Debian DSA-2906-1 : linux-2.6 - privilege escalation/denial of service/information leak
2014-04-27T00:00:00
ID DEBIAN_DSA-2906.NASL Type nessus Reporter Tenable Modified 2018-11-10T00:00:00
Description
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems :
CVE-2013-0343 George Kargiotakis reported an issue in the temporary address handling of the IPv6 privacy extensions. Users on the same LAN can cause a denial of service or obtain access to sensitive information by sending router advertisement messages that cause temporary address generation to be disabled.
CVE-2013-2147 Dan Carpenter reported issues in the cpqarray driver for Compaq Smart2 Controllers and the cciss driver for HP Smart Array controllers allowing users to gain access to sensitive kernel memory.
CVE-2013-2889 Kees Cook discovered missing input sanitization in the HID driver for Zeroplus game pads that could lead to a local denial of service.
CVE-2013-2893 Kees Cook discovered that missing input sanitization in the HID driver for various Logitech force feedback devices could lead to a local denial of service.
CVE-2013-2929 Vasily Kulikov discovered that a flaw in the get_dumpable() function of the ptrace subsytsem could lead to information disclosure. Only systems with the fs.suid_dumpable sysctl set to a non-default value of '2' are vulnerable.
CVE-2013-4162 Hannes Frederic Sowa discovered that incorrect handling of IPv6 sockets using the UDP_CORK option could result in denial of service.
CVE-2013-4299 Fujitsu reported an issue in the device-mapper subsystem. Local users could gain access to sensitive kernel memory.
CVE-2013-4345 Stephan Mueller found in bug in the ANSI pseudo random number generator which could lead to the use of less entropy than expected.
CVE-2013-4512 Nico Golde and Fabian Yamaguchi reported an issue in the user mode linux port. A buffer overflow condition exists in the write method for the /proc/exitcode file. Local users with sufficient privileges allowing them to write to this file could gain further elevated privileges.
CVE-2013-4587 Andrew Honig of Google reported an issue in the KVM virtualization subsystem. A local user could gain elevated privileges by passing a large vcpu_id parameter.
CVE-2013-6367 Andrew Honig of Google reported an issue in the KVM virtualization subsystem. A divide-by-zero condition could allow a guest user to cause a denial of service on the host (crash).
CVE-2013-6380 Mahesh Rajashekhara reported an issue in the aacraid driver for storage products from various vendors. Local users with CAP_SYS_ADMIN privileges could gain further elevated privileges.
CVE-2013-6381 Nico Golde and Fabian Yamaguchi reported an issue in the Gigabit Ethernet device support for s390 systems. Local users could cause a denial of service or gain elevated privileges via the SIOC_QETH_ADP_SET_SNMP_CONTROL ioctl.
CVE-2013-6382 Nico Golde and Fabian Yamaguchi reported an issue in the XFS filesystem. Local users with CAP_SYS_ADMIN privileges could gain further elevated privileges.
CVE-2013-6383 Dan Carpenter reported an issue in the aacraid driver for storage devices from various vendors. A local user could gain elevated privileges due to a missing privilege level check in the aac_compat_ioctl function.
CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 mpb reported an information leak in the recvfrom, recvmmsg and recvmsg system calls. A local user could obtain access to sensitive kernel memory.
CVE-2013-7339 Sasha Levin reported an issue in the RDS network protocol over Infiniband. A local user could cause a denial of service condition.
CVE-2014-0101 Nokia Siemens Networks reported an issue in the SCTP network protocol subsystem. Remote users could cause a denial of service (NULL pointer dereference).
CVE-2014-1444 Salva Peiro reported an issue in the FarSync WAN driver.
Local users with the CAP_NET_ADMIN capability could gain access to sensitive kernel memory.
CVE-2014-1445 Salva Peiro reported an issue in the wanXL serial card driver. Local users could gain access to sensitive kernel memory.
CVE-2014-1446 Salva Peiro reported an issue in the YAM radio modem driver. Local users with the CAP_NET_ADMIN capability could gain access to sensitive kernel memory.
CVE-2014-1874 Matthew Thode reported an issue in the SELinux subsystem. A local user with CAP_MAC_ADMIN privileges could cause a denial of service by setting an empty security context on a file.
CVE-2014-2039 Martin Schwidefsky reported an issue on s390 systems. A local user could cause a denial of service (kernel oops) by executing an application with a linkage stack instruction.
CVE-2014-2523 Daniel Borkmann provided a fix for an issue in the nf_conntrack_dccp module. Remote users could cause a denial of service (system crash) or potentially gain elevated privileges.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DSA-2906. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
if (NASL_LEVEL < 3000) exit(0);
include("compat.inc");
if (description)
{
script_id(73713);
script_version("1.7");
script_cvs_date("Date: 2018/11/10 11:49:36");
script_cve_id("CVE-2013-0343", "CVE-2013-2147", "CVE-2013-2889", "CVE-2013-2893", "CVE-2013-2929", "CVE-2013-4162", "CVE-2013-4299", "CVE-2013-4345", "CVE-2013-4512", "CVE-2013-4587", "CVE-2013-6367", "CVE-2013-6380", "CVE-2013-6381", "CVE-2013-6382", "CVE-2013-6383", "CVE-2013-7263", "CVE-2013-7264", "CVE-2013-7265", "CVE-2013-7339", "CVE-2014-0101", "CVE-2014-1444", "CVE-2014-1445", "CVE-2014-1446", "CVE-2014-1874", "CVE-2014-2039", "CVE-2014-2523");
script_bugtraq_id(58795, 60280, 61411, 62042, 62050, 62740, 63183, 63510, 63887, 63888, 63889, 63890, 64270, 64328, 64677, 64685, 64686, 64952, 64953, 64954, 65459, 65700, 65943, 66279, 66351);
script_xref(name:"DSA", value:"2906");
script_name(english:"Debian DSA-2906-1 : linux-2.6 - privilege escalation/denial of service/information leak");
script_summary(english:"Checks dpkg output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security-related update."
);
script_set_attribute(
attribute:"description",
value:
"Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service, information leak or privilege
escalation. The Common Vulnerabilities and Exposures project
identifies the following problems :
- CVE-2013-0343
George Kargiotakis reported an issue in the temporary
address handling of the IPv6 privacy extensions. Users
on the same LAN can cause a denial of service or obtain
access to sensitive information by sending router
advertisement messages that cause temporary address
generation to be disabled.
- CVE-2013-2147
Dan Carpenter reported issues in the cpqarray driver for
Compaq Smart2 Controllers and the cciss driver for HP
Smart Array controllers allowing users to gain access to
sensitive kernel memory.
- CVE-2013-2889
Kees Cook discovered missing input sanitization in the
HID driver for Zeroplus game pads that could lead to a
local denial of service.
- CVE-2013-2893
Kees Cook discovered that missing input sanitization in
the HID driver for various Logitech force feedback
devices could lead to a local denial of service.
- CVE-2013-2929
Vasily Kulikov discovered that a flaw in the
get_dumpable() function of the ptrace subsytsem could
lead to information disclosure. Only systems with the
fs.suid_dumpable sysctl set to a non-default value of
'2' are vulnerable.
- CVE-2013-4162
Hannes Frederic Sowa discovered that incorrect handling
of IPv6 sockets using the UDP_CORK option could result
in denial of service.
- CVE-2013-4299
Fujitsu reported an issue in the device-mapper
subsystem. Local users could gain access to sensitive
kernel memory.
- CVE-2013-4345
Stephan Mueller found in bug in the ANSI pseudo random
number generator which could lead to the use of less
entropy than expected.
- CVE-2013-4512
Nico Golde and Fabian Yamaguchi reported an issue in the
user mode linux port. A buffer overflow condition exists
in the write method for the /proc/exitcode file. Local
users with sufficient privileges allowing them to write
to this file could gain further elevated privileges.
- CVE-2013-4587
Andrew Honig of Google reported an issue in the KVM
virtualization subsystem. A local user could gain
elevated privileges by passing a large vcpu_id
parameter.
- CVE-2013-6367
Andrew Honig of Google reported an issue in the KVM
virtualization subsystem. A divide-by-zero condition
could allow a guest user to cause a denial of service on
the host (crash).
- CVE-2013-6380
Mahesh Rajashekhara reported an issue in the aacraid
driver for storage products from various vendors. Local
users with CAP_SYS_ADMIN privileges could gain further
elevated privileges.
- CVE-2013-6381
Nico Golde and Fabian Yamaguchi reported an issue in the
Gigabit Ethernet device support for s390 systems. Local
users could cause a denial of service or gain elevated
privileges via the SIOC_QETH_ADP_SET_SNMP_CONTROL ioctl.
- CVE-2013-6382
Nico Golde and Fabian Yamaguchi reported an issue in the
XFS filesystem. Local users with CAP_SYS_ADMIN
privileges could gain further elevated privileges.
- CVE-2013-6383
Dan Carpenter reported an issue in the aacraid driver
for storage devices from various vendors. A local user
could gain elevated privileges due to a missing
privilege level check in the aac_compat_ioctl function.
- CVE-2013-7263 CVE-2013-7264 CVE-2013-7265
mpb reported an information leak in the recvfrom,
recvmmsg and recvmsg system calls. A local user could
obtain access to sensitive kernel memory.
- CVE-2013-7339
Sasha Levin reported an issue in the RDS network
protocol over Infiniband. A local user could cause a
denial of service condition.
- CVE-2014-0101
Nokia Siemens Networks reported an issue in the SCTP
network protocol subsystem. Remote users could cause a
denial of service (NULL pointer dereference).
- CVE-2014-1444
Salva Peiro reported an issue in the FarSync WAN driver.
Local users with the CAP_NET_ADMIN capability could gain
access to sensitive kernel memory.
- CVE-2014-1445
Salva Peiro reported an issue in the wanXL serial card
driver. Local users could gain access to sensitive
kernel memory.
- CVE-2014-1446
Salva Peiro reported an issue in the YAM radio modem
driver. Local users with the CAP_NET_ADMIN capability
could gain access to sensitive kernel memory.
- CVE-2014-1874
Matthew Thode reported an issue in the SELinux
subsystem. A local user with CAP_MAC_ADMIN privileges
could cause a denial of service by setting an empty
security context on a file.
- CVE-2014-2039
Martin Schwidefsky reported an issue on s390 systems. A
local user could cause a denial of service (kernel oops)
by executing an application with a linkage stack
instruction.
- CVE-2014-2523
Daniel Borkmann provided a fix for an issue in the
nf_conntrack_dccp module. Remote users could cause a
denial of service (system crash) or potentially gain
elevated privileges."
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2013-0343"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2013-2147"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2013-2889"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2013-2893"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2013-2929"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2013-4162"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2013-4299"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2013-4345"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2013-4512"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2013-4587"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2013-6367"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2013-6380"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2013-6381"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2013-6382"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2013-6383"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2013-7263"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2013-7264"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2013-7265"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2013-7339"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2014-0101"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2014-1444"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2014-1445"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2014-1446"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2014-1874"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2014-2039"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2014-2523"
);
script_set_attribute(
attribute:"see_also",
value:"https://packages.debian.org/source/squeeze/linux-2.6"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.debian.org/security/2014/dsa-2906"
);
script_set_attribute(
attribute:"solution",
value:
"Upgrade the linux-2.6 and user-mode-linux packages.
For the oldstable distribution (squeeze), this problem has been fixed
in version 2.6.32-48squeeze5.
The following matrix lists additional source packages that were
rebuilt for compatibility with or to take advantage of this update :
Debian 6.0 (squeeze)
user-mode-linux 2.6.32-1um-4+48squeeze5
Note: Debian carefully tracks all known security issues across every
linux kernel package in all releases under active security support.
However, given the high frequency at which low-severity security
issues are discovered in the kernel and the resource requirements of
doing an update, updates for lower priority issues will normally not
be released for all kernels at the same time. Rather, they will be
released in a staggered or 'leap-frog' fashion."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-2.6");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");
script_set_attribute(attribute:"patch_publication_date", value:"2014/04/24");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/04/27");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"6.0", prefix:"firmware-linux-free", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-base", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-doc-2.6.32", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-486", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-4kc-malta", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-5kc-malta", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-686", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-686-bigmem", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-amd64", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-armel", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-i386", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-ia64", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-mips", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-mipsel", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-powerpc", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-s390", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-sparc", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-amd64", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-common", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-common-openvz", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-common-vserver", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-common-xen", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-iop32x", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-itanium", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-ixp4xx", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-kirkwood", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-mckinley", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-openvz-686", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-openvz-amd64", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-orion5x", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-powerpc", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-powerpc-smp", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-powerpc64", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-r4k-ip22", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-r5k-cobalt", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-r5k-ip32", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-s390x", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-sb1-bcm91250a", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-sb1a-bcm91480b", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-sparc64", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-sparc64-smp", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-versatile", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-686", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-686-bigmem", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-amd64", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-itanium", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-mckinley", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-powerpc", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-powerpc64", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-s390x", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-sparc64", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-xen-686", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-xen-amd64", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-486", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-4kc-malta", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-5kc-malta", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-686", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-686-bigmem", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-686-bigmem-dbg", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-amd64", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-amd64-dbg", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-iop32x", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-itanium", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-ixp4xx", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-kirkwood", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-mckinley", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-openvz-686", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-openvz-686-dbg", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-openvz-amd64", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-openvz-amd64-dbg", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-orion5x", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-powerpc", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-powerpc-smp", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-powerpc64", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-r4k-ip22", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-r5k-cobalt", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-r5k-ip32", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-s390x", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-s390x-tape", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-sb1-bcm91250a", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-sb1a-bcm91480b", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-sparc64", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-sparc64-smp", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-versatile", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-686", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-686-bigmem", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-686-bigmem-dbg", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-amd64", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-amd64-dbg", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-itanium", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-mckinley", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-powerpc", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-powerpc64", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-s390x", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-sparc64", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-xen-686", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-xen-686-dbg", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-xen-amd64", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-xen-amd64-dbg", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-libc-dev", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-manual-2.6.32", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-patch-debian-2.6.32", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-source-2.6.32", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-support-2.6.32-5", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"linux-tools-2.6.32", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"xen-linux-system-2.6.32-5-xen-686", reference:"2.6.32-48squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"xen-linux-system-2.6.32-5-xen-amd64", reference:"2.6.32-48squeeze5")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"id": "DEBIAN_DSA-2906.NASL", "bulletinFamily": "scanner", "title": "Debian DSA-2906-1 : linux-2.6 - privilege escalation/denial of service/information leak", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2013-0343 George Kargiotakis reported an issue in the temporary address handling of the IPv6 privacy extensions. Users on the same LAN can cause a denial of service or obtain access to sensitive information by sending router advertisement messages that cause temporary address generation to be disabled.\n\n - CVE-2013-2147 Dan Carpenter reported issues in the cpqarray driver for Compaq Smart2 Controllers and the cciss driver for HP Smart Array controllers allowing users to gain access to sensitive kernel memory.\n\n - CVE-2013-2889 Kees Cook discovered missing input sanitization in the HID driver for Zeroplus game pads that could lead to a local denial of service.\n\n - CVE-2013-2893 Kees Cook discovered that missing input sanitization in the HID driver for various Logitech force feedback devices could lead to a local denial of service.\n\n - CVE-2013-2929 Vasily Kulikov discovered that a flaw in the get_dumpable() function of the ptrace subsytsem could lead to information disclosure. Only systems with the fs.suid_dumpable sysctl set to a non-default value of '2' are vulnerable.\n\n - CVE-2013-4162 Hannes Frederic Sowa discovered that incorrect handling of IPv6 sockets using the UDP_CORK option could result in denial of service.\n\n - CVE-2013-4299 Fujitsu reported an issue in the device-mapper subsystem. Local users could gain access to sensitive kernel memory.\n\n - CVE-2013-4345 Stephan Mueller found in bug in the ANSI pseudo random number generator which could lead to the use of less entropy than expected.\n\n - CVE-2013-4512 Nico Golde and Fabian Yamaguchi reported an issue in the user mode linux port. A buffer overflow condition exists in the write method for the /proc/exitcode file. Local users with sufficient privileges allowing them to write to this file could gain further elevated privileges.\n\n - CVE-2013-4587 Andrew Honig of Google reported an issue in the KVM virtualization subsystem. A local user could gain elevated privileges by passing a large vcpu_id parameter.\n\n - CVE-2013-6367 Andrew Honig of Google reported an issue in the KVM virtualization subsystem. A divide-by-zero condition could allow a guest user to cause a denial of service on the host (crash).\n\n - CVE-2013-6380 Mahesh Rajashekhara reported an issue in the aacraid driver for storage products from various vendors. Local users with CAP_SYS_ADMIN privileges could gain further elevated privileges.\n\n - CVE-2013-6381 Nico Golde and Fabian Yamaguchi reported an issue in the Gigabit Ethernet device support for s390 systems. Local users could cause a denial of service or gain elevated privileges via the SIOC_QETH_ADP_SET_SNMP_CONTROL ioctl.\n\n - CVE-2013-6382 Nico Golde and Fabian Yamaguchi reported an issue in the XFS filesystem. Local users with CAP_SYS_ADMIN privileges could gain further elevated privileges.\n\n - CVE-2013-6383 Dan Carpenter reported an issue in the aacraid driver for storage devices from various vendors. A local user could gain elevated privileges due to a missing privilege level check in the aac_compat_ioctl function.\n\n - CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 mpb reported an information leak in the recvfrom, recvmmsg and recvmsg system calls. A local user could obtain access to sensitive kernel memory.\n\n - CVE-2013-7339 Sasha Levin reported an issue in the RDS network protocol over Infiniband. A local user could cause a denial of service condition.\n\n - CVE-2014-0101 Nokia Siemens Networks reported an issue in the SCTP network protocol subsystem. Remote users could cause a denial of service (NULL pointer dereference).\n\n - CVE-2014-1444 Salva Peiro reported an issue in the FarSync WAN driver.\n Local users with the CAP_NET_ADMIN capability could gain access to sensitive kernel memory.\n\n - CVE-2014-1445 Salva Peiro reported an issue in the wanXL serial card driver. Local users could gain access to sensitive kernel memory.\n\n - CVE-2014-1446 Salva Peiro reported an issue in the YAM radio modem driver. Local users with the CAP_NET_ADMIN capability could gain access to sensitive kernel memory.