtraq_id(63887, 64319);\n script_xref(name:\"USN\", value:\"2136-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux-lts-raring vulnerabilities (USN-2136-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mathy Vanhoef discovered an error in the the way the ath9k driver was\nhandling the BSSID masking. A remote attacker could exploit this error\nto discover the original MAC address after a spoofing atack.\n(CVE-2013-4579)\n\nAndrew Honig reported a flaw in the Linux Kernel's\nkvm_vm_ioctl_create_vcpu function of the Kernel Virtual Machine (KVM)\nsubsystem. A local user could exploit this flaw to gain privileges on\nthe host machine. (CVE-2013-4587)\n\nAndrew Honig reported a flaw in the apic_get_tmcct function of the\nKernel Virtual Machine (KVM) subsystem if the Linux kernel. A guest OS\nuser could exploit this flaw to cause a denial of service or host OS\nsystem crash. (CVE-2013-6367)\n\nAndrew Honig reported an error in the Linux Kernel's Kernel Virtual\nMachine (KVM) VAPIC synchronization operation. A local user could\nexploit this flaw to gain privileges or cause a denial of service\n(system crash). (CVE-2013-6368)\n\nLars Bull discovered a flaw in the recalculate_apic_map function of\nthe Kernel Virtual Machine (KVM) subsystem in the Linux kernel. A\nguest OS user could exploit this flaw to cause a denial of service\n(host OS crash). (CVE-2013-6376)\n\nNico Golde and Fabian Yamaguchi reported a flaw in the driver for\nAdaptec AACRAID scsi raid devices in the Linux kernel. A local user\ncould use this flaw to cause a denial of service or possibly other\nunspecified impact. (CVE-2013-6380)\n\nmpd reported an information leak in the recvfrom, recvmmsg, and\nrecvmsg system calls in the Linux kernel. An unprivileged local user\ncould exploit this flaw to obtain sensitive information from kernel\nstack memory. (CVE-2013-7263)\n\nmpb reported an information leak in the Layer Two Tunneling Protocol\n(l2tp) of the Linux kernel. A local user could exploit this flaw to\nobtain sensitive information from kernel stack memory. (CVE-2013-7264)\n\nmpb reported an information leak in the Phone Network protocol\n(phonet) in the Linux kernel. A local user could exploit this flaw to\nobtain sensitive information from kernel stack memory. (CVE-2013-7265)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with ISDN sockets in the Linux kernel. A\nlocal user could exploit this leak to obtain potentially sensitive\ninformation from kernel memory. (CVE-2013-7266)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with apple talk sockets in the Linux\nkernel. A local user could exploit this leak to obtain potentially\nsensitive information from kernel memory. (CVE-2013-7267)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with ipx protocol sockets in the Linux\nkernel. A local user could exploit this leak to obtain potentially\nsensitive information from kernel memory. (CVE-2013-7268)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with the netrom address family in the\nLinux kernel. A local user could exploit this leak to obtain\npotentially sensitive information from kernel memory. (CVE-2013-7269)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with packet address family sockets in\nthe Linux kernel. A local user could exploit this leak to obtain\npotentially sensitive information from kernel memory. (CVE-2013-7270)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with x25 protocol sockets in the Linux\nkernel. A local user could exploit this leak to obtain potentially\nsensitive information from kernel memory. (CVE-2013-7271)\n\nmpb reported an information leak in the Low-Rate Wireless Personal\nArea Networks support (IEEE 802.15.4) in the Linux kernel. A local\nuser could exploit this flaw to obtain sensitive information from\nkernel stack memory. (CVE-2013-7281)\n\nhalfdog reported an error in the AMD K7 and K8 platform support in the\nLinux kernel. An unprivileged local user could exploit this flaw on\nAMD based systems to cause a denial of service (task kill) or possibly\ngain privileges via a crafted application. (CVE-2014-1438)\n\nAn information leak was discovered in the Linux kernel's hamradio YAM\ndriver for AX.25 packet radio. A local user with the CAP_NET_ADMIN\ncapability could exploit this flaw to obtain sensitive information\nfrom kernel memory. (CVE-2014-1446)\n\nMatthew Thode reported a denial of service vulnerability in the Linux\nkernel when SELinux support is enabled. A local user with the\nCAP_MAC_ADMIN capability (and the SELinux mac_admin permission if\nrunning in enforcing mode) could exploit this flaw to cause a denial\nof service (kernel crash). (CVE-2014-1874).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2136-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected linux-image-3.8-generic package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.8-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-4579\", \"CVE-2013-4587\", \"CVE-2013-6367\", \"CVE-2013-6368\", \"CVE-2013-6376\", \"CVE-2013-6380\", \"CVE-2013-7263\", \"CVE-2013-7264\", \"CVE-2013-7265\", \"CVE-2013-7266\", \"CVE-2013-7267\", \"CVE-2013-7268\", \"CVE-2013-7269\", \"CVE-2013-7270\", \"CVE-2013-7271\", \"CVE-2013-7281\", \"CVE-2014-1438\", \"CVE-2014-1446\", \"CVE-2014-1874\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2136-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.8.0-37-generic\", pkgver:\"3.8.0-37.53~precise1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.8-generic\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-10T17:32:45", "description": "Multiple vulnerabilities has been found and corrected in the Linux kernel :\n\nkernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number (CVE-2014-3917).\n\nThe futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification (CVE-2014-3153).\n\nRace condition in the ath_tx_aggr_sleep function in drivers/net/wireless/ath/ath9k/xmit.c in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via a large amount of network traffic that triggers certain list deletions (CVE-2014-2672).\n\nThe (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the\n__skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced (CVE-2014-3144).\n\nThe BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced (CVE-2014-3145).\n\nInteger overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter (CVE-2014-2851).\n\nThe n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the LECHO !OPOST case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings (CVE-2014-0196).\n\nThe raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device (CVE-2014-1738).\n\nThe raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device (CVE-2014-1737).\n\nThe rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports (CVE-2014-2678).\n\ndrivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions (CVE-2014-0077).\n\nThe ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets (CVE-2014-2309).\n\nMultiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device (CVE-2013-2897).\n\nnet/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function (CVE-2014-2523).\n\nRace condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c (CVE-2014-2706).\n\nThe sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk (CVE-2014-0101).\n\nThe cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer (CVE-2014-0069).\n\narch/s390/kernel/head64.S in the Linux kernel before 3.13.5 on the s390 platform does not properly handle attempted use of the linkage stack, which allows local users to cause a denial of service (system crash) by executing a crafted instruction (CVE-2014-2039).\n\nBuffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to Message Signaled Interrupts (MSI), irq routing entries, and an incorrect check by the setup_routing_entry function before invoking the kvm_set_irq function (CVE-2012-2137).\n\nThe security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context (CVE-2014-1874).\n\nThe updated packages provides a solution for these security issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : kernel (MDVSA-2014:124)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2137", "CVE-2013-2897", "CVE-2014-0069", "CVE-2014-0077", "CVE-2014-0101", "CVE-2014-0196", "CVE-2014-1737", "CVE-2014-1738", "CVE-2014-1874", "CVE-2014-2039", "CVE-2014-2309", "CVE-2014-2523", "CVE-2014-2672", "CVE-2014-2678", "CVE-2014-2706", "CVE-2014-2851", "CVE-2014-3144", "CVE-2014-3145", "CVE-2014-3153", "CVE-2014-3917"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:cpupower", "p-cpe:/a:mandriva:linux:kernel-firmware", "p-cpe:/a:mandriva:linux:kernel-headers", "p-cpe:/a:mandriva:linux:kernel-server", "p-cpe:/a:mandriva:linux:kernel-server-devel", "p-cpe:/a:mandriva:linux:kernel-source", "p-cpe:/a:mandriva:linux:lib64cpupower-devel", "p-cpe:/a:mandriva:linux:lib64cpupower0", "p-cpe:/a:mandriva:linux:perf", "cpe:/o:mandriva:business_server:1"], "id": "MANDRIVA_MDVSA-2014-124.NASL", "href": "https://www.tenable.com/plugins/nessus/74513", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:124. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74513);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-2137\", \"CVE-2013-2897\", \"CVE-2014-0069\", \"CVE-2014-0077\", \"CVE-2014-0101\", \"CVE-2014-0196\", \"CVE-2014-1737\", \"CVE-2014-1738\", \"CVE-2014-1874\", \"CVE-2014-2039\", \"CVE-2014-2309\", \"CVE-2014-2523\", \"CVE-2014-2672\", \"CVE-2014-2678\", \"CVE-2014-2706\", \"CVE-2014-2851\", \"CVE-2014-3144\", \"CVE-2014-3145\", \"CVE-2014-3153\", \"CVE-2014-3917\");\n script_bugtraq_id(54063, 62044, 65459, 65588, 65700, 65943, 66095, 66279, 66492, 66543, 66591, 66678, 66779, 67282, 67300, 67302, 67309, 67321, 67906);\n script_xref(name:\"MDVSA\", value:\"2014:124\");\n\n script_name(english:\"Mandriva Linux Security Advisory : kernel (MDVSA-2014:124)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in the Linux\nkernel :\n\nkernel/auditsc.c in the Linux kernel through 3.14.5, when\nCONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows\nlocal users to obtain potentially sensitive single-bit values from\nkernel memory or cause a denial of service (OOPS) via a large value of\na syscall number (CVE-2014-3917).\n\nThe futex_requeue function in kernel/futex.c in the Linux kernel\nthrough 3.14.5 does not ensure that calls have two different futex\naddresses, which allows local users to gain privileges via a crafted\nFUTEX_REQUEUE command that facilitates unsafe waiter modification\n(CVE-2014-3153).\n\nRace condition in the ath_tx_aggr_sleep function in\ndrivers/net/wireless/ath/ath9k/xmit.c in the Linux kernel before\n3.13.7 allows remote attackers to cause a denial of service (system\ncrash) via a large amount of network traffic that triggers certain\nlist deletions (CVE-2014-2672).\n\nThe (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension\nimplementations in the sk_run_filter function in net/core/filter.c in\nthe Linux kernel through 3.14.3 do not check whether a certain length\nvalue is sufficiently large, which allows local users to cause a\ndenial of service (integer underflow and system crash) via crafted BPF\ninstructions. NOTE: the affected code was moved to the\n__skb_get_nlattr and __skb_get_nlattr_nest functions before the\nvulnerability was announced (CVE-2014-3144).\n\nThe BPF_S_ANC_NLATTR_NEST extension implementation in the\nsk_run_filter function in net/core/filter.c in the Linux kernel\nthrough 3.14.3 uses the reverse order in a certain subtraction, which\nallows local users to cause a denial of service (over-read and system\ncrash) via crafted BPF instructions. NOTE: the affected code was moved\nto the __skb_get_nlattr_nest function before the vulnerability was\nannounced (CVE-2014-3145).\n\nInteger overflow in the ping_init_sock function in net/ipv4/ping.c in\nthe Linux kernel through 3.14.1 allows local users to cause a denial\nof service (use-after-free and system crash) or possibly gain\nprivileges via a crafted application that leverages an improperly\nmanaged reference counter (CVE-2014-2851).\n\nThe n_tty_write function in drivers/tty/n_tty.c in the Linux kernel\nthrough 3.14.3 does not properly manage tty driver access in the LECHO\n!OPOST case, which allows local users to cause a denial of service\n(memory corruption and system crash) or gain privileges by triggering\na race condition involving read and write operations with long strings\n(CVE-2014-0196).\n\nThe raw_cmd_copyout function in drivers/block/floppy.c in the Linux\nkernel through 3.14.3 does not properly restrict access to certain\npointers during processing of an FDRAWCMD ioctl call, which allows\nlocal users to obtain sensitive information from kernel heap memory by\nleveraging write access to a /dev/fd device (CVE-2014-1738).\n\nThe raw_cmd_copyin function in drivers/block/floppy.c in the Linux\nkernel through 3.14.3 does not properly handle error conditions during\nprocessing of an FDRAWCMD ioctl call, which allows local users to\ntrigger kfree operations and gain privileges by leveraging write\naccess to a /dev/fd device (CVE-2014-1737).\n\nThe rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel\nthrough 3.14 allows local users to cause a denial of service (NULL\npointer dereference and system crash) or possibly have unspecified\nother impact via a bind system call for an RDS socket on a system that\nlacks RDS transports (CVE-2014-2678).\n\ndrivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable\nbuffers are disabled, does not properly validate packet lengths, which\nallows guest OS users to cause a denial of service (memory corruption\nand host OS crash) or possibly gain privileges on the host OS via\ncrafted packets, related to the handle_rx and get_rx_bufs functions\n(CVE-2014-0077).\n\nThe ip6_route_add function in net/ipv6/route.c in the Linux kernel\nthrough 3.13.6 does not properly count the addition of routes, which\nallows remote attackers to cause a denial of service (memory\nconsumption) via a flood of ICMPv6 Router Advertisement packets\n(CVE-2014-2309).\n\nMultiple array index errors in drivers/hid/hid-multitouch.c in the\nHuman Interface Device (HID) subsystem in the Linux kernel through\n3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically\nproximate attackers to cause a denial of service (heap memory\ncorruption, or NULL pointer dereference and OOPS) via a crafted device\n(CVE-2013-2897).\n\nnet/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through\n3.13.6 uses a DCCP header pointer incorrectly, which allows remote\nattackers to cause a denial of service (system crash) or possibly\nexecute arbitrary code via a DCCP packet that triggers a call to the\n(1) dccp_new, (2) dccp_packet, or (3) dccp_error function\n(CVE-2014-2523).\n\nRace condition in the mac80211 subsystem in the Linux kernel before\n3.13.7 allows remote attackers to cause a denial of service (system\ncrash) via network traffic that improperly interacts with the\nWLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and\ntx.c (CVE-2014-2706).\n\nThe sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the\nLinux kernel through 3.13.6 does not validate certain auth_enable and\nauth_capable fields before making an sctp_sf_authenticate call, which\nallows remote attackers to cause a denial of service (NULL pointer\ndereference and system crash) via an SCTP handshake with a modified\nINIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk\n(CVE-2014-0101).\n\nThe cifs_iovec_write function in fs/cifs/file.c in the Linux kernel\nthrough 3.13.5 does not properly handle uncached write operations that\ncopy fewer than the requested number of bytes, which allows local\nusers to obtain sensitive information from kernel memory, cause a\ndenial of service (memory corruption and system crash), or possibly\ngain privileges via a writev system call with a crafted pointer\n(CVE-2014-0069).\n\narch/s390/kernel/head64.S in the Linux kernel before 3.13.5 on the\ns390 platform does not properly handle attempted use of the linkage\nstack, which allows local users to cause a denial of service (system\ncrash) by executing a crafted instruction (CVE-2014-2039).\n\nBuffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the\nLinux kernel before 3.2.24 allows local users to cause a denial of\nservice (crash) and possibly execute arbitrary code via vectors\nrelated to Message Signaled Interrupts (MSI), irq routing entries, and\nan incorrect check by the setup_routing_entry function before invoking\nthe kvm_set_irq function (CVE-2012-2137).\n\nThe security_context_to_sid_core function in\nsecurity/selinux/ss/services.c in the Linux kernel before 3.13.4\nallows local users to cause a denial of service (system crash) by\nleveraging the CAP_MAC_ADMIN capability to set a zero-length security\ncontext (CVE-2014-1874).\n\nThe updated packages provides a solution for these security issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Android \"Towelroot\" Futex Requeue Kernel Exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:cpupower\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64cpupower-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64cpupower0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"cpupower-3.4.93-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"kernel-firmware-3.4.93-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"kernel-headers-3.4.93-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"kernel-server-3.4.93-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"kernel-server-devel-3.4.93-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"kernel-source-3.4.93-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64cpupower-devel-3.4.93-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64cpupower0-3.4.93-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"perf-3.4.93-1.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-16T00:30:38", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the 'LECHO i1/4+ !OPOST' case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.(CVE-2014-0196)\n\n - Array index error in the aio_read_events_ring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value.(CVE-2014-0206)\n\n - The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call.(CVE-2014-1444)\n\n - The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an ioctl call.(CVE-2014-1445)\n\n - The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call.(CVE-2014-1446)\n\n - The help function in net/netfilter/nf_nat_irc.c in the Linux kernel before 3.12.8 allows remote attackers to obtain sensitive information from kernel memory by establishing an IRC DCC session in which incorrect packet data is transmitted during use of the NAT mangle feature.(CVE-2014-1690)\n\n - A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. (CVE-2014-1737, Important)\n\n - It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement. (CVE-2014-1738, Low)\n\n - Note: A local user with write access to /dev/fdX could use these two flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate their privileges on the system.(CVE-2014-1737)\n\n - A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. (CVE-2014-1737, Important)\n\n - It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement. (CVE-2014-1738, Low)\n\n - Note: A local user with write access to /dev/fdX could use these two flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate their privileges on the system.(CVE-2014-1738)\n\n - An information leak flaw was found in the way the Linux kernel handled media device enumerate entities IOCTL requests. A local user able to access the /dev/media0 device file could use this flaw to leak kernel memory bytes.(CVE-2014-1739)\n\n - The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context.(CVE-2014-1874)\n\n - The nfs_can_extend_write function in fs/nfs/write.c in the Linux kernel before 3.13.3 relies on a write delegation to extend a write operation without a certain up-to-date verification, which allows local users to obtain sensitive information from kernel memory in opportunistic circumstances by writing to a file in an NFS filesystem and then reading the same file.(CVE-2014-2038)\n\n - The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets.(CVE-2014-2309)\n\n - net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.(CVE-2014-2523)\n\n - Use-after-free vulnerability in the nfqnl_zcopy function in net/netfilter/nfnetlink_queue_core.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. NOTE: the affected code was moved to the skb_zerocopy function in net/core/skbuff.c before the vulnerability was announced.(CVE-2014-2568)\n\n - It was found that a remote attacker could use a race condition flaw in the ath_tx_aggr_sleep() function to crash the system by creating large network traffic on the system's Atheros 9k wireless network adapter.(CVE-2014-2672)\n\n - A flaw was found in the way the Linux kernel performed forking inside of a transaction. A local, unprivileged user on a PowerPC system that supports transactional memory could use this flaw to crash the system.(CVE-2014-2673)\n\n - A race condition flaw was found in the way the Linux kernel's mac80211 subsystem implementation handled synchronization between TX and STA wake-up code paths.\n A remote attacker could use this flaw to crash the system.(CVE-2014-2706)\n\n - A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.(CVE-2014-2851)\n\n - It was found that the try_to_unmap_cluster() function in the Linux kernel's Memory Managment subsystem did not properly handle page locking in certain cases, which could potentially trigger the BUG_ON() macro in the mlock_vma_page() function. A local, unprivileged user could use this flaw to crash the system.(CVE-2014-3122)\n\n - The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and\n __skb_get_nlattr_nest functions before the vulnerability was announced.(CVE-2014-3144)\n\n - The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced.(CVE-2014-3145)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2019-05-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1479)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0196", "CVE-2014-0206", "CVE-2014-1444", "CVE-2014-1445", "CVE-2014-1446", "CVE-2014-1690", "CVE-2014-1737", "CVE-2014-1738", "CVE-2014-1739", "CVE-2014-1874", "CVE-2014-2038", "CVE-2014-2309", "CVE-2014-2523", "CVE-2014-2568", "CVE-2014-2672", "CVE-2014-2673", "CVE-2014-2706", "CVE-2014-2851", "CVE-2014-3122", "CVE-2014-3144", "CVE-2014-3145"], "modified": "2021-02-09T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1479.NASL", "href": "https://www.tenable.com/plugins/nessus/124803", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124803);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/09\");\n\n script_cve_id(\n \"CVE-2014-0196\",\n \"CVE-2014-0206\",\n \"CVE-2014-1444\",\n \"CVE-2014-1445\",\n \"CVE-2014-1446\",\n \"CVE-2014-1690\",\n \"CVE-2014-1737\",\n \"CVE-2014-1738\",\n \"CVE-2014-1739\",\n \"CVE-2014-1874\",\n \"CVE-2014-2038\",\n \"CVE-2014-2309\",\n \"CVE-2014-2523\",\n \"CVE-2014-2568\",\n \"CVE-2014-2672\",\n \"CVE-2014-2673\",\n \"CVE-2014-2706\",\n \"CVE-2014-2851\",\n \"CVE-2014-3122\",\n \"CVE-2014-3144\",\n \"CVE-2014-3145\"\n );\n script_bugtraq_id(\n 64952,\n 64953,\n 64954,\n 65180,\n 65459,\n 65688,\n 66095,\n 66279,\n 66348,\n 66477,\n 66492,\n 66591,\n 66779,\n 67162,\n 67199,\n 67282,\n 67300,\n 67302,\n 67309,\n 67321,\n 68048,\n 68176\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1479)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - The n_tty_write function in drivers/tty/n_tty.c in the\n Linux kernel through 3.14.3 does not properly manage\n tty driver access in the 'LECHO i1/4+ !OPOST' case, which\n allows local users to cause a denial of service (memory\n corruption and system crash) or gain privileges by\n triggering a race condition involving read and write\n operations with long strings.(CVE-2014-0196)\n\n - Array index error in the aio_read_events_ring function\n in fs/aio.c in the Linux kernel through 3.15.1 allows\n local users to obtain sensitive information from kernel\n memory via a large head value.(CVE-2014-0206)\n\n - The fst_get_iface function in drivers/net/wan/farsync.c\n in the Linux kernel before 3.11.7 does not properly\n initialize a certain data structure, which allows local\n users to obtain sensitive information from kernel\n memory by leveraging the CAP_NET_ADMIN capability for\n an SIOCWANDEV ioctl call.(CVE-2014-1444)\n\n - The wanxl_ioctl function in drivers/net/wan/wanxl.c in\n the Linux kernel before 3.11.7 does not properly\n initialize a certain data structure, which allows local\n users to obtain sensitive information from kernel\n memory via an ioctl call.(CVE-2014-1445)\n\n - The yam_ioctl function in drivers/net/hamradio/yam.c in\n the Linux kernel before 3.12.8 does not initialize a\n certain structure member, which allows local users to\n obtain sensitive information from kernel memory by\n leveraging the CAP_NET_ADMIN capability for an\n SIOCYAMGCFG ioctl call.(CVE-2014-1446)\n\n - The help function in net/netfilter/nf_nat_irc.c in the\n Linux kernel before 3.12.8 allows remote attackers to\n obtain sensitive information from kernel memory by\n establishing an IRC DCC session in which incorrect\n packet data is transmitted during use of the NAT mangle\n feature.(CVE-2014-1690)\n\n - A flaw was found in the way the Linux kernel's floppy\n driver handled user space provided data in certain\n error code paths while processing FDRAWCMD IOCTL\n commands. A local user with write access to /dev/fdX\n could use this flaw to free (using the kfree()\n function) arbitrary kernel memory. (CVE-2014-1737,\n Important)\n\n - It was found that the Linux kernel's floppy driver\n leaked internal kernel memory addresses to user space\n during the processing of the FDRAWCMD IOCTL command. A\n local user with write access to /dev/fdX could use this\n flaw to obtain information about the kernel heap\n arrangement. (CVE-2014-1738, Low)\n\n - Note: A local user with write access to /dev/fdX could\n use these two flaws (CVE-2014-1737 in combination with\n CVE-2014-1738) to escalate their privileges on the\n system.(CVE-2014-1737)\n\n - A flaw was found in the way the Linux kernel's floppy\n driver handled user space provided data in certain\n error code paths while processing FDRAWCMD IOCTL\n commands. A local user with write access to /dev/fdX\n could use this flaw to free (using the kfree()\n function) arbitrary kernel memory. (CVE-2014-1737,\n Important)\n\n - It was found that the Linux kernel's floppy driver\n leaked internal kernel memory addresses to user space\n during the processing of the FDRAWCMD IOCTL command. A\n local user with write access to /dev/fdX could use this\n flaw to obtain information about the kernel heap\n arrangement. (CVE-2014-1738, Low)\n\n - Note: A local user with write access to /dev/fdX could\n use these two flaws (CVE-2014-1737 in combination with\n CVE-2014-1738) to escalate their privileges on the\n system.(CVE-2014-1738)\n\n - An information leak flaw was found in the way the Linux\n kernel handled media device enumerate entities IOCTL\n requests. A local user able to access the /dev/media0\n device file could use this flaw to leak kernel memory\n bytes.(CVE-2014-1739)\n\n - The security_context_to_sid_core function in\n security/selinux/ss/services.c in the Linux kernel\n before 3.13.4 allows local users to cause a denial of\n service (system crash) by leveraging the CAP_MAC_ADMIN\n capability to set a zero-length security\n context.(CVE-2014-1874)\n\n - The nfs_can_extend_write function in fs/nfs/write.c in\n the Linux kernel before 3.13.3 relies on a write\n delegation to extend a write operation without a\n certain up-to-date verification, which allows local\n users to obtain sensitive information from kernel\n memory in opportunistic circumstances by writing to a\n file in an NFS filesystem and then reading the same\n file.(CVE-2014-2038)\n\n - The ip6_route_add function in net/ipv6/route.c in the\n Linux kernel through 3.13.6 does not properly count the\n addition of routes, which allows remote attackers to\n cause a denial of service (memory consumption) via a\n flood of ICMPv6 Router Advertisement\n packets.(CVE-2014-2309)\n\n - net/netfilter/nf_conntrack_proto_dccp.c in the Linux\n kernel through 3.13.6 uses a DCCP header pointer\n incorrectly, which allows remote attackers to cause a\n denial of service (system crash) or possibly execute\n arbitrary code via a DCCP packet that triggers a call\n to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error\n function.(CVE-2014-2523)\n\n - Use-after-free vulnerability in the nfqnl_zcopy\n function in net/netfilter/nfnetlink_queue_core.c in the\n Linux kernel through 3.13.6 allows attackers to obtain\n sensitive information from kernel memory by leveraging\n the absence of a certain orphaning operation. NOTE: the\n affected code was moved to the skb_zerocopy function in\n net/core/skbuff.c before the vulnerability was\n announced.(CVE-2014-2568)\n\n - It was found that a remote attacker could use a race\n condition flaw in the ath_tx_aggr_sleep() function to\n crash the system by creating large network traffic on\n the system's Atheros 9k wireless network\n adapter.(CVE-2014-2672)\n\n - A flaw was found in the way the Linux kernel performed\n forking inside of a transaction. A local, unprivileged\n user on a PowerPC system that supports transactional\n memory could use this flaw to crash the\n system.(CVE-2014-2673)\n\n - A race condition flaw was found in the way the Linux\n kernel's mac80211 subsystem implementation handled\n synchronization between TX and STA wake-up code paths.\n A remote attacker could use this flaw to crash the\n system.(CVE-2014-2706)\n\n - A use-after-free flaw was found in the way the\n ping_init_sock() function of the Linux kernel handled\n the group_info reference counter. A local, unprivileged\n user could use this flaw to crash the system or,\n potentially, escalate their privileges on the\n system.