\n\n - CVE-2014-1874 Matthew Thode reported an issue in the SELinux subsystem. A local user with CAP_MAC_ADMIN privileges could cause a denial of service by setting an empty security context on a file.\n\n - CVE-2014-2039 Martin Schwidefsky reported an issue on s390 systems. A local user could cause a denial of service (kernel oops) by executing an application with a linkage stack instruction.\n\n - CVE-2014-2523 Daniel Borkmann provided a fix for an issue in the nf_conntrack_dccp module. Remote users could cause a denial of service (system crash) or potentially gain elevated privileges.", "published": "2014-04-27T00:00:00", "modified": "2018-11-10T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=73713", "reporter": "Tenable", "references": ["https://security-tracker.debian.org/tracker/CVE-2013-2889", "https://security-tracker.debian.org/tracker/CVE-2013-7263", "https://www.debian.org/security/2014/dsa-2906", "https://security-tracker.debian.org/tracker/CVE-2014-2039", "https://security-tracker.debian.org/tracker/CVE-2014-1446", "https://security-tracker.debian.org/tracker/CVE-2013-6380", "https://security-tracker.debian.org/tracker/CVE-2013-6382", "https://security-tracker.debian.org/tracker/CVE-2013-6383", "https://security-tracker.debian.org/tracker/CVE-2013-0343", "https://security-tracker.debian.org/tracker/CVE-2013-2893", "https://security-tracker.debian.org/tracker/CVE-2013-6381", "https://security-tracker.debian.org/tracker/CVE-2014-2523", "https://security-tracker.debian.org/tracker/CVE-2014-1445", "https://security-tracker.debian.org/tracker/CVE-2013-7339", "https://packages.debian.org/source/squeeze/linux-2.6", "https://security-tracker.debian.org/tracker/CVE-2013-4345", "https://security-tracker.debian.org/tracker/CVE-2013-4299", "https://security-tracker.debian.org/tracker/CVE-2014-0101", "https://security-tracker.debian.org/tracker/CVE-2013-4512", "https://security-tracker.debian.org/tracker/CVE-2013-4587", "https://security-tracker.debian.org/tracker/CVE-2013-7264", "https://security-tracker.debian.org/tracker/CVE-2013-2929", "https://security-tracker.debian.org/tracker/CVE-2014-1444", "https://security-tracker.debian.org/tracker/CVE-2013-6367", "https://security-tracker.debian.org/tracker/CVE-2013-2147", "https://security-tracker.debian.org/tracker/CVE-2014-1874", "https://security-tracker.debian.org/tracker/CVE-2013-7265", "https://security-tracker.debian.org/tracker/CVE-2013-4162"], "cvelist": ["CVE-2013-4345", "CVE-2013-4512", "CVE-2013-7265", "CVE-2013-6383", "CVE-2013-2929", "CVE-2014-1874", "CVE-2013-2147", "CVE-2013-4162", "CVE-2013-7264", "CVE-2014-1446", "CVE-2013-7339", "CVE-2013-6382", "CVE-2014-2039", "CVE-2013-6367", "CVE-2013-7263", "CVE-2014-1444", "CVE-2013-6380", "CVE-2013-0343", "CVE-2013-4587", "CVE-2013-6381", "CVE-2014-1445", "CVE-2014-2523", "CVE-2014-0101", "CVE-2013-4299", "CVE-2013-2889", "CVE-2013-2893"], "type": "nessus", "lastseen": "2019-02-21T01:21:06", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:linux-2.6"], "cvelist": ["CVE-2013-4345", "CVE-2013-4512", "CVE-2013-7265", "CVE-2013-6383", "CVE-2013-2929", "CVE-2014-1874", "CVE-2013-2147", "CVE-2013-4162", "CVE-2013-7264", "CVE-2014-1446", "CVE-2013-7339", "CVE-2013-6382", "CVE-2014-2039", "CVE-2013-6367", "CVE-2013-7263", "CVE-2014-1444", "CVE-2013-6380", "CVE-2013-0343", "CVE-2013-4587", "CVE-2013-6381", "CVE-2014-1445", "CVE-2014-2523", "CVE-2014-0101", "CVE-2013-4299", "CVE-2013-2889", "CVE-2013-2893"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2013-0343 George Kargiotakis reported an issue in the temporary address handling of the IPv6 privacy extensions. Users on the same LAN can cause a denial of service or obtain access to sensitive information by sending router advertisement messages that cause temporary address generation to be disabled.\n\n - CVE-2013-2147 Dan Carpenter reported issues in the cpqarray driver for Compaq Smart2 Controllers and the cciss driver for HP Smart Array controllers allowing users to gain access to sensitive kernel memory.\n\n - CVE-2013-2889 Kees Cook discovered missing input sanitization in the HID driver for Zeroplus game pads that could lead to a local denial of service.\n\n - CVE-2013-2893 Kees Cook discovered that missing input sanitization in the HID driver for various Logitech force feedback devices could lead to a local denial of service.\n\n - CVE-2013-2929 Vasily Kulikov discovered that a flaw in the get_dumpable() function of the ptrace subsytsem could lead to information disclosure. Only systems with the fs.suid_dumpable sysctl set to a non-default value of '2' are vulnerable.\n\n - CVE-2013-4162 Hannes Frederic Sowa discovered that incorrect handling of IPv6 sockets using the UDP_CORK option could result in denial of service.\n\n - CVE-2013-4299 Fujitsu reported an issue in the device-mapper subsystem. Local users could gain access to sensitive kernel memory.\n\n - CVE-2013-4345 Stephan Mueller found in bug in the ANSI pseudo random number generator which could lead to the use of less entropy than expected.\n\n - CVE-2013-4512 Nico Golde and Fabian Yamaguchi reported an issue in the user mode linux port. A buffer overflow condition exists in the write method for the /proc/exitcode file. Local users with sufficient privileges allowing them to write to this file could gain further elevated privileges.\n\n - CVE-2013-4587 Andrew Honig of Google reported an issue in the KVM virtualization subsystem. A local user could gain elevated privileges by passing a large vcpu_id parameter.\n\n - CVE-2013-6367 Andrew Honig of Google reported an issue in the KVM virtualization subsystem. A divide-by-zero condition could allow a guest user to cause a denial of service on the host (crash).\n\n - CVE-2013-6380 Mahesh Rajashekhara reported an issue in the aacraid driver for storage products from various vendors. Local users with CAP_SYS_ADMIN privileges could gain further elevated privileges.\n\n - CVE-2013-6381 Nico Golde and Fabian Yamaguchi reported an issue in the Gigabit Ethernet device support for s390 systems. Local users could cause a denial of service or gain elevated privileges via the SIOC_QETH_ADP_SET_SNMP_CONTROL ioctl.\n\n - CVE-2013-6382 Nico Golde and Fabian Yamaguchi reported an issue in the XFS filesystem. Local users with CAP_SYS_ADMIN privileges could gain further elevated privileges.\n\n - CVE-2013-6383 Dan Carpenter reported an issue in the aacraid driver for storage devices from various vendors. A local user could gain elevated privileges due to a missing privilege level check in the aac_compat_ioctl function.\n\n - CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 mpb reported an information leak in the recvfrom, recvmmsg and recvmsg system calls. A local user could obtain access to sensitive kernel memory.\n\n - CVE-2013-7339 Sasha Levin reported an issue in the RDS network protocol over Infiniband. A local user could cause a denial of service condition.\n\n - CVE-2014-0101 Nokia Siemens Networks reported an issue in the SCTP network protocol subsystem. Remote users could cause a denial of service (NULL pointer dereference).\n\n - CVE-2014-1444 Salva Peiro reported an issue in the FarSync WAN driver.\n Local users with the CAP_NET_ADMIN capability could gain access to sensitive kernel memory.\n\n - CVE-2014-1445 Salva Peiro reported an issue in the wanXL serial card driver. Local users could gain access to sensitive kernel memory.\n\n - CVE-2014-1446 Salva Peiro reported an issue in the YAM radio modem driver. Local users with the CAP_NET_ADMIN capability could gain access to sensitive kernel memory.\n\n - CVE-2014-1874 Matthew Thode reported an issue in the SELinux subsystem. A local user with CAP_MAC_ADMIN privileges could cause a denial of service by setting an empty security context on a file.\n\n - CVE-2014-2039 Martin Schwidefsky reported an issue on s390 systems. A local user could cause a denial of service (kernel oops) by executing an application with a linkage stack instruction.\n\n - CVE-2014-2523 Daniel Borkmann provided a fix for an issue in the nf_conntrack_dccp module. Remote users could cause a denial of service (system crash) or potentially gain elevated privileges.", "edition": 2, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "6523cb485409f96fdfb816fc833b7f24187a022b4bac04dbbc723e4669a7214f", "hashmap": [{"hash": "5ca8cb7abf944e890fd8be8e6cdc6924", "key": "sourceData"}, {"hash": "5451a2e67c6ca21201267722d542565a", "key": "href"}, {"hash": "cada2d753410f858cebde745dc1f1b23", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "30cfce173c24658c0a8b5dd2a9dd2e94", "key": "references"}, {"hash": "6b29a192a1eb45d87374d0411ad5b8b3", "key": "modified"}, {"hash": "46e7b9280352265888a576e97596d10d", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "12d8639fbad85eb25e01b9289180275a", "key": "published"}, {"hash": "9d64d19ab74f3171c6a34437e0b13049", "key": "cpe"}, {"hash": "1939076eacdd6eec877930b88a9bedbe", "key": "title"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}, {"hash": "f00f0df6b18543fdd2463c73059ce5bf", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=73713", "id": "DEBIAN_DSA-2906.NASL", "lastseen": "2017-10-29T13:32:53", "modified": "2016-05-26T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "73713", "published": "2014-04-27T00:00:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2013-2889", "https://security-tracker.debian.org/tracker/CVE-2013-7263", "https://security-tracker.debian.org/tracker/CVE-2014-2039", "https://security-tracker.debian.org/tracker/CVE-2014-1446", "https://security-tracker.debian.org/tracker/CVE-2013-6380", "https://security-tracker.debian.org/tracker/CVE-2013-6382", "https://security-tracker.debian.org/tracker/CVE-2013-6383", "https://security-tracker.debian.org/tracker/CVE-2013-0343", "http://www.debian.org/security/2014/dsa-2906", "https://security-tracker.debian.org/tracker/CVE-2013-2893", "https://security-tracker.debian.org/tracker/CVE-2013-6381", "https://security-tracker.debian.org/tracker/CVE-2014-2523", "https://security-tracker.debian.org/tracker/CVE-2014-1445", "https://security-tracker.debian.org/tracker/CVE-2013-7339", "https://packages.debian.org/source/squeeze/linux-2.6", "https://security-tracker.debian.org/tracker/CVE-2013-4345", "https://security-tracker.debian.org/tracker/CVE-2013-4299", "https://security-tracker.debian.org/tracker/CVE-2014-0101", "https://security-tracker.debian.org/tracker/CVE-2013-4512", "https://security-tracker.debian.org/tracker/CVE-2013-4587", "https://security-tracker.debian.org/tracker/CVE-2013-7264", "https://security-tracker.debian.org/tracker/CVE-2013-2929", "https://security-tracker.debian.org/tracker/CVE-2014-1444", "https://security-tracker.debian.org/tracker/CVE-2013-6367", "https://security-tracker.debian.org/tracker/CVE-2013-2147", "https://security-tracker.debian.org/tracker/CVE-2014-1874", "https://security-tracker.debian.org/tracker/CVE-2013-7265", "https://security-tracker.debian.org/tracker/CVE-2013-4162"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2906. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73713);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2016/05/26 15:53:38 $\");\n\n script_cve_id(\"CVE-2013-0343\", \"CVE-2013-2147\", \"CVE-2013-2889\", \"CVE-2013-2893\", \"CVE-2013-2929\", \"CVE-2013-4162\", \"CVE-2013-4299\", \"CVE-2013-4345\", \"CVE-2013-4512\", \"CVE-2013-4587\", \"CVE-2013-6367\", \"CVE-2013-6380\", \"CVE-2013-6381\", \"CVE-2013-6382\", \"CVE-2013-6383\", \"CVE-2013-7263\", \"CVE-2013-7264\", \"CVE-2013-7265\", \"CVE-2013-7339\", \"CVE-2014-0101\", \"CVE-2014-1444\", \"CVE-2014-1445\", \"CVE-2014-1446\", \"CVE-2014-1874\", \"CVE-2014-2039\", \"CVE-2014-2523\");\n script_bugtraq_id(58795, 60280, 61411, 62042, 62050, 62740, 63183, 63510, 63887, 63888, 63889, 63890, 64270, 64328, 64677, 64685, 64686, 64952, 64953, 64954, 65459, 65700, 65943, 66279, 66351);\n script_osvdb_id(90811, 94027, 95614, 96766, 96774, 98017, 98634, 99323, 99324, 100241, 100292, 100293, 100296, 100422, 100984, 100985, 101784, 101787, 102446, 102498, 102499, 102931, 103580, 104004, 104658, 104894);\n script_xref(name:\"DSA\", value:\"2906\");\n\n script_name(english:\"Debian DSA-2906-1 : linux-2.6 - privilege escalation/denial of service/information leak\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service, information leak or privilege\nescalation. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2013-0343\n George Kargiotakis reported an issue in the temporary\n address handling of the IPv6 privacy extensions. Users\n on the same LAN can cause a denial of service or obtain\n access to sensitive information by sending router\n advertisement messages that cause temporary address\n generation to be disabled.\n\n - CVE-2013-2147\n Dan Carpenter reported issues in the cpqarray driver for\n Compaq Smart2 Controllers and the cciss driver for HP\n Smart Array controllers allowing users to gain access to\n sensitive kernel memory.\n\n - CVE-2013-2889\n Kees Cook discovered missing input sanitization in the\n HID driver for Zeroplus game pads that could lead to a\n local denial of service.\n\n - CVE-2013-2893\n Kees Cook discovered that missing input sanitization in\n the HID driver for various Logitech force feedback\n devices could lead to a local denial of service.\n\n - CVE-2013-2929\n Vasily Kulikov discovered that a flaw in the\n get_dumpable() function of the ptrace subsytsem could\n lead to information disclosure. Only systems with the\n fs.suid_dumpable sysctl set to a non-default value of\n '2' are vulnerable.\n\n - CVE-2013-4162\n Hannes Frederic Sowa discovered that incorrect handling\n of IPv6 sockets using the UDP_CORK option could result\n in denial of service.\n\n - CVE-2013-4299\n Fujitsu reported an issue in the device-mapper\n subsystem. Local users could gain access to sensitive\n kernel memory.\n\n - CVE-2013-4345\n Stephan Mueller found in bug in the ANSI pseudo random\n number generator which could lead to the use of less\n entropy than expected.\n\n - CVE-2013-4512\n Nico Golde and Fabian Yamaguchi reported an issue in the\n user mode linux port. A buffer overflow condition exists\n in the write method for the /proc/exitcode file. Local\n users with sufficient privileges allowing them to write\n to this file could gain further elevated privileges.\n\n - CVE-2013-4587\n Andrew Honig of Google reported an issue in the KVM\n virtualization subsystem. A local user could gain\n elevated privileges by passing a large vcpu_id\n parameter.\n\n - CVE-2013-6367\n Andrew Honig of Google reported an issue in the KVM\n virtualization subsystem. A divide-by-zero condition\n could allow a guest user to cause a denial of service on\n the host (crash).\n\n - CVE-2013-6380\n Mahesh Rajashekhara reported an issue in the aacraid\n driver for storage products from various vendors. Local\n users with CAP_SYS_ADMIN privileges could gain further\n elevated privileges.\n\n - CVE-2013-6381\n Nico Golde and Fabian Yamaguchi reported an issue in the\n Gigabit Ethernet device support for s390 systems. Local\n users could cause a denial of service or gain elevated\n privileges via the SIOC_QETH_ADP_SET_SNMP_CONTROL ioctl.\n\n - CVE-2013-6382\n Nico Golde and Fabian Yamaguchi reported an issue in the\n XFS filesystem. Local users with CAP_SYS_ADMIN\n privileges could gain further elevated privileges.\n\n - CVE-2013-6383\n Dan Carpenter reported an issue in the aacraid driver\n for storage devices from various vendors. A local user\n could gain elevated privileges due to a missing\n privilege level check in the aac_compat_ioctl function.\n\n - CVE-2013-7263 CVE-2013-7264 CVE-2013-7265\n mpb reported an information leak in the recvfrom,\n recvmmsg and recvmsg system calls. A local user could\n obtain access to sensitive kernel memory.\n\n - CVE-2013-7339\n Sasha Levin reported an issue in the RDS network\n protocol over Infiniband. A local user could cause a\n denial of service condition.\n\n - CVE-2014-0101\n Nokia Siemens Networks reported an issue in the SCTP\n network protocol subsystem. Remote users could cause a\n denial of service (NULL pointer dereference).\n\n - CVE-2014-1444\n Salva Peiro reported an issue in the FarSync WAN driver.\n Local users with the CAP_NET_ADMIN capability could gain\n access to sensitive kernel memory.\n\n - CVE-2014-1445\n Salva Peiro reported an issue in the wanXL serial card\n driver. Local users could gain access to sensitive\n kernel memory.\n\n - CVE-2014-1446\n Salva Peiro reported an issue in the YAM radio modem\n driver. Local users with the CAP_NET_ADMIN capability\n could gain access to sensitive kernel memory.\n\n - CVE-2014-1874\n Matthew Thode reported an issue in the SELinux\n subsystem. A local user with CAP_MAC_ADMIN privileges\n could cause a denial of service by setting an empty\n security context on a file.\n\n - CVE-2014-2039\n Martin Schwidefsky reported an issue on s390 systems. A\n local user could cause a denial of service (kernel oops)\n by executing an application with a linkage stack\n instruction.\n\n - CVE-2014-2523\n Daniel Borkmann provided a fix for an issue in the\n nf_conntrack_dccp module. Remote users could cause a\n denial of service (system crash) or potentially gain\n elevated privileges.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-0343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2147\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2889\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2929\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4587\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6380\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6383\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-7263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-7264\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-7265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-7339\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-0101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1444\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-2039\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-2523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/linux-2.6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2014/dsa-2906\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux-2.6 and user-mode-linux packages.\n\nFor the oldstable distribution (squeeze), this problem has been fixed\nin version 2.6.32-48squeeze5.\n\nThe following matrix lists additional source packages that were\nrebuilt for compatibility with or to take advantage of this update :\n\n Debian 6.0 (squeeze) \n user-mode-linux 2.6.32-1um-4+48squeeze5 \nNote: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or 'leap-frog' fashion.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"firmware-linux-free\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-base\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-doc-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-486\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-4kc-malta\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-5kc-malta\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-686-bigmem\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-armel\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-i386\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-ia64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-mips\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-mipsel\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-s390\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-sparc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-openvz\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-vserver\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-xen\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-iop32x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-itanium\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-ixp4xx\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-kirkwood\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-mckinley\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-openvz-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-openvz-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-orion5x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc-smp\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r4k-ip22\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r5k-cobalt\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r5k-ip32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-s390x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sb1-bcm91250a\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sb1a-bcm91480b\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sparc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sparc64-smp\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-versatile\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-686-bigmem\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-itanium\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-mckinley\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-powerpc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-s390x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-sparc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-486\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-4kc-malta\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-5kc-malta\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686-bigmem\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686-bigmem-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-amd64-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-iop32x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-itanium\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-ixp4xx\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-kirkwood\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-mckinley\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-686-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-amd64-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-orion5x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc-smp\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r4k-ip22\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r5k-cobalt\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r5k-ip32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-s390x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-s390x-tape\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sb1-bcm91250a\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sb1a-bcm91480b\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sparc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sparc64-smp\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-versatile\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686-bigmem\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686-bigmem-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-amd64-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-itanium\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-mckinley\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-powerpc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-s390x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-sparc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-686-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-amd64-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-libc-dev\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-manual-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-patch-debian-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-source-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-support-2.6.32-5\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-tools-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-linux-system-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-linux-system-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DSA-2906-1 : linux-2.6 - privilege escalation/denial of service/information leak", "type": "nessus", "viewCount": 4}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:32:53"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:linux-2.6"], "cvelist": ["CVE-2013-4345", "CVE-2013-4512", "CVE-2013-7265", "CVE-2013-6383", "CVE-2013-2929", "CVE-2014-1874", "CVE-2013-2147", "CVE-2013-4162", "CVE-2013-7264", "CVE-2014-1446", "CVE-2013-7339", "CVE-2013-6382", "CVE-2014-2039", "CVE-2013-6367", "CVE-2013-7263", "CVE-2014-1444", "CVE-2013-6380", "CVE-2013-0343", "CVE-2013-4587", "CVE-2013-6381", "CVE-2014-1445", "CVE-2014-2523", "CVE-2014-0101", "CVE-2013-4299", "CVE-2013-2889", "CVE-2013-2893"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service, information leak or privilege\nescalation. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2013-0343\n George Kargiotakis reported an issue in the temporary\n address handling of the IPv6 privacy extensions. Users\n on the same LAN can cause a denial of service or obtain\n access to sensitive information by sending router\n advertisement messages that cause temporary address\n generation to be disabled.\n\n - CVE-2013-2147\n Dan Carpenter reported issues in the cpqarray driver for\n Compaq Smart2 Controllers and the cciss driver for HP\n Smart Array controllers allowing users to gain access to\n sensitive kernel memory.\n\n - CVE-2013-2889\n Kees Cook discovered missing input sanitization in the\n HID driver for Zeroplus game pads that could lead to a\n local denial of service.\n\n - CVE-2013-2893\n Kees Cook discovered that missing input sanitization in\n the HID driver for various Logitech force feedback\n devices could lead to a local denial of service.\n\n - CVE-2013-2929\n Vasily Kulikov discovered that a flaw in the\n get_dumpable() function of the ptrace subsytsem could\n lead to information disclosure. Only systems with the\n fs.suid_dumpable sysctl set to a non-default value of\n '2' are vulnerable.\n\n - CVE-2013-4162\n Hannes Frederic Sowa discovered that incorrect handling\n of IPv6 sockets using the UDP_CORK option could result\n in denial of service.\n\n - CVE-2013-4299\n Fujitsu reported an issue in the device-mapper\n subsystem. Local users could gain access to sensitive\n kernel memory.\n\n - CVE-2013-4345\n Stephan Mueller found in bug in the ANSI pseudo random\n number generator which could lead to the use of less\n entropy than expected.\n\n - CVE-2013-4512\n Nico Golde and Fabian Yamaguchi reported an issue in the\n user mode linux port. A buffer overflow condition exists\n in the write method for the /proc/exitcode file. Local\n users with sufficient privileges allowing them to write\n to this file could gain further elevated privileges.\n\n - CVE-2013-4587\n Andrew Honig of Google reported an issue in the KVM\n virtualization subsystem. A local user could gain\n elevated privileges by passing a large vcpu_id\n parameter.\n\n - CVE-2013-6367\n Andrew Honig of Google reported an issue in the KVM\n virtualization subsystem. A divide-by-zero condition\n could allow a guest user to cause a denial of service on\n the host (crash).\n\n - CVE-2013-6380\n Mahesh Rajashekhara reported an issue in the aacraid\n driver for storage products from various vendors. Local\n users with CAP_SYS_ADMIN privileges could gain further\n elevated privileges.\n\n - CVE-2013-6381\n Nico Golde and Fabian Yamaguchi reported an issue in the\n Gigabit Ethernet device support for s390 systems. Local\n users could cause a denial of service or gain elevated\n privileges via the SIOC_QETH_ADP_SET_SNMP_CONTROL ioctl.\n\n - CVE-2013-6382\n Nico Golde and Fabian Yamaguchi reported an issue in the\n XFS filesystem. Local users with CAP_SYS_ADMIN\n privileges could gain further elevated privileges.\n\n - CVE-2013-6383\n Dan Carpenter reported an issue in the aacraid driver\n for storage devices from various vendors. A local user\n could gain elevated privileges due to a missing\n privilege level check in the aac_compat_ioctl function.\n\n - CVE-2013-7263 CVE-2013-7264 CVE-2013-7265\n mpb reported an information leak in the recvfrom,\n recvmmsg and recvmsg system calls. A local user could\n obtain access to sensitive kernel memory.\n\n - CVE-2013-7339\n Sasha Levin reported an issue in the RDS network\n protocol over Infiniband. A local user could cause a\n denial of service condition.\n\n - CVE-2014-0101\n Nokia Siemens Networks reported an issue in the SCTP\n network protocol subsystem. Remote users could cause a\n denial of service (NULL pointer dereference).\n\n - CVE-2014-1444\n Salva Peiro reported an issue in the FarSync WAN driver.\n Local users with the CAP_NET_ADMIN capability could gain\n access to sensitive kernel memory.\n\n - CVE-2014-1445\n Salva Peiro reported an issue in the wanXL serial card\n driver. Local users could gain access to sensitive\n kernel memory.\n\n - CVE-2014-1446\n Salva Peiro reported an issue in the YAM radio modem\n driver. Local users with the CAP_NET_ADMIN capability\n could gain access to sensitive kernel memory.\n\n - CVE-2014-1874\n Matthew Thode reported an issue in the SELinux\n subsystem. A local user with CAP_MAC_ADMIN privileges\n could cause a denial of service by setting an empty\n security context on a file.\n\n - CVE-2014-2039\n Martin Schwidefsky reported an issue on s390 systems. A\n local user could cause a denial of service (kernel oops)\n by executing an application with a linkage stack\n instruction.\n\n - CVE-2014-2523\n Daniel Borkmann provided a fix for an issue in the\n nf_conntrack_dccp module. Remote users could cause a\n denial of service (system crash) or potentially gain\n elevated privileges.", "edition": 8, "enchantments": {"dependencies": {"modified": "2019-01-16T20:18:19", "references": [{"idList": ["SUSE-SU-2014:0696-1"], "type": "suse"}, {"idList": ["DEBIAN:DSA-2906-1:5B9FC"], "type": "debian"}, {"idList": ["RHSA-2014:0159"], "type": "redhat"}, {"idList": ["CESA-2014:0159"], "type": "centos"}, {"idList": ["UBUNTU_USN-2108-1.NASL", "FEDORA_2013-22695.NASL", "FEDORA_2013-22669.NASL", "ALA_ALAS-2013-258.NASL", "SL_20140211_KERNEL_ON_SL6_X.NASL", "ORACLELINUX_ELSA-2014-0159.NASL", "REDHAT-RHSA-2014-0159.NASL", "CENTOS_RHSA-2014-0159.NASL", "UBUNTU_USN-2107-1.NASL", "UBUNTU_USN-2016-1.NASL"], "type": "nessus"}, {"idList": ["ELSA-2014-0159", "ELSA-2014-3009", "ELSA-2014-3011", "ELSA-2014-3010"], "type": "oraclelinux"}, {"idList": ["USN-2129-1", "USN-2015-1", "USN-2135-1", "USN-2128-1", "USN-2110-1", "USN-2016-1", "USN-2108-1", "USN-2141-1", "USN-2107-1"], "type": "ubuntu"}, {"idList": ["SOL15983", "F5:K15317", "SOL15984", "SOL15317"], "type": "f5"}, {"idList": ["CVE-2013-7265", "CVE-2013-6383", "CVE-2013-7264", "CVE-2013-7339", "CVE-2013-6382", "CVE-2014-2039", "CVE-2013-7263", "CVE-2013-6380", "CVE-2013-6381", "CVE-2013-2889"], "type": "cve"}, {"idList": ["OPENVAS:881879", "OPENVAS:1361412562310841718", "OPENVAS:1361412562310702906", "OPENVAS:841723", "OPENVAS:841718", "OPENVAS:1361412562310881879", "OPENVAS:702906", "OPENVAS:1361412562310851057", "OPENVAS:841620", "OPENVAS:871125"], "type": "openvas"}, {"idList": ["SECURITYVULNS:DOC:29993"], "type": "securityvulns"}]}, "score": {"value": 7.2, "vector": "NONE"}}, "hash": "ab7d16cfde231de53ee2b4cd5aa8b83df50a5c3dab956f4d1735315af05dd564", "hashmap": [{"hash": "5451a2e67c6ca21201267722d542565a", "key": "href"}, {"hash": "cada2d753410f858cebde745dc1f1b23", "key": "pluginID"}, {"hash": "76273ab7ca0059eb29d7bdacf2129f97", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "d730396af1ea1f81e04c4f04d72d9aba", "key": "references"}, {"hash": "46e7b9280352265888a576e97596d10d", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "3c764d4cf584f9ded7aa4dcca57c78ff", "key": "modified"}, {"hash": "f8899138369b180a17db4789c0968770", "key": "sourceData"}, {"hash": "12d8639fbad85eb25e01b9289180275a", "key": "published"}, {"hash": "9d64d19ab74f3171c6a34437e0b13049", "key": "cpe"}, {"hash": "1939076eacdd6eec877930b88a9bedbe", "key": "title"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=73713", "id": "DEBIAN_DSA-2906.NASL", "lastseen": "2019-01-16T20:18:19", "modified": "2018-11-10T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "73713", "published": "2014-04-27T00:00:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2013-2889", "https://security-tracker.debian.org/tracker/CVE-2013-7263", "https://www.debian.org/security/2014/dsa-2906", "https://security-tracker.debian.org/tracker/CVE-2014-2039", "https://security-tracker.debian.org/tracker/CVE-2014-1446", "https://security-tracker.debian.org/tracker/CVE-2013-6380", "https://security-tracker.debian.org/tracker/CVE-2013-6382", "https://security-tracker.debian.org/tracker/CVE-2013-6383", "https://security-tracker.debian.org/tracker/CVE-2013-0343", "https://security-tracker.debian.org/tracker/CVE-2013-2893", "https://security-tracker.debian.org/tracker/CVE-2013-6381", "https://security-tracker.debian.org/tracker/CVE-2014-2523", "https://security-tracker.debian.org/tracker/CVE-2014-1445", "https://security-tracker.debian.org/tracker/CVE-2013-7339", "https://packages.debian.org/source/squeeze/linux-2.6", "https://security-tracker.debian.org/tracker/CVE-2013-4345", "https://security-tracker.debian.org/tracker/CVE-2013-4299", "https://security-tracker.debian.org/tracker/CVE-2014-0101", "https://security-tracker.debian.org/tracker/CVE-2013-4512", "https://security-tracker.debian.org/tracker/CVE-2013-4587", "https://security-tracker.debian.org/tracker/CVE-2013-7264", "https://security-tracker.debian.org/tracker/CVE-2013-2929", "https://security-tracker.debian.org/tracker/CVE-2014-1444", "https://security-tracker.debian.org/tracker/CVE-2013-6367", "https://security-tracker.debian.org/tracker/CVE-2013-2147", "https://security-tracker.debian.org/tracker/CVE-2014-1874", "https://security-tracker.debian.org/tracker/CVE-2013-7265", "https://security-tracker.debian.org/tracker/CVE-2013-4162"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2906. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73713);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/10 11:49:36\");\n\n script_cve_id(\"CVE-2013-0343\", \"CVE-2013-2147\", \"CVE-2013-2889\", \"CVE-2013-2893\", \"CVE-2013-2929\", \"CVE-2013-4162\", \"CVE-2013-4299\", \"CVE-2013-4345\", \"CVE-2013-4512\", \"CVE-2013-4587\", \"CVE-2013-6367\", \"CVE-2013-6380\", \"CVE-2013-6381\", \"CVE-2013-6382\", \"CVE-2013-6383\", \"CVE-2013-7263\", \"CVE-2013-7264\", \"CVE-2013-7265\", \"CVE-2013-7339\", \"CVE-2014-0101\", \"CVE-2014-1444\", \"CVE-2014-1445\", \"CVE-2014-1446\", \"CVE-2014-1874\", \"CVE-2014-2039\", \"CVE-2014-2523\");\n script_bugtraq_id(58795, 60280, 61411, 62042, 62050, 62740, 63183, 63510, 63887, 63888, 63889, 63890, 64270, 64328, 64677, 64685, 64686, 64952, 64953, 64954, 65459, 65700, 65943, 66279, 66351);\n script_xref(name:\"DSA\", value:\"2906\");\n\n script_name(english:\"Debian DSA-2906-1 : linux-2.6 - privilege escalation/denial of service/information leak\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service, information leak or privilege\nescalation. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2013-0343\n George Kargiotakis reported an issue in the temporary\n address handling of the IPv6 privacy extensions. Users\n on the same LAN can cause a denial of service or obtain\n access to sensitive information by sending router\n advertisement messages that cause temporary address\n generation to be disabled.\n\n - CVE-2013-2147\n Dan Carpenter reported issues in the cpqarray driver for\n Compaq Smart2 Controllers and the cciss driver for HP\n Smart Array controllers allowing users to gain access to\n sensitive kernel memory.\n\n - CVE-2013-2889\n Kees Cook discovered missing input sanitization in the\n HID driver for Zeroplus game pads that could lead to a\n local denial of service.\n\n - CVE-2013-2893\n Kees Cook discovered that missing input sanitization in\n the HID driver for various Logitech force feedback\n devices could lead to a local denial of service.\n\n - CVE-2013-2929\n Vasily Kulikov discovered that a flaw in the\n get_dumpable() function of the ptrace subsytsem could\n lead to information disclosure. Only systems with the\n fs.suid_dumpable sysctl set to a non-default value of\n '2' are vulnerable.\n\n - CVE-2013-4162\n Hannes Frederic Sowa discovered that incorrect handling\n of IPv6 sockets using the UDP_CORK option could result\n in denial of service.\n\n - CVE-2013-4299\n Fujitsu reported an issue in the device-mapper\n subsystem. Local users could gain access to sensitive\n kernel memory.\n\n - CVE-2013-4345\n Stephan Mueller found in bug in the ANSI pseudo random\n number generator which could lead to the use of less\n entropy than expected.\n\n - CVE-2013-4512\n Nico Golde and Fabian Yamaguchi reported an issue in the\n user mode linux port. A buffer overflow condition exists\n in the write method for the /proc/exitcode file. Local\n users with sufficient privileges allowing them to write\n to this file could gain further elevated privileges.\n\n - CVE-2013-4587\n Andrew Honig of Google reported an issue in the KVM\n virtualization subsystem. A local user could gain\n elevated privileges by passing a large vcpu_id\n parameter.\n\n - CVE-2013-6367\n Andrew Honig of Google reported an issue in the KVM\n virtualization subsystem. A divide-by-zero condition\n could allow a guest user to cause a denial of service on\n the host (crash).\n\n - CVE-2013-6380\n Mahesh Rajashekhara reported an issue in the aacraid\n driver for storage products from various vendors. Local\n users with CAP_SYS_ADMIN privileges could gain further\n elevated privileges.\n\n - CVE-2013-6381\n Nico Golde and Fabian Yamaguchi reported an issue in the\n Gigabit Ethernet device support for s390 systems. Local\n users could cause a denial of service or gain elevated\n privileges via the SIOC_QETH_ADP_SET_SNMP_CONTROL ioctl.\n\n - CVE-2013-6382\n Nico Golde and Fabian Yamaguchi reported an issue in the\n XFS filesystem. Local users with CAP_SYS_ADMIN\n privileges could gain further elevated privileges.\n\n - CVE-2013-6383\n Dan Carpenter reported an issue in the aacraid driver\n for storage devices from various vendors. A local user\n could gain elevated privileges due to a missing\n privilege level check in the aac_compat_ioctl function.\n\n - CVE-2013-7263 CVE-2013-7264 CVE-2013-7265\n mpb reported an information leak in the recvfrom,\n recvmmsg and recvmsg system calls. A local user could\n obtain access to sensitive kernel memory.\n\n - CVE-2013-7339\n Sasha Levin reported an issue in the RDS network\n protocol over Infiniband. A local user could cause a\n denial of service condition.\n\n - CVE-2014-0101\n Nokia Siemens Networks reported an issue in the SCTP\n network protocol subsystem. Remote users could cause a\n denial of service (NULL pointer dereference).\n\n - CVE-2014-1444\n Salva Peiro reported an issue in the FarSync WAN driver.\n Local users with the CAP_NET_ADMIN capability could gain\n access to sensitive kernel memory.\n\n - CVE-2014-1445\n Salva Peiro reported an issue in the wanXL serial card\n driver. Local users could gain access to sensitive\n kernel memory.\n\n - CVE-2014-1446\n Salva Peiro reported an issue in the YAM radio modem\n driver. Local users with the CAP_NET_ADMIN capability\n could gain access to sensitive kernel memory.\n\n - CVE-2014-1874\n Matthew Thode reported an issue in the SELinux\n subsystem. A local user with CAP_MAC_ADMIN privileges\n could cause a denial of service by setting an empty\n security context on a file.\n\n - CVE-2014-2039\n Martin Schwidefsky reported an issue on s390 systems. A\n local user could cause a denial of service (kernel oops)\n by executing an application with a linkage stack\n instruction.\n\n - CVE-2014-2523\n Daniel Borkmann provided a fix for an issue in the\n nf_conntrack_dccp module. Remote users could cause a\n denial of service (system crash) or potentially gain\n elevated privileges.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-0343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2147\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2889\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2929\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4587\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6380\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6383\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-7263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-7264\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-7265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-7339\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-0101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1444\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-2039\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-2523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/linux-2.6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2906\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux-2.6 and user-mode-linux packages.\n\nFor the oldstable distribution (squeeze), this problem has been fixed\nin version 2.6.32-48squeeze5.\n\nThe following matrix lists additional source packages that were\nrebuilt for compatibility with or to take advantage of this update :\n\n Debian 6.0 (squeeze) \n user-mode-linux 2.6.32-1um-4+48squeeze5 \nNote: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or 'leap-frog' fashion.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"firmware-linux-free\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-base\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-doc-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-486\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-4kc-malta\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-5kc-malta\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-686-bigmem\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-armel\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-i386\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-ia64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-mips\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-mipsel\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-s390\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-sparc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-openvz\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-vserver\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-xen\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-iop32x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-itanium\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-ixp4xx\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-kirkwood\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-mckinley\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-openvz-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-openvz-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-orion5x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc-smp\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r4k-ip22\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r5k-cobalt\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r5k-ip32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-s390x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sb1-bcm91250a\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sb1a-bcm91480b\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sparc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sparc64-smp\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-versatile\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-686-bigmem\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-itanium\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-mckinley\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-powerpc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-s390x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-sparc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-486\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-4kc-malta\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-5kc-malta\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686-bigmem\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686-bigmem-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-amd64-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-iop32x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-itanium\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-ixp4xx\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-kirkwood\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-mckinley\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-686-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-amd64-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-orion5x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc-smp\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r4k-ip22\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r5k-cobalt\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r5k-ip32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-s390x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-s390x-tape\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sb1-bcm91250a\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sb1a-bcm91480b\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sparc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sparc64-smp\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-versatile\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686-bigmem\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686-bigmem-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-amd64-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-itanium\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-mckinley\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-powerpc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-s390x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-sparc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-686-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-amd64-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-libc-dev\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-manual-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-patch-debian-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-source-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-support-2.6.32-5\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-tools-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-linux-system-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-linux-system-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DSA-2906-1 : linux-2.6 - privilege escalation/denial of service/information leak", "type": "nessus", "viewCount": 6}, "differentElements": ["description"], "edition": 8, "lastseen": "2019-01-16T20:18:19"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:linux-2.6"], "cvelist": ["CVE-2013-4345", "CVE-2013-4512", "CVE-2013-7265", "CVE-2013-6383", "CVE-2013-2929", "CVE-2014-1874", "CVE-2013-2147", "CVE-2013-4162", "CVE-2013-7264", "CVE-2014-1446", "CVE-2013-7339", "CVE-2013-6382", "CVE-2014-2039", "CVE-2013-6367", "CVE-2013-7263", "CVE-2014-1444", "CVE-2013-6380", "CVE-2013-0343", "CVE-2013-4587", "CVE-2013-6381", "CVE-2014-1445", "CVE-2014-2523", "CVE-2014-0101", "CVE-2013-4299", "CVE-2013-2889", "CVE-2013-2893"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2013-0343 George Kargiotakis reported an issue in the temporary address handling of the IPv6 privacy extensions. Users on the same LAN can cause a denial of service or obtain access to sensitive information by sending router advertisement messages that cause temporary address generation to be disabled.\n\n - CVE-2013-2147 Dan Carpenter reported issues in the cpqarray driver for Compaq Smart2 Controllers and the cciss driver for HP Smart Array controllers allowing users to gain access to sensitive kernel memory.\n\n - CVE-2013-2889 Kees Cook discovered missing input sanitization in the HID driver for Zeroplus game pads that could lead to a local denial of service.\n\n - CVE-2013-2893 Kees Cook discovered that missing input sanitization in the HID driver for various Logitech force feedback devices could lead to a local denial of service.\n\n - CVE-2013-2929 Vasily Kulikov discovered that a flaw in the get_dumpable() function of the ptrace subsytsem could lead to information disclosure. Only systems with the fs.suid_dumpable sysctl set to a non-default value of '2' are vulnerable.\n\n - CVE-2013-4162 Hannes Frederic Sowa discovered that incorrect handling of IPv6 sockets using the UDP_CORK option could result in denial of service.\n\n - CVE-2013-4299 Fujitsu reported an issue in the device-mapper subsystem. Local users could gain access to sensitive kernel memory.\n\n - CVE-2013-4345 Stephan Mueller found in bug in the ANSI pseudo random number generator which could lead to the use of less entropy than expected.\n\n - CVE-2013-4512 Nico Golde and Fabian Yamaguchi reported an issue in the user mode linux port. A buffer overflow condition exists in the write method for the /proc/exitcode file. Local users with sufficient privileges allowing them to write to this file could gain further elevated privileges.\n\n - CVE-2013-4587 Andrew Honig of Google reported an issue in the KVM virtualization subsystem. A local user could gain elevated privileges by passing a large vcpu_id parameter.\n\n - CVE-2013-6367 Andrew Honig of Google reported an issue in the KVM virtualization subsystem. A divide-by-zero condition could allow a guest user to cause a denial of service on the host (crash).\n\n - CVE-2013-6380 Mahesh Rajashekhara reported an issue in the aacraid driver for storage products from various vendors. Local users with CAP_SYS_ADMIN privileges could gain further elevated privileges.\n\n - CVE-2013-6381 Nico Golde and Fabian Yamaguchi reported an issue in the Gigabit Ethernet device support for s390 systems. Local users could cause a denial of service or gain elevated privileges via the SIOC_QETH_ADP_SET_SNMP_CONTROL ioctl.