(CVE-2014-2851)\n\n - It was found that the try_to_unmap_cluster() function\n in the Linux kernel's Memory Managment subsystem did\n not properly handle page locking in certain cases,\n which could potentially trigger the BUG_ON() macro in\n the mlock_vma_page() function. A local, unprivileged\n user could use this flaw to crash the\n system.(CVE-2014-3122)\n\n - The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST\n extension implementations in the sk_run_filter function\n in net/core/filter.c in the Linux kernel through 3.14.3\n do not check whether a certain length value is\n sufficiently large, which allows local users to cause a\n denial of service (integer underflow and system crash)\n via crafted BPF instructions. NOTE: the affected code\n was moved to the __skb_get_nlattr and\n __skb_get_nlattr_nest functions before the\n vulnerability was announced.(CVE-2014-3144)\n\n - The BPF_S_ANC_NLATTR_NEST extension implementation in\n the sk_run_filter function in net/core/filter.c in the\n Linux kernel through 3.14.3 uses the reverse order in a\n certain subtraction, which allows local users to cause\n a denial of service (over-read and system crash) via\n crafted BPF instructions. NOTE: the affected code was\n moved to the __skb_get_nlattr_nest function before the\n vulnerability was announced.(CVE-2014-3145)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1479\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7d6a0a29\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.6_42\",\n \"kernel-devel-3.10.0-862.14.1.6_42\",\n \"kernel-headers-3.10.0-862.14.1.6_42\",\n \"kernel-tools-3.10.0-862.14.1.6_42\",\n \"kernel-tools-libs-3.10.0-862.14.1.6_42\",\n \"kernel-tools-libs-devel-3.10.0-862.14.1.6_42\",\n \"perf-3.10.0-862.14.1.6_42\",\n \"python-perf-3.10.0-862.14.1.6_42\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-23T02:30:33", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - The Linux kernel, before version 4.14.3, is vulnerable to a denial of service in drivers/md/dm.c:dm_get_from_kobject() which can be caused by local users leveraging a race condition with\n __dm_destroy() during creation and removal of DM devices. Only privileged local users (with CAP_SYS_ADMIN capability) can directly perform the ioctl operations for dm device creation and removal and this would typically be outside the direct control of the unprivileged attacker.(CVE-2017-18203i1/4%0\n\n - The batadv_frag_merge_packets function in net/batman-adv/fragmentation.c in the B.A.T.M.A.N.\n implementation in the Linux kernel through 3.18.1 uses an incorrect length field during a calculation of an amount of memory, which allows remote attackers to cause a denial of service (mesh-node system crash) via fragmented packets.(CVE-2014-9428i1/4%0\n\n - The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application.(CVE-2014-9940i1/4%0\n\n - The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c.(CVE-2013-4470i1/4%0\n\n - A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system.(CVE-2017-6074i1/4%0\n\n - A NULL-pointer dereference vulnerability was found in the Linux kernel's TCP stack, in net/netfilter/nf_nat_redirect.c in the nf_nat_redirect_ipv4() function. A remote, unauthenticated user could exploit this flaw to create a system crash (denial of service).(CVE-2015-8787i1/4%0\n\n - A use-after-free flaw was found in the CXGB3 kernel driver when the network was considered to be congested.\n The kernel incorrectly misinterpreted the congestion as an error condition and incorrectly freed or cleaned up the socket buffer (skb). When the device then sent the skb's queued data, these structures were referenced. A local attacker could use this flaw to panic the system (denial of service) or, with a local account, escalate their privileges.(CVE-2015-8812i1/4%0\n\n - A flaw was found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality.(CVE-2015-5364i1/4%0\n\n - The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel doesn't properly validate the sigevent-i1/4zsigev_notify field, which leads to out-of-bounds access in the show_timer function.(CVE-2017-18344i1/4%0\n\n - A flaw was discovered in the way the Linux kernel dealt with paging structures. When the kernel invalidated a paging structure that was not in use locally, it could, in principle, race against another CPU that is switching to a process that uses the paging structure in question. A local user could use a thread running with a stale cached virtual-i1/4zphysical translation to potentially escalate their privileges if the translation in question were writable and the physical page got reused for something critical (for example, a page table).(CVE-2016-2069i1/4%0\n\n - Use after free vulnerability was found in percpu using previously allocated memory in bpf. First\n __alloc_percpu_gfp() is called, then the memory is freed with free_percpu() which triggers async pcpu_balance_work and then pcpu_extend_area_map could use a chunk after it has been freed.(CVE-2016-4794i1/4%0\n\n - A missing authorization check in the fscrypt_process_policy function in fs/crypto/policy.c in the ext4 and f2fs filesystem encryption support in the Linux kernel allows a user to assign an encryption policy to a directory owned by a different user, potentially creating a denial of service.(CVE-2016-10318i1/4%0\n\n - The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context.(CVE-2014-1874i1/4%0\n\n - The vfe31_proc_general function in drivers/media/video/msm/vfe/msm_vfe31.c in the MSM-VFE31 driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate a certain id value, which allows attackers to gain privileges or cause a denial of service (memory corruption) via an application that makes a crafted ioctl call.(CVE-2014-9410i1/4%0\n\n - A vulnerability was found in the Key Management sub component of the Linux kernel, where when trying to issue a KEYTCL_READ on a negative key would lead to a NULL pointer dereference. A local attacker could use this flaw to crash the kernel.(CVE-2017-12192i1/4%0\n\n - Out-of-bounds memory read in the x509_decode_time function in x509_cert_parser.c in Linux kernels 4.3-rc1 and after.(CVE-2015-5327i1/4%0\n\n - It was found that the espfix functionality does not work for 32-bit KVM paravirtualized guests. A local, unprivileged guest user could potentially use this flaw to leak kernel stack addresses.(CVE-2014-8134i1/4%0\n\n - An out-of-bounds write flaw was found in the way the Apple Magic Mouse/Trackpad multi-touch driver handled Human Interface Device (HID) reports with an invalid size. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system.(CVE-2014-3181i1/4%0\n\n - A use-after-free flaw was found in the way the Linux kernel's key management subsystem handled keyring object reference counting in certain error path of the join_session_keyring() function. A local, unprivileged user could use this flaw to escalate their privileges on the system.(CVE-2016-0728i1/4%0\n\n - Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation.(CVE-2014-0131i1/4%0\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-14T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1527)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4470", "CVE-2014-0131", "CVE-2014-1874", "CVE-2014-3181", "CVE-2014-8134", "CVE-2014-9410", "CVE-2014-9428", "CVE-2014-9940", "CVE-2015-5327", "CVE-2015-5364", "CVE-2015-8787", "CVE-2015-8812", "CVE-2016-0728", "CVE-2016-10318", "CVE-2016-2069", "CVE-2016-4794", "CVE-2017-12192", "CVE-2017-18203", "CVE-2017-18344", "CVE-2017-6074"], "modified": "2021-02-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1527.NASL", "href": "https://www.tenable.com/plugins/nessus/124980", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124980);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/08\");\n\n script_cve_id(\n \"CVE-2013-4470\",\n \"CVE-2014-0131\",\n \"CVE-2014-1874\",\n \"CVE-2014-3181\",\n \"CVE-2014-8134\",\n \"CVE-2014-9410\",\n \"CVE-2014-9428\",\n \"CVE-2014-9940\",\n \"CVE-2015-5327\",\n \"CVE-2015-5364\",\n \"CVE-2015-8787\",\n \"CVE-2015-8812\",\n \"CVE-2016-0728\",\n \"CVE-2016-10318\",\n \"CVE-2016-2069\",\n \"CVE-2016-4794\",\n \"CVE-2017-12192\",\n \"CVE-2017-18203\",\n \"CVE-2017-18344\",\n \"CVE-2017-6074\"\n );\n script_bugtraq_id(\n 63359,\n 65459,\n 66101,\n 69779,\n 71650,\n 71847,\n 75510\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1527)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - The Linux kernel, before version 4.14.3, is vulnerable\n to a denial of service in\n drivers/md/dm.c:dm_get_from_kobject() which can be\n caused by local users leveraging a race condition with\n __dm_destroy() during creation and removal of DM\n devices. Only privileged local users (with\n CAP_SYS_ADMIN capability) can directly perform the\n ioctl operations for dm device creation and removal and\n this would typically be outside the direct control of\n the unprivileged attacker.(CVE-2017-18203i1/4%0\n\n - The batadv_frag_merge_packets function in\n net/batman-adv/fragmentation.c in the B.A.T.M.A.N.\n implementation in the Linux kernel through 3.18.1 uses\n an incorrect length field during a calculation of an\n amount of memory, which allows remote attackers to\n cause a denial of service (mesh-node system crash) via\n fragmented packets.(CVE-2014-9428i1/4%0\n\n - The regulator_ena_gpio_free function in\n drivers/regulator/core.c in the Linux kernel allows\n local users to gain privileges or cause a denial of\n service (use-after-free) via a crafted\n application.(CVE-2014-9940i1/4%0\n\n - The Linux kernel before 3.12, when UDP Fragmentation\n Offload (UFO) is enabled, does not properly initialize\n certain data structures, which allows local users to\n cause a denial of service (memory corruption and system\n crash) or possibly gain privileges via a crafted\n application that uses the UDP_CORK option in a\n setsockopt system call and sends both short and long\n packets, related to the ip_ufo_append_data function in\n net/ipv4/ip_output.c and the ip6_ufo_append_data\n function in net/ipv6/ip6_output.c.(CVE-2013-4470i1/4%0\n\n - A use-after-free flaw was found in the way the Linux\n kernel's Datagram Congestion Control Protocol (DCCP)\n implementation freed SKB (socket buffer) resources for\n a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO\n option is set on the socket. A local, unprivileged user\n could use this flaw to alter the kernel memory,\n allowing them to escalate their privileges on the\n system.(CVE-2017-6074i1/4%0\n\n - A NULL-pointer dereference vulnerability was found in\n the Linux kernel's TCP stack, in\n net/netfilter/nf_nat_redirect.c in the\n nf_nat_redirect_ipv4() function. A remote,\n unauthenticated user could exploit this flaw to create\n a system crash (denial of service).(CVE-2015-8787i1/4%0\n\n - A use-after-free flaw was found in the CXGB3 kernel\n driver when the network was considered to be congested.\n The kernel incorrectly misinterpreted the congestion as\n an error condition and incorrectly freed or cleaned up\n the socket buffer (skb). When the device then sent the\n skb's queued data, these structures were referenced. A\n local attacker could use this flaw to panic the system\n (denial of service) or, with a local account, escalate\n their privileges.(CVE-2015-8812i1/4%0\n\n - A flaw was found in the way the Linux kernel's\n networking implementation handled UDP packets with\n incorrect checksum values. A remote attacker could\n potentially use this flaw to trigger an infinite loop\n in the kernel, resulting in a denial of service on the\n system, or cause a denial of service in applications\n using the edge triggered epoll\n functionality.(CVE-2015-5364i1/4%0\n\n - The timer_create syscall implementation in\n kernel/time/posix-timers.c in the Linux kernel doesn't\n properly validate the sigevent-i1/4zsigev_notify field,\n which leads to out-of-bounds access in the show_timer\n function.(CVE-2017-18344i1/4%0\n\n - A flaw was discovered in the way the Linux kernel dealt\n with paging structures. When the kernel invalidated a\n paging structure that was not in use locally, it could,\n in principle, race against another CPU that is\n switching to a process that uses the paging structure\n in question. A local user could use a thread running\n with a stale cached virtual-i1/4zphysical translation to\n potentially escalate their privileges if the\n translation in question were writable and the physical\n page got reused for something critical (for example, a\n page table).(CVE-2016-2069i1/4%0\n\n - Use after free vulnerability was found in percpu using\n previously allocated memory in bpf. First\n __alloc_percpu_gfp() is called, then the memory is\n freed with free_percpu() which triggers async\n pcpu_balance_work and then pcpu_extend_area_map could\n use a chunk after it has been freed.(CVE-2016-4794i1/4%0\n\n - A missing authorization check in the\n fscrypt_process_policy function in fs/crypto/policy.c\n in the ext4 and f2fs filesystem encryption support in\n the Linux kernel allows a user to assign an encryption\n policy to a directory owned by a different user,\n potentially creating a denial of\n service.(CVE-2016-10318i1/4%0\n\n - The security_context_to_sid_core function in\n security/selinux/ss/services.c in the Linux kernel\n before 3.13.4 allows local users to cause a denial of\n service (system crash) by leveraging the CAP_MAC_ADMIN\n capability to set a zero-length security\n context.(CVE-2014-1874i1/4%0\n\n - The vfe31_proc_general function in\n drivers/media/video/msm/vfe/msm_vfe31.c in the\n MSM-VFE31 driver for the Linux kernel 3.x, as used in\n Qualcomm Innovation Center (QuIC) Android contributions\n for MSM devices and other products, does not validate a\n certain id value, which allows attackers to gain\n privileges or cause a denial of service (memory\n corruption) via an application that makes a crafted\n ioctl call.(CVE-2014-9410i1/4%0\n\n - A vulnerability was found in the Key Management sub\n component of the Linux kernel, where when trying to\n issue a KEYTCL_READ on a negative key would lead to a\n NULL pointer dereference. A local attacker could use\n this flaw to crash the kernel.(CVE-2017-12192i1/4%0\n\n - Out-of-bounds memory read in the x509_decode_time\n function in x509_cert_parser.c in Linux kernels 4.3-rc1\n and after.(CVE-2015-5327i1/4%0\n\n - It was found that the espfix functionality does not\n work for 32-bit KVM paravirtualized guests. A local,\n unprivileged guest user could potentially use this flaw\n to leak kernel stack addresses.(CVE-2014-8134i1/4%0\n\n - An out-of-bounds write flaw was found in the way the\n Apple Magic Mouse/Trackpad multi-touch driver handled\n Human Interface Device (HID) reports with an invalid\n size. An attacker with physical access to the system\n could use this flaw to crash the system or,\n potentially, escalate their privileges on the\n system.(CVE-2014-3181i1/4%0\n\n - A use-after-free flaw was found in the way the Linux\n kernel's key management subsystem handled keyring\n object reference counting in certain error path of the\n join_session_keyring() function. A local, unprivileged\n user could use this flaw to escalate their privileges\n on the system.(CVE-2016-0728i1/4%0\n\n - Use-after-free vulnerability in the skb_segment\n function in net/core/skbuff.c in the Linux kernel\n through 3.13.6 allows attackers to obtain sensitive\n information from kernel memory by leveraging the\n absence of a certain orphaning\n operation.(CVE-2014-0131i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1527\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dfd6ac3d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.28-1.2.117\",\n \"kernel-devel-4.19.28-1.2.117\",\n \"kernel-headers-4.19.28-1.2.117\",\n \"kernel-tools-4.19.28-1.2.117\",\n \"kernel-tools-libs-4.19.28-1.2.117\",\n \"kernel-tools-libs-devel-4.19.28-1.2.117\",\n \"perf-4.19.28-1.2.117\",\n \"python-perf-4.19.28-1.2.117\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:50:35", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2013-0343 George Kargiotakis reported an issue in the temporary address handling of the IPv6 privacy extensions. Users on the same LAN can cause a denial of service or obtain access to sensitive information by sending router advertisement messages that cause temporary address generation to be disabled.\n\n - CVE-2013-2147 Dan Carpenter reported issues in the cpqarray driver for Compaq Smart2 Controllers and the cciss driver for HP Smart Array controllers allowing users to gain access to sensitive kernel memory.\n\n - CVE-2013-2889 Kees Cook discovered missing input sanitization in the HID driver for Zeroplus game pads that could lead to a local denial of service.\n\n - CVE-2013-2893 Kees Cook discovered that missing input sanitization in the HID driver for various Logitech force feedback devices could lead to a local denial of service.\n\n - CVE-2013-2929 Vasily Kulikov discovered that a flaw in the get_dumpable() function of the ptrace subsytsem could lead to information disclosure. Only systems with the fs.suid_dumpable sysctl set to a non-default value of '2' are vulnerable.\n\n - CVE-2013-4162 Hannes Frederic Sowa discovered that incorrect handling of IPv6 sockets using the UDP_CORK option could result in denial of service.\n\n - CVE-2013-4299 Fujitsu reported an issue in the device-mapper subsystem. Local users could gain access to sensitive kernel memory.\n\n - CVE-2013-4345 Stephan Mueller found in bug in the ANSI pseudo random number generator which could lead to the use of less entropy than expected.\n\n - CVE-2013-4512 Nico Golde and Fabian Yamaguchi reported an issue in the user mode linux port. A buffer overflow condition exists in the write method for the /proc/exitcode file. Local users with sufficient privileges allowing them to write to this file could gain further elevated privileges.\n\n - CVE-2013-4587 Andrew Honig of Google reported an issue in the KVM virtualization subsystem. A local user could gain elevated privileges by passing a large vcpu_id parameter.\n\n - CVE-2013-6367 Andrew Honig of Google reported an issue in the KVM virtualization subsystem. A divide-by-zero condition could allow a guest user to cause a denial of service on the host (crash).\n\n - CVE-2013-6380 Mahesh Rajashekhara reported an issue in the aacraid driver for storage products from various vendors. Local users with CAP_SYS_ADMIN privileges could gain further elevated privileges.\n\n - CVE-2013-6381 Nico Golde and Fabian Yamaguchi reported an issue in the Gigabit Ethernet device support for s390 systems. Local users could cause a denial of service or gain elevated privileges via the SIOC_QETH_ADP_SET_SNMP_CONTROL ioctl.\n\n - CVE-2013-6382 Nico Golde and Fabian Yamaguchi reported an issue in the XFS filesystem. Local users with CAP_SYS_ADMIN privileges could gain further elevated privileges.\n\n - CVE-2013-6383 Dan Carpenter reported an issue in the aacraid driver for storage devices from various vendors. A local user could gain elevated privileges due to a missing privilege level check in the aac_compat_ioctl function.\n\n - CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 mpb reported an information leak in the recvfrom, recvmmsg and recvmsg system calls. A local user could obtain access to sensitive kernel memory.\n\n - CVE-2013-7339 Sasha Levin reported an issue in the RDS network protocol over Infiniband. A local user could cause a denial of service condition.\n\n - CVE-2014-0101 Nokia Siemens Networks reported an issue in the SCTP network protocol subsystem. Remote users could cause a denial of service (NULL pointer dereference).\n\n - CVE-2014-1444 Salva Peiro reported an issue in the FarSync WAN driver.\n Local users with the CAP_NET_ADMIN capability could gain access to sensitive kernel memory.\n\n - CVE-2014-1445 Salva Peiro reported an issue in the wanXL serial card driver. Local users could gain access to sensitive kernel memory.\n\n - CVE-2014-1446 Salva Peiro reported an issue in the YAM radio modem driver. Local users with the CAP_NET_ADMIN capability could gain access to sensitive kernel memory.\n\n - CVE-2014-1874 Matthew Thode reported an issue in the SELinux subsystem. A local user with CAP_MAC_ADMIN privileges could cause a denial of service by setting an empty security context on a file.\n\n - CVE-2014-2039 Martin Schwidefsky reported an issue on s390 systems. A local user could cause a denial of service (kernel oops) by executing an application with a linkage stack instruction.\n\n - CVE-2014-2523 Daniel Borkmann provided a fix for an issue in the nf_conntrack_dccp module. Remote users could cause a denial of service (system crash) or potentially gain elevated privileges.", "cvss3": {"score": null, "vector": null}, "published": "2014-04-27T00:00:00", "type": "nessus", "title": "Debian DSA-2906-1 : linux-2.6 - privilege escalation/denial of service/information leak", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0343", "CVE-2013-2147", "CVE-2013-2889", "CVE-2013-2893", "CVE-2013-2929", "CVE-2013-4162", "CVE-2013-4299", "CVE-2013-4345", "CVE-2013-4512", "CVE-2013-4587", "CVE-2013-6367", "CVE-2013-6380", "CVE-2013-6381", "CVE-2013-6382", "CVE-2013-6383", "CVE-2013-7263", "CVE-2013-7264", "CVE-2013-7265", "CVE-2013-7339", "CVE-2014-0101", "CVE-2014-1444", "CVE-2014-1445", "CVE-2014-1446", "CVE-2014-1874", "CVE-2014-2039", "CVE-2014-2523"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-2.6", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2906.NASL", "href": "https://www.tenable.com/plugins/nessus/73713", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2906. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73713);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-0343\", \"CVE-2013-2147\", \"CVE-2013-2889\", \"CVE-2013-2893\", \"CVE-2013-2929\", \"CVE-2013-4162\", \"CVE-2013-4299\", \"CVE-2013-4345\", \"CVE-2013-4512\", \"CVE-2013-4587\", \"CVE-2013-6367\", \"CVE-2013-6380\", \"CVE-2013-6381\", \"CVE-2013-6382\", \"CVE-2013-6383\", \"CVE-2013-7263\", \"CVE-2013-7264\", \"CVE-2013-7265\", \"CVE-2013-7339\", \"CVE-2014-0101\", \"CVE-2014-1444\", \"CVE-2014-1445\", \"CVE-2014-1446\", \"CVE-2014-1874\", \"CVE-2014-2039\", \"CVE-2014-2523\");\n script_bugtraq_id(58795, 60280, 61411, 62042, 62050, 62740, 63183, 63510, 63887, 63888, 63889, 63890, 64270, 64328, 64677, 64685, 64686, 64952, 64953, 64954, 65459, 65700, 65943, 66279, 66351);\n script_xref(name:\"DSA\", value:\"2906\");\n\n script_name(english:\"Debian DSA-2906-1 : linux-2.6 - privilege escalation/denial of service/information leak\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service, information leak or privilege\nescalation. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2013-0343\n George Kargiotakis reported an issue in the temporary\n address handling of the IPv6 privacy extensions. Users\n on the same LAN can cause a denial of service or obtain\n access to sensitive information by sending router\n advertisement messages that cause temporary address\n generation to be disabled.\n\n - CVE-2013-2147\n Dan Carpenter reported issues in the cpqarray driver for\n Compaq Smart2 Controllers and the cciss driver for HP\n Smart Array controllers allowing users to gain access to\n sensitive kernel memory.\n\n - CVE-2013-2889\n Kees Cook discovered missing input sanitization in the\n HID driver for Zeroplus game pads that could lead to a\n local denial of service.\n\n - CVE-2013-2893\n Kees Cook discovered that missing input sanitization in\n the HID driver for various Logitech force feedback\n devices could lead to a local denial of service.\n\n - CVE-2013-2929\n Vasily Kulikov discovered that a flaw in the\n get_dumpable() function of the ptrace subsytsem could\n lead to information disclosure. Only systems with the\n fs.suid_dumpable sysctl set to a non-default value of\n '2' are vulnerable.\n\n - CVE-2013-4162\n Hannes Frederic Sowa discovered that incorrect handling\n of IPv6 sockets using the UDP_CORK option could result\n in denial of service.\n\n - CVE-2013-4299\n Fujitsu reported an issue in the device-mapper\n subsystem. Local users could gain access to sensitive\n kernel memory.\n\n - CVE-2013-4345\n Stephan Mueller found in bug in the ANSI pseudo random\n number generator which could lead to the use of less\n entropy than expected.\n\n - CVE-2013-4512\n Nico Golde and Fabian Yamaguchi reported an issue in the\n user mode linux port. A buffer overflow condition exists\n in the write method for the /proc/exitcode file. Local\n users with sufficient privileges allowing them to write\n to this file could gain further elevated privileges.\n\n - CVE-2013-4587\n Andrew Honig of Google reported an issue in the KVM\n virtualization subsystem. A local user could gain\n elevated privileges by passing a large vcpu_id\n parameter.\n\n - CVE-2013-6367\n Andrew Honig of Google reported an issue in the KVM\n virtualization subsystem. A divide-by-zero condition\n could allow a guest user to cause a denial of service on\n the host (crash).\n\n - CVE-2013-6380\n Mahesh Rajashekhara reported an issue in the aacraid\n driver for storage products from various vendors. Local\n users with CAP_SYS_ADMIN privileges could gain further\n elevated privileges.\n\n - CVE-2013-6381\n Nico Golde and Fabian Yamaguchi reported an issue in the\n Gigabit Ethernet device support for s390 systems. Local\n users could cause a denial of service or gain elevated\n privileges via the SIOC_QETH_ADP_SET_SNMP_CONTROL ioctl.\n\n - CVE-2013-6382\n Nico Golde and Fabian Yamaguchi reported an issue in the\n XFS filesystem. Local users with CAP_SYS_ADMIN\n privileges could gain further elevated privileges.\n\n - CVE-2013-6383\n Dan Carpenter reported an issue in the aacraid driver\n for storage devices from various vendors. A local user\n could gain elevated privileges due to a missing\n privilege level check in the aac_compat_ioctl function.\n\n - CVE-2013-7263 CVE-2013-7264 CVE-2013-7265\n mpb reported an information leak in the recvfrom,\n recvmmsg and recvmsg system calls. A local user could\n obtain access to sensitive kernel memory.\n\n - CVE-2013-7339\n Sasha Levin reported an issue in the RDS network\n protocol over Infiniband. A local user could cause a\n denial of service condition.\n\n - CVE-2014-0101\n Nokia Siemens Networks reported an issue in the SCTP\n network protocol subsystem. Remote users could cause a\n denial of service (NULL pointer dereference).\n\n - CVE-2014-1444\n Salva Peiro reported an issue in the FarSync WAN driver.\n Local users with the CAP_NET_ADMIN capability could gain\n access to sensitive kernel memory.\n\n - CVE-2014-1445\n Salva Peiro reported an issue in the wanXL serial card\n driver. Local users could gain access to sensitive\n kernel memory.\n\n - CVE-2014-1446\n Salva Peiro reported an issue in the YAM radio modem\n driver. Local users with the CAP_NET_ADMIN capability\n could gain access to sensitive kernel memory.\n\n - CVE-2014-1874\n Matthew Thode reported an issue in the SELinux\n subsystem. A local user with CAP_MAC_ADMIN privileges\n could cause a denial of service by setting an empty\n security context on a file.\n\n - CVE-2014-2039\n Martin Schwidefsky reported an issue on s390 systems. A\n local user could cause a denial of service (kernel oops)\n by executing an application with a linkage stack\n instruction.\n\n - CVE-2014-2523\n Daniel Borkmann provided a fix for an issue in the\n nf_conntrack_dccp module. Remote users could cause a\n denial of service (system crash) or potentially gain\n elevated privileges.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-0343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2147\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2889\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2929\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4587\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6380\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6383\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-7263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-7264\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-7265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-7339\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-0101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1444\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-2039\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-2523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/linux-2.6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2906\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux-2.6 and user-mode-linux packages.\n\nFor the oldstable distribution (squeeze), this problem has been fixed\nin version 2.6.32-48squeeze5.\n\nThe following matrix lists additional source packages that were\nrebuilt for compatibility with or to take advantage of this update :\n\n Debian 6.0 (squeeze) \n user-mode-linux 2.6.32-1um-4+48squeeze5 \nNote: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or 'leap-frog' fashion.