\n\n - CVE-2013-6382 Nico Golde and Fabian Yamaguchi reported an issue in the XFS filesystem. Local users with CAP_SYS_ADMIN privileges could gain further elevated privileges.\n\n - CVE-2013-6383 Dan Carpenter reported an issue in the aacraid driver for storage devices from various vendors. A local user could gain elevated privileges due to a missing privilege level check in the aac_compat_ioctl function.\n\n - CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 mpb reported an information leak in the recvfrom, recvmmsg and recvmsg system calls. A local user could obtain access to sensitive kernel memory.\n\n - CVE-2013-7339 Sasha Levin reported an issue in the RDS network protocol over Infiniband. A local user could cause a denial of service condition.\n\n - CVE-2014-0101 Nokia Siemens Networks reported an issue in the SCTP network protocol subsystem. Remote users could cause a denial of service (NULL pointer dereference).\n\n - CVE-2014-1444 Salva Peiro reported an issue in the FarSync WAN driver.\n Local users with the CAP_NET_ADMIN capability could gain access to sensitive kernel memory.\n\n - CVE-2014-1445 Salva Peiro reported an issue in the wanXL serial card driver. Local users could gain access to sensitive kernel memory.\n\n - CVE-2014-1446 Salva Peiro reported an issue in the YAM radio modem driver. Local users with the CAP_NET_ADMIN capability could gain access to sensitive kernel memory.\n\n - CVE-2014-1874 Matthew Thode reported an issue in the SELinux subsystem. A local user with CAP_MAC_ADMIN privileges could cause a denial of service by setting an empty security context on a file.\n\n - CVE-2014-2039 Martin Schwidefsky reported an issue on s390 systems. A local user could cause a denial of service (kernel oops) by executing an application with a linkage stack instruction.\n\n - CVE-2014-2523 Daniel Borkmann provided a fix for an issue in the nf_conntrack_dccp module. Remote users could cause a denial of service (system crash) or potentially gain elevated privileges.", "edition": 3, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "5e2fb87ab3b886a93f261cadfe740bade3722e836f918236dd6a8866c95544b8", "hashmap": [{"hash": "005d827ed783355dc1a0c510b47ba74f", "key": "sourceData"}, {"hash": "48d60a46ed3f845ea90484e4bf421124", "key": "modified"}, {"hash": "5451a2e67c6ca21201267722d542565a", "key": "href"}, {"hash": "cada2d753410f858cebde745dc1f1b23", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "30cfce173c24658c0a8b5dd2a9dd2e94", "key": "references"}, {"hash": "46e7b9280352265888a576e97596d10d", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "12d8639fbad85eb25e01b9289180275a", "key": "published"}, {"hash": "9d64d19ab74f3171c6a34437e0b13049", "key": "cpe"}, {"hash": "1939076eacdd6eec877930b88a9bedbe", "key": "title"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}, {"hash": "f00f0df6b18543fdd2463c73059ce5bf", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=73713", "id": "DEBIAN_DSA-2906.NASL", "lastseen": "2018-07-10T05:28:25", "modified": "2018-07-09T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "73713", "published": "2014-04-27T00:00:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2013-2889", "https://security-tracker.debian.org/tracker/CVE-2013-7263", "https://security-tracker.debian.org/tracker/CVE-2014-2039", "https://security-tracker.debian.org/tracker/CVE-2014-1446", "https://security-tracker.debian.org/tracker/CVE-2013-6380", "https://security-tracker.debian.org/tracker/CVE-2013-6382", "https://security-tracker.debian.org/tracker/CVE-2013-6383", "https://security-tracker.debian.org/tracker/CVE-2013-0343", "http://www.debian.org/security/2014/dsa-2906", "https://security-tracker.debian.org/tracker/CVE-2013-2893", "https://security-tracker.debian.org/tracker/CVE-2013-6381", "https://security-tracker.debian.org/tracker/CVE-2014-2523", "https://security-tracker.debian.org/tracker/CVE-2014-1445", "https://security-tracker.debian.org/tracker/CVE-2013-7339", "https://packages.debian.org/source/squeeze/linux-2.6", "https://security-tracker.debian.org/tracker/CVE-2013-4345", "https://security-tracker.debian.org/tracker/CVE-2013-4299", "https://security-tracker.debian.org/tracker/CVE-2014-0101", "https://security-tracker.debian.org/tracker/CVE-2013-4512", "https://security-tracker.debian.org/tracker/CVE-2013-4587", "https://security-tracker.debian.org/tracker/CVE-2013-7264", "https://security-tracker.debian.org/tracker/CVE-2013-2929", "https://security-tracker.debian.org/tracker/CVE-2014-1444", "https://security-tracker.debian.org/tracker/CVE-2013-6367", "https://security-tracker.debian.org/tracker/CVE-2013-2147", "https://security-tracker.debian.org/tracker/CVE-2014-1874", "https://security-tracker.debian.org/tracker/CVE-2013-7265", "https://security-tracker.debian.org/tracker/CVE-2013-4162"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2906. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73713);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/09 14:30:25\");\n\n script_cve_id(\"CVE-2013-0343\", \"CVE-2013-2147\", \"CVE-2013-2889\", \"CVE-2013-2893\", \"CVE-2013-2929\", \"CVE-2013-4162\", \"CVE-2013-4299\", \"CVE-2013-4345\", \"CVE-2013-4512\", \"CVE-2013-4587\", \"CVE-2013-6367\", \"CVE-2013-6380\", \"CVE-2013-6381\", \"CVE-2013-6382\", \"CVE-2013-6383\", \"CVE-2013-7263\", \"CVE-2013-7264\", \"CVE-2013-7265\", \"CVE-2013-7339\", \"CVE-2014-0101\", \"CVE-2014-1444\", \"CVE-2014-1445\", \"CVE-2014-1446\", \"CVE-2014-1874\", \"CVE-2014-2039\", \"CVE-2014-2523\");\n script_bugtraq_id(58795, 60280, 61411, 62042, 62050, 62740, 63183, 63510, 63887, 63888, 63889, 63890, 64270, 64328, 64677, 64685, 64686, 64952, 64953, 64954, 65459, 65700, 65943, 66279, 66351);\n script_xref(name:\"DSA\", value:\"2906\");\n\n script_name(english:\"Debian DSA-2906-1 : linux-2.6 - privilege escalation/denial of service/information leak\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service, information leak or privilege\nescalation. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2013-0343\n George Kargiotakis reported an issue in the temporary\n address handling of the IPv6 privacy extensions. Users\n on the same LAN can cause a denial of service or obtain\n access to sensitive information by sending router\n advertisement messages that cause temporary address\n generation to be disabled.\n\n - CVE-2013-2147\n Dan Carpenter reported issues in the cpqarray driver for\n Compaq Smart2 Controllers and the cciss driver for HP\n Smart Array controllers allowing users to gain access to\n sensitive kernel memory.\n\n - CVE-2013-2889\n Kees Cook discovered missing input sanitization in the\n HID driver for Zeroplus game pads that could lead to a\n local denial of service.\n\n - CVE-2013-2893\n Kees Cook discovered that missing input sanitization in\n the HID driver for various Logitech force feedback\n devices could lead to a local denial of service.\n\n - CVE-2013-2929\n Vasily Kulikov discovered that a flaw in the\n get_dumpable() function of the ptrace subsytsem could\n lead to information disclosure. Only systems with the\n fs.suid_dumpable sysctl set to a non-default value of\n '2' are vulnerable.\n\n - CVE-2013-4162\n Hannes Frederic Sowa discovered that incorrect handling\n of IPv6 sockets using the UDP_CORK option could result\n in denial of service.\n\n - CVE-2013-4299\n Fujitsu reported an issue in the device-mapper\n subsystem. Local users could gain access to sensitive\n kernel memory.\n\n - CVE-2013-4345\n Stephan Mueller found in bug in the ANSI pseudo random\n number generator which could lead to the use of less\n entropy than expected.\n\n - CVE-2013-4512\n Nico Golde and Fabian Yamaguchi reported an issue in the\n user mode linux port. A buffer overflow condition exists\n in the write method for the /proc/exitcode file. Local\n users with sufficient privileges allowing them to write\n to this file could gain further elevated privileges.\n\n - CVE-2013-4587\n Andrew Honig of Google reported an issue in the KVM\n virtualization subsystem. A local user could gain\n elevated privileges by passing a large vcpu_id\n parameter.\n\n - CVE-2013-6367\n Andrew Honig of Google reported an issue in the KVM\n virtualization subsystem. A divide-by-zero condition\n could allow a guest user to cause a denial of service on\n the host (crash).\n\n - CVE-2013-6380\n Mahesh Rajashekhara reported an issue in the aacraid\n driver for storage products from various vendors. Local\n users with CAP_SYS_ADMIN privileges could gain further\n elevated privileges.\n\n - CVE-2013-6381\n Nico Golde and Fabian Yamaguchi reported an issue in the\n Gigabit Ethernet device support for s390 systems. Local\n users could cause a denial of service or gain elevated\n privileges via the SIOC_QETH_ADP_SET_SNMP_CONTROL ioctl.\n\n - CVE-2013-6382\n Nico Golde and Fabian Yamaguchi reported an issue in the\n XFS filesystem. Local users with CAP_SYS_ADMIN\n privileges could gain further elevated privileges.\n\n - CVE-2013-6383\n Dan Carpenter reported an issue in the aacraid driver\n for storage devices from various vendors. A local user\n could gain elevated privileges due to a missing\n privilege level check in the aac_compat_ioctl function.\n\n - CVE-2013-7263 CVE-2013-7264 CVE-2013-7265\n mpb reported an information leak in the recvfrom,\n recvmmsg and recvmsg system calls. A local user could\n obtain access to sensitive kernel memory.\n\n - CVE-2013-7339\n Sasha Levin reported an issue in the RDS network\n protocol over Infiniband. A local user could cause a\n denial of service condition.\n\n - CVE-2014-0101\n Nokia Siemens Networks reported an issue in the SCTP\n network protocol subsystem. Remote users could cause a\n denial of service (NULL pointer dereference).\n\n - CVE-2014-1444\n Salva Peiro reported an issue in the FarSync WAN driver.\n Local users with the CAP_NET_ADMIN capability could gain\n access to sensitive kernel memory.\n\n - CVE-2014-1445\n Salva Peiro reported an issue in the wanXL serial card\n driver. Local users could gain access to sensitive\n kernel memory.\n\n - CVE-2014-1446\n Salva Peiro reported an issue in the YAM radio modem\n driver. Local users with the CAP_NET_ADMIN capability\n could gain access to sensitive kernel memory.\n\n - CVE-2014-1874\n Matthew Thode reported an issue in the SELinux\n subsystem. A local user with CAP_MAC_ADMIN privileges\n could cause a denial of service by setting an empty\n security context on a file.\n\n - CVE-2014-2039\n Martin Schwidefsky reported an issue on s390 systems. A\n local user could cause a denial of service (kernel oops)\n by executing an application with a linkage stack\n instruction.\n\n - CVE-2014-2523\n Daniel Borkmann provided a fix for an issue in the\n nf_conntrack_dccp module. Remote users could cause a\n denial of service (system crash) or potentially gain\n elevated privileges.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-0343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2147\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2889\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2929\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4587\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6380\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6383\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-7263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-7264\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-7265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-7339\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-0101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1444\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-2039\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-2523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/linux-2.6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2014/dsa-2906\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux-2.6 and user-mode-linux packages.\n\nFor the oldstable distribution (squeeze), this problem has been fixed\nin version 2.6.32-48squeeze5.\n\nThe following matrix lists additional source packages that were\nrebuilt for compatibility with or to take advantage of this update :\n\n Debian 6.0 (squeeze) \n user-mode-linux 2.6.32-1um-4+48squeeze5 \nNote: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or 'leap-frog' fashion.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"firmware-linux-free\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-base\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-doc-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-486\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-4kc-malta\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-5kc-malta\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-686-bigmem\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-armel\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-i386\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-ia64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-mips\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-mipsel\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-s390\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-sparc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-openvz\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-vserver\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-xen\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-iop32x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-itanium\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-ixp4xx\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-kirkwood\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-mckinley\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-openvz-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-openvz-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-orion5x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc-smp\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r4k-ip22\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r5k-cobalt\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r5k-ip32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-s390x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sb1-bcm91250a\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sb1a-bcm91480b\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sparc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sparc64-smp\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-versatile\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-686-bigmem\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-itanium\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-mckinley\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-powerpc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-s390x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-sparc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-486\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-4kc-malta\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-5kc-malta\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686-bigmem\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686-bigmem-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-amd64-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-iop32x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-itanium\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-ixp4xx\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-kirkwood\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-mckinley\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-686-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-amd64-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-orion5x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc-smp\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r4k-ip22\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r5k-cobalt\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r5k-ip32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-s390x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-s390x-tape\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sb1-bcm91250a\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sb1a-bcm91480b\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sparc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sparc64-smp\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-versatile\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686-bigmem\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686-bigmem-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-amd64-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-itanium\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-mckinley\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-powerpc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-s390x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-sparc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-686-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-amd64-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-libc-dev\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-manual-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-patch-debian-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-source-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-support-2.6.32-5\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-tools-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-linux-system-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-linux-system-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DSA-2906-1 : linux-2.6 - privilege escalation/denial of service/information leak", "type": "nessus", "viewCount": 6}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-07-10T05:28:25"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:linux-2.6"], "cvelist": ["CVE-2013-4345", "CVE-2013-4512", "CVE-2013-7265", "CVE-2013-6383", "CVE-2013-2929", "CVE-2014-1874", "CVE-2013-2147", "CVE-2013-4162", "CVE-2013-7264", "CVE-2014-1446", "CVE-2013-7339", "CVE-2013-6382", "CVE-2014-2039", "CVE-2013-6367", "CVE-2013-7263", "CVE-2014-1444", "CVE-2013-6380", "CVE-2013-0343", "CVE-2013-4587", "CVE-2013-6381", "CVE-2014-1445", "CVE-2014-2523", "CVE-2014-0101", "CVE-2013-4299", "CVE-2013-2889", "CVE-2013-2893"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2013-0343 George Kargiotakis reported an issue in the temporary address handling of the IPv6 privacy extensions. Users on the same LAN can cause a denial of service or obtain access to sensitive information by sending router advertisement messages that cause temporary address generation to be disabled.\n\n - CVE-2013-2147 Dan Carpenter reported issues in the cpqarray driver for Compaq Smart2 Controllers and the cciss driver for HP Smart Array controllers allowing users to gain access to sensitive kernel memory.\n\n - CVE-2013-2889 Kees Cook discovered missing input sanitization in the HID driver for Zeroplus game pads that could lead to a local denial of service.\n\n - CVE-2013-2893 Kees Cook discovered that missing input sanitization in the HID driver for various Logitech force feedback devices could lead to a local denial of service.\n\n - CVE-2013-2929 Vasily Kulikov discovered that a flaw in the get_dumpable() function of the ptrace subsytsem could lead to information disclosure. Only systems with the fs.suid_dumpable sysctl set to a non-default value of '2' are vulnerable.\n\n - CVE-2013-4162 Hannes Frederic Sowa discovered that incorrect handling of IPv6 sockets using the UDP_CORK option could result in denial of service.\n\n - CVE-2013-4299 Fujitsu reported an issue in the device-mapper subsystem. Local users could gain access to sensitive kernel memory.\n\n - CVE-2013-4345 Stephan Mueller found in bug in the ANSI pseudo random number generator which could lead to the use of less entropy than expected.\n\n - CVE-2013-4512 Nico Golde and Fabian Yamaguchi reported an issue in the user mode linux port. A buffer overflow condition exists in the write method for the /proc/exitcode file. Local users with sufficient privileges allowing them to write to this file could gain further elevated privileges.\n\n - CVE-2013-4587 Andrew Honig of Google reported an issue in the KVM virtualization subsystem. A local user could gain elevated privileges by passing a large vcpu_id parameter.\n\n - CVE-2013-6367 Andrew Honig of Google reported an issue in the KVM virtualization subsystem. A divide-by-zero condition could allow a guest user to cause a denial of service on the host (crash).\n\n - CVE-2013-6380 Mahesh Rajashekhara reported an issue in the aacraid driver for storage products from various vendors. Local users with CAP_SYS_ADMIN privileges could gain further elevated privileges.\n\n - CVE-2013-6381 Nico Golde and Fabian Yamaguchi reported an issue in the Gigabit Ethernet device support for s390 systems. Local users could cause a denial of service or gain elevated privileges via the SIOC_QETH_ADP_SET_SNMP_CONTROL ioctl.\n\n - CVE-2013-6382 Nico Golde and Fabian Yamaguchi reported an issue in the XFS filesystem. Local users with CAP_SYS_ADMIN privileges could gain further elevated privileges.\n\n - CVE-2013-6383 Dan Carpenter reported an issue in the aacraid driver for storage devices from various vendors. A local user could gain elevated privileges due to a missing privilege level check in the aac_compat_ioctl function.\n\n - CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 mpb reported an information leak in the recvfrom, recvmmsg and recvmsg system calls. A local user could obtain access to sensitive kernel memory.\n\n - CVE-2013-7339 Sasha Levin reported an issue in the RDS network protocol over Infiniband. A local user could cause a denial of service condition.\n\n - CVE-2014-0101 Nokia Siemens Networks reported an issue in the SCTP network protocol subsystem. Remote users could cause a denial of service (NULL pointer dereference).\n\n - CVE-2014-1444 Salva Peiro reported an issue in the FarSync WAN driver.\n Local users with the CAP_NET_ADMIN capability could gain access to sensitive kernel memory.\n\n - CVE-2014-1445 Salva Peiro reported an issue in the wanXL serial card driver. Local users could gain access to sensitive kernel memory.\n\n - CVE-2014-1446 Salva Peiro reported an issue in the YAM radio modem driver. Local users with the CAP_NET_ADMIN capability could gain access to sensitive kernel memory.\n\n - CVE-2014-1874 Matthew Thode reported an issue in the SELinux subsystem. A local user with CAP_MAC_ADMIN privileges could cause a denial of service by setting an empty security context on a file.\n\n - CVE-2014-2039 Martin Schwidefsky reported an issue on s390 systems. A local user could cause a denial of service (kernel oops) by executing an application with a linkage stack instruction.\n\n - CVE-2014-2523 Daniel Borkmann provided a fix for an issue in the nf_conntrack_dccp module. Remote users could cause a denial of service (system crash) or potentially gain elevated privileges.", "edition": 7, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "e429ff1a26a8eba67a988e84902892a48d9161d8e85108fe5a6b2e52ba1a80ea", "hashmap": [{"hash": "5451a2e67c6ca21201267722d542565a", "key": "href"}, {"hash": "cada2d753410f858cebde745dc1f1b23", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "d730396af1ea1f81e04c4f04d72d9aba", "key": "references"}, {"hash": "46e7b9280352265888a576e97596d10d", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "3c764d4cf584f9ded7aa4dcca57c78ff", "key": "modified"}, {"hash": "f8899138369b180a17db4789c0968770", "key": "sourceData"}, {"hash": "12d8639fbad85eb25e01b9289180275a", "key": "published"}, {"hash": "9d64d19ab74f3171c6a34437e0b13049", "key": "cpe"}, {"hash": "1939076eacdd6eec877930b88a9bedbe", "key": "title"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}, {"hash": "f00f0df6b18543fdd2463c73059ce5bf", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=73713", "id": "DEBIAN_DSA-2906.NASL", "lastseen": "2018-11-11T12:38:40", "modified": "2018-11-10T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "73713", "published": "2014-04-27T00:00:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2013-2889", "https://security-tracker.debian.org/tracker/CVE-2013-7263", "https://www.debian.org/security/2014/dsa-2906", "https://security-tracker.debian.org/tracker/CVE-2014-2039", "https://security-tracker.debian.org/tracker/CVE-2014-1446", "https://security-tracker.debian.org/tracker/CVE-2013-6380", "https://security-tracker.debian.org/tracker/CVE-2013-6382", "https://security-tracker.debian.org/tracker/CVE-2013-6383", "https://security-tracker.debian.org/tracker/CVE-2013-0343", "https://security-tracker.debian.org/tracker/CVE-2013-2893", "https://security-tracker.debian.org/tracker/CVE-2013-6381", "https://security-tracker.debian.org/tracker/CVE-2014-2523", "https://security-tracker.debian.org/tracker/CVE-2014-1445", "https://security-tracker.debian.org/tracker/CVE-2013-7339", "https://packages.debian.org/source/squeeze/linux-2.6", "https://security-tracker.debian.org/tracker/CVE-2013-4345", "https://security-tracker.debian.org/tracker/CVE-2013-4299", "https://security-tracker.debian.org/tracker/CVE-2014-0101", "https://security-tracker.debian.org/tracker/CVE-2013-4512", "https://security-tracker.debian.org/tracker/CVE-2013-4587", "https://security-tracker.debian.org/tracker/CVE-2013-7264", "https://security-tracker.debian.org/tracker/CVE-2013-2929", "https://security-tracker.debian.org/tracker/CVE-2014-1444", "https://security-tracker.debian.org/tracker/CVE-2013-6367", "https://security-tracker.debian.org/tracker/CVE-2013-2147", "https://security-tracker.debian.org/tracker/CVE-2014-1874", "https://security-tracker.debian.org/tracker/CVE-2013-7265", "https://security-tracker.debian.org/tracker/CVE-2013-4162"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2906. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73713);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/10 11:49:36\");\n\n script_cve_id(\"CVE-2013-0343\", \"CVE-2013-2147\", \"CVE-2013-2889\", \"CVE-2013-2893\", \"CVE-2013-2929\", \"CVE-2013-4162\", \"CVE-2013-4299\", \"CVE-2013-4345\", \"CVE-2013-4512\", \"CVE-2013-4587\", \"CVE-2013-6367\", \"CVE-2013-6380\", \"CVE-2013-6381\", \"CVE-2013-6382\", \"CVE-2013-6383\", \"CVE-2013-7263\", \"CVE-2013-7264\", \"CVE-2013-7265\", \"CVE-2013-7339\", \"CVE-2014-0101\", \"CVE-2014-1444\", \"CVE-2014-1445\", \"CVE-2014-1446\", \"CVE-2014-1874\", \"CVE-2014-2039\", \"CVE-2014-2523\");\n script_bugtraq_id(58795, 60280, 61411, 62042, 62050, 62740, 63183, 63510, 63887, 63888, 63889, 63890, 64270, 64328, 64677, 64685, 64686, 64952, 64953, 64954, 65459, 65700, 65943, 66279, 66351);\n script_xref(name:\"DSA\", value:\"2906\");\n\n script_name(english:\"Debian DSA-2906-1 : linux-2.6 - privilege escalation/denial of service/information leak\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service, information leak or privilege\nescalation. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2013-0343\n George Kargiotakis reported an issue in the temporary\n address handling of the IPv6 privacy extensions. Users\n on the same LAN can cause a denial of service or obtain\n access to sensitive information by sending router\n advertisement messages that cause temporary address\n generation to be disabled.\n\n - CVE-2013-2147\n Dan Carpenter reported issues in the cpqarray driver for\n Compaq Smart2 Controllers and the cciss driver for HP\n Smart Array controllers allowing users to gain access to\n sensitive kernel memory.\n\n - CVE-2013-2889\n Kees Cook discovered missing input sanitization in the\n HID driver for Zeroplus game pads that could lead to a\n local denial of service.\n\n - CVE-2013-2893\n Kees Cook discovered that missing input sanitization in\n the HID driver for various Logitech force feedback\n devices could lead to a local denial of service.\n\n - CVE-2013-2929\n Vasily Kulikov discovered that a flaw in the\n get_dumpable() function of the ptrace subsytsem could\n lead to information disclosure. Only systems with the\n fs.suid_dumpable sysctl set to a non-default value of\n '2' are vulnerable.\n\n - CVE-2013-4162\n Hannes Frederic Sowa discovered that incorrect handling\n of IPv6 sockets using the UDP_CORK option could result\n in denial of service.\n\n - CVE-2013-4299\n Fujitsu reported an issue in the device-mapper\n subsystem. Local users could gain access to sensitive\n kernel memory.\n\n - CVE-2013-4345\n Stephan Mueller found in bug in the ANSI pseudo random\n number generator which could lead to the use of less\n entropy than expected.\n\n - CVE-2013-4512\n Nico Golde and Fabian Yamaguchi reported an issue in the\n user mode linux port. A buffer overflow condition exists\n in the write method for the /proc/exitcode file. Local\n users with sufficient privileges allowing them to write\n to this file could gain further elevated privileges.\n\n - CVE-2013-4587\n Andrew Honig of Google reported an issue in the KVM\n virtualization subsystem. A local user could gain\n elevated privileges by passing a large vcpu_id\n parameter.\n\n - CVE-2013-6367\n Andrew Honig of Google reported an issue in the KVM\n virtualization subsystem. A divide-by-zero condition\n could allow a guest user to cause a denial of service on\n the host (crash).\n\n - CVE-2013-6380\n Mahesh Rajashekhara reported an issue in the aacraid\n driver for storage products from various vendors. Local\n users with CAP_SYS_ADMIN privileges could gain further\n elevated privileges.\n\n - CVE-2013-6381\n Nico Golde and Fabian Yamaguchi reported an issue in the\n Gigabit Ethernet device support for s390 systems. Local\n users could cause a denial of service or gain elevated\n privileges via the SIOC_QETH_ADP_SET_SNMP_CONTROL ioctl.\n\n - CVE-2013-6382\n Nico Golde and Fabian Yamaguchi reported an issue in the\n XFS filesystem. Local users with CAP_SYS_ADMIN\n privileges could gain further elevated privileges.\n\n - CVE-2013-6383\n Dan Carpenter reported an issue in the aacraid driver\n for storage devices from various vendors. A local user\n could gain elevated privileges due to a missing\n privilege level check in the aac_compat_ioctl function.\n\n - CVE-2013-7263 CVE-2013-7264 CVE-2013-7265\n mpb reported an information leak in the recvfrom,\n recvmmsg and recvmsg system calls. A local user could\n obtain access to sensitive kernel memory.\n\n - CVE-2013-7339\n Sasha Levin reported an issue in the RDS network\n protocol over Infiniband. A local user could cause a\n denial of service condition.\n\n - CVE-2014-0101\n Nokia Siemens Networks reported an issue in the SCTP\n network protocol subsystem. Remote users could cause a\n denial of service (NULL pointer dereference).\n\n - CVE-2014-1444\n Salva Peiro reported an issue in the FarSync WAN driver.\n Local users with the CAP_NET_ADMIN capability could gain\n access to sensitive kernel memory.\n\n - CVE-2014-1445\n Salva Peiro reported an issue in the wanXL serial card\n driver. Local users could gain access to sensitive\n kernel memory.\n\n - CVE-2014-1446\n Salva Peiro reported an issue in the YAM radio modem\n driver. Local users with the CAP_NET_ADMIN capability\n could gain access to sensitive kernel memory.\n\n - CVE-2014-1874\n Matthew Thode reported an issue in the SELinux\n subsystem. A local user with CAP_MAC_ADMIN privileges\n could cause a denial of service by setting an empty\n security context on a file.\n\n - CVE-2014-2039\n Martin Schwidefsky reported an issue on s390 systems. A\n local user could cause a denial of service (kernel oops)\n by executing an application with a linkage stack\n instruction.\n\n - CVE-2014-2523\n Daniel Borkmann provided a fix for an issue in the\n nf_conntrack_dccp module. Remote users could cause a\n denial of service (system crash) or potentially gain\n elevated privileges.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-0343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2147\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2889\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2929\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4587\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6380\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6383\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-7263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-7264\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-7265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-7339\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-0101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1444\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-2039\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-2523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/linux-2.6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2906\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux-2.6 and user-mode-linux packages.\n\nFor the oldstable distribution (squeeze), this problem has been fixed\nin version 2.6.32-48squeeze5.\n\nThe following matrix lists additional source packages that were\nrebuilt for compatibility with or to take advantage of this update :\n\n Debian 6.0 (squeeze) \n user-mode-linux 2.6.32-1um-4+48squeeze5 \nNote: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or 'leap-frog' fashion.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"firmware-linux-free\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-base\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-doc-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-486\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-4kc-malta\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-5kc-malta\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-686-bigmem\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-armel\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-i386\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-ia64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-mips\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-mipsel\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-s390\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-sparc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-openvz\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-vserver\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-xen\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-iop32x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-itanium\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-ixp4xx\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-kirkwood\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-mckinley\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-openvz-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-openvz-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-orion5x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc-smp\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r4k-ip22\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r5k-cobalt\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r5k-ip32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-s390x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sb1-bcm91250a\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sb1a-bcm91480b\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sparc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sparc64-smp\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-versatile\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-686-bigmem\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-itanium\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-mckinley\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-powerpc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-s390x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-sparc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-486\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-4kc-malta\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-5kc-malta\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686-bigmem\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686-bigmem-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-amd64-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-iop32x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-itanium\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-ixp4xx\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-kirkwood\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-mckinley\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-686-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-amd64-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-orion5x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc-smp\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r4k-ip22\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r5k-cobalt\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r5k-ip32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-s390x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-s390x-tape\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sb1-bcm91250a\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sb1a-bcm91480b\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sparc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sparc64-smp\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-versatile\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686-bigmem\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686-bigmem-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-amd64-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-itanium\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-mckinley\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-powerpc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-s390x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-sparc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-686-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-amd64-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-libc-dev\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-manual-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-patch-debian-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-source-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-support-2.6.32-5\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-tools-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-linux-system-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-linux-system-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DSA-2906-1 : linux-2.6 - privilege escalation/denial of service/information leak", "type": "nessus", "viewCount": 6}, "differentElements": ["description"], "edition": 7, "lastseen": "2018-11-11T12:38:40"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:linux-2.6"], "cvelist": ["CVE-2013-4345", "CVE-2013-4512", "CVE-2013-7265", "CVE-2013-6383", "CVE-2013-2929", "CVE-2014-1874", "CVE-2013-2147", "CVE-2013-4162", "CVE-2013-7264", "CVE-2014-1446", "CVE-2013-7339", "CVE-2013-6382", "CVE-2014-2039", "CVE-2013-6367", "CVE-2013-7263", "CVE-2014-1444", "CVE-2013-6380", "CVE-2013-0343", "CVE-2013-4587", "CVE-2013-6381", "CVE-2014-1445", "CVE-2014-2523", "CVE-2014-0101", "CVE-2013-4299", "CVE-2013-2889", "CVE-2013-2893"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2013-0343 George Kargiotakis reported an issue in the temporary address handling of the IPv6 privacy extensions. Users on the same LAN can cause a denial of service or obtain access to sensitive information by sending router advertisement messages that cause temporary address generation to be disabled.\n\n - CVE-2013-2147 Dan Carpenter reported issues in the cpqarray driver for Compaq Smart2 Controllers and the cciss driver for HP Smart Array controllers allowing users to gain access to sensitive kernel memory.\n\n - CVE-2013-2889 Kees Cook discovered missing input sanitization in the HID driver for Zeroplus game pads that could lead to a local denial of service.\n\n - CVE-2013-2893 Kees Cook discovered that missing input sanitization in the HID driver for various Logitech force feedback devices could lead to a local denial of service.\n\n - CVE-2013-2929 Vasily Kulikov discovered that a flaw in the get_dumpable() function of the ptrace subsytsem could lead to information disclosure. Only systems with the fs.suid_dumpable sysctl set to a non-default value of '2' are vulnerable.\n\n - CVE-2013-4162 Hannes Frederic Sowa discovered that incorrect handling of IPv6 sockets using the UDP_CORK option could result in denial of service.\n\n - CVE-2013-4299 Fujitsu reported an issue in the device-mapper subsystem. Local users could gain access to sensitive kernel memory.\n\n - CVE-2013-4345 Stephan Mueller found in bug in the ANSI pseudo random number generator which could lead to the use of less entropy than expected.\n\n - CVE-2013-4512 Nico Golde and Fabian Yamaguchi reported an issue in the user mode linux port. A buffer overflow condition exists in the write method for the /proc/exitcode file. Local users with sufficient privileges allowing them to write to this file could gain further elevated privileges.\n\n - CVE-2013-4587 Andrew Honig of Google reported an issue in the KVM virtualization subsystem. A local user could gain elevated privileges by passing a large vcpu_id parameter.\n\n - CVE-2013-6367 Andrew Honig of Google reported an issue in the KVM virtualization subsystem. A divide-by-zero condition could allow a guest user to cause a denial of service on the host (crash).\n\n - CVE-2013-6380 Mahesh Rajashekhara reported an issue in the aacraid driver for storage products from various vendors. Local users with CAP_SYS_ADMIN privileges could gain further elevated privileges.\n\n - CVE-2013-6381 Nico Golde and Fabian Yamaguchi reported an issue in the Gigabit Ethernet device support for s390 systems. Local users could cause a denial of service or gain elevated privileges via the SIOC_QETH_ADP_SET_SNMP_CONTROL ioctl.\n\n - CVE-2013-6382 Nico Golde and Fabian Yamaguchi reported an issue in the XFS filesystem. Local users with CAP_SYS_ADMIN privileges could gain further elevated privileges.\n\n - CVE-2013-6383 Dan Carpenter reported an issue in the aacraid driver for storage devices from various vendors. A local user could gain elevated privileges due to a missing privilege level check in the aac_compat_ioctl function.\n\n - CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 mpb reported an information leak in the recvfrom, recvmmsg and recvmsg system calls. A local user could obtain access to sensitive kernel memory.\n\n - CVE-2013-7339 Sasha Levin reported an issue in the RDS network protocol over Infiniband. A local user could cause a denial of service condition.\n\n - CVE-2014-0101 Nokia Siemens Networks reported an issue in the SCTP network protocol subsystem. Remote users could cause a denial of service (NULL pointer dereference).\n\n - CVE-2014-1444 Salva Peiro reported an issue in the FarSync WAN driver.\n Local users with the CAP_NET_ADMIN capability could gain access to sensitive kernel memory.\n\n - CVE-2014-1445 Salva Peiro reported an issue in the wanXL serial card driver. Local users could gain access to sensitive kernel memory.\n\n - CVE-2014-1446 Salva Peiro reported an issue in the YAM radio modem driver. Local users with the CAP_NET_ADMIN capability could gain access to sensitive kernel memory.\n\n - CVE-2014-1874 Matthew Thode reported an issue in the SELinux subsystem. A local user with CAP_MAC_ADMIN privileges could cause a denial of service by setting an empty security context on a file.\n\n - CVE-2014-2039 Martin Schwidefsky reported an issue on s390 systems. A local user could cause a denial of service (kernel oops) by executing an application with a linkage stack instruction.\n\n - CVE-2014-2523 Daniel Borkmann provided a fix for an issue in the nf_conntrack_dccp module. Remote users could cause a denial of service (system crash) or potentially gain elevated privileges.", "edition": 4, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "35e72304f3dea759293f91b2fb8261205926c7124336e0651df9fcc7129966e9", "hashmap": [{"hash": "005d827ed783355dc1a0c510b47ba74f", "key": "sourceData"}, {"hash": "48d60a46ed3f845ea90484e4bf421124", "key": "modified"}, {"hash": "5451a2e67c6ca21201267722d542565a", "key": "href"}, {"hash": "cada2d753410f858cebde745dc1f1b23", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "30cfce173c24658c0a8b5dd2a9dd2e94", "key": "references"}, {"hash": "46e7b9280352265888a576e97596d10d", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "12d8639fbad85eb25e01b9289180275a", "key": "published"}, {"hash": "9d64d19ab74f3171c6a34437e0b13049", "key": "cpe"}, {"hash": "1939076eacdd6eec877930b88a9bedbe", "key": "title"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}, {"hash": "f00f0df6b18543fdd2463c73059ce5bf", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=73713", "id": "DEBIAN_DSA-2906.NASL", "lastseen": "2018-08-30T19:29:40", "modified": "2018-07-09T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "73713", "published": "2014-04-27T00:00:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2013-2889", "https://security-tracker.debian.org/tracker/CVE-2013-7263", "https://security-tracker.debian.org/tracker/CVE-2014-2039", "https://security-tracker.debian.org/tracker/CVE-2014-1446", "https://security-tracker.debian.org/tracker/CVE-2013-6380", "https://security-tracker.debian.org/tracker/CVE-2013-6382", "https://security-tracker.debian.org/tracker/CVE-2013-6383", "https://security-tracker.debian.org/tracker/CVE-2013-0343", "http://www.debian.org/security/2014/dsa-2906", "https://security-tracker.debian.org/tracker/CVE-2013-2893", "https://security-tracker.debian.org/tracker/CVE-2013-6381", "https://security-tracker.debian.org/tracker/CVE-2014-2523", "https://security-tracker.debian.org/tracker/CVE-2014-1445", "https://security-tracker.debian.org/tracker/CVE-2013-7339", "https://packages.debian.org/source/squeeze/linux-2.6", "https://security-tracker.debian.org/tracker/CVE-2013-4345", "https://security-tracker.debian.org/tracker/CVE-2013-4299", "https://security-tracker.debian.org/tracker/CVE-2014-0101", "https://security-tracker.debian.org/tracker/CVE-2013-4512", "https://security-tracker.debian.org/tracker/CVE-2013-4587", "https://security-tracker.debian.org/tracker/CVE-2013-7264", "https://security-tracker.debian.org/tracker/CVE-2013-2929", "https://security-tracker.debian.org/tracker/CVE-2014-1444", "https://security-tracker.debian.org/tracker/CVE-2013-6367", "https://security-tracker.debian.org/tracker/CVE-2013-2147", "https://security-tracker.debian.org/tracker/CVE-2014-1874", "https://security-tracker.debian.org/tracker/CVE-2013-7265", "https://security-tracker.debian.org/tracker/CVE-2013-4162"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2906. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73713);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/09 14:30:25\");\n\n script_cve_id(\"CVE-2013-0343\", \"CVE-2013-2147\", \"CVE-2013-2889\", \"CVE-2013-2893\", \"CVE-2013-2929\", \"CVE-2013-4162\", \"CVE-2013-4299\", \"CVE-2013-4345\", \"CVE-2013-4512\", \"CVE-2013-4587\", \"CVE-2013-6367\", \"CVE-2013-6380\", \"CVE-2013-6381\", \"CVE-2013-6382\", \"CVE-2013-6383\", \"CVE-2013-7263\", \"CVE-2013-7264\", \"CVE-2013-7265\", \"CVE-2013-7339\", \"CVE-2014-0101\", \"CVE-2014-1444\", \"CVE-2014-1445\", \"CVE-2014-1446\", \"CVE-2014-1874\", \"CVE-2014-2039\", \"CVE-2014-2523\");\n script_bugtraq_id(58795, 60280, 61411, 62042, 62050, 62740, 63183, 63510, 63887, 63888, 63889, 63890, 64270, 64328, 64677, 64685, 64686, 64952, 64953, 64954, 65459, 65700, 65943, 66279, 66351);\n script_xref(name:\"DSA\", value:\"2906\");\n\n script_name(english:\"Debian DSA-2906-1 : linux-2.6 - privilege escalation/denial of service/information leak\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service, information leak or privilege\nescalation. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2013-0343\n George Kargiotakis reported an issue in the temporary\n address handling of the IPv6 privacy extensions. Users\n on the same LAN can cause a denial of service or obtain\n access to sensitive information by sending router\n advertisement messages that cause temporary address\n generation to be disabled.\n\n - CVE-2013-2147\n Dan Carpenter reported issues in the cpqarray driver for\n Compaq Smart2 Controllers and the cciss driver for HP\n Smart Array controllers allowing users to gain access to\n sensitive kernel memory.\n\n - CVE-2013-2889\n Kees Cook discovered missing input sanitization in the\n HID driver for Zeroplus game pads that could lead to a\n local denial of service.\n\n - CVE-2013-2893\n Kees Cook discovered that missing input sanitization in\n the HID driver for various Logitech force feedback\n devices could lead to a local denial of service.\n\n - CVE-2013-2929\n Vasily Kulikov discovered that a flaw in the\n get_dumpable() function of the ptrace subsytsem could\n lead to information disclosure. Only systems with the\n fs.suid_dumpable sysctl set to a non-default value of\n '2' are vulnerable.\n\n - CVE-2013-4162\n Hannes Frederic Sowa discovered that incorrect handling\n of IPv6 sockets using the UDP_CORK option could result\n in denial of service.\n\n - CVE-2013-4299\n Fujitsu reported an issue in the device-mapper\n subsystem. Local users could gain access to sensitive\n kernel memory.\n\n - CVE-2013-4345\n Stephan Mueller found in bug in the ANSI pseudo random\n number generator which could lead to the use of less\n entropy than expected.\n\n - CVE-2013-4512\n Nico Golde and Fabian Yamaguchi reported an issue in the\n user mode linux port. A buffer overflow condition exists\n in the write method for the /proc/exitcode file. Local\n users with sufficient privileges allowing them to write\n to this file could gain further elevated privileges.