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"firmware-linux-free\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-base\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-doc-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-486\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-4kc-malta\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-5kc-malta\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-686-bigmem\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-armel\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-i386\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-ia64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-mips\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-mipsel\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-s390\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-sparc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-openvz\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-vserver\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-xen\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-iop32x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-itanium\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-ixp4xx\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-kirkwood\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-mckinley\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-openvz-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-openvz-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-orion5x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc-smp\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r4k-ip22\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r5k-cobalt\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r5k-ip32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-s390x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sb1-bcm91250a\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sb1a-bcm91480b\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sparc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sparc64-smp\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-versatile\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-686-bigmem\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-itanium\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-mckinley\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-powerpc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-s390x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-sparc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-486\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-4kc-malta\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-5kc-malta\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686-bigmem\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686-bigmem-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-amd64-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-iop32x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-itanium\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-ixp4xx\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-kirkwood\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-mckinley\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-686-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-amd64-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-orion5x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc-smp\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r4k-ip22\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r5k-cobalt\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r5k-ip32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-s390x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-s390x-tape\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sb1-bcm91250a\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sb1a-bcm91480b\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sparc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sparc64-smp\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-versatile\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686-bigmem\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686-bigmem-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-amd64-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-itanium\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-mckinley\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-powerpc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-s390x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-sparc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-686-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-amd64-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-libc-dev\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-manual-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-patch-debian-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-source-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-support-2.6.32-5\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-tools-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-linux-system-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-linux-system-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:49:00", "description": "The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues.\n\nThe following security bugs have been fixed :\n\n - The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interfaces own IP address, as demonstrated by rds-ping. (bnc#767610). (CVE-2012-2372)\n\n - The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h. (bnc#847652).\n (CVE-2013-2929)\n\n - Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device.\n (bnc#846404). (CVE-2013-4299)\n\n - The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the original MAC address after spoofing by sending a series of packets to MAC addresses with certain bit manipulations. (bnc#851426). (CVE-2013-4579)\n\n - Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for a (1) XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value, related to the xfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c. (bnc#852553). (CVE-2013-6382)\n\n - The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel before 3.12.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. (bnc#869563). (CVE-2013-7339)\n\n - The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle vhost_get_vq_desc errors, which allows guest OS users to cause a denial of service (host OS crash) via unspecified vectors. (bnc#870173).\n (CVE-2014-0055)\n\n - drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions. (bnc#870576). (CVE-2014-0077)\n\n - The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk. (bnc#866102). (CVE-2014-0101)\n\n - Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. (bnc#867723). (CVE-2014-0131)\n\n - The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvm_irq_delivery_to_apic return value, which allows guest OS users to cause a denial of service (host OS crash) via a crafted entry in the redirection table of an I/O APIC. NOTE: the affected code was moved to the ioapic_service function before the vulnerability was announced. (bnc#872540). (CVE-2014-0155)\n\n - The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call. (bnc#858869). (CVE-2014-1444)\n\n - The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an ioctl call. (bnc#858870). (CVE-2014-1445)\n\n - The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call. (bnc#858872). (CVE-2014-1446)\n\n - The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context.\n (bnc#863335). (CVE-2014-1874)\n\n - The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets.\n (bnc#867531). (CVE-2014-2309)\n\n - net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function. (bnc#868653). (CVE-2014-2523)\n\n - The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. (bnc#871561). (CVE-2014-2678)\n\n - Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter. (bnc#873374).\n (CVE-2014-2851)\n\n - The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service (system crash) by triggering a memory-usage pattern that requires removal of page-table mappings. (bnc#876102). (CVE-2014-3122)\n\n - The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and\n __skb_get_nlattr_nest functions before the vulnerability was announced. (bnc#877257). (CVE-2014-3144)\n\n - The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced. (bnc#877257).\n (CVE-2014-3145)\n\n - kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number. (bnc#880484). (CVE-2014-3917)\n\n - arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number. (CVE-2014-4508)\n\n -. (bnc#883724)\n\n - Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access. (bnc#883795). (CVE-2014-4652)\n\n - sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access. (bnc#883795).\n (CVE-2014-4653)\n\n - The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allows local users to remove kernel controls and cause a denial of service (use-after-free and system crash) by leveraging /dev/snd/controlCX access for an ioctl call.\n (bnc#883795). (CVE-2014-4654)\n\n - The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls.\n (bnc#883795). (CVE-2014-4655)\n\n - Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function. (bnc#883795). (CVE-2014-4656)\n\n - The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls. (bnc#885725).\n (CVE-2014-4699)\n\nAlso the following non-security bugs have been fixed :\n\n - kernel: avoid page table walk on user space access (bnc#878407, LTC#110316).\n\n - spinlock: fix system hang with spin_retry <= 0 (bnc#874145, LTC#110189).\n\n - x86/UV: Set n_lshift based on GAM_GR_CONFIG MMR for UV3.\n (bnc#876176)\n\n - x86: Enable multiple CPUs in crash kernel. (bnc#846690)\n\n - x86/mce: Fix CMCI preemption bugs. (bnc#786450)\n\n - x86, CMCI: Add proper detection of end of CMCI storms.\n (bnc#786450)\n\n - futex: revert back to the explicit waiter counting code.\n (bnc#851603)\n\n - futex: avoid race between requeue and wake. (bnc#851603)\n\n - intel-iommu: fix off-by-one in pagetable freeing.\n (bnc#874577)\n\n - ia64: Change default PSR.ac from '1' to '0' (Fix erratum #237). (bnc#874108)\n\n - drivers/rtc/interface.c: fix infinite loop in initializing the alarm. (bnc#871676)\n\n - drm/ast: Fix double lock at PM resume. (bnc#883380)\n\n - drm/ast: add widescreen + rb modes from X.org driver (v2). (bnc#883380)\n\n - drm/ast: deal with bo reserve fail in dirty update path.\n (bnc#883380)\n\n - drm/ast: do not attempt to acquire a reservation while in an interrupt handler. (bnc#883380)\n\n - drm/ast: fix the ast open key function. (bnc#883380)\n\n - drm/ast: fix value check in cbr_scan2. (bnc#883380)\n\n - drm/ast: inline reservations. (bnc#883380)\n\n - drm/ast: invalidate page tables when pinning a BO.\n (bnc#883380)\n\n - drm/ast: rename the mindwm/moutdwm and deinline them.\n (bnc#883380)\n\n - drm/ast: resync the dram post code with upstream.\n (bnc#883380)\n\n - drm: ast: use drm_can_sleep. (bnc#883380)\n\n - drm/ast: use drm_modeset_lock_all. (bnc#883380)\n\n - drm/: Unified handling of unimplemented fb->create_handle. (bnc#883380)\n\n - drm/mgag200,ast,cirrus: fix regression with drm_can_sleep conversion. (bnc#883380)\n\n - drm/mgag200: Consolidate depth/bpp handling.\n (bnc#882324)\n\n - drm/ast: Initialized data needed to map fbdev memory.\n (bnc#880007)\n\n - drm/ast: add AST 2400 support. (bnc#880007)\n\n - drm/ast: Initialized data needed to map fbdev memory.\n (bnc#880007)\n\n - drm/mgag200: on cards with < 2MB VRAM default to 16-bit.\n (bnc#882324)\n\n - drm/mgag200: fix typo causing bw limits to be ignored on some chips. (bnc#882324)\n\n - drm/ttm: do not oops if no invalidate_caches().\n (bnc#869414)\n\n - drm/i915: Break encoder->crtc link separately in intel_sanitize_crtc(). (bnc#855126)\n\n - dlm: keep listening connection alive with sctp mode.\n (bnc#881939)\n\n - series.conf: Clarify comment about Xen kabi adjustments (bnc#876114#c25)\n\n - btrfs: fix a crash when running balance and defrag concurrently.\n\n - btrfs: unset DCACHE_DISCONNECTED when mounting default subvol. (bnc#866615)\n\n - btrfs: free delayed node outside of root->inode_lock.\n (bnc#866864)\n\n - btrfs: return EPERM when deleting a default subvolume.\n (bnc#869934)\n\n - btrfs: do not loop on large offsets in readdir.\n (bnc#863300)\n\n - sched: Consider pi boosting in setscheduler.\n\n - sched: Queue RT tasks to head when prio drops.\n\n - sched: Adjust sched_reset_on_fork when nothing else changes.\n\n - sched: Fix clock_gettime(CLOCK__CPUTIME_ID) monotonicity. (bnc#880357)\n\n - sched: Do not allow scheduler time to go backwards.\n (bnc#880357)\n\n - sched: Make scale_rt_power() deal with backward clocks.\n (bnc#865310)\n\n - sched: Use CPUPRI_NR_PRIORITIES instead of MAX_RT_PRIO in cpupri check. (bnc#871861)\n\n - sched: update_rq_clock() must skip ONE update.\n (bnc#869033, bnc#868528)\n\n - tcp: allow to disable cwnd moderation in TCP_CA_Loss state. (bnc#879921)\n\n - tcp: clear xmit timers in tcp_v4_syn_recv_sock().\n (bnc#862429)\n\n - net: add missing bh_unlock_sock() calls. (bnc#862429)\n\n - bonding: fix vlan_features computing. (bnc#872634)\n\n - vlan: more careful checksum features handling.\n (bnc#872634)\n\n - xfrm: fix race between netns cleanup and state expire notification. (bnc#879957)\n\n - xfrm: check peer pointer for null before calling inet_putpeer(). (bnc#877775)\n\n - ipv6: do not overwrite inetpeer metrics prematurely.\n (bnc#867362)\n\n - pagecachelimit: reduce lru_lock contention for heavy parallel kabi fixup:. (bnc#878509, bnc#864464)\n\n - pagecachelimit: reduce lru_lock contention for heavy parallel reclaim. (bnc#878509, bnc#864464)\n\n - TTY: serial, cleanup include file. (bnc#881571)\n\n - TTY: serial, fix includes in some drivers. (bnc#881571)\n\n - serial_core: Fix race in uart_handle_dcd_change.\n (bnc#881571)\n\n - powerpc/perf: Power8 PMU support. (bnc#832710)\n\n - powerpc/perf: Add support for SIER. (bnc#832710)\n\n - powerpc/perf: Add regs_no_sipr(). (bnc#832710)\n\n - powerpc/perf: Add an accessor for regs->result.\n (bnc#832710)\n\n - powerpc/perf: Convert mmcra_sipr/sihv() to regs_sipr/sihv(). (bnc#832710)\n\n - powerpc/perf: Add an explict flag indicating presence of SLOT field. (bnc#832710)\n\n - swiotlb: do not assume PA 0 is invalid. (bnc#865882)\n\n - lockref: implement lockless reference count updates using cmpxchg() (FATE#317271).\n\n - af_iucv: wrong mapping of sent and confirmed skbs (bnc#878407, LTC#110452).\n\n - af_iucv: recvmsg problem for SOCK_STREAM sockets (bnc#878407, LTC#110452).\n\n - af_iucv: fix recvmsg by replacing skb_pull() function (bnc#878407, LTC#110452).\n\n - qla2xxx: Poll during initialization for ISP25xx and ISP83xx. (bnc#837563)\n\n - qla2xxx: Fix request queue null dereference.\n (bnc#859840)\n\n - lpfc 8.3.41: Fixed SLI3 failing FCP write on check-condition no-sense with residual zero.\n (bnc#850915)\n\n - reiserfs: call truncate_setsize under tailpack mutex.\n (bnc#878115)\n\n - reiserfs: drop vmtruncate. (bnc#878115)\n\n - ipvs: handle IPv6 fragments with one-packet scheduling.\n (bnc#861980)\n\n - kabi: hide modifications of struct sk_buff done by bnc#861980 fix. (bnc#861980)\n\n - loop: remove the incorrect write_begin/write_end shortcut. (bnc#878123)\n\n - watchdog: hpwdt patch to display informative string.\n (bnc#862934)\n\n - watchdog: hpwdt: Patch to ignore auxilary iLO devices.\n (bnc#862934)\n\n - watchdog: hpwdt: Add check for UEFI bits. (bnc#862934)\n\n - watchdog: hpwdt.c: Increase version string. (bnc#862934)\n\n - hpilo: Correct panic when an AUX iLO is detected.\n (bnc#837563)\n\n - locking/mutexes: Introduce cancelable MCS lock for adaptive spinning (FATE#317271).\n\n - locking/mutexes: Modify the way optimistic spinners are queued (FATE#317271).\n\n - locking/mutexes: Return false if task need_resched() in mutex_can_spin_on_owner() (FATE#317271).\n\n - mutex: Enable the queuing of mutex spinners with MCS lock (FATE#317271). config: disabled on all flavors\n\n - mutex: Queue mutex spinners with MCS lock to reduce cacheline contention (FATE#317271).\n\n - memcg: deprecate memory.force_empty knob. (bnc#878274)\n\n - kabi: protect struct net from bnc#877013 changes.\n (bnc#877013)\n\n - netfilter: nfnetlink_queue: add net namespace support for nfnetlink_queue. (bnc#877013)\n\n - netfilter: make /proc/net/netfilter pernet. (bnc#877013)\n\n - netfilter: xt_hashlimit: fix proc entry leak in netns destroy path. (bnc#871634)\n\n - netfilter: xt_hashlimit: fix namespace destroy path.\n (bnc#871634)\n\n - netfilter: nf_queue: reject NF_STOLEN verdicts from userspace. (bnc#870877)\n\n - netfilter: avoid double free in nf_reinject.\n (bnc#870877)\n\n - netfilter: ctnetlink: fix race between delete and timeout expiration. (bnc#863410)\n\n - netfilter: reuse skb->nfct_reasm for ipvs conn reference. (bnc#861980)\n\n - mm: per-thread vma caching (FATE#317271). config: enable CONFIG_VMA_CACHE for x86_64/bigsmp\n\n - mm, hugetlb: improve page-fault scalability (FATE#317271).\n\n - mm: vmscan: Do not throttle based on pfmemalloc reserves if node has no ZONE_NORMAL. (bnc#870496)\n\n - mm: fix off-by-one bug in print_nodes_state().\n (bnc#792271)\n\n - hugetlb: ensure hugepage access is denied if hugepages are not supported (PowerKVM crash when mounting hugetlbfs without hugepage support (bnc#870498)).\n\n - SELinux: Increase ebitmap_node size for 64-bit configuration (FATE#317271).\n\n - SELinux: Reduce overhead of mls_level_isvalid() function call (FATE#317271).\n\n - mutex: Fix debug_mutexes (FATE#317271).\n\n - mutex: Fix debug checks (FATE#317271).\n\n - locking/mutexes: Unlock the mutex without the wait_lock (FATE#317271).\n\n - epoll: do not take the nested ep->mtx on EPOLL_CTL_DEL (FATE#317271).\n\n - epoll: do not take global 'epmutex' for simple topologies (FATE#317271).\n\n - epoll: optimize EPOLL_CTL_DEL using rcu (FATE#317271).\n\n - vfs: Fix missing unlock of vfsmount_lock in unlazy_walk.\n (bnc#880437)\n\n - dcache: kABI fixes for lockref dentries (FATE#317271).\n\n - vfs: make sure we do not have a stale root path if unlazy_walk() fails (FATE#317271).\n\n - vfs: fix dentry RCU to refcounting possibly sleeping dput() (FATE#317271).\n\n - vfs: use lockref 'dead' flag to mark unrecoverably dead dentries (FATE#317271).\n\n - vfs: reimplement d_rcu_to_refcount() using lockref_get_or_lock() (FATE#317271).\n\n - vfs: Remove second variable named error in __dentry_path (FATE#317271).\n\n - make prepend_name() work correctly when called with negative *buflen (FATE#317271).\n\n - prepend_path() needs to reinitialize dentry/vfsmount on restarts (FATE#317271).\n\n - dcache: get/release read lock in read_seqbegin_or_lock() & friend (FATE#317271).\n\n - seqlock: Add a new locking reader type (FATE#317271).\n\n - dcache: Translating dentry into pathname without taking rename_lock (FATE#317271).\n\n - vfs: make the dentry cache use the lockref infrastructure (FATE#317271).\n\n - vfs: Remove dentry->d_lock locking from shrink_dcache_for_umount_subtree() (FATE#317271).\n\n - vfs: use lockref_get_not_zero() for optimistic lockless dget_parent() (FATE#317271).\n\n - vfs: constify dentry parameter in d_count() (FATE#317271).\n\n - helper for reading ->d_count (FATE#317271).\n\n - lockref: use arch_mutex_cpu_relax() in CMPXCHG_LOOP() (FATE#317271).\n\n - lockref: allow relaxed cmpxchg64 variant for lockless updates (FATE#317271).\n\n - lockref: use cmpxchg64 explicitly for lockless updates (FATE#317271).\n\n - lockref: add ability to mark lockrefs 'dead' (FATE#317271).\n\n - lockref: fix docbook argument names (FATE#317271).\n\n - lockref: Relax in cmpxchg loop (FATE#317271).\n\n - lockref: implement lockless reference count updates using cmpxchg() (FATE#317271).\n\n - lockref: uninline lockref helper functions (FATE#317271).\n\n - lockref: add lockref_get_or_lock() helper (FATE#317271).\n\n - Add new lockref infrastructure reference implementation (FATE#317271).\n\n - vfs: make lremovexattr retry once on ESTALE error.\n (bnc#876463)\n\n - vfs: make removexattr retry once on ESTALE. (bnc#876463)\n\n - vfs: make llistxattr retry once on ESTALE error.\n (bnc#876463)\n\n - vfs: make listxattr retry once on ESTALE error.\n (bnc#876463)\n\n - vfs: make lgetxattr retry once on ESTALE. (bnc#876463)\n\n - vfs: make getxattr retry once on an ESTALE error.\n (bnc#876463)\n\n - vfs: allow lsetxattr() to retry once on ESTALE errors.\n (bnc#876463)\n\n - vfs: allow setxattr to retry once on ESTALE errors.\n (bnc#876463)\n\n - vfs: allow utimensat() calls to retry once on an ESTALE error. (bnc#876463)\n\n - vfs: fix user_statfs to retry once on ESTALE errors.\n (bnc#876463)\n\n - vfs: make fchownat retry once on ESTALE errors.\n (bnc#876463)\n\n - vfs: make fchmodat retry once on ESTALE errors.\n (bnc#876463)\n\n - vfs: have chroot retry once on ESTALE error.\n (bnc#876463)\n\n - vfs: have chdir retry lookup and call once on ESTALE error. (bnc#876463)\n\n - vfs: have faccessat retry once on an ESTALE error.\n (bnc#876463)\n\n - vfs: have do_sys_truncate retry once on an ESTALE error.\n (bnc#876463)\n\n - vfs: fix renameat to retry on ESTALE errors.\n (bnc#876463)\n\n - vfs: make do_unlinkat retry once on ESTALE errors.\n (bnc#876463)\n\n - vfs: make do_rmdir retry once on ESTALE errors.\n (bnc#876463)\n\n - vfs: fix linkat to retry once on ESTALE errors.\n (bnc#876463)\n\n - vfs: fix symlinkat to retry on ESTALE errors.\n (bnc#876463)\n\n - vfs: fix mkdirat to retry once on an ESTALE error.\n (bnc#876463)\n\n - vfs: fix mknodat to retry on ESTALE errors. (bnc#876463)\n\n - vfs: add a flags argument to user_path_parent.\n (bnc#876463)\n\n - vfs: fix readlinkat to retry on ESTALE. (bnc#876463)\n\n - vfs: make fstatat retry on ESTALE errors from getattr call. (bnc#876463)\n\n - vfs: add a retry_estale helper function to handle retries on ESTALE. (bnc#876463)\n\n - crypto: s390 - fix aes,des ctr mode concurrency finding (bnc#874145, LTC#110078).\n\n - s390/cio: fix unlocked access of global bitmap (bnc#874145, LTC#109378).\n\n - s390/css: stop stsch loop after cc 3 (bnc#874145, LTC#109378).\n\n - s390/pci: add kmsg man page (bnc#874145, LTC#109224).\n\n - s390/pci/dma: use correct segment boundary size (bnc#866081, LTC#104566).\n\n - cio: Fix missing subchannels after CHPID configure on (bnc#866081, LTC#104808).\n\n - cio: Fix process hangs during subchannel scan (bnc#866081, LTC#104805).\n\n - cio: fix unusable device (bnc#866081, LTC#104168).\n\n - qeth: postpone freeing of qdio memory (bnc#874145, LTC#107873).\n\n - Fix race between starved list and device removal.\n (bnc#861636)\n\n - namei.h: include errno.h. (bnc#876463)\n\n - ALSA: hda - Implement bind mixer ctls for Conexant.\n (bnc#872188)\n\n - ALSA: hda - Fix invalid Auto-Mute Mode enum from cxt codecs. (bnc#872188)\n\n - ALSA: hda - Fix conflicting Capture Source on cxt codecs. (bnc#872188)\n\n - ALSA: usb-audio: Fix NULL dereference while quick replugging. (bnc#870335)\n\n - powerpc: Bring all threads online prior to migration/hibernation. (bnc#870591)\n\n - powerpc/pseries: Update dynamic cache nodes for suspend/resume operation. (bnc#873463)\n\n - powerpc/pseries: Device tree should only be updated once after suspend/migrate. (bnc#873463)\n\n - powerpc/pseries: Expose in kernel device tree update to drmgr. (bnc#873463)\n\n - powerpc: Add second POWER8 PVR entry. (bnc#874440)\n\n - libata/ahci: accommodate tag ordered controllers.\n (bnc#871728)\n\n - md: try to remove cause of a spinning md thread.\n (bnc#875386)\n\n - md: fix up plugging (again). (bnc#866800)\n\n - NFSv4: Fix a reboot recovery race when opening a file.\n (bnc#864404)\n\n - NFSv4: Ensure delegation recall and byte range lock removal do not conflict. (bnc#864404)\n\n - NFSv4: Fix up the return values of nfs4_open_delegation_recall. (bnc#864404)\n\n - NFSv4.1: Do not lose locks when a server reboots during delegation return. (bnc#864404)\n\n - NFSv4.1: Prevent deadlocks between state recovery and file locking. (bnc#864404)\n\n - NFSv4: Allow the state manager to mark an open_owner as being recovered. (bnc#864404)\n\n - NFS: nfs_inode_return_delegation() should always flush dirty data. (bnc#864404)\n\n - NFSv4: nfs_client_return_marked_delegations cannot flush data. (bnc#864404)\n\n - NFS: avoid excessive GETATTR request when attributes expired but cached directory is valid. (bnc#857926)\n\n - seqlock: add 'raw_seqcount_begin()' function.\n (bnc#864404)\n\n - Allow nfsdv4 to work when fips=1. (bnc#868488)\n\n - NFSv4: Add ACCESS operation to OPEN compound.\n (bnc#870958)\n\n - NFSv4: Fix unnecessary delegation returns in nfs4_do_open. (bnc#870958)\n\n - NFSv4: The NFSv4.0 client must send RENEW calls if it holds a delegation. (bnc#863873)\n\n - NFSv4: nfs4_proc_renew should be declared static.\n (bnc#863873)\n\n - NFSv4: do not put ACCESS in OPEN compound if O_EXCL.\n (bnc#870958)\n\n - NFS: revalidate on open if dcache is negative.\n (bnc#876463)\n\n - NFSD add module parameter to disable delegations.\n (bnc#876463)\n\n - Do not lose sockets when nfsd shutdown races with connection timeout. (bnc#871854)\n\n - timer: Prevent overflow in apply_slack. (bnc#873061)\n\n - mei: me: do not load the driver if the FW does not support MEI interface. (bnc#821619)\n\n - ipmi: Reset the KCS timeout when starting error recovery. (bnc#870618)\n\n - ipmi: Fix a race restarting the timer. (bnc#870618)\n\n - ipmi: increase KCS timeouts. (bnc#870618)\n\n - bnx2x: Fix kernel crash and data miscompare after EEH recovery. (bnc#881761)\n\n - bnx2x: Adapter not recovery from EEH error injection.\n (bnc#881761)\n\n - kabi: hide modifications of struct inet_peer done by bnc#867953 fix. (bnc#867953)\n\n - inetpeer: prevent unlinking from unused list twice.\n (bnc#867953)\n\n - Ignore selected taints for tracepoint modules (bnc#870450, FATE#317134).\n\n - Use 'E' instead of 'X' for unsigned module taint flag (bnc#870450,FATE#317134).\n\n - Fix: module signature vs tracepoints: add new TAINT_UNSIGNED_MODULE (bnc#870450,FATE#317134).\n\n - xhci: extend quirk for Renesas cards. (bnc#877497)\n\n - scsi: return target failure on EMC inactive snapshot.\n (bnc#840524)\n\n - virtio_balloon: do not softlockup on huge balloon changes. (bnc#871899)\n\n - ch: add refcounting. (bnc#867517)\n\n - storvsc: NULL pointer dereference fix. (bnc#865330)\n\n - Unlock the rename_lock in dentry_path() in the case when path is too long. (bnc#868748)", "cvss3": {"score": null, "vector": null}, "published": "2014-07-17T00:00:00", "type": "nessus", "title": "SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 9488 / 9491 / 9493)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2372", "CVE-2013-2929", "CVE-2013-4299", "CVE-2013-4579", "CVE-2013-6382", "CVE-2013-7339", "CVE-2014-0055", "CVE-2014-0077", "CVE-2014-0101", "CVE-2014-0131", "CVE-2014-0155", "CVE-2014-1444", "CVE-2014-1445", "CVE-2014-1446", "CVE-2014-1874", "CVE-2014-2309", "CVE-2014-2523", "CVE-2014-2678", "CVE-2014-2851", "CVE-2014-3122", "CVE-2014-3144", "CVE-2014-3145", "CVE-2014-3917", "CVE-2014-4508", "CVE-2014-4652", "CVE-2014-4653", "CVE-2014-4654", "CVE-2014-4655", "CVE-2014-4656", "CVE-2014-4699"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:kernel-default", "p-cpe:/a:novell:suse_linux:11:kernel-default-base", "p-cpe:/a:novell:suse_linux:11:kernel-default-devel", "p-cpe:/a:novell:suse_linux:11:kernel-default-extra", "p-cpe:/a:novell:suse_linux:11:kernel-default-man", "p-cpe:/a:novell:suse_linux:11:kernel-ec2", "p-cpe:/a:novell:suse_linux:11:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:11:kernel-ec2-devel", "p-cpe:/a:novell:suse_linux:11:kernel-pae", "p-cpe:/a:novell:suse_linux:11:kernel-pae-base", "p-cpe:/a:novell:suse_linux:11:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:11:kernel-pae-extra", "p-cpe:/a:novell:suse_linux:11:kernel-source", "p-cpe:/a:novell:suse_linux:11:kernel-syms", "p-cpe:/a:novell:suse_linux:11:kernel-trace", "p-cpe:/a:novell:suse_linux:11:kernel-trace-base", "p-cpe:/a:novell:suse_linux:11:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:11:kernel-xen", "p-cpe:/a:novell:suse_linux:11:kernel-xen-base", "p-cpe:/a:novell:suse_linux:11:kernel-xen-devel", "p-cpe:/a:novell:suse_linux:11:kernel-xen-extra", "p-cpe:/a:novell:suse_linux:11:xen-kmp-default", "p-cpe:/a:novell:suse_linux:11:xen-kmp-pae", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_KERNEL-140709.NASL", "href": "https://www.tenable.com/plugins/nessus/76557", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76557);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-2372\", \"CVE-2013-2929\", \"CVE-2013-4299\", \"CVE-2013-4579\", \"CVE-2013-6382\", \"CVE-2013-7339\", \"CVE-2014-0055\", \"CVE-2014-0077\", \"CVE-2014-0101\", \"CVE-2014-0131\", \"CVE-2014-0155\", \"CVE-2014-1444\", \"CVE-2014-1445\", \"CVE-2014-1446\", \"CVE-2014-1874\", \"CVE-2014-2309\", \"CVE-2014-2523\", \"CVE-2014-2678\", \"CVE-2014-2851\", \"CVE-2014-3122\", \"CVE-2014-3144\", \"CVE-2014-3145\", \"CVE-2014-3917\", \"CVE-2014-4508\", \"CVE-2014-4652\", \"CVE-2014-4653\", \"CVE-2014-4654\", \"CVE-2014-4655\", \"CVE-2014-4656\", \"CVE-2014-4699\");\n\n script_name(english:\"SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 9488 / 9491 / 9493)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to\nfix various bugs and security issues.\n\nThe following security bugs have been fixed :\n\n - The rds_ib_xmit function in net/rds/ib_send.c in the\n Reliable Datagram Sockets (RDS) protocol implementation\n in the Linux kernel 3.7.4 and earlier allows local users\n to cause a denial of service (BUG_ON and kernel panic)\n by establishing an RDS connection with the source IP\n address equal to the IPoIB interfaces own IP address, as\n demonstrated by rds-ping. (bnc#767610). (CVE-2012-2372)\n\n - The Linux kernel before 3.12.2 does not properly use the\n get_dumpable function, which allows local users to\n bypass intended ptrace restrictions or obtain sensitive\n information from IA64 scratch registers via a crafted\n application, related to kernel/ptrace.c and\n arch/ia64/include/asm/processor.h. (bnc#847652).\n (CVE-2013-2929)\n\n - Interpretation conflict in\n drivers/md/dm-snap-persistent.c in the Linux kernel\n through 3.11.6 allows remote authenticated users to\n obtain sensitive information or modify data via a\n crafted mapping to a snapshot block device.\n (bnc#846404). (CVE-2013-4299)\n\n - The ath9k_htc_set_bssid_mask function in\n drivers/net/wireless/ath/ath9k/htc_drv_main.c in the\n Linux kernel through 3.12 uses a BSSID masking approach\n to determine the set of MAC addresses on which a Wi-Fi\n device is listening, which allows remote attackers to\n discover the original MAC address after spoofing by\n sending a series of packets to MAC addresses with\n certain bit manipulations. (bnc#851426). (CVE-2013-4579)\n\n - Multiple buffer underflows in the XFS implementation in\n the Linux kernel through 3.12.1 allow local users to\n cause a denial of service (memory corruption) or\n possibly have unspecified other impact by leveraging the\n CAP_SYS_ADMIN capability for a (1)\n XFS_IOC_ATTRLIST_BY_HANDLE or (2)\n XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted\n length value, related to the xfs_attrlist_by_handle\n function in fs/xfs/xfs_ioctl.c and the\n xfs_compat_attrlist_by_handle function in\n fs/xfs/xfs_ioctl32.c. (bnc#852553). (CVE-2013-6382)\n\n - The rds_ib_laddr_check function in net/rds/ib.c in the\n Linux kernel before 3.12.8 allows local users to cause a\n denial of service (NULL pointer dereference and system\n crash) or possibly have unspecified other impact via a\n bind system call for an RDS socket on a system that\n lacks RDS transports. (bnc#869563). (CVE-2013-7339)\n\n - The get_rx_bufs function in drivers/vhost/net.c in the\n vhost-net subsystem in the Linux kernel package before\n 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6\n does not properly handle vhost_get_vq_desc errors, which\n allows guest OS users to cause a denial of service (host\n OS crash) via unspecified vectors. (bnc#870173).