\n\n - CVE-2013-4587\n Andrew Honig of Google reported an issue in the KVM\n virtualization subsystem. A local user could gain\n elevated privileges by passing a large vcpu_id\n parameter.\n\n - CVE-2013-6367\n Andrew Honig of Google reported an issue in the KVM\n virtualization subsystem. A divide-by-zero condition\n could allow a guest user to cause a denial of service on\n the host (crash).\n\n - CVE-2013-6380\n Mahesh Rajashekhara reported an issue in the aacraid\n driver for storage products from various vendors. Local\n users with CAP_SYS_ADMIN privileges could gain further\n elevated privileges.\n\n - CVE-2013-6381\n Nico Golde and Fabian Yamaguchi reported an issue in the\n Gigabit Ethernet device support for s390 systems. Local\n users could cause a denial of service or gain elevated\n privileges via the SIOC_QETH_ADP_SET_SNMP_CONTROL ioctl.\n\n - CVE-2013-6382\n Nico Golde and Fabian Yamaguchi reported an issue in the\n XFS filesystem. Local users with CAP_SYS_ADMIN\n privileges could gain further elevated privileges.\n\n - CVE-2013-6383\n Dan Carpenter reported an issue in the aacraid driver\n for storage devices from various vendors. A local user\n could gain elevated privileges due to a missing\n privilege level check in the aac_compat_ioctl function.\n\n - CVE-2013-7263 CVE-2013-7264 CVE-2013-7265\n mpb reported an information leak in the recvfrom,\n recvmmsg and recvmsg system calls. A local user could\n obtain access to sensitive kernel memory.\n\n - CVE-2013-7339\n Sasha Levin reported an issue in the RDS network\n protocol over Infiniband. A local user could cause a\n denial of service condition.\n\n - CVE-2014-0101\n Nokia Siemens Networks reported an issue in the SCTP\n network protocol subsystem. Remote users could cause a\n denial of service (NULL pointer dereference).\n\n - CVE-2014-1444\n Salva Peiro reported an issue in the FarSync WAN driver.\n Local users with the CAP_NET_ADMIN capability could gain\n access to sensitive kernel memory.\n\n - CVE-2014-1445\n Salva Peiro reported an issue in the wanXL serial card\n driver. Local users could gain access to sensitive\n kernel memory.\n\n - CVE-2014-1446\n Salva Peiro reported an issue in the YAM radio modem\n driver. Local users with the CAP_NET_ADMIN capability\n could gain access to sensitive kernel memory.\n\n - CVE-2014-1874\n Matthew Thode reported an issue in the SELinux\n subsystem. A local user with CAP_MAC_ADMIN privileges\n could cause a denial of service by setting an empty\n security context on a file.\n\n - CVE-2014-2039\n Martin Schwidefsky reported an issue on s390 systems. A\n local user could cause a denial of service (kernel oops)\n by executing an application with a linkage stack\n instruction.\n\n - CVE-2014-2523\n Daniel Borkmann provided a fix for an issue in the\n nf_conntrack_dccp module. Remote users could cause a\n denial of service (system crash) or potentially gain\n elevated privileges.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-0343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2147\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2889\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2929\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4587\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6380\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6383\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-7263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-7264\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-7265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-7339\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-0101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1444\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-2039\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-2523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/linux-2.6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2014/dsa-2906\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux-2.6 and user-mode-linux packages.\n\nFor the oldstable distribution (squeeze), this problem has been fixed\nin version 2.6.32-48squeeze5.\n\nThe following matrix lists additional source packages that were\nrebuilt for compatibility with or to take advantage of this update :\n\n Debian 6.0 (squeeze) \n user-mode-linux 2.6.32-1um-4+48squeeze5 \nNote: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or 'leap-frog' fashion.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"firmware-linux-free\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-base\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-doc-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-486\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-4kc-malta\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-5kc-malta\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-686-bigmem\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-armel\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-i386\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-ia64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-mips\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-mipsel\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-s390\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-sparc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-openvz\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-vserver\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-xen\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-iop32x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-itanium\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-ixp4xx\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-kirkwood\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-mckinley\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-openvz-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-openvz-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-orion5x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc-smp\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r4k-ip22\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r5k-cobalt\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r5k-ip32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-s390x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sb1-bcm91250a\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sb1a-bcm91480b\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sparc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sparc64-smp\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-versatile\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-686-bigmem\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-itanium\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-mckinley\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-powerpc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-s390x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-sparc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-486\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-4kc-malta\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-5kc-malta\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686-bigmem\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686-bigmem-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-amd64-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-iop32x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-itanium\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-ixp4xx\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-kirkwood\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-mckinley\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-686-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-amd64-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-orion5x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc-smp\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r4k-ip22\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r5k-cobalt\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r5k-ip32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-s390x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-s390x-tape\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sb1-bcm91250a\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sb1a-bcm91480b\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sparc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sparc64-smp\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-versatile\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686-bigmem\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686-bigmem-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-amd64-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-itanium\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-mckinley\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-powerpc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-s390x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-sparc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-686-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-amd64-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-libc-dev\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-manual-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-patch-debian-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-source-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-support-2.6.32-5\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-tools-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-linux-system-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-linux-system-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DSA-2906-1 : linux-2.6 - privilege escalation/denial of service/information leak", "type": "nessus", "viewCount": 6}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:29:40"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2013-4345", "CVE-2013-4512", "CVE-2013-7265", "CVE-2013-6383", "CVE-2013-2929", "CVE-2014-1874", "CVE-2013-2147", "CVE-2013-4162", "CVE-2013-7264", "CVE-2014-1446", "CVE-2013-7339", "CVE-2013-6382", "CVE-2014-2039", "CVE-2013-6367", "CVE-2013-7263", "CVE-2014-1444", "CVE-2013-6380", "CVE-2013-0343", "CVE-2013-4587", "CVE-2013-6381", "CVE-2014-1445", "CVE-2014-2523", "CVE-2014-0101", "CVE-2013-4299", "CVE-2013-2889", "CVE-2013-2893"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2013-0343 George Kargiotakis reported an issue in the temporary address handling of the IPv6 privacy extensions. Users on the same LAN can cause a denial of service or obtain access to sensitive information by sending router advertisement messages that cause temporary address generation to be disabled.\n\n - CVE-2013-2147 Dan Carpenter reported issues in the cpqarray driver for Compaq Smart2 Controllers and the cciss driver for HP Smart Array controllers allowing users to gain access to sensitive kernel memory.\n\n - CVE-2013-2889 Kees Cook discovered missing input sanitization in the HID driver for Zeroplus game pads that could lead to a local denial of service.\n\n - CVE-2013-2893 Kees Cook discovered that missing input sanitization in the HID driver for various Logitech force feedback devices could lead to a local denial of service.\n\n - CVE-2013-2929 Vasily Kulikov discovered that a flaw in the get_dumpable() function of the ptrace subsytsem could lead to information disclosure. Only systems with the fs.suid_dumpable sysctl set to a non-default value of '2' are vulnerable.\n\n - CVE-2013-4162 Hannes Frederic Sowa discovered that incorrect handling of IPv6 sockets using the UDP_CORK option could result in denial of service.\n\n - CVE-2013-4299 Fujitsu reported an issue in the device-mapper subsystem. Local users could gain access to sensitive kernel memory.\n\n - CVE-2013-4345 Stephan Mueller found in bug in the ANSI pseudo random number generator which could lead to the use of less entropy than expected.\n\n - CVE-2013-4512 Nico Golde and Fabian Yamaguchi reported an issue in the user mode linux port. A buffer overflow condition exists in the write method for the /proc/exitcode file. Local users with sufficient privileges allowing them to write to this file could gain further elevated privileges.\n\n - CVE-2013-4587 Andrew Honig of Google reported an issue in the KVM virtualization subsystem. A local user could gain elevated privileges by passing a large vcpu_id parameter.\n\n - CVE-2013-6367 Andrew Honig of Google reported an issue in the KVM virtualization subsystem. A divide-by-zero condition could allow a guest user to cause a denial of service on the host (crash).\n\n - CVE-2013-6380 Mahesh Rajashekhara reported an issue in the aacraid driver for storage products from various vendors. Local users with CAP_SYS_ADMIN privileges could gain further elevated privileges.\n\n - CVE-2013-6381 Nico Golde and Fabian Yamaguchi reported an issue in the Gigabit Ethernet device support for s390 systems. Local users could cause a denial of service or gain elevated privileges via the SIOC_QETH_ADP_SET_SNMP_CONTROL ioctl.\n\n - CVE-2013-6382 Nico Golde and Fabian Yamaguchi reported an issue in the XFS filesystem. Local users with CAP_SYS_ADMIN privileges could gain further elevated privileges.\n\n - CVE-2013-6383 Dan Carpenter reported an issue in the aacraid driver for storage devices from various vendors. A local user could gain elevated privileges due to a missing privilege level check in the aac_compat_ioctl function.\n\n - CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 mpb reported an information leak in the recvfrom, recvmmsg and recvmsg system calls. A local user could obtain access to sensitive kernel memory.\n\n - CVE-2013-7339 Sasha Levin reported an issue in the RDS network protocol over Infiniband. A local user could cause a denial of service condition.\n\n - CVE-2014-0101 Nokia Siemens Networks reported an issue in the SCTP network protocol subsystem. Remote users could cause a denial of service (NULL pointer dereference).\n\n - CVE-2014-1444 Salva Peiro reported an issue in the FarSync WAN driver.\n Local users with the CAP_NET_ADMIN capability could gain access to sensitive kernel memory.\n\n - CVE-2014-1445 Salva Peiro reported an issue in the wanXL serial card driver. Local users could gain access to sensitive kernel memory.\n\n - CVE-2014-1446 Salva Peiro reported an issue in the YAM radio modem driver. Local users with the CAP_NET_ADMIN capability could gain access to sensitive kernel memory.\n\n - CVE-2014-1874 Matthew Thode reported an issue in the SELinux subsystem. A local user with CAP_MAC_ADMIN privileges could cause a denial of service by setting an empty security context on a file.\n\n - CVE-2014-2039 Martin Schwidefsky reported an issue on s390 systems. A local user could cause a denial of service (kernel oops) by executing an application with a linkage stack instruction.\n\n - CVE-2014-2523 Daniel Borkmann provided a fix for an issue in the nf_conntrack_dccp module. Remote users could cause a denial of service (system crash) or potentially gain elevated privileges.", "edition": 1, "enchantments": {}, "hash": "cdc0147e960c7bc39d7de534179c6ab4ad1a97ea74d1f5a0084df1eab243f1ac", "hashmap": [{"hash": "5ca8cb7abf944e890fd8be8e6cdc6924", "key": "sourceData"}, {"hash": "5451a2e67c6ca21201267722d542565a", "key": "href"}, {"hash": "cada2d753410f858cebde745dc1f1b23", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "30cfce173c24658c0a8b5dd2a9dd2e94", "key": "references"}, {"hash": "6b29a192a1eb45d87374d0411ad5b8b3", "key": "modified"}, {"hash": "46e7b9280352265888a576e97596d10d", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "12d8639fbad85eb25e01b9289180275a", "key": "published"}, {"hash": "1939076eacdd6eec877930b88a9bedbe", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}, {"hash": "f00f0df6b18543fdd2463c73059ce5bf", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=73713", "id": "DEBIAN_DSA-2906.NASL", "lastseen": "2016-09-26T17:23:02", "modified": "2016-05-26T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.2", "pluginID": "73713", "published": "2014-04-27T00:00:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2013-2889", "https://security-tracker.debian.org/tracker/CVE-2013-7263", "https://security-tracker.debian.org/tracker/CVE-2014-2039", "https://security-tracker.debian.org/tracker/CVE-2014-1446", "https://security-tracker.debian.org/tracker/CVE-2013-6380", "https://security-tracker.debian.org/tracker/CVE-2013-6382", "https://security-tracker.debian.org/tracker/CVE-2013-6383", "https://security-tracker.debian.org/tracker/CVE-2013-0343", "http://www.debian.org/security/2014/dsa-2906", "https://security-tracker.debian.org/tracker/CVE-2013-2893", "https://security-tracker.debian.org/tracker/CVE-2013-6381", "https://security-tracker.debian.org/tracker/CVE-2014-2523", "https://security-tracker.debian.org/tracker/CVE-2014-1445", "https://security-tracker.debian.org/tracker/CVE-2013-7339", "https://packages.debian.org/source/squeeze/linux-2.6", "https://security-tracker.debian.org/tracker/CVE-2013-4345", "https://security-tracker.debian.org/tracker/CVE-2013-4299", "https://security-tracker.debian.org/tracker/CVE-2014-0101", "https://security-tracker.debian.org/tracker/CVE-2013-4512", "https://security-tracker.debian.org/tracker/CVE-2013-4587", "https://security-tracker.debian.org/tracker/CVE-2013-7264", "https://security-tracker.debian.org/tracker/CVE-2013-2929", "https://security-tracker.debian.org/tracker/CVE-2014-1444", "https://security-tracker.debian.org/tracker/CVE-2013-6367", "https://security-tracker.debian.org/tracker/CVE-2013-2147", "https://security-tracker.debian.org/tracker/CVE-2014-1874", "https://security-tracker.debian.org/tracker/CVE-2013-7265", "https://security-tracker.debian.org/tracker/CVE-2013-4162"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2906. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73713);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2016/05/26 15:53:38 $\");\n\n script_cve_id(\"CVE-2013-0343\", \"CVE-2013-2147\", \"CVE-2013-2889\", \"CVE-2013-2893\", \"CVE-2013-2929\", \"CVE-2013-4162\", \"CVE-2013-4299\", \"CVE-2013-4345\", \"CVE-2013-4512\", \"CVE-2013-4587\", \"CVE-2013-6367\", \"CVE-2013-6380\", \"CVE-2013-6381\", \"CVE-2013-6382\", \"CVE-2013-6383\", \"CVE-2013-7263\", \"CVE-2013-7264\", \"CVE-2013-7265\", \"CVE-2013-7339\", \"CVE-2014-0101\", \"CVE-2014-1444\", \"CVE-2014-1445\", \"CVE-2014-1446\", \"CVE-2014-1874\", \"CVE-2014-2039\", \"CVE-2014-2523\");\n script_bugtraq_id(58795, 60280, 61411, 62042, 62050, 62740, 63183, 63510, 63887, 63888, 63889, 63890, 64270, 64328, 64677, 64685, 64686, 64952, 64953, 64954, 65459, 65700, 65943, 66279, 66351);\n script_osvdb_id(90811, 94027, 95614, 96766, 96774, 98017, 98634, 99323, 99324, 100241, 100292, 100293, 100296, 100422, 100984, 100985, 101784, 101787, 102446, 102498, 102499, 102931, 103580, 104004, 104658, 104894);\n script_xref(name:\"DSA\", value:\"2906\");\n\n script_name(english:\"Debian DSA-2906-1 : linux-2.6 - privilege escalation/denial of service/information leak\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service, information leak or privilege\nescalation. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2013-0343\n George Kargiotakis reported an issue in the temporary\n address handling of the IPv6 privacy extensions. Users\n on the same LAN can cause a denial of service or obtain\n access to sensitive information by sending router\n advertisement messages that cause temporary address\n generation to be disabled.\n\n - CVE-2013-2147\n Dan Carpenter reported issues in the cpqarray driver for\n Compaq Smart2 Controllers and the cciss driver for HP\n Smart Array controllers allowing users to gain access to\n sensitive kernel memory.\n\n - CVE-2013-2889\n Kees Cook discovered missing input sanitization in the\n HID driver for Zeroplus game pads that could lead to a\n local denial of service.\n\n - CVE-2013-2893\n Kees Cook discovered that missing input sanitization in\n the HID driver for various Logitech force feedback\n devices could lead to a local denial of service.\n\n - CVE-2013-2929\n Vasily Kulikov discovered that a flaw in the\n get_dumpable() function of the ptrace subsytsem could\n lead to information disclosure. Only systems with the\n fs.suid_dumpable sysctl set to a non-default value of\n '2' are vulnerable.\n\n - CVE-2013-4162\n Hannes Frederic Sowa discovered that incorrect handling\n of IPv6 sockets using the UDP_CORK option could result\n in denial of service.\n\n - CVE-2013-4299\n Fujitsu reported an issue in the device-mapper\n subsystem. Local users could gain access to sensitive\n kernel memory.\n\n - CVE-2013-4345\n Stephan Mueller found in bug in the ANSI pseudo random\n number generator which could lead to the use of less\n entropy than expected.\n\n - CVE-2013-4512\n Nico Golde and Fabian Yamaguchi reported an issue in the\n user mode linux port. A buffer overflow condition exists\n in the write method for the /proc/exitcode file. Local\n users with sufficient privileges allowing them to write\n to this file could gain further elevated privileges.\n\n - CVE-2013-4587\n Andrew Honig of Google reported an issue in the KVM\n virtualization subsystem. A local user could gain\n elevated privileges by passing a large vcpu_id\n parameter.\n\n - CVE-2013-6367\n Andrew Honig of Google reported an issue in the KVM\n virtualization subsystem. A divide-by-zero condition\n could allow a guest user to cause a denial of service on\n the host (crash).\n\n - CVE-2013-6380\n Mahesh Rajashekhara reported an issue in the aacraid\n driver for storage products from various vendors. Local\n users with CAP_SYS_ADMIN privileges could gain further\n elevated privileges.\n\n - CVE-2013-6381\n Nico Golde and Fabian Yamaguchi reported an issue in the\n Gigabit Ethernet device support for s390 systems. Local\n users could cause a denial of service or gain elevated\n privileges via the SIOC_QETH_ADP_SET_SNMP_CONTROL ioctl.\n\n - CVE-2013-6382\n Nico Golde and Fabian Yamaguchi reported an issue in the\n XFS filesystem. Local users with CAP_SYS_ADMIN\n privileges could gain further elevated privileges.\n\n - CVE-2013-6383\n Dan Carpenter reported an issue in the aacraid driver\n for storage devices from various vendors. A local user\n could gain elevated privileges due to a missing\n privilege level check in the aac_compat_ioctl function.\n\n - CVE-2013-7263 CVE-2013-7264 CVE-2013-7265\n mpb reported an information leak in the recvfrom,\n recvmmsg and recvmsg system calls. A local user could\n obtain access to sensitive kernel memory.\n\n - CVE-2013-7339\n Sasha Levin reported an issue in the RDS network\n protocol over Infiniband. A local user could cause a\n denial of service condition.\n\n - CVE-2014-0101\n Nokia Siemens Networks reported an issue in the SCTP\n network protocol subsystem. Remote users could cause a\n denial of service (NULL pointer dereference).\n\n - CVE-2014-1444\n Salva Peiro reported an issue in the FarSync WAN driver.\n Local users with the CAP_NET_ADMIN capability could gain\n access to sensitive kernel memory.\n\n - CVE-2014-1445\n Salva Peiro reported an issue in the wanXL serial card\n driver. Local users could gain access to sensitive\n kernel memory.\n\n - CVE-2014-1446\n Salva Peiro reported an issue in the YAM radio modem\n driver. Local users with the CAP_NET_ADMIN capability\n could gain access to sensitive kernel memory.\n\n - CVE-2014-1874\n Matthew Thode reported an issue in the SELinux\n subsystem. A local user with CAP_MAC_ADMIN privileges\n could cause a denial of service by setting an empty\n security context on a file.\n\n - CVE-2014-2039\n Martin Schwidefsky reported an issue on s390 systems. A\n local user could cause a denial of service (kernel oops)\n by executing an application with a linkage stack\n instruction.\n\n - CVE-2014-2523\n Daniel Borkmann provided a fix for an issue in the\n nf_conntrack_dccp module. Remote users could cause a\n denial of service (system crash) or potentially gain\n elevated privileges.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-0343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2147\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2889\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2929\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4587\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6380\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6383\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-7263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-7264\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-7265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-7339\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-0101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1444\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-2039\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-2523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/linux-2.6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2014/dsa-2906\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux-2.6 and user-mode-linux packages.