\n (CVE-2014-0055)\n\n - drivers/vhost/net.c in the Linux kernel before 3.13.10,\n when mergeable buffers are disabled, does not properly\n validate packet lengths, which allows guest OS users to\n cause a denial of service (memory corruption and host OS\n crash) or possibly gain privileges on the host OS via\n crafted packets, related to the handle_rx and\n get_rx_bufs functions. (bnc#870576). (CVE-2014-0077)\n\n - The sctp_sf_do_5_1D_ce function in\n net/sctp/sm_statefuns.c in the Linux kernel through\n 3.13.6 does not validate certain auth_enable and\n auth_capable fields before making an\n sctp_sf_authenticate call, which allows remote attackers\n to cause a denial of service (NULL pointer dereference\n and system crash) via an SCTP handshake with a modified\n INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO\n chunk. (bnc#866102). (CVE-2014-0101)\n\n - Use-after-free vulnerability in the skb_segment function\n in net/core/skbuff.c in the Linux kernel through 3.13.6\n allows attackers to obtain sensitive information from\n kernel memory by leveraging the absence of a certain\n orphaning operation. (bnc#867723). (CVE-2014-0131)\n\n - The ioapic_deliver function in virt/kvm/ioapic.c in the\n Linux kernel through 3.14.1 does not properly validate\n the kvm_irq_delivery_to_apic return value, which allows\n guest OS users to cause a denial of service (host OS\n crash) via a crafted entry in the redirection table of\n an I/O APIC. NOTE: the affected code was moved to the\n ioapic_service function before the vulnerability was\n announced. (bnc#872540). (CVE-2014-0155)\n\n - The fst_get_iface function in drivers/net/wan/farsync.c\n in the Linux kernel before 3.11.7 does not properly\n initialize a certain data structure, which allows local\n users to obtain sensitive information from kernel memory\n by leveraging the CAP_NET_ADMIN capability for an\n SIOCWANDEV ioctl call. (bnc#858869). (CVE-2014-1444)\n\n - The wanxl_ioctl function in drivers/net/wan/wanxl.c in\n the Linux kernel before 3.11.7 does not properly\n initialize a certain data structure, which allows local\n users to obtain sensitive information from kernel memory\n via an ioctl call. (bnc#858870). (CVE-2014-1445)\n\n - The yam_ioctl function in drivers/net/hamradio/yam.c in\n the Linux kernel before 3.12.8 does not initialize a\n certain structure member, which allows local users to\n obtain sensitive information from kernel memory by\n leveraging the CAP_NET_ADMIN capability for an\n SIOCYAMGCFG ioctl call. (bnc#858872). (CVE-2014-1446)\n\n - The security_context_to_sid_core function in\n security/selinux/ss/services.c in the Linux kernel\n before 3.13.4 allows local users to cause a denial of\n service (system crash) by leveraging the CAP_MAC_ADMIN\n capability to set a zero-length security context.\n (bnc#863335). (CVE-2014-1874)\n\n - The ip6_route_add function in net/ipv6/route.c in the\n Linux kernel through 3.13.6 does not properly count the\n addition of routes, which allows remote attackers to\n cause a denial of service (memory consumption) via a\n flood of ICMPv6 Router Advertisement packets.\n (bnc#867531). (CVE-2014-2309)\n\n - net/netfilter/nf_conntrack_proto_dccp.c in the Linux\n kernel through 3.13.6 uses a DCCP header pointer\n incorrectly, which allows remote attackers to cause a\n denial of service (system crash) or possibly execute\n arbitrary code via a DCCP packet that triggers a call to\n the (1) dccp_new, (2) dccp_packet, or (3) dccp_error\n function. (bnc#868653). (CVE-2014-2523)\n\n - The rds_iw_laddr_check function in net/rds/iw.c in the\n Linux kernel through 3.14 allows local users to cause a\n denial of service (NULL pointer dereference and system\n crash) or possibly have unspecified other impact via a\n bind system call for an RDS socket on a system that\n lacks RDS transports. (bnc#871561). (CVE-2014-2678)\n\n - Integer overflow in the ping_init_sock function in\n net/ipv4/ping.c in the Linux kernel through 3.14.1\n allows local users to cause a denial of service\n (use-after-free and system crash) or possibly gain\n privileges via a crafted application that leverages an\n improperly managed reference counter. (bnc#873374).\n (CVE-2014-2851)\n\n - The try_to_unmap_cluster function in mm/rmap.c in the\n Linux kernel before 3.14.3 does not properly consider\n which pages must be locked, which allows local users to\n cause a denial of service (system crash) by triggering a\n memory-usage pattern that requires removal of page-table\n mappings. (bnc#876102). (CVE-2014-3122)\n\n - The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST\n extension implementations in the sk_run_filter function\n in net/core/filter.c in the Linux kernel through 3.14.3\n do not check whether a certain length value is\n sufficiently large, which allows local users to cause a\n denial of service (integer underflow and system crash)\n via crafted BPF instructions. NOTE: the affected code\n was moved to the __skb_get_nlattr and\n __skb_get_nlattr_nest functions before the vulnerability\n was announced. (bnc#877257). (CVE-2014-3144)\n\n - The BPF_S_ANC_NLATTR_NEST extension implementation in\n the sk_run_filter function in net/core/filter.c in the\n Linux kernel through 3.14.3 uses the reverse order in a\n certain subtraction, which allows local users to cause a\n denial of service (over-read and system crash) via\n crafted BPF instructions. NOTE: the affected code was\n moved to the __skb_get_nlattr_nest function before the\n vulnerability was announced. (bnc#877257).\n (CVE-2014-3145)\n\n - kernel/auditsc.c in the Linux kernel through 3.14.5,\n when CONFIG_AUDITSYSCALL is enabled with certain syscall\n rules, allows local users to obtain potentially\n sensitive single-bit values from kernel memory or cause\n a denial of service (OOPS) via a large value of a\n syscall number. (bnc#880484). (CVE-2014-3917)\n\n - arch/x86/kernel/entry_32.S in the Linux kernel through\n 3.15.1 on 32-bit x86 platforms, when syscall auditing is\n enabled and the sep CPU feature flag is set, allows\n local users to cause a denial of service (OOPS and\n system crash) via an invalid syscall number, as\n demonstrated by number. (CVE-2014-4508)\n\n -. (bnc#883724)\n\n - Race condition in the tlv handler functionality in the\n snd_ctl_elem_user_tlv function in sound/core/control.c\n in the ALSA control implementation in the Linux kernel\n before 3.15.2 allows local users to obtain sensitive\n information from kernel memory by leveraging\n /dev/snd/controlCX access. (bnc#883795). (CVE-2014-4652)\n\n - sound/core/control.c in the ALSA control implementation\n in the Linux kernel before 3.15.2 does not ensure\n possession of a read/write lock, which allows local\n users to cause a denial of service (use-after-free) and\n obtain sensitive information from kernel memory by\n leveraging /dev/snd/controlCX access. (bnc#883795).\n (CVE-2014-4653)\n\n - The snd_ctl_elem_add function in sound/core/control.c in\n the ALSA control implementation in the Linux kernel\n before 3.15.2 does not check authorization for\n SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allows\n local users to remove kernel controls and cause a denial\n of service (use-after-free and system crash) by\n leveraging /dev/snd/controlCX access for an ioctl call.\n (bnc#883795). (CVE-2014-4654)\n\n - The snd_ctl_elem_add function in sound/core/control.c in\n the ALSA control implementation in the Linux kernel\n before 3.15.2 does not properly maintain the\n user_ctl_count value, which allows local users to cause\n a denial of service (integer overflow and limit bypass)\n by leveraging /dev/snd/controlCX access for a large\n number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls.\n (bnc#883795). (CVE-2014-4655)\n\n - Multiple integer overflows in sound/core/control.c in\n the ALSA control implementation in the Linux kernel\n before 3.15.2 allow local users to cause a denial of\n service by leveraging /dev/snd/controlCX access, related\n to (1) index values in the snd_ctl_add function and (2)\n numid values in the snd_ctl_remove_numid_conflict\n function. (bnc#883795). (CVE-2014-4656)\n\n - The Linux kernel before 3.15.4 on Intel processors does\n not properly restrict use of a non-canonical value for\n the saved RIP address in the case of a system call that\n does not use IRET, which allows local users to leverage\n a race condition and gain privileges, or cause a denial\n of service (double fault), via a crafted application\n that makes ptrace and fork system calls. (bnc#885725).\n (CVE-2014-4699)\n\nAlso the following non-security bugs have been fixed :\n\n - kernel: avoid page table walk on user space access\n (bnc#878407, LTC#110316).\n\n - spinlock: fix system hang with spin_retry <= 0\n (bnc#874145, LTC#110189).\n\n - x86/UV: Set n_lshift based on GAM_GR_CONFIG MMR for UV3.\n (bnc#876176)\n\n - x86: Enable multiple CPUs in crash kernel. (bnc#846690)\n\n - x86/mce: Fix CMCI preemption bugs. (bnc#786450)\n\n - x86, CMCI: Add proper detection of end of CMCI storms.\n (bnc#786450)\n\n - futex: revert back to the explicit waiter counting code.\n (bnc#851603)\n\n - futex: avoid race between requeue and wake. (bnc#851603)\n\n - intel-iommu: fix off-by-one in pagetable freeing.\n (bnc#874577)\n\n - ia64: Change default PSR.ac from '1' to '0' (Fix erratum\n #237). (bnc#874108)\n\n - drivers/rtc/interface.c: fix infinite loop in\n initializing the alarm. (bnc#871676)\n\n - drm/ast: Fix double lock at PM resume. (bnc#883380)\n\n - drm/ast: add widescreen + rb modes from X.org driver\n (v2). (bnc#883380)\n\n - drm/ast: deal with bo reserve fail in dirty update path.\n (bnc#883380)\n\n - drm/ast: do not attempt to acquire a reservation while\n in an interrupt handler. (bnc#883380)\n\n - drm/ast: fix the ast open key function. (bnc#883380)\n\n - drm/ast: fix value check in cbr_scan2. (bnc#883380)\n\n - drm/ast: inline reservations. (bnc#883380)\n\n - drm/ast: invalidate page tables when pinning a BO.\n (bnc#883380)\n\n - drm/ast: rename the mindwm/moutdwm and deinline them.\n (bnc#883380)\n\n - drm/ast: resync the dram post code with upstream.\n (bnc#883380)\n\n - drm: ast: use drm_can_sleep. (bnc#883380)\n\n - drm/ast: use drm_modeset_lock_all. (bnc#883380)\n\n - drm/: Unified handling of unimplemented\n fb->create_handle. (bnc#883380)\n\n - drm/mgag200,ast,cirrus: fix regression with\n drm_can_sleep conversion. (bnc#883380)\n\n - drm/mgag200: Consolidate depth/bpp handling.\n (bnc#882324)\n\n - drm/ast: Initialized data needed to map fbdev memory.\n (bnc#880007)\n\n - drm/ast: add AST 2400 support. (bnc#880007)\n\n - drm/ast: Initialized data needed to map fbdev memory.\n (bnc#880007)\n\n - drm/mgag200: on cards with < 2MB VRAM default to 16-bit.\n (bnc#882324)\n\n - drm/mgag200: fix typo causing bw limits to be ignored on\n some chips. (bnc#882324)\n\n - drm/ttm: do not oops if no invalidate_caches().\n (bnc#869414)\n\n - drm/i915: Break encoder->crtc link separately in\n intel_sanitize_crtc(). (bnc#855126)\n\n - dlm: keep listening connection alive with sctp mode.\n (bnc#881939)\n\n - series.conf: Clarify comment about Xen kabi adjustments\n (bnc#876114#c25)\n\n - btrfs: fix a crash when running balance and defrag\n concurrently.\n\n - btrfs: unset DCACHE_DISCONNECTED when mounting default\n subvol. (bnc#866615)\n\n - btrfs: free delayed node outside of root->inode_lock.\n (bnc#866864)\n\n - btrfs: return EPERM when deleting a default subvolume.\n (bnc#869934)\n\n - btrfs: do not loop on large offsets in readdir.\n (bnc#863300)\n\n - sched: Consider pi boosting in setscheduler.\n\n - sched: Queue RT tasks to head when prio drops.\n\n - sched: Adjust sched_reset_on_fork when nothing else\n changes.\n\n - sched: Fix clock_gettime(CLOCK__CPUTIME_ID)\n monotonicity. (bnc#880357)\n\n - sched: Do not allow scheduler time to go backwards.\n (bnc#880357)\n\n - sched: Make scale_rt_power() deal with backward clocks.\n (bnc#865310)\n\n - sched: Use CPUPRI_NR_PRIORITIES instead of MAX_RT_PRIO\n in cpupri check. (bnc#871861)\n\n - sched: update_rq_clock() must skip ONE update.\n (bnc#869033, bnc#868528)\n\n - tcp: allow to disable cwnd moderation in TCP_CA_Loss\n state. (bnc#879921)\n\n - tcp: clear xmit timers in tcp_v4_syn_recv_sock().\n (bnc#862429)\n\n - net: add missing bh_unlock_sock() calls. (bnc#862429)\n\n - bonding: fix vlan_features computing. (bnc#872634)\n\n - vlan: more careful checksum features handling.\n (bnc#872634)\n\n - xfrm: fix race between netns cleanup and state expire\n notification. (bnc#879957)\n\n - xfrm: check peer pointer for null before calling\n inet_putpeer(). (bnc#877775)\n\n - ipv6: do not overwrite inetpeer metrics prematurely.\n (bnc#867362)\n\n - pagecachelimit: reduce lru_lock contention for heavy\n parallel kabi fixup:. (bnc#878509, bnc#864464)\n\n - pagecachelimit: reduce lru_lock contention for heavy\n parallel reclaim. (bnc#878509, bnc#864464)\n\n - TTY: serial, cleanup include file. (bnc#881571)\n\n - TTY: serial, fix includes in some drivers. (bnc#881571)\n\n - serial_core: Fix race in uart_handle_dcd_change.\n (bnc#881571)\n\n - powerpc/perf: Power8 PMU support. (bnc#832710)\n\n - powerpc/perf: Add support for SIER. (bnc#832710)\n\n - powerpc/perf: Add regs_no_sipr(). (bnc#832710)\n\n - powerpc/perf: Add an accessor for regs->result.\n (bnc#832710)\n\n - powerpc/perf: Convert mmcra_sipr/sihv() to\n regs_sipr/sihv(). (bnc#832710)\n\n - powerpc/perf: Add an explict flag indicating presence of\n SLOT field. (bnc#832710)\n\n - swiotlb: do not assume PA 0 is invalid. (bnc#865882)\n\n - lockref: implement lockless reference count updates\n using cmpxchg() (FATE#317271).\n\n - af_iucv: wrong mapping of sent and confirmed skbs\n (bnc#878407, LTC#110452).\n\n - af_iucv: recvmsg problem for SOCK_STREAM sockets\n (bnc#878407, LTC#110452).\n\n - af_iucv: fix recvmsg by replacing skb_pull() function\n (bnc#878407, LTC#110452).\n\n - qla2xxx: Poll during initialization for ISP25xx and\n ISP83xx. (bnc#837563)\n\n - qla2xxx: Fix request queue null dereference.\n (bnc#859840)\n\n - lpfc 8.3.41: Fixed SLI3 failing FCP write on\n check-condition no-sense with residual zero.\n (bnc#850915)\n\n - reiserfs: call truncate_setsize under tailpack mutex.\n (bnc#878115)\n\n - reiserfs: drop vmtruncate. (bnc#878115)\n\n - ipvs: handle IPv6 fragments with one-packet scheduling.\n (bnc#861980)\n\n - kabi: hide modifications of struct sk_buff done by\n bnc#861980 fix. (bnc#861980)\n\n - loop: remove the incorrect write_begin/write_end\n shortcut. (bnc#878123)\n\n - watchdog: hpwdt patch to display informative string.\n (bnc#862934)\n\n - watchdog: hpwdt: Patch to ignore auxilary iLO devices.\n (bnc#862934)\n\n - watchdog: hpwdt: Add check for UEFI bits. (bnc#862934)\n\n - watchdog: hpwdt.c: Increase version string. (bnc#862934)\n\n - hpilo: Correct panic when an AUX iLO is detected.\n (bnc#837563)\n\n - locking/mutexes: Introduce cancelable MCS lock for\n adaptive spinning (FATE#317271).\n\n - locking/mutexes: Modify the way optimistic spinners are\n queued (FATE#317271).\n\n - locking/mutexes: Return false if task need_resched() in\n mutex_can_spin_on_owner() (FATE#317271).\n\n - mutex: Enable the queuing of mutex spinners with MCS\n lock (FATE#317271). config: disabled on all flavors\n\n - mutex: Queue mutex spinners with MCS lock to reduce\n cacheline contention (FATE#317271).\n\n - memcg: deprecate memory.force_empty knob. (bnc#878274)\n\n - kabi: protect struct net from bnc#877013 changes.\n (bnc#877013)\n\n - netfilter: nfnetlink_queue: add net namespace support\n for nfnetlink_queue. (bnc#877013)\n\n - netfilter: make /proc/net/netfilter pernet. (bnc#877013)\n\n - netfilter: xt_hashlimit: fix proc entry leak in netns\n destroy path. (bnc#871634)\n\n - netfilter: xt_hashlimit: fix namespace destroy path.\n (bnc#871634)\n\n - netfilter: nf_queue: reject NF_STOLEN verdicts from\n userspace. (bnc#870877)\n\n - netfilter: avoid double free in nf_reinject.\n (bnc#870877)\n\n - netfilter: ctnetlink: fix race between delete and\n timeout expiration. (bnc#863410)\n\n - netfilter: reuse skb->nfct_reasm for ipvs conn\n reference. (bnc#861980)\n\n - mm: per-thread vma caching (FATE#317271). config: enable\n CONFIG_VMA_CACHE for x86_64/bigsmp\n\n - mm, hugetlb: improve page-fault scalability\n (FATE#317271).\n\n - mm: vmscan: Do not throttle based on pfmemalloc reserves\n if node has no ZONE_NORMAL. (bnc#870496)\n\n - mm: fix off-by-one bug in print_nodes_state().\n (bnc#792271)\n\n - hugetlb: ensure hugepage access is denied if hugepages\n are not supported (PowerKVM crash when mounting\n hugetlbfs without hugepage support (bnc#870498)).\n\n - SELinux: Increase ebitmap_node size for 64-bit\n configuration (FATE#317271).\n\n - SELinux: Reduce overhead of mls_level_isvalid() function\n call (FATE#317271).\n\n - mutex: Fix debug_mutexes (FATE#317271).\n\n - mutex: Fix debug checks (FATE#317271).\n\n - locking/mutexes: Unlock the mutex without the wait_lock\n (FATE#317271).\n\n - epoll: do not take the nested ep->mtx on EPOLL_CTL_DEL\n (FATE#317271).\n\n - epoll: do not take global 'epmutex' for simple\n topologies (FATE#317271).\n\n - epoll: optimize EPOLL_CTL_DEL using rcu (FATE#317271).\n\n - vfs: Fix missing unlock of vfsmount_lock in unlazy_walk.\n (bnc#880437)\n\n - dcache: kABI fixes for lockref dentries (FATE#317271).\n\n - vfs: make sure we do not have a stale root path if\n unlazy_walk() fails (FATE#317271).\n\n - vfs: fix dentry RCU to refcounting possibly sleeping\n dput() (FATE#317271).\n\n - vfs: use lockref 'dead' flag to mark unrecoverably dead\n dentries (FATE#317271).\n\n - vfs: reimplement d_rcu_to_refcount() using\n lockref_get_or_lock() (FATE#317271).\n\n - vfs: Remove second variable named error in __dentry_path\n (FATE#317271).\n\n - make prepend_name() work correctly when called with\n negative *buflen (FATE#317271).\n\n - prepend_path() needs to reinitialize dentry/vfsmount on\n restarts (FATE#317271).\n\n - dcache: get/release read lock in read_seqbegin_or_lock()\n & friend (FATE#317271).\n\n - seqlock: Add a new locking reader type (FATE#317271).\n\n - dcache: Translating dentry into pathname without taking\n rename_lock (FATE#317271).\n\n - vfs: make the dentry cache use the lockref\n infrastructure (FATE#317271).\n\n - vfs: Remove dentry->d_lock locking from\n shrink_dcache_for_umount_subtree() (FATE#317271).\n\n - vfs: use lockref_get_not_zero() for optimistic lockless\n dget_parent() (FATE#317271).\n\n - vfs: constify dentry parameter in d_count()\n (FATE#317271).\n\n - helper for reading ->d_count (FATE#317271).\n\n - lockref: use arch_mutex_cpu_relax() in CMPXCHG_LOOP()\n (FATE#317271).\n\n - lockref: allow relaxed cmpxchg64 variant for lockless\n updates (FATE#317271).\n\n - lockref: use cmpxchg64 explicitly for lockless updates\n (FATE#317271).\n\n - lockref: add ability to mark lockrefs 'dead'\n (FATE#317271).\n\n - lockref: fix docbook argument names (FATE#317271).\n\n - lockref: Relax in cmpxchg loop (FATE#317271).\n\n - lockref: implement lockless reference count updates\n using cmpxchg() (FATE#317271).\n\n - lockref: uninline lockref helper functions\n (FATE#317271).\n\n - lockref: add lockref_get_or_lock() helper (FATE#317271).\n\n - Add new lockref infrastructure reference implementation\n (FATE#317271).\n\n - vfs: make lremovexattr retry once on ESTALE error.\n (bnc#876463)\n\n - vfs: make removexattr retry once on ESTALE. (bnc#876463)\n\n - vfs: make llistxattr retry once on ESTALE error.\n (bnc#876463)\n\n - vfs: make listxattr retry once on ESTALE error.\n (bnc#876463)\n\n - vfs: make lgetxattr retry once on ESTALE. (bnc#876463)\n\n - vfs: make getxattr retry once on an ESTALE error.\n (bnc#876463)\n\n - vfs: allow lsetxattr() to retry once on ESTALE errors.\n (bnc#876463)\n\n - vfs: allow setxattr to retry once on ESTALE errors.\n (bnc#876463)\n\n - vfs: allow utimensat() calls to retry once on an ESTALE\n error. (bnc#876463)\n\n - vfs: fix user_statfs to retry once on ESTALE errors.\n (bnc#876463)\n\n - vfs: make fchownat retry once on ESTALE errors.\n (bnc#876463)\n\n - vfs: make fchmodat retry once on ESTALE errors.\n (bnc#876463)\n\n - vfs: have chroot retry once on ESTALE error.\n (bnc#876463)\n\n - vfs: have chdir retry lookup and call once on ESTALE\n error. (bnc#876463)\n\n - vfs: have faccessat retry once on an ESTALE error.\n (bnc#876463)\n\n - vfs: have do_sys_truncate retry once on an ESTALE error.\n (bnc#876463)\n\n - vfs: fix renameat to retry on ESTALE errors.\n (bnc#876463)\n\n - vfs: make do_unlinkat retry once on ESTALE errors.\n (bnc#876463)\n\n - vfs: make do_rmdir retry once on ESTALE errors.\n (bnc#876463)\n\n - vfs: fix linkat to retry once on ESTALE errors.\n (bnc#876463)\n\n - vfs: fix symlinkat to retry on ESTALE errors.\n (bnc#876463)\n\n - vfs: fix mkdirat to retry once on an ESTALE error.\n (bnc#876463)\n\n - vfs: fix mknodat to retry on ESTALE errors. (bnc#876463)\n\n - vfs: add a flags argument to user_path_parent.\n (bnc#876463)\n\n - vfs: fix readlinkat to retry on ESTALE. (bnc#876463)\n\n - vfs: make fstatat retry on ESTALE errors from getattr\n call. (bnc#876463)\n\n - vfs: add a retry_estale helper function to handle\n retries on ESTALE. (bnc#876463)\n\n - crypto: s390 - fix aes,des ctr mode concurrency finding\n (bnc#874145, LTC#110078).\n\n - s390/cio: fix unlocked access of global bitmap\n (bnc#874145, LTC#109378).\n\n - s390/css: stop stsch loop after cc 3 (bnc#874145,\n LTC#109378).\n\n - s390/pci: add kmsg man page (bnc#874145, LTC#109224).\n\n - s390/pci/dma: use correct segment boundary size\n (bnc#866081, LTC#104566).\n\n - cio: Fix missing subchannels after CHPID configure on\n (bnc#866081, LTC#104808).\n\n - cio: Fix process hangs during subchannel scan\n (bnc#866081, LTC#104805).\n\n - cio: fix unusable device (bnc#866081, LTC#104168).\n\n - qeth: postpone freeing of qdio memory (bnc#874145,\n LTC#107873).\n\n - Fix race between starved list and device removal.\n (bnc#861636)\n\n - namei.h: include errno.h. (bnc#876463)\n\n - ALSA: hda - Implement bind mixer ctls for Conexant.\n (bnc#872188)\n\n - ALSA: hda - Fix invalid Auto-Mute Mode enum from cxt\n codecs. (bnc#872188)\n\n - ALSA: hda - Fix conflicting Capture Source on cxt\n codecs. (bnc#872188)\n\n - ALSA: usb-audio: Fix NULL dereference while quick\n replugging. (bnc#870335)\n\n - powerpc: Bring all threads online prior to\n migration/hibernation. (bnc#870591)\n\n - powerpc/pseries: Update dynamic cache nodes for\n suspend/resume operation. (bnc#873463)\n\n - powerpc/pseries: Device tree should only be updated once\n after suspend/migrate. (bnc#873463)\n\n - powerpc/pseries: Expose in kernel device tree update to\n drmgr. (bnc#873463)\n\n - powerpc: Add second POWER8 PVR entry. (bnc#874440)\n\n - libata/ahci: accommodate tag ordered controllers.\n (bnc#871728)\n\n - md: try to remove cause of a spinning md thread.\n (bnc#875386)\n\n - md: fix up plugging (again). (bnc#866800)\n\n - NFSv4: Fix a reboot recovery race when opening a file.\n (bnc#864404)\n\n - NFSv4: Ensure delegation recall and byte range lock\n removal do not conflict. (bnc#864404)\n\n - NFSv4: Fix up the return values of\n nfs4_open_delegation_recall. (bnc#864404)\n\n - NFSv4.1: Do not lose locks when a server reboots during\n delegation return. (bnc#864404)\n\n - NFSv4.1: Prevent deadlocks between state recovery and\n file locking. (bnc#864404)\n\n - NFSv4: Allow the state manager to mark an open_owner as\n being recovered. (bnc#864404)\n\n - NFS: nfs_inode_return_delegation() should always flush\n dirty data. (bnc#864404)\n\n - NFSv4: nfs_client_return_marked_delegations cannot flush\n data. (bnc#864404)\n\n - NFS: avoid excessive GETATTR request when attributes\n expired but cached directory is valid. (bnc#857926)\n\n - seqlock: add 'raw_seqcount_begin()' function.\n (bnc#864404)\n\n - Allow nfsdv4 to work when fips=1. (bnc#868488)\n\n - NFSv4: Add ACCESS operation to OPEN compound.\n (bnc#870958)\n\n - NFSv4: Fix unnecessary delegation returns in\n nfs4_do_open. (bnc#870958)\n\n - NFSv4: The NFSv4.0 client must send RENEW calls if it\n holds a delegation. (bnc#863873)\n\n - NFSv4: nfs4_proc_renew should be declared static.\n (bnc#863873)\n\n - NFSv4: do not put ACCESS in OPEN compound if O_EXCL.\n (bnc#870958)\n\n - NFS: revalidate on open if dcache is negative.\n (bnc#876463)\n\n - NFSD add module parameter to disable delegations.\n (bnc#876463)\n\n - Do not lose sockets when nfsd shutdown races with\n connection timeout. (bnc#871854)\n\n - timer: Prevent overflow in apply_slack. (bnc#873061)\n\n - mei: me: do not load the driver if the FW does not\n support MEI interface. (bnc#821619)\n\n - ipmi: Reset the KCS timeout when starting error\n recovery. (bnc#870618)\n\n - ipmi: Fix a race restarting the timer. (bnc#870618)\n\n - ipmi: increase KCS timeouts. (bnc#870618)\n\n - bnx2x: Fix kernel crash and data miscompare after EEH\n recovery. (bnc#881761)\n\n - bnx2x: Adapter not recovery from EEH error injection.\n (bnc#881761)\n\n - kabi: hide modifications of struct inet_peer done by\n bnc#867953 fix. (bnc#867953)\n\n - inetpeer: prevent unlinking from unused list twice.\n (bnc#867953)\n\n - Ignore selected taints for tracepoint modules\n (bnc#870450, FATE#317134).\n\n - Use 'E' instead of 'X' for unsigned module taint flag\n (bnc#870450,FATE#317134).\n\n - Fix: module signature vs tracepoints: add new\n TAINT_UNSIGNED_MODULE (bnc#870450,FATE#317134).\n\n - xhci: extend quirk for Renesas cards. (bnc#877497)\n\n - scsi: return target failure on EMC inactive snapshot.\n (bnc#840524)\n\n - virtio_balloon: do not softlockup on huge balloon\n changes. (bnc#871899)\n\n - ch: add refcounting. (bnc#867517)\n\n - storvsc: NULL pointer dereference fix. (bnc#865330)\n\n - Unlock the rename_lock in dentry_path() in the case when\n path is too long. (bnc#868748)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=767610\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=786450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=792271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=821619\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=832710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=837563\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=840524\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=846404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=846690\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=847652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=850915\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=851426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=851603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=852553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=855126\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=857926\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=858869\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=858870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=858872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=859840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=861636\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=861980\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=862429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=862934\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=863300\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=863335\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=863410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=863873\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=864404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=864464\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=865310\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=865330\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=865882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=866081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=866102\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=866615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=866800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=866864\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=867362\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=867517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=867531\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=867723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=867953\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=868488\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=868528\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=868653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=868748\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=869033\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=869414\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=869563\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=869934\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=870173\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=870335\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=870450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=870496\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=870498\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=870576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=870591\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=870618\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=870877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=870958\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=871561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=871634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=871676\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=871728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=871854\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=871861\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=871899\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=872188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=872540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=872634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=873061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=873374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=873463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=874108\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=874145\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=874440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=874577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=875386\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=876102\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=876114\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=876176\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=876463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=877013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=877257\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=877497\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=877775\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=878115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=878123\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=878274\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=878407\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=878509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=879921\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=879957\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=880007\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=880357\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=880437\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=880484\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=881571\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=881761\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=881939\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=882324\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=883380\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=883795\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=885725\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-2372.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2929.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4299.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4579.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6382.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-7339.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0055.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0077.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0101.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0131.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0155.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1444.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1445.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1446.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1874.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-2309.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-2523.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-2678.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-2851.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-3122.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-3144.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-3145.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-3917.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-4508.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-4652.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-4653.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-4654.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-4655.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-4656.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-4699.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 9488 / 9491 / 9493 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-default-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-default-base-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-default-devel-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-default-extra-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-pae-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-pae-extra-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-source-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-syms-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-trace-devel-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-xen-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-xen-extra-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"xen-kmp-default-4.2.4_02_3.0.101_0.35-0.7.45\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"xen-kmp-pae-4.2.4_02_3.0.101_0.35-0.7.45\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kernel-default-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kernel-default-base-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kernel-default-devel-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kernel-default-extra-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kernel-source-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kernel-syms-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kernel-trace-devel-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kernel-xen-extra-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"xen-kmp-default-4.2.4_02_3.0.101_0.35-0.7.45\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"kernel-default-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"kernel-default-base-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"kernel-default-devel-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"kernel-source-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"kernel-syms-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"kernel-trace-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"kernel-trace-base-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"kernel-trace-devel-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"kernel-ec2-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"kernel-ec2-base-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"kernel-ec2-devel-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"kernel-pae-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"kernel-xen-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"xen-kmp-default-4.2.4_02_3.0.101_0.35-0.7.45\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"xen-kmp-pae-4.2.4_02_3.0.101_0.35-0.7.45\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"kernel-default-man-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"kernel-ec2-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"kernel-ec2-base-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"xen-kmp-default-4.2.4_02_3.0.101_0.35-0.7.45\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-01T02:11:58", "description": "The SUSE Linux Enterprise 10 SP4 LTSS kernel was updated to receive various security and bugfixes.\n\nThe following security bugs have been fixed :\n\nCVE-2015-2041: A information leak in the llc2_timeout_table was fixed (bnc#919007).\n\nCVE-2014-9322: arch/x86/kernel/entry_64.S in the Linux kernel did not properly handle faults associated with the Stack Segment (SS) segment register, which allowed local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space (bnc#910251).\n\nCVE-2014-9090: The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel did not properly handle faults associated with the Stack Segment (SS) segment register, which allowed local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the 1-clock-tests test suite (bnc#907818).\n\nCVE-2014-4667: The sctp_association_free function in net/sctp/associola.c in the Linux kernel did not properly manage a certain backlog value, which allowed remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet (bnc#885422).\n\nCVE-2014-3673: The SCTP implementation in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (bnc#902346).\n\nCVE-2014-3185: Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel allowed physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response (bnc#896391).\n\nCVE-2014-3184: The report_fixup functions in the HID subsystem in the Linux kernel might have allowed physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c (bnc#896390).\n\nCVE-2014-1874: The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel allowed local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context (bnc#863335).\n\nCVE-2014-0181: The Netlink implementation in the Linux kernel did not provide a mechanism for authorizing socket operations based on the opener of a socket, which allowed local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program (bnc#875051).\n\nCVE-2013-4299: Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel allowed remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device (bnc#846404).\n\nCVE-2013-2147: The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel did not initialize certain data structures, which allowed local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c (bnc#823260).\n\nCVE-2012-6657: The sock_setsockopt function in net/core/sock.c in the Linux kernel did not ensure that a keepalive action is associated with a stream socket, which allowed local users to cause a denial of service (system crash) by leveraging the ability to create a raw socket (bnc#896779).\n\nCVE-2012-3400: Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel allowed remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem (bnc#769784).\n\nCVE-2012-2319: Multiple buffer overflows in the hfsplus filesystem implementation in the Linux kernel allowed local users to gain privileges via a crafted HFS plus filesystem, a related issue to CVE-2009-4020 (bnc#760902).\n\nCVE-2012-2313: The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel did not restrict access to the SIOCSMIIREG command, which allowed local users to write data to an Ethernet adapter via an ioctl call (bnc#758813).\n\nCVE-2011-4132: The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel 2.6 allowed local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4 image with an 'invalid log first block value' (bnc#730118).\n\nCVE-2011-4127: The Linux kernel did not properly restrict SG_IO ioctl calls, which allowed local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to (1) a partition block device or (2) an LVM volume (bnc#738400).\n\nCVE-2011-1585: The cifs_find_smb_ses function in fs/cifs/connect.c in the Linux kernel did not properly determine the associations between users and sessions, which allowed local users to bypass CIFS share authentication by leveraging a mount of a share by a different user (bnc#687812).\n\nCVE-2011-1494: Integer overflow in the _ctl_do_mpt_command function in drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel might have allowed local users to gain privileges or cause a denial of service (memory corruption) via an ioctl call specifying a crafted value that triggers a heap-based buffer overflow (bnc#685402).\n\nCVE-2011-1495: drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel did not validate (1) length and (2) offset values before performing memory copy operations, which might allow local users to gain privileges, cause a denial of service (memory corruption), or obtain sensitive information from kernel memory via a crafted ioctl call, related to the _ctl_do_mpt_command and _ctl_diag_read_buffer functions (bnc#685402).\n\nCVE-2011-1493: Array index error in the rose_parse_national function in net/rose/rose_subr.c in the Linux kernel allowed remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by composing FAC_NATIONAL_DIGIS data that specifies a large number of digipeaters, and then sending this data to a ROSE socket (bnc#681175).\n\nCVE-2011-4913: The rose_parse_ccitt function in net/rose/rose_subr.c in the Linux kernel did not validate the FAC_CCITT_DEST_NSAP and FAC_CCITT_SRC_NSAP fields, which allowed remote attackers to (1) cause a denial of service (integer underflow, heap memory corruption, and panic) via a small length value in data sent to a ROSE socket, or (2) conduct stack-based buffer overflow attacks via a large length value in data sent to a ROSE socket (bnc#681175).\n\nCVE-2011-4914: The ROSE protocol implementation in the Linux kernel did not verify that certain data-length values are consistent with the amount of data sent, which might allow remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via crafted data to a ROSE socket (bnc#681175).\n\nCVE-2011-1476: Integer underflow in the Open Sound System (OSS) subsystem in the Linux kernel on unspecified non-x86 platforms allowed local users to cause a denial of service (memory corruption) by leveraging write access to /dev/sequencer (bnc#681999).\n\nCVE-2011-1477: Multiple array index errors in sound/oss/opl3.c in the Linux kernel allowed local users to cause a denial of service (heap memory corruption) or possibly gain privileges by leveraging write access to /dev/sequencer (bnc#681999).\n\nCVE-2011-1163: The osf_partition function in fs/partitions/osf.c in the Linux kernel did not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing (bnc#679812).\n\nCVE-2011-1090: The __nfs4_proc_set_acl function in fs/nfs/nfs4proc.c in the Linux kernel stored NFSv4 ACL data in memory that is allocated by kmalloc but not properly freed, which allowed local users to cause a denial of service (panic) via a crafted attempt to set an ACL (bnc#677286).\n\nCVE-2014-9584: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel did not validate a length value in the Extensions Reference (ER) System Use Field, which allowed local users to obtain sensitive information from kernel memory via a crafted iso9660 image (bnc#912654).\n\nCVE-2014-9420: The rock_continue function in fs/isofs/rock.c in the Linux kernel did not restrict the number of Rock Ridge continuation entries, which allowed local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image (bnc#911325).\n\nCVE-2014-5471: Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel allowed local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry (bnc#892490).\n\nCVE-2014-5472: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel allowed local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry (bnc#892490).\n\nCVE-2014-3917: kernel/auditsc.c in the Linux kernel, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allowed local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number (bnc#880484).\n\nCVE-2014-4652: Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel allowed local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access (bnc#883795).\n\nCVE-2014-4654: The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel did not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allowed local users to remove kernel controls and cause a denial of service (use-after-free and system crash) by leveraging /dev/snd/controlCX access for an ioctl call (bnc#883795).\n\nCVE-2014-4655: The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel did not properly maintain the user_ctl_count value, which allowed local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls (bnc#883795).\n\nCVE-2014-4653: sound/core/control.c in the ALSA control implementation in the Linux kernel did not ensure possession of a read/write lock, which allowed local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access (bnc#883795).\n\nCVE-2014-4656: Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel allowed local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function (bnc#883795).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-05-20T00:00:00", "type": "nessus", "title": "SUSE SLES10 Security Update : kernel (SUSE-SU-2015:0812-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-4020", "CVE-2011-1090", "CVE-2011-1163", "CVE-2011-1476", "CVE-2011-1477", "CVE-2011-1493", "CVE-2011-1494", "CVE-2011-1495", "CVE-2011-1585", "CVE-2011-4127", "CVE-2011-4132", "CVE-2011-4913", "CVE-2011-4914", "CVE-2012-2313", "CVE-2012-2319", "CVE-2012-3400", "CVE-2012-6657", "CVE-2013-2147", "CVE-2013-4299", "CVE-2013-6405", "CVE-2013-6463", "CVE-2014-0181", "CVE-2014-1874", "CVE-2014-3184", "CVE-2014-3185", "CVE-2014-3673", "CVE-2014-3917", "CVE-2014-4652", "CVE-2014-4653", "CVE-2014-4654", "CVE-2014-4655", "CVE-2014-4656", "CVE-2014-4667", "CVE-2014-5471", "CVE-2014-5472", "CVE-2014-9090", "CVE-2014-9322", "CVE-2014-9420", "CVE-2014-9584", "CVE-2015-2041"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-bigsmp", "p-cpe:/a:novell:suse_linux:kernel-debug", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-kdump", "p-cpe:/a:novell:suse_linux:kernel-kdumppae", "p-cpe:/a:novell:suse_linux:kernel-smp", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-vmi", "p-cpe:/a:novell:suse_linux:kernel-vmipae", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xenpae", "cpe:/o:novell:suse_linux:10"], "id": "SUSE_SU-2015-0812-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83723", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:0812-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83723);\n script_version(\"2.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-4020\", \"CVE-2011-1090\", \"CVE-2011-1163\", \"CVE-2011-1476\", \"CVE-2011-1477\", \"CVE-2011-1493\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1585\", \"CVE-2011-4127\", \"CVE-2011-4132\", \"CVE-2011-4913\", \"CVE-2011-4914\", \"CVE-2012-2313\", \"CVE-2012-2319\", \"CVE-2012-3400\", \"CVE-2012-6657\", \"CVE-2013-2147\", \"CVE-2013-4299\", \"CVE-2013-6405\", \"CVE-2013-6463\", \"CVE-2014-0181\", \"CVE-2014-1874\", \"CVE-2014-3184\", \"CVE-2014-3185\", \"CVE-2014-3673\", \"CVE-2014-3917\", \"CVE-2014-4652\", \"CVE-2014-4653\", \"CVE-2014-4654\", \"CVE-2014-4655\", \"CVE-2014-4656\", \"CVE-2014-4667\", \"CVE-2014-5471\", \"CVE-2014-5472\", \"CVE-2014-9090\", \"CVE-2014-9322\", \"CVE-2014-9420\", \"CVE-2014-9584\", \"CVE-2015-2041\");\n script_bugtraq_id(46766, 46878, 46935, 47007, 47009, 47185, 47381, 50663, 51176, 53401, 53965, 54279, 60280, 63183, 63999, 64669, 65459, 67034, 67699, 68162, 68163, 68164, 68170, 68224, 69396, 69428, 69768, 69781, 69803, 70883, 71250, 71685, 71717, 71883, 72729);\n\n script_name(english:\"SUSE SLES10 Security Update : kernel (SUSE-SU-2015:0812-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 10 SP4 LTSS kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs have been fixed :\n\nCVE-2015-2041: A information leak in the llc2_timeout_table was fixed\n(bnc#919007).\n\nCVE-2014-9322: arch/x86/kernel/entry_64.S in the Linux kernel did not\nproperly handle faults associated with the Stack Segment (SS) segment\nregister, which allowed local users to gain privileges by triggering\nan IRET instruction that leads to access to a GS Base address from the\nwrong space (bnc#910251).\n\nCVE-2014-9090: The do_double_fault function in arch/x86/kernel/traps.c\nin the Linux kernel did not properly handle faults associated with the\nStack Segment (SS) segment register, which allowed local users to\ncause a denial of service (panic) via a modify_ldt system call, as\ndemonstrated by sigreturn_32 in the 1-clock-tests test suite\n(bnc#907818).\n\nCVE-2014-4667: The sctp_association_free function in\nnet/sctp/associola.c in the Linux kernel did not properly manage a\ncertain backlog value, which allowed remote attackers to cause a\ndenial of service (socket outage) via a crafted SCTP packet\n(bnc#885422).\n\nCVE-2014-3673: The SCTP implementation in the Linux kernel allowed\nremote attackers to cause a denial of service (system crash) via a\nmalformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and\nnet/sctp/sm_statefuns.c (bnc#902346).\n\nCVE-2014-3185: Multiple buffer overflows in the\ncommand_port_read_callback function in drivers/usb/serial/whiteheat.c\nin the Whiteheat USB Serial Driver in the Linux kernel allowed\nphysically proximate attackers to execute arbitrary code or cause a\ndenial of service (memory corruption and system crash) via a crafted\ndevice that provides a large amount of (1) EHCI or (2) XHCI data\nassociated with a bulk response (bnc#896391).\n\nCVE-2014-3184: The report_fixup functions in the HID subsystem in the\nLinux kernel might have allowed physically proximate attackers to\ncause a denial of service (out-of-bounds write) via a crafted device\nthat provides a small report descriptor, related to (1)\ndrivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3)\ndrivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5)\ndrivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c\n(bnc#896390).\n\nCVE-2014-1874: The security_context_to_sid_core function in\nsecurity/selinux/ss/services.c in the Linux kernel allowed local users\nto cause a denial of service (system crash) by leveraging the\nCAP_MAC_ADMIN capability to set a zero-length security context\n(bnc#863335).\n\nCVE-2014-0181: The Netlink implementation in the Linux kernel did not\nprovide a mechanism for authorizing socket operations based on the\nopener of a socket, which allowed local users to bypass intended\naccess restrictions and modify network configurations by using a\nNetlink socket for the (1) stdout or (2) stderr of a setuid program\n(bnc#875051).\n\nCVE-2013-4299: Interpretation conflict in\ndrivers/md/dm-snap-persistent.c in the Linux kernel allowed remote\nauthenticated users to obtain sensitive information or modify data via\na crafted mapping to a snapshot block device (bnc#846404).\n\nCVE-2013-2147: The HP Smart Array controller disk-array driver and\nCompaq SMART2 controller disk-array driver in the Linux kernel did not\ninitialize certain data structures, which allowed local users to\nobtain sensitive information from kernel memory via (1) a crafted\nIDAGETPCIINFO command for a /dev/ida device, related to the\nida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted\nCCISS_PASSTHRU32 command for a /dev/cciss device, related to the\ncciss_ioctl32_passthru function in drivers/block/cciss.c (bnc#823260).\n\nCVE-2012-6657: The sock_setsockopt function in net/core/sock.c in the\nLinux kernel did not ensure that a keepalive action is associated with\na stream socket, which allowed local users to cause a denial of\nservice (system crash) by leveraging the ability to create a raw\nsocket (bnc#896779).\n\nCVE-2012-3400: Heap-based buffer overflow in the udf_load_logicalvol\nfunction in fs/udf/super.c in the Linux kernel allowed remote\nattackers to cause a denial of service (system crash) or possibly have\nunspecified other impact via a crafted UDF filesystem (bnc#769784).\n\nCVE-2012-2319: Multiple buffer overflows in the hfsplus filesystem\nimplementation in the Linux kernel allowed local users to gain\nprivileges via a crafted HFS plus filesystem, a related issue to\nCVE-2009-4020 (bnc#760902).\n\nCVE-2012-2313: The rio_ioctl function in\ndrivers/net/ethernet/dlink/dl2k.c in the Linux kernel did not restrict\naccess to the SIOCSMIIREG command, which allowed local users to write\ndata to an Ethernet adapter via an ioctl call (bnc#758813).\n\nCVE-2011-4132: The cleanup_journal_tail function in the Journaling\nBlock Device (JBD) functionality in the Linux kernel 2.6 allowed local\nusers to cause a denial of service (assertion error and kernel oops)\nvia an ext3 or ext4 image with an 'invalid log first block value'\n(bnc#730118).\n\nCVE-2011-4127: The Linux kernel did not properly restrict SG_IO ioctl\ncalls, which allowed local users to bypass intended restrictions on\ndisk read and write operations by sending a SCSI command to (1) a\npartition block device or (2) an LVM volume (bnc#738400).\n\nCVE-2011-1585: The cifs_find_smb_ses function in fs/cifs/connect.c in\nthe Linux kernel did not properly determine the associations between\nusers and sessions, which allowed local users to bypass CIFS share\nauthentication by leveraging a mount of a share by a different user\n(bnc#687812).\n\nCVE-2011-1494: Integer overflow in the _ctl_do_mpt_command function in\ndrivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel might have\nallowed local users to gain privileges or cause a denial of service\n(memory corruption) via an ioctl call specifying a crafted value that\ntriggers a heap-based buffer overflow (bnc#685402).\n\nCVE-2011-1495: drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel\ndid not validate (1) length and (2) offset values before performing\nmemory copy operations, which might allow local users to gain\nprivileges, cause a denial of service (memory corruption), or obtain\nsensitive information from kernel memory via a crafted ioctl call,\nrelated to the _ctl_do_mpt_command and _ctl_diag_read_buffer functions\n(bnc#685402).\n\nCVE-2011-1493: Array index error in the rose_parse_national function\nin net/rose/rose_subr.c in the Linux kernel allowed remote attackers\nto cause a denial of service (heap memory corruption) or possibly have\nunspecified other impact by composing FAC_NATIONAL_DIGIS data that\nspecifies a large number of digipeaters, and then sending this data to\na ROSE socket (bnc#681175).\n\nCVE-2011-4913: The rose_parse_ccitt function in net/rose/rose_subr.c\nin the Linux kernel did not validate the FAC_CCITT_DEST_NSAP and\nFAC_CCITT_SRC_NSAP fields, which allowed remote attackers to (1) cause\na denial of service (integer underflow, heap memory corruption, and\npanic) via a small length value in data sent to a ROSE socket, or (2)\nconduct stack-based buffer overflow attacks via a large length value\nin data sent to a ROSE socket (bnc#681175).\n\nCVE-2011-4914: The ROSE protocol implementation in the Linux kernel\ndid not verify that certain data-length values are consistent with the\namount of data sent, which might allow remote attackers to obtain\nsensitive information from kernel memory or cause a denial of service\n(out-of-bounds read) via crafted data to a ROSE socket (bnc#681175).\n\nCVE-2011-1476: Integer underflow in the Open Sound System (OSS)\nsubsystem in the Linux kernel on unspecified non-x86 platforms allowed\nlocal users to cause a denial of service (memory corruption) by\nleveraging write access to /dev/sequencer (bnc#681999).\n\nCVE-2011-1477: Multiple array index errors in sound/oss/opl3.c in the\nLinux kernel allowed local users to cause a denial of service (heap\nmemory corruption) or possibly gain privileges by leveraging write\naccess to /dev/sequencer (bnc#681999).\n\nCVE-2011-1163: The osf_partition function in fs/partitions/osf.c in\nthe Linux kernel did not properly handle an invalid number of\npartitions, which might allow local users to obtain potentially\nsensitive information from kernel heap memory via vectors related to\npartition-table parsing (bnc#679812).\n\nCVE-2011-1090: The __nfs4_proc_set_acl function in fs/nfs/nfs4proc.c\nin the Linux kernel stored NFSv4 ACL data in memory that is allocated\nby kmalloc but not properly freed, which allowed local users to cause\na denial of service (panic) via a crafted attempt to set an ACL\n(bnc#677286).\n\nCVE-2014-9584: The parse_rock_ridge_inode_internal function in\nfs/isofs/rock.c in the Linux kernel did not validate a length value in\nthe Extensions Reference (ER) System Use Field, which allowed local\nusers to obtain sensitive information from kernel memory via a crafted\niso9660 image (bnc#912654).\n\nCVE-2014-9420: The rock_continue function in fs/isofs/rock.c in the\nLinux kernel did not restrict the number of Rock Ridge continuation\nentries, which allowed local users to cause a denial of service\n(infinite loop, and system crash or hang) via a crafted iso9660 image\n(bnc#911325).\n\nCVE-2014-5471: Stack consumption vulnerability in the\nparse_rock_ridge_inode_internal function in fs/isofs/rock.c in the\nLinux kernel allowed local users to cause a denial of service\n(uncontrolled recursion, and system crash or reboot) via a crafted\niso9660 image with a CL entry referring to a directory entry that has\na CL entry (bnc#892490).\n\nCVE-2014-5472: The parse_rock_ridge_inode_internal function in\nfs/isofs/rock.c in the Linux kernel allowed local users to cause a\ndenial of service (unkillable mount process) via a crafted iso9660\nimage with a self-referential CL entry (bnc#892490).\n\nCVE-2014-3917: kernel/auditsc.c in the Linux kernel, when\nCONFIG_AUDITSYSCALL is enabled with certain syscall rules, allowed\nlocal users to obtain potentially sensitive single-bit values from\nkernel memory or cause a denial of service (OOPS) via a large value of\na syscall number (bnc#880484).\n\nCVE-2014-4652: Race condition in the tlv handler functionality in the\nsnd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA\ncontrol implementation in the Linux kernel allowed local users to\nobtain sensitive information from kernel memory by leveraging\n/dev/snd/controlCX access (bnc#883795).\n\nCVE-2014-4654: The snd_ctl_elem_add function in sound/core/control.c\nin the ALSA control implementation in the Linux kernel did not check\nauthorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allowed\nlocal users to remove kernel controls and cause a denial of service\n(use-after-free and system crash) by leveraging /dev/snd/controlCX\naccess for an ioctl call (bnc#883795).\n\nCVE-2014-4655: The snd_ctl_elem_add function in sound/core/control.c\nin the ALSA control implementation in the Linux kernel did not\nproperly maintain the user_ctl_count value, which allowed local users\nto cause a denial of service (integer overflow and limit bypass) by\nleveraging /dev/snd/controlCX access for a large number of\nSNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls (bnc#883795).