\n\nFor the oldstable distribution (squeeze), this problem has been fixed\nin version 2.6.32-48squeeze5.\n\nThe following matrix lists additional source packages that were\nrebuilt for compatibility with or to take advantage of this update :\n\n Debian 6.0 (squeeze) \n user-mode-linux 2.6.32-1um-4+48squeeze5 \nNote: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or 'leap-frog' fashion.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"firmware-linux-free\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-base\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-doc-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-486\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-4kc-malta\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-5kc-malta\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-686-bigmem\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-armel\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-i386\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-ia64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-mips\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-mipsel\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-s390\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-sparc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-openvz\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-vserver\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-xen\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-iop32x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-itanium\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-ixp4xx\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-kirkwood\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-mckinley\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-openvz-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-openvz-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-orion5x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc-smp\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r4k-ip22\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r5k-cobalt\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r5k-ip32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-s390x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sb1-bcm91250a\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sb1a-bcm91480b\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sparc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sparc64-smp\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-versatile\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-686-bigmem\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-itanium\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-mckinley\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-powerpc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-s390x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-sparc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-486\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-4kc-malta\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-5kc-malta\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686-bigmem\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686-bigmem-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-amd64-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-iop32x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-itanium\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-ixp4xx\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-kirkwood\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-mckinley\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-686-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-amd64-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-orion5x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc-smp\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r4k-ip22\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r5k-cobalt\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r5k-ip32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-s390x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-s390x-tape\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sb1-bcm91250a\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sb1a-bcm91480b\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sparc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sparc64-smp\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-versatile\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686-bigmem\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686-bigmem-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-amd64-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-itanium\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-mckinley\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-powerpc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-s390x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-sparc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-686-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-amd64-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-libc-dev\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-manual-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-patch-debian-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-source-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-support-2.6.32-5\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-tools-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-linux-system-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-linux-system-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DSA-2906-1 : linux-2.6 - privilege escalation/denial of service/information leak", "type": "nessus", "viewCount": 1}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:23:02"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:linux-2.6"], "cvelist": ["CVE-2013-4345", "CVE-2013-4512", "CVE-2013-7265", "CVE-2013-6383", "CVE-2013-2929", "CVE-2014-1874", "CVE-2013-2147", "CVE-2013-4162", "CVE-2013-7264", "CVE-2014-1446", "CVE-2013-7339", "CVE-2013-6382", "CVE-2014-2039", "CVE-2013-6367", "CVE-2013-7263", "CVE-2014-1444", "CVE-2013-6380", "CVE-2013-0343", "CVE-2013-4587", "CVE-2013-6381", "CVE-2014-1445", "CVE-2014-2523", "CVE-2014-0101", "CVE-2013-4299", "CVE-2013-2889", "CVE-2013-2893"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2013-0343 George Kargiotakis reported an issue in the temporary address handling of the IPv6 privacy extensions. Users on the same LAN can cause a denial of service or obtain access to sensitive information by sending router advertisement messages that cause temporary address generation to be disabled.\n\n - CVE-2013-2147 Dan Carpenter reported issues in the cpqarray driver for Compaq Smart2 Controllers and the cciss driver for HP Smart Array controllers allowing users to gain access to sensitive kernel memory.\n\n - CVE-2013-2889 Kees Cook discovered missing input sanitization in the HID driver for Zeroplus game pads that could lead to a local denial of service.\n\n - CVE-2013-2893 Kees Cook discovered that missing input sanitization in the HID driver for various Logitech force feedback devices could lead to a local denial of service.\n\n - CVE-2013-2929 Vasily Kulikov discovered that a flaw in the get_dumpable() function of the ptrace subsytsem could lead to information disclosure. Only systems with the fs.suid_dumpable sysctl set to a non-default value of '2' are vulnerable.\n\n - CVE-2013-4162 Hannes Frederic Sowa discovered that incorrect handling of IPv6 sockets using the UDP_CORK option could result in denial of service.\n\n - CVE-2013-4299 Fujitsu reported an issue in the device-mapper subsystem. Local users could gain access to sensitive kernel memory.\n\n - CVE-2013-4345 Stephan Mueller found in bug in the ANSI pseudo random number generator which could lead to the use of less entropy than expected.\n\n - CVE-2013-4512 Nico Golde and Fabian Yamaguchi reported an issue in the user mode linux port. A buffer overflow condition exists in the write method for the /proc/exitcode file. Local users with sufficient privileges allowing them to write to this file could gain further elevated privileges.\n\n - CVE-2013-4587 Andrew Honig of Google reported an issue in the KVM virtualization subsystem. A local user could gain elevated privileges by passing a large vcpu_id parameter.\n\n - CVE-2013-6367 Andrew Honig of Google reported an issue in the KVM virtualization subsystem. A divide-by-zero condition could allow a guest user to cause a denial of service on the host (crash).\n\n - CVE-2013-6380 Mahesh Rajashekhara reported an issue in the aacraid driver for storage products from various vendors. Local users with CAP_SYS_ADMIN privileges could gain further elevated privileges.\n\n - CVE-2013-6381 Nico Golde and Fabian Yamaguchi reported an issue in the Gigabit Ethernet device support for s390 systems. Local users could cause a denial of service or gain elevated privileges via the SIOC_QETH_ADP_SET_SNMP_CONTROL ioctl.\n\n - CVE-2013-6382 Nico Golde and Fabian Yamaguchi reported an issue in the XFS filesystem. Local users with CAP_SYS_ADMIN privileges could gain further elevated privileges.\n\n - CVE-2013-6383 Dan Carpenter reported an issue in the aacraid driver for storage devices from various vendors. A local user could gain elevated privileges due to a missing privilege level check in the aac_compat_ioctl function.\n\n - CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 mpb reported an information leak in the recvfrom, recvmmsg and recvmsg system calls. A local user could obtain access to sensitive kernel memory.\n\n - CVE-2013-7339 Sasha Levin reported an issue in the RDS network protocol over Infiniband. A local user could cause a denial of service condition.\n\n - CVE-2014-0101 Nokia Siemens Networks reported an issue in the SCTP network protocol subsystem. Remote users could cause a denial of service (NULL pointer dereference).\n\n - CVE-2014-1444 Salva Peiro reported an issue in the FarSync WAN driver.\n Local users with the CAP_NET_ADMIN capability could gain access to sensitive kernel memory.\n\n - CVE-2014-1445 Salva Peiro reported an issue in the wanXL serial card driver. Local users could gain access to sensitive kernel memory.\n\n - CVE-2014-1446 Salva Peiro reported an issue in the YAM radio modem driver. Local users with the CAP_NET_ADMIN capability could gain access to sensitive kernel memory.\n\n - CVE-2014-1874 Matthew Thode reported an issue in the SELinux subsystem. A local user with CAP_MAC_ADMIN privileges could cause a denial of service by setting an empty security context on a file.\n\n - CVE-2014-2039 Martin Schwidefsky reported an issue on s390 systems. A local user could cause a denial of service (kernel oops) by executing an application with a linkage stack instruction.\n\n - CVE-2014-2523 Daniel Borkmann provided a fix for an issue in the nf_conntrack_dccp module. Remote users could cause a denial of service (system crash) or potentially gain elevated privileges.", "edition": 5, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "5e2fb87ab3b886a93f261cadfe740bade3722e836f918236dd6a8866c95544b8", "hashmap": [{"hash": "005d827ed783355dc1a0c510b47ba74f", "key": "sourceData"}, {"hash": "48d60a46ed3f845ea90484e4bf421124", "key": "modified"}, {"hash": "5451a2e67c6ca21201267722d542565a", "key": "href"}, {"hash": "cada2d753410f858cebde745dc1f1b23", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "30cfce173c24658c0a8b5dd2a9dd2e94", "key": "references"}, {"hash": "46e7b9280352265888a576e97596d10d", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "12d8639fbad85eb25e01b9289180275a", "key": "published"}, {"hash": "9d64d19ab74f3171c6a34437e0b13049", "key": "cpe"}, {"hash": "1939076eacdd6eec877930b88a9bedbe", "key": "title"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}, {"hash": "f00f0df6b18543fdd2463c73059ce5bf", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=73713", "id": "DEBIAN_DSA-2906.NASL", "lastseen": "2018-09-01T23:32:42", "modified": "2018-07-09T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "73713", "published": "2014-04-27T00:00:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2013-2889", "https://security-tracker.debian.org/tracker/CVE-2013-7263", "https://security-tracker.debian.org/tracker/CVE-2014-2039", "https://security-tracker.debian.org/tracker/CVE-2014-1446", "https://security-tracker.debian.org/tracker/CVE-2013-6380", "https://security-tracker.debian.org/tracker/CVE-2013-6382", "https://security-tracker.debian.org/tracker/CVE-2013-6383", "https://security-tracker.debian.org/tracker/CVE-2013-0343", "http://www.debian.org/security/2014/dsa-2906", "https://security-tracker.debian.org/tracker/CVE-2013-2893", "https://security-tracker.debian.org/tracker/CVE-2013-6381", "https://security-tracker.debian.org/tracker/CVE-2014-2523", "https://security-tracker.debian.org/tracker/CVE-2014-1445", "https://security-tracker.debian.org/tracker/CVE-2013-7339", "https://packages.debian.org/source/squeeze/linux-2.6", "https://security-tracker.debian.org/tracker/CVE-2013-4345", "https://security-tracker.debian.org/tracker/CVE-2013-4299", "https://security-tracker.debian.org/tracker/CVE-2014-0101", "https://security-tracker.debian.org/tracker/CVE-2013-4512", "https://security-tracker.debian.org/tracker/CVE-2013-4587", "https://security-tracker.debian.org/tracker/CVE-2013-7264", "https://security-tracker.debian.org/tracker/CVE-2013-2929", "https://security-tracker.debian.org/tracker/CVE-2014-1444", "https://security-tracker.debian.org/tracker/CVE-2013-6367", "https://security-tracker.debian.org/tracker/CVE-2013-2147", "https://security-tracker.debian.org/tracker/CVE-2014-1874", "https://security-tracker.debian.org/tracker/CVE-2013-7265", "https://security-tracker.debian.org/tracker/CVE-2013-4162"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2906. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73713);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/09 14:30:25\");\n\n script_cve_id(\"CVE-2013-0343\", \"CVE-2013-2147\", \"CVE-2013-2889\", \"CVE-2013-2893\", \"CVE-2013-2929\", \"CVE-2013-4162\", \"CVE-2013-4299\", \"CVE-2013-4345\", \"CVE-2013-4512\", \"CVE-2013-4587\", \"CVE-2013-6367\", \"CVE-2013-6380\", \"CVE-2013-6381\", \"CVE-2013-6382\", \"CVE-2013-6383\", \"CVE-2013-7263\", \"CVE-2013-7264\", \"CVE-2013-7265\", \"CVE-2013-7339\", \"CVE-2014-0101\", \"CVE-2014-1444\", \"CVE-2014-1445\", \"CVE-2014-1446\", \"CVE-2014-1874\", \"CVE-2014-2039\", \"CVE-2014-2523\");\n script_bugtraq_id(58795, 60280, 61411, 62042, 62050, 62740, 63183, 63510, 63887, 63888, 63889, 63890, 64270, 64328, 64677, 64685, 64686, 64952, 64953, 64954, 65459, 65700, 65943, 66279, 66351);\n script_xref(name:\"DSA\", value:\"2906\");\n\n script_name(english:\"Debian DSA-2906-1 : linux-2.6 - privilege escalation/denial of service/information leak\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service, information leak or privilege\nescalation. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2013-0343\n George Kargiotakis reported an issue in the temporary\n address handling of the IPv6 privacy extensions. Users\n on the same LAN can cause a denial of service or obtain\n access to sensitive information by sending router\n advertisement messages that cause temporary address\n generation to be disabled.\n\n - CVE-2013-2147\n Dan Carpenter reported issues in the cpqarray driver for\n Compaq Smart2 Controllers and the cciss driver for HP\n Smart Array controllers allowing users to gain access to\n sensitive kernel memory.\n\n - CVE-2013-2889\n Kees Cook discovered missing input sanitization in the\n HID driver for Zeroplus game pads that could lead to a\n local denial of service.\n\n - CVE-2013-2893\n Kees Cook discovered that missing input sanitization in\n the HID driver for various Logitech force feedback\n devices could lead to a local denial of service.\n\n - CVE-2013-2929\n Vasily Kulikov discovered that a flaw in the\n get_dumpable() function of the ptrace subsytsem could\n lead to information disclosure. Only systems with the\n fs.suid_dumpable sysctl set to a non-default value of\n '2' are vulnerable.\n\n - CVE-2013-4162\n Hannes Frederic Sowa discovered that incorrect handling\n of IPv6 sockets using the UDP_CORK option could result\n in denial of service.\n\n - CVE-2013-4299\n Fujitsu reported an issue in the device-mapper\n subsystem. Local users could gain access to sensitive\n kernel memory.\n\n - CVE-2013-4345\n Stephan Mueller found in bug in the ANSI pseudo random\n number generator which could lead to the use of less\n entropy than expected.\n\n - CVE-2013-4512\n Nico Golde and Fabian Yamaguchi reported an issue in the\n user mode linux port. A buffer overflow condition exists\n in the write method for the /proc/exitcode file. Local\n users with sufficient privileges allowing them to write\n to this file could gain further elevated privileges.\n\n - CVE-2013-4587\n Andrew Honig of Google reported an issue in the KVM\n virtualization subsystem. A local user could gain\n elevated privileges by passing a large vcpu_id\n parameter.\n\n - CVE-2013-6367\n Andrew Honig of Google reported an issue in the KVM\n virtualization subsystem. A divide-by-zero condition\n could allow a guest user to cause a denial of service on\n the host (crash).\n\n - CVE-2013-6380\n Mahesh Rajashekhara reported an issue in the aacraid\n driver for storage products from various vendors. Local\n users with CAP_SYS_ADMIN privileges could gain further\n elevated privileges.\n\n - CVE-2013-6381\n Nico Golde and Fabian Yamaguchi reported an issue in the\n Gigabit Ethernet device support for s390 systems. Local\n users could cause a denial of service or gain elevated\n privileges via the SIOC_QETH_ADP_SET_SNMP_CONTROL ioctl.\n\n - CVE-2013-6382\n Nico Golde and Fabian Yamaguchi reported an issue in the\n XFS filesystem. Local users with CAP_SYS_ADMIN\n privileges could gain further elevated privileges.\n\n - CVE-2013-6383\n Dan Carpenter reported an issue in the aacraid driver\n for storage devices from various vendors. A local user\n could gain elevated privileges due to a missing\n privilege level check in the aac_compat_ioctl function.\n\n - CVE-2013-7263 CVE-2013-7264 CVE-2013-7265\n mpb reported an information leak in the recvfrom,\n recvmmsg and recvmsg system calls. A local user could\n obtain access to sensitive kernel memory.\n\n - CVE-2013-7339\n Sasha Levin reported an issue in the RDS network\n protocol over Infiniband. A local user could cause a\n denial of service condition.\n\n - CVE-2014-0101\n Nokia Siemens Networks reported an issue in the SCTP\n network protocol subsystem. Remote users could cause a\n denial of service (NULL pointer dereference).\n\n - CVE-2014-1444\n Salva Peiro reported an issue in the FarSync WAN driver.\n Local users with the CAP_NET_ADMIN capability could gain\n access to sensitive kernel memory.\n\n - CVE-2014-1445\n Salva Peiro reported an issue in the wanXL serial card\n driver. Local users could gain access to sensitive\n kernel memory.\n\n - CVE-2014-1446\n Salva Peiro reported an issue in the YAM radio modem\n driver. Local users with the CAP_NET_ADMIN capability\n could gain access to sensitive kernel memory.\n\n - CVE-2014-1874\n Matthew Thode reported an issue in the SELinux\n subsystem. A local user with CAP_MAC_ADMIN privileges\n could cause a denial of service by setting an empty\n security context on a file.\n\n - CVE-2014-2039\n Martin Schwidefsky reported an issue on s390 systems. A\n local user could cause a denial of service (kernel oops)\n by executing an application with a linkage stack\n instruction.\n\n - CVE-2014-2523\n Daniel Borkmann provided a fix for an issue in the\n nf_conntrack_dccp module. Remote users could cause a\n denial of service (system crash) or potentially gain\n elevated privileges.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-0343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2147\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2889\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2929\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4587\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6380\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6383\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-7263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-7264\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-7265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-7339\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-0101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1444\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-2039\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-2523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/linux-2.6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2014/dsa-2906\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux-2.6 and user-mode-linux packages.\n\nFor the oldstable distribution (squeeze), this problem has been fixed\nin version 2.6.32-48squeeze5.\n\nThe following matrix lists additional source packages that were\nrebuilt for compatibility with or to take advantage of this update :\n\n Debian 6.0 (squeeze) \n user-mode-linux 2.6.32-1um-4+48squeeze5 \nNote: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or 'leap-frog' fashion.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"firmware-linux-free\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-base\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-doc-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-486\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-4kc-malta\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-5kc-malta\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-686-bigmem\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-armel\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-i386\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-ia64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-mips\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-mipsel\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-s390\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-sparc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-openvz\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-vserver\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-xen\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-iop32x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-itanium\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-ixp4xx\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-kirkwood\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-mckinley\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-openvz-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-openvz-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-orion5x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc-smp\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r4k-ip22\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r5k-cobalt\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r5k-ip32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-s390x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sb1-bcm91250a\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sb1a-bcm91480b\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sparc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sparc64-smp\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-versatile\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-686-bigmem\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-itanium\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-mckinley\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-powerpc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-s390x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-sparc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-486\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-4kc-malta\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-5kc-malta\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686-bigmem\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686-bigmem-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-amd64-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-iop32x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-itanium\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-ixp4xx\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-kirkwood\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-mckinley\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-686-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-amd64-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-orion5x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc-smp\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r4k-ip22\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r5k-cobalt\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r5k-ip32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-s390x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-s390x-tape\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sb1-bcm91250a\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sb1a-bcm91480b\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sparc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sparc64-smp\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-versatile\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686-bigmem\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686-bigmem-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-amd64-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-itanium\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-mckinley\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-powerpc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-s390x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-sparc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-686-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-amd64-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-libc-dev\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-manual-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-patch-debian-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-source-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-support-2.6.32-5\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-tools-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-linux-system-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-linux-system-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DSA-2906-1 : linux-2.6 - privilege escalation/denial of service/information leak", "type": "nessus", "viewCount": 6}, "differentElements": ["sourceData"], "edition": 5, "lastseen": "2018-09-01T23:32:42"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:linux-2.6"], "cvelist": ["CVE-2013-4345", "CVE-2013-4512", "CVE-2013-7265", "CVE-2013-6383", "CVE-2013-2929", "CVE-2014-1874", "CVE-2013-2147", "CVE-2013-4162", "CVE-2013-7264", "CVE-2014-1446", "CVE-2013-7339", "CVE-2013-6382", "CVE-2014-2039", "CVE-2013-6367", "CVE-2013-7263", "CVE-2014-1444", "CVE-2013-6380", "CVE-2013-0343", "CVE-2013-4587", "CVE-2013-6381", "CVE-2014-1445", "CVE-2014-2523", "CVE-2014-0101", "CVE-2013-4299", "CVE-2013-2889", "CVE-2013-2893"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2013-0343 George Kargiotakis reported an issue in the temporary address handling of the IPv6 privacy extensions. Users on the same LAN can cause a denial of service or obtain access to sensitive information by sending router advertisement messages that cause temporary address generation to be disabled.