\n\nCVE-2014-4653: sound/core/control.c in the ALSA control implementation\nin the Linux kernel did not ensure possession of a read/write lock,\nwhich allowed local users to cause a denial of service\n(use-after-free) and obtain sensitive information from kernel memory\nby leveraging /dev/snd/controlCX access (bnc#883795).\n\nCVE-2014-4656: Multiple integer overflows in sound/core/control.c in\nthe ALSA control implementation in the Linux kernel allowed local\nusers to cause a denial of service by leveraging /dev/snd/controlCX\naccess, related to (1) index values in the snd_ctl_add function and\n(2) numid values in the snd_ctl_remove_numid_conflict function\n(bnc#883795).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=677286\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=679812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=681175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=681999\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=683282\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=685402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=687812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=730118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=730200\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=738400\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=758813\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=760902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=769784\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=823260\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=846404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=853040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=854722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=863335\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=874307\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=875051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=880484\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=883223\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=883795\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=885422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=891844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=892490\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=896390\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=896391\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=896779\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=902346\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=907818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=908382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=910251\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=911325\"\n );\n # https://download.suse.com/patch/finder/?keywords=15c960abc4733df91b510dfe4ba2ac6d\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0c2a8dc0\"\n );\n # https://download.suse.com/patch/finder/?keywords=2a99948c9c3be4a024a9fa4d408002be\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bb8d1095\"\n );\n # https://download.suse.com/patch/finder/?keywords=53c468d2b277f3335fcb5ddb08bda2e4\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0e08f301\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2011-1090/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2011-1163/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2011-1476/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2011-1477/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2011-1493/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2011-1494/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2011-1495/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2011-1585/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2011-4127/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2011-4132/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2011-4913/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2011-4914/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2012-2313/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2012-2319/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2012-3400/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2012-6657/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-2147/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-4299/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-6405/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-6463/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-0181/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-1874/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-3184/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-3185/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-3673/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-3917/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-4652/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-4653/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-4654/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-4655/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-4656/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-4667/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-5471/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-5472/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9090/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9322/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9420/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9584/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-2041/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20150812-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0e1e8d12\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected kernel packages\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigsmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kdumppae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vmi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vmipae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xenpae\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/12/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES10)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES10\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES10\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES10 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.16.60-0.132.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-kdump-2.6.16.60-0.132.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-smp-2.6.16.60-0.132.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-2.6.16.60-0.132.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-bigsmp-2.6.16.60-0.132.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-kdumppae-2.6.16.60-0.132.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-vmi-2.6.16.60-0.132.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-vmipae-2.6.16.60-0.132.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xenpae-2.6.16.60-0.132.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"kernel-default-2.6.16.60-0.132.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"kernel-source-2.6.16.60-0.132.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"kernel-syms-2.6.16.60-0.132.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"i586\", reference:\"kernel-debug-2.6.16.60-0.132.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"i586\", reference:\"kernel-kdump-2.6.16.60-0.132.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"i586\", reference:\"kernel-smp-2.6.16.60-0.132.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-2.6.16.60-0.132.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"i586\", reference:\"kernel-bigsmp-2.6.16.60-0.132.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"i586\", reference:\"kernel-kdumppae-2.6.16.60-0.132.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"i586\", reference:\"kernel-vmi-2.6.16.60-0.132.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"i586\", reference:\"kernel-vmipae-2.6.16.60-0.132.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xenpae-2.6.16.60-0.132.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "ubuntu": [{"lastseen": "2022-01-04T12:53:15", "description": "An information leak was discovered in the Linux kernel when built with the \nNetFilter Connection Tracking (NF_CONNTRACK) support for IRC protocol \n(NF_NAT_IRC). A remote attacker could exploit this flaw to obtain \npotentially sensitive kernel information when communicating over a client- \nto-client IRC connection(/dcc) via a NAT-ed network. (CVE-2014-1690)\n\nMatthew Thode reported a denial of service vulnerability in the Linux \nkernel when SELinux support is enabled. A local user with the CAP_MAC_ADMIN \ncapability (and the SELinux mac_admin permission if running in enforcing \nmode) could exploit this flaw to cause a denial of service (kernel crash). \n(CVE-2014-1874)\n\nAn information leak was discovered in the Linux kernel's NFS filesystem. A \nlocal users with write access to an NFS share could exploit this flaw to \nobtain potential sensative information from kernel memory. (CVE-2014-2038)\n", "cvss3": {}, "published": "2014-03-07T00:00:00", "type": "ubuntu", "title": "Linux kernel (Saucy HWE) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-2038", "CVE-2014-1690", "CVE-2014-1874"], "modified": "2014-03-07T00:00:00", "id": "USN-2137-1", "href": "https://ubuntu.com/security/notices/USN-2137-1", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-01-04T12:52:57", "description": "An information leak was discovered in the Linux kernel when built with the \nNetFilter Connection Tracking (NF_CONNTRACK) support for IRC protocol \n(NF_NAT_IRC). A remote attacker could exploit this flaw to obtain \npotentially sensitive kernel information when communicating over a client- \nto-client IRC connection(/dcc) via a NAT-ed network. (CVE-2014-1690)\n\nMatthew Thode reported a denial of service vulnerability in the Linux \nkernel when SELinux support is enabled. A local user with the CAP_MAC_ADMIN \ncapability (and the SELinux mac_admin permission if running in enforcing \nmode) could exploit this flaw to cause a denial of service (kernel crash). \n(CVE-2014-1874)\n\nAn information leak was discovered in the Linux kernel's NFS filesystem. A \nlocal users with write access to an NFS share could exploit this flaw to \nobtain potential sensative information from kernel memory. (CVE-2014-2038)\n", "cvss3": {}, "published": "2014-03-07T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-2038", "CVE-2014-1690", "CVE-2014-1874"], "modified": "2014-03-07T00:00:00", "id": "USN-2140-1", "href": "https://ubuntu.com/security/notices/USN-2140-1", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-01-04T12:52:59", "description": "Mathy Vanhoef discovered an error in the the way the ath9k driver was \nhandling the BSSID masking. A remote attacker could exploit this error to \ndiscover the original MAC address after a spoofing atack. (CVE-2013-4579)\n\nAndrew Honig reported an error in the Linux Kernel's Kernel Virtual Machine \n(KVM) VAPIC synchronization operation. A local user could exploit this flaw \nto gain privileges or cause a denial of service (system crash). \n(CVE-2013-6368)\n\nA flaw was discovered in the Reliable Datagram Sockets (RDS) protocol \nimplementation in the Linux kernel for systems that lack RDS transports. An \nunprivileged local user could exploit this flaw to cause a denial of \nservice (system crash). (CVE-2013-7339)\n\nhalfdog reported an error in the AMD K7 and K8 platform support in the \nLinux kernel. An unprivileged local user could exploit this flaw on AMD \nbased systems to cause a denial of service (task kill) or possibly gain \nprivileges via a crafted application. (CVE-2014-1438)\n\nAn information leak was discovered in the Linux kernel's hamradio YAM \ndriver for AX.25 packet radio. A local user with the CAP_NET_ADMIN \ncapability could exploit this flaw to obtain sensitive information from \nkernel memory. (CVE-2014-1446)\n\nMatthew Thode reported a denial of service vulnerability in the Linux \nkernel when SELinux support is enabled. A local user with the CAP_MAC_ADMIN \ncapability (and the SELinux mac_admin permission if running in enforcing \nmode) could exploit this flaw to cause a denial of service (kernel crash). \n(CVE-2014-1874)\n", "cvss3": {}, "published": "2014-03-07T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.2, "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6368", "CVE-2014-1874", "CVE-2013-4579", "CVE-2013-7339", "CVE-2014-1446", "CVE-2014-1438"], "modified": "2014-03-07T00:00:00", "id": "USN-2133-1", "href": "https://ubuntu.com/security/notices/USN-2133-1", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T12:52:59", "description": "Mathy Vanhoef discovered an error in the the way the ath9k driver was \nhandling the BSSID masking. A remote attacker could exploit this error to \ndiscover the original MAC address after a spoofing atack. (CVE-2013-4579)\n\nAndrew Honig reported an error in the Linux Kernel's Kernel Virtual Machine \n(KVM) VAPIC synchronization operation. A local user could exploit this flaw \nto gain privileges or cause a denial of service (system crash). \n(CVE-2013-6368)\n\nA flaw was discovered in the Reliable Datagram Sockets (RDS) protocol \nimplementation in the Linux kernel for systems that lack RDS transports. An \nunprivileged local user could exploit this flaw to cause a denial of \nservice (system crash). (CVE-2013-7339)\n\nhalfdog reported an error in the AMD K7 and K8 platform support in the \nLinux kernel. An unprivileged local user could exploit this flaw on AMD \nbased systems to cause a denial of service (task kill) or possibly gain \nprivileges via a crafted application. (CVE-2014-1438)\n\nAn information leak was discovered in the Linux kernel's hamradio YAM \ndriver for AX.25 packet radio. A local user with the CAP_NET_ADMIN \ncapability could exploit this flaw to obtain sensitive information from \nkernel memory. (CVE-2014-1446)\n\nMatthew Thode reported a denial of service vulnerability in the Linux \nkernel when SELinux support is enabled. A local user with the CAP_MAC_ADMIN \ncapability (and the SELinux mac_admin permission if running in enforcing \nmode) could exploit this flaw to cause a denial of service (kernel crash). \n(CVE-2014-1874)\n", "cvss3": {}, "published": "2014-03-07T00:00:00", "type": "ubuntu", "title": "Linux kernel (OMAP4) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.2, "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6368", "CVE-2014-1874", "CVE-2013-4579", "CVE-2013-7339", "CVE-2014-1446", "CVE-2014-1438"], "modified": "2014-03-07T00:00:00", "id": "USN-2134-1", "href": "https://ubuntu.com/security/notices/USN-2134-1", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T12:53:03", "description": "An information leak was discovered in the Linux kernel when inotify is used \nto monitor the /dev/ptmx device. A local user could exploit this flaw to \ndiscover keystroke timing and potentially discover sensitive information \nlike password length. (CVE-2013-0160)\n\nVasily Kulikov reported a flaw in the Linux kernel's implementation of \nptrace. An unprivileged local user could exploit this flaw to obtain \nsensitive information from kernel memory. (CVE-2013-2929)\n\nAndrew Honig reported a flaw in the Linux Kernel's kvm_vm_ioctl_create_vcpu \nfunction of the Kernel Virtual Machine (KVM) subsystem. A local user could \nexploit this flaw to gain privileges on the host machine. (CVE-2013-4587)\n\nAndrew Honig reported a flaw in the apic_get_tmcct function of the Kernel \nVirtual Machine (KVM) subsystem if the Linux kernel. A guest OS user could \nexploit this flaw to cause a denial of service or host OS system crash. \n(CVE-2013-6367)\n\nNico Golde and Fabian Yamaguchi reported a flaw in the driver for Adaptec \nAACRAID scsi raid devices in the Linux kernel. A local user could use this \nflaw to cause a denial of service or possibly other unspecified impact. \n(CVE-2013-6380)\n\nNico Golde and Fabian Yamaguchi reported buffer underflow errors in the \nimplementation of the XFS filesystem in the Linux kernel. A local user with \nCAP_SYS_ADMIN could exploit these flaw to cause a denial of service (memory \ncorruption) or possibly other unspecified issues. (CVE-2013-6382)\n\nEvan Huus reported a buffer overflow in the Linux kernel's radiotap header \nparsing. A remote attacker could cause a denial of service (buffer over- \nread) via a specially crafted header. (CVE-2013-7027)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with ISDN sockets in the Linux kernel. A local user \ncould exploit this leak to obtain potentially sensitive information from \nkernel memory. (CVE-2013-7266)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with apple talk sockets in the Linux kernel. A local \nuser could exploit this leak to obtain potentially sensitive information \nfrom kernel memory. (CVE-2013-7267)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with ipx protocol sockets in the Linux kernel. A \nlocal user could exploit this leak to obtain potentially sensitive \ninformation from kernel memory. (CVE-2013-7268)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with the netrom address family in the Linux kernel. A \nlocal user could exploit this leak to obtain potentially sensitive \ninformation from kernel memory. (CVE-2013-7269)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with packet address family sockets in the Linux \nkernel. A local user could exploit this leak to obtain potentially \nsensitive information from kernel memory. (CVE-2013-7270)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with x25 protocol sockets in the Linux kernel. A \nlocal user could exploit this leak to obtain potentially sensitive \ninformation from kernel memory. (CVE-2013-7271)\n\nAn information leak was discovered in the Linux kernel's SIOCWANDEV ioctl \ncall. A local user with the CAP_NET_ADMIN capability could exploit this \nflaw to obtain potentially sensitive information from kernel memory. \n(CVE-2014-1444)\n\nAn information leak was discovered in the wanxl ioctl function the \nLinux kernel. A local user could exploit this flaw to obtain potentially \nsensitive information from kernel memory. (CVE-2014-1445)\n\nAn information leak was discovered in the Linux kernel's hamradio YAM \ndriver for AX.25 packet radio. A local user with the CAP_NET_ADMIN \ncapability could exploit this flaw to obtain sensitive information from \nkernel memory. (CVE-2014-1446)\n\nMatthew Thode reported a denial of service vulnerability in the Linux \nkernel when SELinux support is enabled. A local user with the CAP_MAC_ADMIN \ncapability (and the SELinux mac_admin permission if running in enforcing \nmode) could exploit this flaw to cause a denial of service (kernel crash). \n(CVE-2014-1874)\n", "cvss3": {}, "published": "2014-03-05T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6382", "CVE-2013-2929", "CVE-2013-7027", "CVE-2013-7270", "CVE-2014-1874", "CVE-2013-0160", "CVE-2013-7268", "CVE-2014-1444", "CVE-2014-1446", "CVE-2013-7271", "CVE-2013-7266", "CVE-2014-1445", "CVE-2013-4587", "CVE-2013-7267", "CVE-2013-6380", "CVE-2013-7269", "CVE-2013-6367"], "modified": "2014-03-05T00:00:00", "id": "USN-2128-1", "href": "https://ubuntu.com/security/notices/USN-2128-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T12:53:03", "description": "An information leak was discovered in the Linux kernel when inotify is used \nto monitor the /dev/ptmx device. A local user could exploit this flaw to \ndiscover keystroke timing and potentially discover sensitive information \nlike password length. (CVE-2013-0160)\n\nVasily Kulikov reported a flaw in the Linux kernel's implementation of \nptrace. An unprivileged local user could exploit this flaw to obtain \nsensitive information from kernel memory. (CVE-2013-2929)\n\nAndrew Honig reported a flaw in the Linux Kernel's kvm_vm_ioctl_create_vcpu \nfunction of the Kernel Virtual Machine (KVM) subsystem. A local user could \nexploit this flaw to gain privileges on the host machine. (CVE-2013-4587)\n\nAndrew Honig reported a flaw in the apic_get_tmcct function of the Kernel \nVirtual Machine (KVM) subsystem if the Linux kernel. A guest OS user could \nexploit this flaw to cause a denial of service or host OS system crash. \n(CVE-2013-6367)\n\nNico Golde and Fabian Yamaguchi reported a flaw in the driver for Adaptec \nAACRAID scsi raid devices in the Linux kernel. A local user could use this \nflaw to cause a denial of service or possibly other unspecified impact. \n(CVE-2013-6380)\n\nNico Golde and Fabian Yamaguchi reported buffer underflow errors in the \nimplementation of the XFS filesystem in the Linux kernel. A local user with \nCAP_SYS_ADMIN could exploit these flaw to cause a denial of service (memory \ncorruption) or possibly other unspecified issues. (CVE-2013-6382)\n\nEvan Huus reported a buffer overflow in the Linux kernel's radiotap header \nparsing. A remote attacker could cause a denial of service (buffer over- \nread) via a specially crafted header. (CVE-2013-7027)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with ISDN sockets in the Linux kernel. A local user \ncould exploit this leak to obtain potentially sensitive information from \nkernel memory. (CVE-2013-7266)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with apple talk sockets in the Linux kernel. A local \nuser could exploit this leak to obtain potentially sensitive information \nfrom kernel memory. (CVE-2013-7267)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with ipx protocol sockets in the Linux kernel. A \nlocal user could exploit this leak to obtain potentially sensitive \ninformation from kernel memory. (CVE-2013-7268)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with the netrom address family in the Linux kernel. A \nlocal user could exploit this leak to obtain potentially sensitive \ninformation from kernel memory. (CVE-2013-7269)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with packet address family sockets in the Linux \nkernel. A local user could exploit this leak to obtain potentially \nsensitive information from kernel memory. (CVE-2013-7270)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with x25 protocol sockets in the Linux kernel. A \nlocal user could exploit this leak to obtain potentially sensitive \ninformation from kernel memory. (CVE-2013-7271)\n\nAn information leak was discovered in the Linux kernel's SIOCWANDEV ioctl \ncall. A local user with the CAP_NET_ADMIN capability could exploit this \nflaw to obtain potentially sensitive information from kernel memory. \n(CVE-2014-1444)\n\nAn information leak was discovered in the wanxl ioctl function the \nLinux kernel. A local user could exploit this flaw to obtain potentially \nsensitive information from kernel memory. (CVE-2014-1445)\n\nAn information leak was discovered in the Linux kernel's hamradio YAM \ndriver for AX.25 packet radio. A local user with the CAP_NET_ADMIN \ncapability could exploit this flaw to obtain sensitive information from \nkernel memory. (CVE-2014-1446)\n\nMatthew Thode reported a denial of service vulnerability in the Linux \nkernel when SELinux support is enabled. A local user with the CAP_MAC_ADMIN \ncapability (and the SELinux mac_admin permission if running in enforcing \nmode) could exploit this flaw to cause a denial of service (kernel crash). \n(CVE-2014-1874)\n", "cvss3": {}, "published": "2014-03-06T00:00:00", "type": "ubuntu", "title": "Linux kernel (EC2) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6382", "CVE-2013-2929", "CVE-2013-7027", "CVE-2013-7270", "CVE-2014-1874", "CVE-2013-0160", "CVE-2013-7268", "CVE-2014-1444", "CVE-2014-1446", "CVE-2013-7271", "CVE-2013-7266", "CVE-2014-1445", "CVE-2013-4587", "CVE-2013-7267", "CVE-2013-6380", "CVE-2013-7269", "CVE-2013-6367"], "modified": "2014-03-06T00:00:00", "id": "USN-2129-1", "href": "https://ubuntu.com/security/notices/USN-2129-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T12:52:56", "description": "Mathy Vanhoef discovered an error in the the way the ath9k driver was \nhandling the BSSID masking. A remote attacker could exploit this error to \ndiscover the original MAC address after a spoofing atack. (CVE-2013-4579)\n\nAndrew Honig reported a flaw in the Linux Kernel's kvm_vm_ioctl_create_vcpu \nfunction of the Kernel Virtual Machine (KVM) subsystem. A local user could \nexploit this flaw to gain privileges on the host machine. (CVE-2013-4587)\n\nAndrew Honig reported a flaw in the apic_get_tmcct function of the Kernel \nVirtual Machine (KVM) subsystem if the Linux kernel. A guest OS user could \nexploit this flaw to cause a denial of service or host OS system crash. \n(CVE-2013-6367)\n\nAndrew Honig reported an error in the Linux Kernel's Kernel Virtual Machine \n(KVM) VAPIC synchronization operation. A local user could exploit this flaw \nto gain privileges or cause a denial of service (system crash). \n(CVE-2013-6368)\n\nNico Golde and Fabian Yamaguchi reported buffer underflow errors in the \nimplementation of the XFS filesystem in the Linux kernel. A local user with \nCAP_SYS_ADMIN could exploit these flaw to cause a denial of service (memory \ncorruption) or possibly other unspecified issues. (CVE-2013-6382)\n\nmpd reported an information leak in the recvfrom, recvmmsg, and recvmsg \nsystem calls in the Linux kernel. An unprivileged local user could exploit \nthis flaw to obtain sensitive information from kernel stack memory. \n(CVE-2013-7263)\n\nmpb reported an information leak in the Layer Two Tunneling Protocol (l2tp) \nof the Linux kernel. A local user could exploit this flaw to obtain \nsensitive information from kernel stack memory. (CVE-2013-7264)\n\nmpb reported an information leak in the Phone Network protocol (phonet) in \nthe Linux kernel. A local user could exploit this flaw to obtain sensitive \ninformation from kernel stack memory. (CVE-2013-7265)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with ISDN sockets in the Linux kernel. A local user \ncould exploit this leak to obtain potentially sensitive information from \nkernel memory. (CVE-2013-7266)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with apple talk sockets in the Linux kernel. A local \nuser could exploit this leak to obtain potentially sensitive information \nfrom kernel memory. (CVE-2013-7267)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with ipx protocol sockets in the Linux kernel. A \nlocal user could exploit this leak to obtain potentially sensitive \ninformation from kernel memory. (CVE-2013-7268)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with the netrom address family in the Linux kernel. A \nlocal user could exploit this leak to obtain potentially sensitive \ninformation from kernel memory. (CVE-2013-7269)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with packet address family sockets in the Linux \nkernel. A local user could exploit this leak to obtain potentially \nsensitive information from kernel memory. (CVE-2013-7270)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with x25 protocol sockets in the Linux kernel. A \nlocal user could exploit this leak to obtain potentially sensitive \ninformation from kernel memory. (CVE-2013-7271)\n\nmpb reported an information leak in the Low-Rate Wireless Personal Area \nNetworks support (IEEE 802.15.4) in the Linux kernel. A local user could \nexploit this flaw to obtain sensitive information from kernel stack memory. \n(CVE-2013-7281)\n\nhalfdog reported an error in the AMD K7 and K8 platform support in the \nLinux kernel. An unprivileged local user could exploit this flaw on AMD \nbased systems to cause a denial of service (task kill) or possibly gain \nprivileges via a crafted application. (CVE-2014-1438)\n\nAn information leak was discovered in the Linux kernel's hamradio YAM \ndriver for AX.25 packet radio. A local user with the CAP_NET_ADMIN \ncapability could exploit this flaw to obtain sensitive information from \nkernel memory. (CVE-2014-1446)\n\nMatthew Thode reported a denial of service vulnerability in the Linux \nkernel when SELinux support is enabled. A local user with the CAP_MAC_ADMIN \ncapability (and the SELinux mac_admin permission if running in enforcing \nmode) could exploit this flaw to cause a denial of service (kernel crash). \n(CVE-2014-1874)\n", "cvss3": {}, "published": "2014-03-07T00:00:00", "type": "ubuntu", "title": "Linux kernel (OMAP4) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6382", "CVE-2013-6368", "CVE-2013-7265", "CVE-2013-7270", "CVE-2014-1874", "CVE-2013-4579", "CVE-2013-7264", "CVE-2013-7268", "CVE-2014-1446", "CVE-2013-7271", "CVE-2013-7266", "CVE-2014-1438", "CVE-2013-7281", "CVE-2013-4587", "CVE-2013-7267", "CVE-2013-7263", "CVE-2013-7269", "CVE-2013-6367"], "modified": "2014-03-07T00:00:00", "id": "USN-2139-1", "href": "https://ubuntu.com/security/notices/USN-2139-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T12:52:57", "description": "Mathy Vanhoef discovered an error in the the way the ath9k driver was \nhandling the BSSID masking. A remote attacker could exploit this error to \ndiscover the original MAC address after a spoofing atack. (CVE-2013-4579)\n\nAndrew Honig reported a flaw in the Linux Kernel's kvm_vm_ioctl_create_vcpu \nfunction of the Kernel Virtual Machine (KVM) subsystem. A local user could \nexploit this flaw to gain privileges on the host machine. (CVE-2013-4587)\n\nAndrew Honig reported a flaw in the apic_get_tmcct function of the Kernel \nVirtual Machine (KVM) subsystem if the Linux kernel. A guest OS user could \nexploit this flaw to cause a denial of service or host OS system crash. \n(CVE-2013-6367)\n\nAndrew Honig reported an error in the Linux Kernel's Kernel Virtual Machine \n(KVM) VAPIC synchronization operation. A local user could exploit this flaw \nto gain privileges or cause a denial of service (system crash). \n(CVE-2013-6368)\n\nNico Golde and Fabian Yamaguchi reported buffer underflow errors in the \nimplementation of the XFS filesystem in the Linux kernel. A local user with \nCAP_SYS_ADMIN could exploit these flaw to cause a denial of service (memory \ncorruption) or possibly other unspecified issues. (CVE-2013-6382)\n\nmpd reported an information leak in the recvfrom, recvmmsg, and recvmsg \nsystem calls in the Linux kernel. An unprivileged local user could exploit \nthis flaw to obtain sensitive information from kernel stack memory. \n(CVE-2013-7263)\n\nmpb reported an information leak in the Layer Two Tunneling Protocol (l2tp) \nof the Linux kernel. A local user could exploit this flaw to obtain \nsensitive information from kernel stack memory. (CVE-2013-7264)\n\nmpb reported an information leak in the Phone Network protocol (phonet) in \nthe Linux kernel. A local user could exploit this flaw to obtain sensitive \ninformation from kernel stack memory. (CVE-2013-7265)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with ISDN sockets in the Linux kernel. A local user \ncould exploit this leak to obtain potentially sensitive information from \nkernel memory. (CVE-2013-7266)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with apple talk sockets in the Linux kernel. A local \nuser could exploit this leak to obtain potentially sensitive information \nfrom kernel memory. (CVE-2013-7267)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with ipx protocol sockets in the Linux kernel. A \nlocal user could exploit this leak to obtain potentially sensitive \ninformation from kernel memory. (CVE-2013-7268)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with the netrom address family in the Linux kernel. A \nlocal user could exploit this leak to obtain potentially sensitive \ninformation from kernel memory. (CVE-2013-7269)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with packet address family sockets in the Linux \nkernel. A local user could exploit this leak to obtain potentially \nsensitive information from kernel memory. (CVE-2013-7270)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with x25 protocol sockets in the Linux kernel. A \nlocal user could exploit this leak to obtain potentially sensitive \ninformation from kernel memory. (CVE-2013-7271)\n\nmpb reported an information leak in the Low-Rate Wireless Personal Area \nNetworks support (IEEE 802.15.4) in the Linux kernel. A local user could \nexploit this flaw to obtain sensitive information from kernel stack memory. \n(CVE-2013-7281)\n\nhalfdog reported an error in the AMD K7 and K8 platform support in the \nLinux kernel. An unprivileged local user could exploit this flaw on AMD \nbased systems to cause a denial of service (task kill) or possibly gain \nprivileges via a crafted application. (CVE-2014-1438)\n\nAn information leak was discovered in the Linux kernel's hamradio YAM \ndriver for AX.25 packet radio. A local user with the CAP_NET_ADMIN \ncapability could exploit this flaw to obtain sensitive information from \nkernel memory. (CVE-2014-1446)\n\nMatthew Thode reported a denial of service vulnerability in the Linux \nkernel when SELinux support is enabled. A local user with the CAP_MAC_ADMIN \ncapability (and the SELinux mac_admin permission if running in enforcing \nmode) could exploit this flaw to cause a denial of service (kernel crash). \n(CVE-2014-1874)\n", "cvss3": {}, "published": "2014-03-07T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6382", "CVE-2013-6368", "CVE-2013-7265", "CVE-2013-7270", "CVE-2014-1874", "CVE-2013-4579", "CVE-2013-7264", "CVE-2013-7268", "CVE-2014-1446", "CVE-2013-7271", "CVE-2013-7266", "CVE-2014-1438", "CVE-2013-7281", "CVE-2013-4587", "CVE-2013-7267", "CVE-2013-7263", "CVE-2013-7269", "CVE-2013-6367"], "modified": "2014-03-07T00:00:00", "id": "USN-2138-1", "href": "https://ubuntu.com/security/notices/USN-2138-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T12:52:59", "description": "Mathy Vanhoef discovered an error in the the way the ath9k driver was \nhandling the BSSID masking. A remote attacker could exploit this error to \ndiscover the original MAC address after a spoofing atack. (CVE-2013-4579)\n\nAndrew Honig reported a flaw in the Linux Kernel's kvm_vm_ioctl_create_vcpu \nfunction of the Kernel Virtual Machine (KVM) subsystem. A local user could \nexploit this flaw to gain privileges on the host machine. (CVE-2013-4587)\n\nAndrew Honig reported a flaw in the apic_get_tmcct function of the Kernel \nVirtual Machine (KVM) subsystem if the Linux kernel. A guest OS user could \nexploit this flaw to cause a denial of service or host OS system crash. \n(CVE-2013-6367)\n\nAndrew Honig reported an error in the Linux Kernel's Kernel Virtual Machine \n(KVM) VAPIC synchronization operation. A local user could exploit this flaw \nto gain privileges or cause a denial of service (system crash). \n(CVE-2013-6368)\n\nNico Golde and Fabian Yamaguchi reported buffer underflow errors in the \nimplementation of the XFS filesystem in the Linux kernel. A local user with \nCAP_SYS_ADMIN could exploit these flaw to cause a denial of service (memory \ncorruption) or possibly other unspecified issues. (CVE-2013-6382)\n\nmpd reported an information leak in the recvfrom, recvmmsg, and recvmsg \nsystem calls in the Linux kernel. An unprivileged local user could exploit \nthis flaw to obtain sensitive information from kernel stack memory. \n(CVE-2013-7263)\n\nmpb reported an information leak in the Layer Two Tunneling Protocol (l2tp) \nof the Linux kernel. A local user could exploit this flaw to obtain \nsensitive information from kernel stack memory. (CVE-2013-7264)\n\nmpb reported an information leak in the Phone Network protocol (phonet) in \nthe Linux kernel. A local user could exploit this flaw to obtain sensitive \ninformation from kernel stack memory. (CVE-2013-7265)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with ISDN sockets in the Linux kernel. A local user \ncould exploit this leak to obtain potentially sensitive information from \nkernel memory. (CVE-2013-7266)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with apple talk sockets in the Linux kernel. A local \nuser could exploit this leak to obtain potentially sensitive information \nfrom kernel memory. (CVE-2013-7267)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with ipx protocol sockets in the Linux kernel. A \nlocal user could exploit this leak to obtain potentially sensitive \ninformation from kernel memory. (CVE-2013-7268)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with the netrom address family in the Linux kernel. A \nlocal user could exploit this leak to obtain potentially sensitive \ninformation from kernel memory. (CVE-2013-7269)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with packet address family sockets in the Linux \nkernel. A local user could exploit this leak to obtain potentially \nsensitive information from kernel memory. (CVE-2013-7270)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with x25 protocol sockets in the Linux kernel. A \nlocal user could exploit this leak to obtain potentially sensitive \ninformation from kernel memory. (CVE-2013-7271)\n\nmpb reported an information leak in the Low-Rate Wireless Personal Area \nNetworks support (IEEE 802.15.4) in the Linux kernel. A local user could \nexploit this flaw to obtain sensitive information from kernel stack memory. \n(CVE-2013-7281)\n\nA flaw was discovered in the Reliable Datagram Sockets (RDS) protocol \nimplementation in the Linux kernel for systems that lack RDS transports. An \nunprivileged local user could exploit this flaw to cause a denial of \nservice (system crash). (CVE-2013-7339)\n\nhalfdog reported an error in the AMD K7 and K8 platform support in the \nLinux kernel. An unprivileged local user could exploit this flaw on AMD \nbased systems to cause a denial of service (task kill) or possibly gain \nprivileges via a crafted application. (CVE-2014-1438)\n\nAn information leak was discovered in the Linux kernel's hamradio YAM \ndriver for AX.25 packet radio. A local user with the CAP_NET_ADMIN \ncapability could exploit this flaw to obtain sensitive information from \nkernel memory. (CVE-2014-1446)\n\nMatthew Thode reported a denial of service vulnerability in the Linux \nkernel when SELinux support is enabled. A local user with the CAP_MAC_ADMIN \ncapability (and the SELinux mac_admin permission if running in enforcing \nmode) could exploit this flaw to cause a denial of service (kernel crash). \n(CVE-2014-1874)\n", "cvss3": {}, "published": "2014-03-07T00:00:00", "type": "ubuntu", "title": "Linux kernel (Quantal HWE) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1874", "CVE-2014-1446", "CVE-2013-7266", "CVE-2013-6368", "CVE-2013-7265", "CVE-2013-7264", "CVE-2013-7268", "CVE-2013-6367", "CVE-2013-7270", "CVE-2013-7339", "CVE-2013-7271", "CVE-2013-4587", "CVE-2013-7267", "CVE-2013-6382", "CVE-2013-4579", "CVE-2013-7281", "CVE-2014-1438", "CVE-2013-7269", "CVE-2013-7263"], "modified": "2014-03-07T00:00:00", "id": "USN-2135-1", "href": "https://ubuntu.com/security/notices/USN-2135-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T12:52:55", "description": "Mathy Vanhoef discovered an error in the the way the ath9k driver was \nhandling the BSSID masking. A remote attacker could exploit this error to \ndiscover the original MAC address after a spoofing atack. (CVE-2013-4579)\n\nAndrew Honig reported a flaw in the Linux Kernel's kvm_vm_ioctl_create_vcpu \nfunction of the Kernel Virtual Machine (KVM) subsystem. A local user could \nexploit this flaw to gain privileges on the host machine. (CVE-2013-4587)\n\nAndrew Honig reported a flaw in the apic_get_tmcct function of the Kernel \nVirtual Machine (KVM) subsystem if the Linux kernel. A guest OS user could \nexploit this flaw to cause a denial of service or host OS system crash. \n(CVE-2013-6367)\n\nAndrew Honig reported an error in the Linux Kernel's Kernel Virtual Machine \n(KVM) VAPIC synchronization operation. A local user could exploit this flaw \nto gain privileges or cause a denial of service (system crash). \n(CVE-2013-6368)\n\nNico Golde and Fabian Yamaguchi reported buffer underflow errors in the \nimplementation of the XFS filesystem in the Linux kernel. A local user with \nCAP_SYS_ADMIN could exploit these flaw to cause a denial of service (memory \ncorruption) or possibly other unspecified issues. (CVE-2013-6382)\n\nmpd reported an information leak in the recvfrom, recvmmsg, and recvmsg \nsystem calls in the Linux kernel. An unprivileged local user could exploit \nthis flaw to obtain sensitive information from kernel stack memory. \n(CVE-2013-7263)\n\nmpb reported an information leak in the Layer Two Tunneling Protocol (l2tp) \nof the Linux kernel. A local user could exploit this flaw to obtain \nsensitive information from kernel stack memory. (CVE-2013-7264)\n\nmpb reported an information leak in the Phone Network protocol (phonet) in \nthe Linux kernel. A local user could exploit this flaw to obtain sensitive \ninformation from kernel stack memory. (CVE-2013-7265)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with ISDN sockets in the Linux kernel. A local user \ncould exploit this leak to obtain potentially sensitive information from \nkernel memory. (CVE-2013-7266)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with apple talk sockets in the Linux kernel. A local \nuser could exploit this leak to obtain potentially sensitive information \nfrom kernel memory. (CVE-2013-7267)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with ipx protocol sockets in the Linux kernel. A \nlocal user could exploit this leak to obtain potentially sensitive \ninformation from kernel memory. (CVE-2013-7268)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with the netrom address family in the Linux kernel. A \nlocal user could exploit this leak to obtain potentially sensitive \ninformation from kernel memory. (CVE-2013-7269)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with packet address family sockets in the Linux \nkernel. A local user could exploit this leak to obtain potentially \nsensitive information from kernel memory. (CVE-2013-7270)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with x25 protocol sockets in the Linux kernel. A \nlocal user could exploit this leak to obtain potentially sensitive \ninformation from kernel memory. (CVE-2013-7271)\n\nmpb reported an information leak in the Low-Rate Wireless Personal Area \nNetworks support (IEEE 802.15.4) in the Linux kernel. A local user could \nexploit this flaw to obtain sensitive information from kernel stack memory. \n(CVE-2013-7281)\n\nA flaw was discovered in the Reliable Datagram Sockets (RDS) protocol \nimplementation in the Linux kernel for systems that lack RDS transports. An \nunprivileged local user could exploit this flaw to cause a denial of \nservice (system crash). (CVE-2013-7339)\n\nhalfdog reported an error in the AMD K7 and K8 platform support in the \nLinux kernel. An unprivileged local user could exploit this flaw on AMD \nbased systems to cause a denial of service (task kill) or possibly gain \nprivileges via a crafted application. (CVE-2014-1438)\n\nAn information leak was discovered in the Linux kernel's hamradio YAM \ndriver for AX.25 packet radio. A local user with the CAP_NET_ADMIN \ncapability could exploit this flaw to obtain sensitive information from \nkernel memory. (CVE-2014-1446)\n\nMatthew Thode reported a denial of service vulnerability in the Linux \nkernel when SELinux support is enabled. A local user with the CAP_MAC_ADMIN \ncapability (and the SELinux mac_admin permission if running in enforcing \nmode) could exploit this flaw to cause a denial of service (kernel crash). \n(CVE-2014-1874)\n", "cvss3": {}, "published": "2014-03-07T00:00:00", "type": "ubuntu", "title": "Linux kernel (OMAP4) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1874", "CVE-2014-1446", "CVE-2013-7266", "CVE-2013-6368", "CVE-2013-7265", "CVE-2013-7264", "CVE-2013-7268", "CVE-2013-6367", "CVE-2013-7270", "CVE-2013-7339", "CVE-2013-7271", "CVE-2013-4587", "CVE-2013-7267", "CVE-2013-6382", "CVE-2013-4579", "CVE-2013-7281", "CVE-2014-1438", "CVE-2013-7269", "CVE-2013-7263"], "modified": "2014-03-07T00:00:00", "id": "USN-2141-1", "href": "https://ubuntu.com/security/notices/USN-2141-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T12:52:58", "description": "Mathy Vanhoef discovered an error in the the way the ath9k driver was \nhandling the BSSID masking. A remote attacker could exploit this error to \ndiscover the original MAC address after a spoofing atack. (CVE-2013-4579)\n\nAndrew Honig reported a flaw in the Linux Kernel's kvm_vm_ioctl_create_vcpu \nfunction of the Kernel Virtual Machine (KVM) subsystem. A local user could \nexploit this flaw to gain privileges on the host machine. (CVE-2013-4587)\n\nAndrew Honig reported a flaw in the apic_get_tmcct function of the Kernel \nVirtual Machine (KVM) subsystem if the Linux kernel. A guest OS user could \nexploit this flaw to cause a denial of service or host OS system crash. \n(CVE-2013-6367)\n\nAndrew Honig reported an error in the Linux Kernel's Kernel Virtual Machine \n(KVM) VAPIC synchronization operation. A local user could exploit this flaw \nto gain privileges or cause a denial of service (system crash). \n(CVE-2013-6368)\n\nLars Bull discovered a flaw in the recalculate_apic_map function of the \nKernel Virtual Machine (KVM) subsystem in the Linux kernel. A guest OS user \ncould exploit this flaw to cause a denial of service (host OS crash). \n(CVE-2013-6376)\n\nNico Golde and Fabian Yamaguchi reported a flaw in the driver for Adaptec \nAACRAID scsi raid devices in the Linux kernel. A local user could use this \nflaw to cause a denial of service or possibly other unspecified impact. \n(CVE-2013-6380)\n\nmpd reported an information leak in the recvfrom, recvmmsg, and recvmsg \nsystem calls in the Linux kernel. An unprivileged local user could exploit \nthis flaw to obtain sensitive information from kernel stack memory. \n(CVE-2013-7263)\n\nmpb reported an information leak in the Layer Two Tunneling Protocol (l2tp) \nof the Linux kernel. A local user could exploit this flaw to obtain \nsensitive information from kernel stack memory. (CVE-2013-7264)\n\nmpb reported an information leak in the Phone Network protocol (phonet) in \nthe Linux kernel. A local user could exploit this flaw to obtain sensitive \ninformation from kernel stack memory. (CVE-2013-7265)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with ISDN sockets in the Linux kernel. A local user \ncould exploit this leak to obtain potentially sensitive information from \nkernel memory. (CVE-2013-7266)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with apple talk sockets in the Linux kernel. A local \nuser could exploit this leak to obtain potentially sensitive information \nfrom kernel memory. (CVE-2013-7267)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with ipx protocol sockets in the Linux kernel. A \nlocal user could exploit this leak to obtain potentially sensitive \ninformation from kernel memory. (CVE-2013-7268)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with the netrom address family in the Linux kernel. A \nlocal user could exploit this leak to obtain potentially sensitive \ninformation from kernel memory. (CVE-2013-7269)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with packet address family sockets in the Linux \nkernel. A local user could exploit this leak to obtain potentially \nsensitive information from kernel memory. (CVE-2013-7270)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with x25 protocol sockets in the Linux kernel. A \nlocal user could exploit this leak to obtain potentially sensitive \ninformation from kernel memory. (CVE-2013-7271)\n\nmpb reported an information leak in the Low-Rate Wireless Personal Area \nNetworks support (IEEE 802.15.4) in the Linux kernel. A local user could \nexploit this flaw to obtain sensitive information from kernel stack memory. \n(CVE-2013-7281)\n\nA flaw was discovered in the Reliable Datagram Sockets (RDS) protocol \nimplementation in the Linux kernel for systems that lack RDS transports. An \nunprivileged local user could exploit this flaw to cause a denial of \nservice (system crash). (CVE-2013-7339)\n\nhalfdog reported an error in the AMD K7 and K8 platform support in the \nLinux kernel. An unprivileged local user could exploit this flaw on AMD \nbased systems to cause a denial of service (task kill) or possibly gain \nprivileges via a crafted application. (CVE-2014-1438)\n\nAn information leak was discovered in the Linux kernel's hamradio YAM \ndriver for AX.25 packet radio. A local user with the CAP_NET_ADMIN \ncapability could exploit this flaw to obtain sensitive information from \nkernel memory. (CVE-2014-1446)\n\nMatthew Thode reported a denial of service vulnerability in the Linux \nkernel when SELinux support is enabled. A local user with the CAP_MAC_ADMIN \ncapability (and the SELinux mac_admin permission if running in enforcing \nmode) could exploit this flaw to cause a denial of service (kernel crash). \n(CVE-2014-1874)\n", "cvss3": {}, "published": "2014-03-07T00:00:00", "type": "ubuntu", "title": "Linux kernel (Raring HWE) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1874", "CVE-2014-1446", "CVE-2013-6376", "CVE-2013-7266", "CVE-2013-6368", "CVE-2013-7265", "CVE-2013-7264", "CVE-2013-7268", "CVE-2013-6380", "CVE-2013-6367", "CVE-2013-7270", "CVE-2013-7339", "CVE-2013-7271", "CVE-2013-4587", "CVE-2013-7267", "CVE-2013-4579", "CVE-2013-7281", "CVE-2014-1438", "CVE-2013-7269", "CVE-2013-7263"], "modified": "2014-03-07T00:00:00", "id": "USN-2136-1", "href": "https://ubuntu.com/security/notices/USN-2136-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-12-04T11:17:24", "description": "Check for the Version of linux", "cvss3": {}, "published": "2014-03-12T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-2140-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1874", "CVE-2014-2038", "CVE-2014-1690"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:841737", "href": "http://plugins.openvas.org/nasl.php?oid=841737", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2140_1.nasl 7957 2017-12-01 06:40:08Z santu $\n#\n# Ubuntu Update for linux USN-2140-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841737);\n script_version(\"$Revision: 7957 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:40:08 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-12 09:30:54 +0530 (Wed, 12 Mar 2014)\");\n script_cve_id(\"CVE-2014-1690\", \"CVE-2014-1874\", \"CVE-2014-2038\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:S/C:N/I:N/A:C\");\n script_name(\"Ubuntu Update for linux USN-2140-1\");\n\n tag_insight = \"An information leak was discovered in the Linux kernel when\nbuilt with the NetFilter Connection Tracking (NF_CONNTRACK) support for IRC\nprotocol (NF_NAT_IRC). A remote attacker could exploit this flaw to obtain\npotentially sensitive kernel information when communicating over a client-\nto-client IRC connection(/dcc) via a NAT-ed network. (CVE-2014-1690)\n\nMatthew Thode reported a denial of service vulnerability in the Linux\nkernel when SELinux support is enabled. A local user with the CAP_MAC_ADMIN\ncapability (and the SELinux mac_admin permission if running in enforcing\nmode) could exploit this flaw to cause a denial of service (kernel crash).\n(CVE-2014-1874)\n\nAn information leak was discovered in the Linux kernel's NFS filesystem. A\nlocal users with write access to an NFS share could exploit this flaw to\nobtain potential sensative information from kernel memory. (CVE-2014-2038)\";\n\n tag_affected = \"linux on Ubuntu 13.10\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"2140-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-2140-1/\");\n script_summary(\"Check for the Version of linux\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.11.0-18-generic\", ver:\"3.11.0-18.32\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.11.0-18-generic-lpae\", ver:\"3.11.0-18.32\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2020-08-29T06:19:48", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-03-12T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-saucy USN-2137-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1874", "CVE-2014-2038", "CVE-2014-1690"], "modified": "2019-05-24T00:00:00", "id": "OPENVAS:1361412562310841736", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841736", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-saucy USN-2137-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841736\");\n script_version(\"2019-05-24T11:20:30+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-24 11:20:30 +0000 (Fri, 24 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-03-12 09:30:13 +0530 (Wed, 12 Mar 2014)\");\n script_cve_id(\"CVE-2014-1690\", \"CVE-2014-1874\", \"CVE-2014-2038\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:S/C:N/I:N/A:C\");\n script_name(\"Ubuntu Update for linux-lts-saucy USN-2137-1\");\n\n script_tag(name:\"affected\", value:\"linux-lts-saucy on Ubuntu 12.04 LTS\");\n script_tag(name:\"insight\", value:\"An information leak was discovered in the Linux kernel when\nbuilt with the NetFilter Connection Tracking (NF_CONNTRACK) support for IRC\nprotocol (NF_NAT_IRC). A remote attacker could exploit this flaw to obtain\npotentially sensitive kernel information when communicating over a client-\nto-client IRC connection(/dcc) via a NAT-ed network. (CVE-2014-1690)\n\nMatthew Thode reported a denial of service vulnerability in the Linux\nkernel when SELinux support is enabled. A local user with the CAP_MAC_ADMIN\ncapability (and the SELinux mac_admin permission if running in enforcing\nmode) could exploit this flaw to cause a denial of service (kernel crash).\n(CVE-2014-1874)\n\nAn information leak was discovered in the Linux kernel's NFS filesystem. A\nlocal users with write access to an NFS share could exploit this flaw to\nobtain potential sensitive information from kernel memory. (CVE-2014-2038)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2137-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2137-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-saucy'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.11.0-18-generic\", ver:\"3.11.0-18.32~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.11.0-18-generic-lpae\", ver:\"3.11.0-18.32~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-08-29T06:20:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-03-12T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-2140-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1874", "CVE-2014-2038", "CVE-2014-1690"], "modified": "2019-05-24T00:00:00", "id": "OPENVAS:1361412562310841737", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841737", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-2140-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841737\");\n script_version(\"2019-05-24T11:20:30+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-24 11:20:30 +0000 (Fri, 24 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-03-12 09:30:54 +0530 (Wed, 12 Mar 2014)\");\n script_cve_id(\"CVE-2014-1690\", \"CVE-2014-1874\", \"CVE-2014-2038\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:S/C:N/I:N/A:C\");\n script_name(\"Ubuntu Update for linux USN-2140-1\");\n\n script_tag(name:\"affected\", value:\"linux on Ubuntu 13.10\");\n script_tag(name:\"insight\", value:\"An information leak was discovered in the Linux kernel when\nbuilt with the NetFilter Connection Tracking (NF_CONNTRACK) support for IRC\nprotocol (NF_NAT_IRC). A remote attacker could exploit this flaw to obtain\npotentially sensitive kernel information when communicating over a client-\nto-client IRC connection(/dcc) via a NAT-ed network. (CVE-2014-1690)\n\nMatthew Thode reported a denial of service vulnerability in the Linux\nkernel when SELinux support is enabled. A local user with the CAP_MAC_ADMIN\ncapability (and the SELinux mac_admin permission if running in enforcing\nmode) could exploit this flaw to cause a denial of service (kernel crash).\n(CVE-2014-1874)\n\nAn information leak was discovered in the Linux kernel's NFS filesystem. A\nlocal users with write access to an NFS share could exploit this flaw to\nobtain potential sensitive information from kernel memory. (CVE-2014-2038)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2140-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2140-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU13\\.10\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.11.0-18-generic\", ver:\"3.11.0-18.32\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.11.0-18-generic-lpae\", ver:\"3.11.0-18.32\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-12-04T11:17:04", "description": "Check for the Version of linux-lts-saucy", "cvss3": {}, "published": "2014-03-12T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-saucy USN-2137-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1874", "CVE-2014-2038", "CVE-2014-1690"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:841736", "href": "http://plugins.openvas.org/nasl.php?oid=841736", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2137_1.nasl 7957 2017-12-01 06:40:08Z santu $\n#\n# Ubuntu Update for linux-lts-saucy USN-2137-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841736);\n script_version(\"$Revision: 7957 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:40:08 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-12 09:30:13 +0530 (Wed, 12 Mar 2014)\");\n script_cve_id(\"CVE-2014-1690\", \"CVE-2014-1874\", \"CVE-2014-2038\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:S/C:N/I:N/A:C\");\n script_name(\"Ubuntu Update for linux-lts-saucy USN-2137-1\");\n\n tag_insight = \"An information leak was discovered in the Linux kernel when\nbuilt with the NetFilter Connection Tracking (NF_CONNTRACK) support for IRC\nprotocol (NF_NAT_IRC). A remote attacker could exploit this flaw to obtain\npotentially sensitive kernel information when communicating over a client-\nto-client IRC connection(/dcc) via a NAT-ed network. (CVE-2014-1690)\n\nMatthew Thode reported a denial of service vulnerability in the Linux\nkernel when SELinux support is enabled. A local user with the CAP_MAC_ADMIN\ncapability (and the SELinux mac_admin permission if running in enforcing\nmode) could exploit this flaw to cause a denial of service (kernel crash).\n(CVE-2014-1874)\n\nAn information leak was discovered in the Linux kernel's NFS filesystem. A\nlocal users with write access to an NFS share could exploit this flaw to\nobtain potential sensative information from kernel memory. (CVE-2014-2038)\";\n\n tag_affected = \"linux-lts-saucy on Ubuntu 12.04 LTS\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"2137-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-2137-1/\");\n script_summary(\"Check for the Version of linux-lts-saucy\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.11.0-18-generic\", ver:\"3.11.0-18.32~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.11.0-18-generic-lpae\", ver:\"3.11.0-18.32~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:53", "description": "Oracle Linux Local Security Checks ELSA-2014-3042", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-3042", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1737", "CVE-2013-6378", "CVE-2014-1874", "CVE-2014-1738"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123390", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123390", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-3042.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123390\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:03:10 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-3042\");\n script_tag(name:\"insight\", value:\"ELSA-2014-3042 - unbreakable enterprise kernel security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-3042\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-3042.html\");\n script_cve_id(\"CVE-2014-1737\", \"CVE-2014-1738\", \"CVE-2013-6378\", \"CVE-2014-1874\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.39~400.215.3.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.39~400.215.3.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.39~400.215.3.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.39~400.215.3.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.39~400.215.3.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.39~400.215.3.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.39~400.215.3.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.39~400.215.3.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.39~400.215.3.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.39~400.215.3.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.39~400.215.3.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.39~400.215.3.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:49", "description": "Oracle Linux Local Security Checks ELSA-2014-3043", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-3043", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1737", "CVE-2013-6378", "CVE-2014-1874", "CVE-2014-1738"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123388", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123388", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-3043.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123388\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:03:08 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-3043\");\n script_tag(name:\"insight\", value:\"ELSA-2014-3043 - unbreakable enterprise kernel security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-3043\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-3043.html\");\n script_cve_id(\"CVE-2014-1737\", \"CVE-2014-1738\", \"CVE-2013-6378\", \"CVE-2014-1874\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.32~400.36.3.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.32~400.36.3.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.32~400.36.3.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.32~400.36.3.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.32~400.36.3.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.32~400.36.3.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-headers\", rpm:\"kernel-uek-headers~2.6.32~400.36.3.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mlnx_en\", rpm:\"mlnx_en~2.6.32~400.36.3.el5uek~1.5.7~2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mlnx_en\", rpm:\"mlnx_en~2.6.32~400.36.3.el5uekdebug~1.5.7~2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~400.36.3.el5uek~1.5.1~4.0.58\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~400.36.3.el5uekdebug~1.5.1~4.0.58\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.32~400.36.3.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.32~400.36.3.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.32~400.36.3.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.32~400.36.3.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.32~400.36.3.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.32~400.36.3.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-headers\", rpm:\"kernel-uek-headers~2.6.32~400.36.3.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mlnx_en\", rpm:\"mlnx_en~2.6.32~400.36.3.el6uek~1.5.7~0.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mlnx_en\", rpm:\"mlnx_en~2.6.32~400.36.3.el6uekdebug~1.5.7~0.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~400.36.3.el6uek~1.5.1~4.0.58\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~400.36.3.el6uekdebug~1.5.1~4.0.58\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-29T06:20:59", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2014-289)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7265", "CVE-2014-1874", "CVE-2013-7263", "CVE-2014-0069"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120008", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120008", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120008\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:14:47 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2014-289)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in the Linux Kernel. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update kernel to update your system. You will need to reboot your system in order for the new kernel to be running.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2014-289.html\");\n script_cve_id(\"CVE-2013-7265\", \"CVE-2014-1874\", \"CVE-2013-7263\", \"CVE-2014-0069\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.4.82~69.112.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-debuginfo\", rpm:\"kernel-tools-debuginfo~3.4.82~69.112.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.4.82~69.112.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.4.82~69.112.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-i686\", rpm:\"kernel-debuginfo-common-i686~3.4.82~69.112.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.4.82~69.112.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.4.82~69.112.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-11T17:43:41", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-03-12T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-2134-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1874", "CVE-2014-1446", "CVE-2013-6368", "CVE-2013-4579", "CVE-2014-1438"], "modified": "2020-06-09T00:00:00", "id": "OPENVAS:1361412562310841738", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841738", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-ti-omap4 USN-2134-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841738\");\n script_version(\"2020-06-09T14:44:58+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 14:44:58 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-03-12 09:31:51 +0530 (Wed, 12 Mar 2014)\");\n script_cve_id(\"CVE-2013-4579\", \"CVE-2013-6368\", \"CVE-2014-1438\", \"CVE-2014-1446\",\n \"CVE-2014-1874\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-2134-1\");\n\n script_tag(name:\"affected\", value:\"linux-ti-omap4 on Ubuntu 12.04 LTS\");\n script_tag(name:\"insight\", value:\"Mathy Vanhoef discovered an error in the the way the ath9k\ndriver was handling the BSSID masking. A remote attacker could exploit this\nerror to discover the original MAC address after a spoofing attack.\n(CVE-2013-4579)\n\nAndrew Honig reported an error in the Linux Kernel's Kernel Virtual Machine\n(KVM) VAPIC synchronization operation. A local user could exploit this flaw\nto gain privileges or cause a denial of service (system crash).\n(CVE-2013-6368)\n\nhalfdog reported an error in the AMD K7 and K8 platform support in the\nLinux kernel. An unprivileged local user could exploit this flaw on AMD\nbased systems to cause a denial of service (task kill) or possibly gain\nprivileges via a crafted application. (CVE-2014-1438)\n\nAn information leak was discovered in the Linux kernel's hamradio YAM\ndriver for AX.25 packet radio. A local user with the CAP_NET_ADMIN\ncapability could exploit this flaw to obtain sensitive information from\nkernel memory. (CVE-2014-1446)\n\nMatthew Thode reported a denial of service vulnerability in the Linux\nkernel when SELinux support is enabled. A local user with the CAP_MAC_ADMIN\ncapability (and the SELinux mac_admin permission if running in enforcing\nmode) could exploit this flaw to cause a denial of service (kernel crash).\n(CVE-2014-1874)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2134-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2134-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-ti-omap4'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-1444-omap4\", ver:\"3.2.0-1444.63\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:16:24", "description": "Check for the Version of linux", "cvss3": {}, "published": "2014-03-12T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-2133-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1874", "CVE-2014-1446", "CVE-2013-6368", "CVE-2013-4579", "CVE-2014-1438"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:841734", "href": "http://plugins.openvas.org/nasl.php?oid=841734", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2133_1.nasl 7957 2017-12-01 06:40:08Z santu $\n#\n# Ubuntu Update for linux USN-2133-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841734);\n script_version(\"$Revision: 7957 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:40:08 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-12 09:29:51 +0530 (Wed, 12 Mar 2014)\");\n script_cve_id(\"CVE-2013-4579\", \"CVE-2013-6368\", \"CVE-2014-1438\", \"CVE-2014-1446\",\n \"CVE-2014-1874\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux USN-2133-1\");\n\n tag_insight = \"Mathy Vanhoef discovered an error in the the way the ath9k\ndriver was handling the BSSID masking. A remote attacker could exploit this\nerror to discover the original MAC address after a spoofing atack.\n(CVE-2013-4579)\n\nAndrew Honig reported an error in the Linux Kernel's Kernel Virtual Machine\n(KVM) VAPIC synchronization operation. A local user could exploit this flaw\nto gain privileges or cause a denial of service (system crash).\n(CVE-2013-6368)\n\nhalfdog reported an error in the AMD K7 and K8 platform support in the\nLinux kernel. An unprivileged local user could exploit this flaw on AMD\nbased systems to cause a denial of service (task kill) or possibly gain\nprivileges via a crafted application. (CVE-2014-1438)\n\nAn information leak was discovered in the Linux kernel's hamradio YAM\ndriver for AX.25 packet radio. A local user with the CAP_NET_ADMIN\ncapability could exploit this flaw to obtain sensitive information from\nkernel memory. (CVE-2014-1446)\n\nMatthew Thode reported a denial of service vulnerability in the Linux\nkernel when SELinux support is enabled. A local user with the CAP_MAC_ADMIN\ncapability (and the SELinux mac_admin permission if running in enforcing\nmode) could exploit this flaw to cause a denial of service (kernel crash).\n(CVE-2014-1874)\";\n\n tag_affected = \"linux on Ubuntu 12.04 LTS\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"2133-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-2133-1/\");\n script_summary(\"Check for the Version of linux\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-60-generic\", ver:\"3.2.0-60.91\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-60-generic-pae\", ver:\"3.2.0-60.91\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-60-highbank\", ver:\"3.2.0-60.91\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-60-omap\", ver:\"3.2.0-60.91\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-60-powerpc-smp\", ver:\"3.2.0-60.91\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-60-powerpc64-smp\", ver:\"3.2.0-60.91\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-60-virtual\", ver:\"3.2.0-60.91\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:17:25", "description": "Check for the Version of linux-ti-omap4", "cvss3": {}, "published": "2014-03-12T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-2134-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1874", "CVE-2014-1446", "CVE-2013-6368", "CVE-2013-4579", "CVE-2014-1438"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:841738", "href": "http://plugins.openvas.org/nasl.php?oid=841738", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2134_1.nasl 7957 2017-12-01 06:40:08Z santu $\n#\n# Ubuntu Update for linux-ti-omap4 USN-2134-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841738);\n script_version(\"$Revision: 7957 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:40:08 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-12 09:31:51 +0530 (Wed, 12 Mar 2014)\");\n script_cve_id(\"CVE-2013-4579\", \"CVE-2013-6368\", \"CVE-2014-1438\", \"CVE-2014-1446\",\n \"CVE-2014-1874\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-2134-1\");\n\n tag_insight = \"Mathy Vanhoef discovered an error in the the way the ath9k\ndriver was handling the BSSID masking. A remote attacker could exploit this\nerror to discover the original MAC address after a spoofing atack.\n(CVE-2013-4579)\n\nAndrew Honig reported an error in the Linux Kernel's Kernel Virtual Machine\n(KVM) VAPIC synchronization operation. A local user could exploit this flaw\nto gain privileges or cause a denial of service (system crash).\n(CVE-2013-6368)\n\nhalfdog reported an error in the AMD K7 and K8 platform support in the\nLinux kernel. An unprivileged local user could exploit this flaw on AMD\nbased systems to cause a denial of service (task kill) or possibly gain\nprivileges via a crafted application. (CVE-2014-1438)\n\nAn information leak was discovered in the Linux kernel's hamradio YAM\ndriver for AX.25 packet radio. A local user with the CAP_NET_ADMIN\ncapability could exploit this flaw to obtain sensitive information from\nkernel memory. (CVE-2014-1446)\n\nMatthew Thode reported a denial of service vulnerability in the Linux\nkernel when SELinux support is enabled. A local user with the CAP_MAC_ADMIN\ncapability (and the SELinux mac_admin permission if running in enforcing\nmode) could exploit this flaw to cause a denial of service (kernel crash).\n(CVE-2014-1874)\";\n\n tag_affected = \"linux-ti-omap4 on Ubuntu 12.04 LTS\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"2134-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-2134-1/\");\n script_summary(\"Check for the Version of linux-ti-omap4\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-1444-omap4\", ver:\"3.2.0-1444.63\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-06-11T17:43:39", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-03-12T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-2133-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1874", "CVE-2014-1446", "CVE-2013-6368", "CVE-2013-4579", "CVE-2014-1438"], "modified": "2020-06-09T00:00:00", "id": "OPENVAS:1361412562310841734", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841734", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-2133-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841734\");\n script_version(\"2020-06-09T14:44:58+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 14:44:58 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-03-12 09:29:51 +0530 (Wed, 12 Mar 2014)\");\n script_cve_id(\"CVE-2013-4579\", \"CVE-2013-6368\", \"CVE-2014-1438\", \"CVE-2014-1446\",\n \"CVE-2014-1874\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux USN-2133-1\");\n\n script_tag(name:\"affected\", value:\"linux on Ubuntu 12.04 LTS\");\n script_tag(name:\"insight\", value:\"Mathy Vanhoef discovered an error in the the way the ath9k\ndriver was handling the BSSID masking. A remote attacker could exploit this\nerror to discover the original MAC address after a spoofing attack.\n(CVE-2013-4579)\n\nAndrew Honig reported an error in the Linux Kernel's Kernel Virtual Machine\n(KVM) VAPIC synchronization operation. A local user could exploit this flaw\nto gain privileges or cause a denial of service (system crash).\n(CVE-2013-6368)\n\nhalfdog reported an error in the AMD K7 and K8 platform support in the\nLinux kernel. An unprivileged local user could exploit this flaw on AMD\nbased systems to cause a denial of service (task kill) or possibly gain\nprivileges via a crafted application. (CVE-2014-1438)\n\nAn information leak was discovered in the Linux kernel's hamradio YAM\ndriver for AX.25 packet radio. A local user with the CAP_NET_ADMIN\ncapability could exploit this flaw to obtain sensitive information from\nkernel memory. (CVE-2014-1446)\n\nMatthew Thode reported a denial of service vulnerability in the Linux\nkernel when SELinux support is enabled. A local user with the CAP_MAC_ADMIN\ncapability (and the SELinux mac_admin permission if running in enforcing\nmode) could exploit this flaw to cause a denial of service (kernel crash).\n(CVE-2014-1874)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2133-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2133-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-60-generic\", ver:\"3.2.0-60.91\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-60-generic-pae\", ver:\"3.2.0-60.91\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-60-highbank\", ver:\"3.2.0-60.91\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-60-omap\", ver:\"3.2.0-60.91\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-60-powerpc-smp\", ver:\"3.2.0-60.91\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-60-powerpc64-smp\", ver:\"3.2.0-60.91\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-60-virtual\", ver:\"3.2.0-60.91\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-06-23T00:00:00", "type": "openvas", "title": "RedHat Update for kernel RHSA-2014:0771-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1737", "CVE-2013-6378", "CVE-2014-1874", "CVE-2014-1738", "CVE-2014-2039", "CVE-2014-3153", "CVE-2014-0203"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871192", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871192", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2014:0771-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871192\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-23 16:59:24 +0530 (Mon, 23 Jun 2014)\");\n script_cve_id(\"CVE-2013-6378\", \"CVE-2014-0203\", \"CVE-2014-1737\", \"CVE-2014-1738\",\n \"CVE-2014-1874\", \"CVE-2014-2039\", \"CVE-2014-3153\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Update for kernel RHSA-2014:0771-01\");\n\n\n script_tag(name:\"affected\", value:\"kernel on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n * A flaw was found in the way the Linux kernel's futex subsystem handled\nthe requeuing of certain Priority Inheritance (PI) futexes. A local,\nunprivileged user could use this flaw to escalate their privileges on the\nsystem. (CVE-2014-3153, Important)\n\n * A flaw was found in the way the Linux kernel's floppy driver handled user\nspace provided data in certain error code paths while processing FDRAWCMD\nIOCTL commands. A local user with write access to /dev/fdX could use this\nflaw to free (using the kfree() function) arbitrary kernel memory.\n(CVE-2014-1737, Important)\n\n * It was found that the Linux kernel's floppy driver leaked internal kernel\nmemory addresses to user space during the processing of the FDRAWCMD IOCTL\ncommand. A local user with write access to /dev/fdX could use this flaw to\nobtain information about the kernel heap arrangement. (CVE-2014-1738, Low)\n\nNote: A local user with write access to /dev/fdX could use these two flaws\n(CVE-2014-1737 in combination with CVE-2014-1738) to escalate their\nprivileges on the system.\n\n * It was discovered that the proc_ns_follow_link() function did not\nproperly return the LAST_BIND value in the last pathname component as is\nexpected for procfs symbolic links, which could lead to excessive freeing\nof memory and consequent slab corruption. A local, unprivileged user could\nuse this flaw to crash the system. (CVE-2014-0203, Moderate)\n\n * A flaw was found in the way the Linux kernel handled exceptions when\nuser-space applications attempted to use the linkage stack. On IBM S/390\nsystems, a local, unprivileged user could use this flaw to crash the\nsystem. (CVE-2014-2039, Moderate)\n\n * An invalid pointer dereference flaw was found in the Marvell 8xxx\nLibertas WLAN (libertas) driver in the Linux kernel. A local user able to\nwrite to a file that is provided by the libertas driver and located on the\ndebug file system (debugfs) could use this flaw to crash the system. Note:\nThe debugfs file system must be mounted locally to exploit this issue.\nIt is not mounted by default. (CVE-2013-6378, Low)\n\n * A denial of service flaw was discovered in the way the Linux kernel's\nSELinux implementation handled files with an empty SELinux security\ncontext. A local user who has the CAP_MAC_ADMIN capability could use this\nflaw to crash the system. (CVE-2014-1874, Low)\n\nRed Hat would like to thank Kees Cook of Google for reporting\nCVE-2014-3153, Matthew Daley for reporting CVE-2014-173 ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:0771-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-June/msg00041.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~431.20.3.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~431.20.3.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.32~431.20.3.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~431.20.3.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.32~431.20.3.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-i686\", rpm:\"kernel-debuginfo-common-i686~2.6.32~431.20.3.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~431.20.3.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~431.20.3.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~431.20.3.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~2.6.32~431.20.3.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf-debuginfo\", rpm:\"python-perf-debuginfo~2.6.32~431.20.3.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~2.6.32~431.20.3.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~431.20.3.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~431.20.3.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~2.6.32~431.20.3.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:20", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-06-23T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2014:0771 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1737", "CVE-2013-6378", "CVE-2014-1874", "CVE-2014-1738", "CVE-2014-2039", "CVE-2014-3153", "CVE-2014-0203"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881955", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881955", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2014:0771 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881955\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-23 15:31:16 +0530 (Mon, 23 Jun 2014)\");\n script_cve_id(\"CVE-2013-6378\", \"CVE-2014-0203\", \"CVE-2014-1737\", \"CVE-2014-1738\",\n \"CVE-2014-1874\", \"CVE-2014-2039\", \"CVE-2014-3153\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for kernel CESA-2014:0771 centos6\");\n\n script_tag(name:\"affected\", value:\"kernel on CentOS 6\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any\nLinux operating system.\n\n * A flaw was found in the way the Linux kernel's futex subsystem handled\nthe requeuing of certain Priority Inheritance (PI) futexes. A local,\nunprivileged user could use this flaw to escalate their privileges on the\nsystem. (CVE-2014-3153, Important)\n\n * A flaw was found in the way the Linux kernel's floppy driver handled user\nspace provided data in certain error code paths while processing FDRAWCMD\nIOCTL commands. A local user with write access to /dev/fdX could use this\nflaw to free (using the kfree() function) arbitrary kernel memory.\n(CVE-2014-1737, Important)\n\n * It was found that the Linux kernel's floppy driver leaked internal kernel\nmemory addresses to user space during the processing of the FDRAWCMD IOCTL\ncommand. A local user with write access to /dev/fdX could use this flaw to\nobtain information about the kernel heap arrangement. (CVE-2014-1738, Low)\n\nNote: A local user with write access to /dev/fdX could use these two flaws\n(CVE-2014-1737 in combination with CVE-2014-1738) to escalate their\nprivileges on the system.\n\n * It was discovered that the proc_ns_follow_link() function did not\nproperly return the LAST_BIND value in the last pathname component as is\nexpected for procfs symbolic links, which could lead to excessive freeing\nof memory and consequent slab corruption. A local, unprivileged user could\nuse this flaw to crash the system. (CVE-2014-0203, Moderate)\n\n * A flaw was found in the way the Linux kernel handled exceptions when\nuser-space applications attempted to use the linkage stack. On IBM S/390\nsystems, a local, unprivileged user could use this flaw to crash the\nsystem. (CVE-2014-2039, Moderate)\n\n * An invalid pointer dereference flaw was found in the Marvell 8xxx\nLibertas WLAN (libertas) driver in the Linux kernel. A local user able to\nwrite to a file that is provided by the libertas driver and located on the\ndebug file system (debugfs) could use this flaw to crash the system. Note:\nThe debugfs file system must be mounted locally to exploit this issue.\nIt is not mounted by default. (CVE-2013-6378, Low)\n\n * A denial of service flaw was discovered in the way the Linux kernel's\nSELinux implementation handled files with an empty SELinux security\ncontext. A local user who has the CAP_MAC_ADMIN capability could use this\nflaw to crash the system. (CVE-2014-1874, Low)\n\nRed Hat would like to thank Kees Cook of Google for reporting\nCVE-2014-3153, Matthew Daley for reporting CVE-2014-1737 and CVE-2014-1738,\nand Vladimir Davydov of Parallels for reporting CVE-2014-0203. Google\nacknowledges Pinkie Pie as th ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2014:0771\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-June/020379.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~431.20.3.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~2.6.32~431.20.3.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~431.20.3.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~431.20.3.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~431.20.3.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~431.20.3.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~431.20.3.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~431.20.3.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~431.20.3.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~2.6.32~431.20.3.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:21", "description": "Oracle Linux Local Security Checks ELSA-2014-0771", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-0771", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1737", "CVE-2013-6378", "CVE-2014-1874", "CVE-2014-1738", "CVE-2014-2039", "CVE-2014-3153", "CVE-2014-0203"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123391", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123391", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-0771.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123391\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:03:11 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-0771\");\n script_tag(name:\"insight\", value:\"ELSA-2014-0771 - kernel security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-0771\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-0771.html\");\n script_cve_id(\"CVE-2014-3153\", \"CVE-2014-1737\", \"CVE-2014-1738\", \"CVE-2013-6378\", \"CVE-2014-0203\", \"CVE-2014-1874\", \"CVE-2014-2039\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~431.20.3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~2.6.32~431.20.3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~431.20.3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~431.20.3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~431.20.3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~431.20.3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~431.20.3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~431.20.3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~431.20.3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~2.6.32~431.20.3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:48:59", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2014-02-20T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2014-2576", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1874", "CVE-2014-1446", "CVE-2013-6368", "CVE-2013-4579", "CVE-2013-6367", "CVE-2013-6376", "CVE-2014-1438", "CVE-2013-4587", "CVE-2014-0069"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:867522", "href": "http://plugins.openvas.org/nasl.php?oid=867522", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2014-2576\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867522);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-20 15:08:07 +0530 (Thu, 20 Feb 2014)\");\n script_cve_id(\"CVE-2014-0069\", \"CVE-2014-1874\", \"CVE-2014-1446\", \"CVE-2014-1438\",\n \"CVE-2013-4579\", \"CVE-2013-4587\", \"CVE-2013-6376\", \"CVE-2013-6368\",\n \"CVE-2013-6367\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for kernel FEDORA-2014-2576\");\n\n tag_insight = \"The kernel package contains the Linux kernel (vmlinuz), the core of any\nLinux operating system. The kernel handles the basic functions\nof the operating system: memory allocation, process allocation, device\ninput and output, etc.\n\";\n\n tag_affected = \"kernel on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-2576\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128498.html\");\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.13.3~201.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:37:26", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-02-20T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2014-2576", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1874", "CVE-2014-1446", "CVE-2013-6368", "CVE-2013-4579", "CVE-2013-6367", "CVE-2013-6376", "CVE-2014-1438", "CVE-2013-4587", "CVE-2014-0069"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310867522", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867522", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2014-2576\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867522\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-20 15:08:07 +0530 (Thu, 20 Feb 2014)\");\n script_cve_id(\"CVE-2014-0069\", \"CVE-2014-1874\", \"CVE-2014-1446\", \"CVE-2014-1438\",\n \"CVE-2013-4579\", \"CVE-2013-4587\", \"CVE-2013-6376\", \"CVE-2013-6368\",\n \"CVE-2013-6367\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for kernel FEDORA-2014-2576\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-2576\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128498.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\nin
CVE-2014-1874