\n\n - CVE-2013-2147 Dan Carpenter reported issues in the cpqarray driver for Compaq Smart2 Controllers and the cciss driver for HP Smart Array controllers allowing users to gain access to sensitive kernel memory.\n\n - CVE-2013-2889 Kees Cook discovered missing input sanitization in the HID driver for Zeroplus game pads that could lead to a local denial of service.\n\n - CVE-2013-2893 Kees Cook discovered that missing input sanitization in the HID driver for various Logitech force feedback devices could lead to a local denial of service.\n\n - CVE-2013-2929 Vasily Kulikov discovered that a flaw in the get_dumpable() function of the ptrace subsytsem could lead to information disclosure. Only systems with the fs.suid_dumpable sysctl set to a non-default value of '2' are vulnerable.\n\n - CVE-2013-4162 Hannes Frederic Sowa discovered that incorrect handling of IPv6 sockets using the UDP_CORK option could result in denial of service.\n\n - CVE-2013-4299 Fujitsu reported an issue in the device-mapper subsystem. Local users could gain access to sensitive kernel memory.\n\n - CVE-2013-4345 Stephan Mueller found in bug in the ANSI pseudo random number generator which could lead to the use of less entropy than expected.\n\n - CVE-2013-4512 Nico Golde and Fabian Yamaguchi reported an issue in the user mode linux port. A buffer overflow condition exists in the write method for the /proc/exitcode file. Local users with sufficient privileges allowing them to write to this file could gain further elevated privileges.\n\n - CVE-2013-4587 Andrew Honig of Google reported an issue in the KVM virtualization subsystem. A local user could gain elevated privileges by passing a large vcpu_id parameter.\n\n - CVE-2013-6367 Andrew Honig of Google reported an issue in the KVM virtualization subsystem. A divide-by-zero condition could allow a guest user to cause a denial of service on the host (crash).\n\n - CVE-2013-6380 Mahesh Rajashekhara reported an issue in the aacraid driver for storage products from various vendors. Local users with CAP_SYS_ADMIN privileges could gain further elevated privileges.\n\n - CVE-2013-6381 Nico Golde and Fabian Yamaguchi reported an issue in the Gigabit Ethernet device support for s390 systems. Local users could cause a denial of service or gain elevated privileges via the SIOC_QETH_ADP_SET_SNMP_CONTROL ioctl.\n\n - CVE-2013-6382 Nico Golde and Fabian Yamaguchi reported an issue in the XFS filesystem. Local users with CAP_SYS_ADMIN privileges could gain further elevated privileges.\n\n - CVE-2013-6383 Dan Carpenter reported an issue in the aacraid driver for storage devices from various vendors. A local user could gain elevated privileges due to a missing privilege level check in the aac_compat_ioctl function.\n\n - CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 mpb reported an information leak in the recvfrom, recvmmsg and recvmsg system calls. A local user could obtain access to sensitive kernel memory.\n\n - CVE-2013-7339 Sasha Levin reported an issue in the RDS network protocol over Infiniband. A local user could cause a denial of service condition.\n\n - CVE-2014-0101 Nokia Siemens Networks reported an issue in the SCTP network protocol subsystem. Remote users could cause a denial of service (NULL pointer dereference).\n\n - CVE-2014-1444 Salva Peiro reported an issue in the FarSync WAN driver.\n Local users with the CAP_NET_ADMIN capability could gain access to sensitive kernel memory.\n\n - CVE-2014-1445 Salva Peiro reported an issue in the wanXL serial card driver. Local users could gain access to sensitive kernel memory.\n\n - CVE-2014-1446 Salva Peiro reported an issue in the YAM radio modem driver. Local users with the CAP_NET_ADMIN capability could gain access to sensitive kernel memory.\n\n - CVE-2014-1874 Matthew Thode reported an issue in the SELinux subsystem. A local user with CAP_MAC_ADMIN privileges could cause a denial of service by setting an empty security context on a file.\n\n - CVE-2014-2039 Martin Schwidefsky reported an issue on s390 systems. A local user could cause a denial of service (kernel oops) by executing an application with a linkage stack instruction.\n\n - CVE-2014-2523 Daniel Borkmann provided a fix for an issue in the nf_conntrack_dccp module. Remote users could cause a denial of service (system crash) or potentially gain elevated privileges.", "edition": 6, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "74a1d89f6c8383fe9a8c48885b11d99128ff851d0248d98437fe3036d2178229", "hashmap": [{"hash": "48d60a46ed3f845ea90484e4bf421124", "key": "modified"}, {"hash": "5451a2e67c6ca21201267722d542565a", "key": "href"}, {"hash": "cada2d753410f858cebde745dc1f1b23", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "30cfce173c24658c0a8b5dd2a9dd2e94", "key": "references"}, {"hash": "46e7b9280352265888a576e97596d10d", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f8899138369b180a17db4789c0968770", "key": "sourceData"}, {"hash": "12d8639fbad85eb25e01b9289180275a", "key": "published"}, {"hash": "9d64d19ab74f3171c6a34437e0b13049", "key": "cpe"}, {"hash": "1939076eacdd6eec877930b88a9bedbe", "key": "title"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}, {"hash": "f00f0df6b18543fdd2463c73059ce5bf", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=73713", "id": "DEBIAN_DSA-2906.NASL", "lastseen": "2018-11-11T08:18:44", "modified": "2018-07-09T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "73713", "published": "2014-04-27T00:00:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2013-2889", "https://security-tracker.debian.org/tracker/CVE-2013-7263", "https://security-tracker.debian.org/tracker/CVE-2014-2039", "https://security-tracker.debian.org/tracker/CVE-2014-1446", "https://security-tracker.debian.org/tracker/CVE-2013-6380", "https://security-tracker.debian.org/tracker/CVE-2013-6382", "https://security-tracker.debian.org/tracker/CVE-2013-6383", "https://security-tracker.debian.org/tracker/CVE-2013-0343", "http://www.debian.org/security/2014/dsa-2906", "https://security-tracker.debian.org/tracker/CVE-2013-2893", "https://security-tracker.debian.org/tracker/CVE-2013-6381", "https://security-tracker.debian.org/tracker/CVE-2014-2523", "https://security-tracker.debian.org/tracker/CVE-2014-1445", "https://security-tracker.debian.org/tracker/CVE-2013-7339", "https://packages.debian.org/source/squeeze/linux-2.6", "https://security-tracker.debian.org/tracker/CVE-2013-4345", "https://security-tracker.debian.org/tracker/CVE-2013-4299", "https://security-tracker.debian.org/tracker/CVE-2014-0101", "https://security-tracker.debian.org/tracker/CVE-2013-4512", "https://security-tracker.debian.org/tracker/CVE-2013-4587", "https://security-tracker.debian.org/tracker/CVE-2013-7264", "https://security-tracker.debian.org/tracker/CVE-2013-2929", "https://security-tracker.debian.org/tracker/CVE-2014-1444", "https://security-tracker.debian.org/tracker/CVE-2013-6367", "https://security-tracker.debian.org/tracker/CVE-2013-2147", "https://security-tracker.debian.org/tracker/CVE-2014-1874", "https://security-tracker.debian.org/tracker/CVE-2013-7265", "https://security-tracker.debian.org/tracker/CVE-2013-4162"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2906. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73713);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/10 11:49:36\");\n\n script_cve_id(\"CVE-2013-0343\", \"CVE-2013-2147\", \"CVE-2013-2889\", \"CVE-2013-2893\", \"CVE-2013-2929\", \"CVE-2013-4162\", \"CVE-2013-4299\", \"CVE-2013-4345\", \"CVE-2013-4512\", \"CVE-2013-4587\", \"CVE-2013-6367\", \"CVE-2013-6380\", \"CVE-2013-6381\", \"CVE-2013-6382\", \"CVE-2013-6383\", \"CVE-2013-7263\", \"CVE-2013-7264\", \"CVE-2013-7265\", \"CVE-2013-7339\", \"CVE-2014-0101\", \"CVE-2014-1444\", \"CVE-2014-1445\", \"CVE-2014-1446\", \"CVE-2014-1874\", \"CVE-2014-2039\", \"CVE-2014-2523\");\n script_bugtraq_id(58795, 60280, 61411, 62042, 62050, 62740, 63183, 63510, 63887, 63888, 63889, 63890, 64270, 64328, 64677, 64685, 64686, 64952, 64953, 64954, 65459, 65700, 65943, 66279, 66351);\n script_xref(name:\"DSA\", value:\"2906\");\n\n script_name(english:\"Debian DSA-2906-1 : linux-2.6 - privilege escalation/denial of service/information leak\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service, information leak or privilege\nescalation. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2013-0343\n George Kargiotakis reported an issue in the temporary\n address handling of the IPv6 privacy extensions. Users\n on the same LAN can cause a denial of service or obtain\n access to sensitive information by sending router\n advertisement messages that cause temporary address\n generation to be disabled.\n\n - CVE-2013-2147\n Dan Carpenter reported issues in the cpqarray driver for\n Compaq Smart2 Controllers and the cciss driver for HP\n Smart Array controllers allowing users to gain access to\n sensitive kernel memory.\n\n - CVE-2013-2889\n Kees Cook discovered missing input sanitization in the\n HID driver for Zeroplus game pads that could lead to a\n local denial of service.\n\n - CVE-2013-2893\n Kees Cook discovered that missing input sanitization in\n the HID driver for various Logitech force feedback\n devices could lead to a local denial of service.\n\n - CVE-2013-2929\n Vasily Kulikov discovered that a flaw in the\n get_dumpable() function of the ptrace subsytsem could\n lead to information disclosure. Only systems with the\n fs.suid_dumpable sysctl set to a non-default value of\n '2' are vulnerable.\n\n - CVE-2013-4162\n Hannes Frederic Sowa discovered that incorrect handling\n of IPv6 sockets using the UDP_CORK option could result\n in denial of service.\n\n - CVE-2013-4299\n Fujitsu reported an issue in the device-mapper\n subsystem. Local users could gain access to sensitive\n kernel memory.\n\n - CVE-2013-4345\n Stephan Mueller found in bug in the ANSI pseudo random\n number generator which could lead to the use of less\n entropy than expected.\n\n - CVE-2013-4512\n Nico Golde and Fabian Yamaguchi reported an issue in the\n user mode linux port. A buffer overflow condition exists\n in the write method for the /proc/exitcode file. Local\n users with sufficient privileges allowing them to write\n to this file could gain further elevated privileges.\n\n - CVE-2013-4587\n Andrew Honig of Google reported an issue in the KVM\n virtualization subsystem. A local user could gain\n elevated privileges by passing a large vcpu_id\n parameter.\n\n - CVE-2013-6367\n Andrew Honig of Google reported an issue in the KVM\n virtualization subsystem. A divide-by-zero condition\n could allow a guest user to cause a denial of service on\n the host (crash).\n\n - CVE-2013-6380\n Mahesh Rajashekhara reported an issue in the aacraid\n driver for storage products from various vendors. Local\n users with CAP_SYS_ADMIN privileges could gain further\n elevated privileges.\n\n - CVE-2013-6381\n Nico Golde and Fabian Yamaguchi reported an issue in the\n Gigabit Ethernet device support for s390 systems. Local\n users could cause a denial of service or gain elevated\n privileges via the SIOC_QETH_ADP_SET_SNMP_CONTROL ioctl.\n\n - CVE-2013-6382\n Nico Golde and Fabian Yamaguchi reported an issue in the\n XFS filesystem. Local users with CAP_SYS_ADMIN\n privileges could gain further elevated privileges.\n\n - CVE-2013-6383\n Dan Carpenter reported an issue in the aacraid driver\n for storage devices from various vendors. A local user\n could gain elevated privileges due to a missing\n privilege level check in the aac_compat_ioctl function.\n\n - CVE-2013-7263 CVE-2013-7264 CVE-2013-7265\n mpb reported an information leak in the recvfrom,\n recvmmsg and recvmsg system calls. A local user could\n obtain access to sensitive kernel memory.\n\n - CVE-2013-7339\n Sasha Levin reported an issue in the RDS network\n protocol over Infiniband. A local user could cause a\n denial of service condition.\n\n - CVE-2014-0101\n Nokia Siemens Networks reported an issue in the SCTP\n network protocol subsystem. Remote users could cause a\n denial of service (NULL pointer dereference).\n\n - CVE-2014-1444\n Salva Peiro reported an issue in the FarSync WAN driver.\n Local users with the CAP_NET_ADMIN capability could gain\n access to sensitive kernel memory.\n\n - CVE-2014-1445\n Salva Peiro reported an issue in the wanXL serial card\n driver. Local users could gain access to sensitive\n kernel memory.\n\n - CVE-2014-1446\n Salva Peiro reported an issue in the YAM radio modem\n driver. Local users with the CAP_NET_ADMIN capability\n could gain access to sensitive kernel memory.\n\n - CVE-2014-1874\n Matthew Thode reported an issue in the SELinux\n subsystem. A local user with CAP_MAC_ADMIN privileges\n could cause a denial of service by setting an empty\n security context on a file.\n\n - CVE-2014-2039\n Martin Schwidefsky reported an issue on s390 systems. A\n local user could cause a denial of service (kernel oops)\n by executing an application with a linkage stack\n instruction.\n\n - CVE-2014-2523\n Daniel Borkmann provided a fix for an issue in the\n nf_conntrack_dccp module. Remote users could cause a\n denial of service (system crash) or potentially gain\n elevated privileges.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-0343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2147\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2889\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2929\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4587\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6380\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6383\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-7263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-7264\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-7265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-7339\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-0101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1444\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-2039\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-2523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/linux-2.6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2906\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux-2.6 and user-mode-linux packages.\n\nFor the oldstable distribution (squeeze), this problem has been fixed\nin version 2.6.32-48squeeze5.\n\nThe following matrix lists additional source packages that were\nrebuilt for compatibility with or to take advantage of this update :\n\n Debian 6.0 (squeeze) \n user-mode-linux 2.6.32-1um-4+48squeeze5 \nNote: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or 'leap-frog' fashion.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"firmware-linux-free\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-base\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-doc-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-486\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-4kc-malta\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-5kc-malta\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-686-bigmem\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-armel\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-i386\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-ia64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-mips\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-mipsel\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-s390\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-sparc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-openvz\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-vserver\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-xen\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-iop32x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-itanium\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-ixp4xx\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-kirkwood\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-mckinley\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-openvz-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-openvz-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-orion5x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc-smp\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r4k-ip22\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r5k-cobalt\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r5k-ip32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-s390x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sb1-bcm91250a\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sb1a-bcm91480b\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sparc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sparc64-smp\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-versatile\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-686-bigmem\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-itanium\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-mckinley\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-powerpc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-s390x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-sparc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-486\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-4kc-malta\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-5kc-malta\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686-bigmem\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686-bigmem-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-amd64-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-iop32x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-itanium\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-ixp4xx\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-kirkwood\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-mckinley\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-686-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-amd64-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-orion5x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc-smp\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r4k-ip22\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r5k-cobalt\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r5k-ip32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-s390x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-s390x-tape\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sb1-bcm91250a\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sb1a-bcm91480b\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sparc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sparc64-smp\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-versatile\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686-bigmem\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686-bigmem-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-amd64-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-itanium\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-mckinley\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-powerpc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-s390x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-sparc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-686-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-amd64-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-libc-dev\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-manual-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-patch-debian-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-source-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-support-2.6.32-5\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-tools-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-linux-system-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-linux-system-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DSA-2906-1 : linux-2.6 - privilege escalation/denial of service/information leak", "type": "nessus", "viewCount": 6}, "differentElements": ["references", "modified"], "edition": 6, "lastseen": "2018-11-11T08:18:44"}], "edition": 9, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "9d64d19ab74f3171c6a34437e0b13049"}, {"key": "cvelist", "hash": "46e7b9280352265888a576e97596d10d"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "description", "hash": "f00f0df6b18543fdd2463c73059ce5bf"}, {"key": "href", "hash": "5451a2e67c6ca21201267722d542565a"}, {"key": "modified", "hash": "3c764d4cf584f9ded7aa4dcca57c78ff"}, {"key": "naslFamily", "hash": "74562d71b087df9eabd0c21f99b132cc"}, {"key": "pluginID", "hash": "cada2d753410f858cebde745dc1f1b23"}, {"key": "published", "hash": "12d8639fbad85eb25e01b9289180275a"}, {"key": "references", "hash": "d730396af1ea1f81e04c4f04d72d9aba"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "f8899138369b180a17db4789c0968770"}, {"key": "title", "hash": "1939076eacdd6eec877930b88a9bedbe"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "e429ff1a26a8eba67a988e84902892a48d9161d8e85108fe5a6b2e52ba1a80ea", "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:702906", "OPENVAS:1361412562310702906", "OPENVAS:1361412562310851057", "OPENVAS:1361412562310841620", "OPENVAS:1361412562310871125", "OPENVAS:1361412562310123469", "OPENVAS:1361412562310841718", "OPENVAS:841718", "OPENVAS:1361412562310841723", "OPENVAS:841723"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2906-1:5B9FC"]}, {"type": "suse", "idList": ["SUSE-SU-2014:0696-1"]}, {"type": "cve", "idList": ["CVE-2013-7264", "CVE-2013-6381", "CVE-2013-4512", "CVE-2013-7265", "CVE-2013-6380", "CVE-2013-7339", "CVE-2013-6383", "CVE-2013-7263", "CVE-2013-6382", "CVE-2014-2039"]}, {"type": "nessus", "idList": ["FEDORA_2013-22695.NASL", "FEDORA_2013-22669.NASL", "UBUNTU_USN-2015-1.NASL", "ORACLELINUX_ELSA-2014-0159.NASL", "REDHAT-RHSA-2014-0159.NASL", "UBUNTU_USN-2107-1.NASL", "ALA_ALAS-2013-258.NASL", "UBUNTU_USN-2108-1.NASL", "CENTOS_RHSA-2014-0159.NASL", "SL_20140211_KERNEL_ON_SL6_X.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:29993"]}, {"type": "redhat", "idList": ["RHSA-2014:0159"]}, {"type": "ubuntu", "idList": ["USN-2107-1", "USN-2108-1", "USN-2015-1", "USN-2016-1", "USN-2128-1", "USN-2135-1", "USN-2141-1", "USN-2136-1", "USN-2110-1"]}, {"type": "centos", "idList": ["CESA-2014:0159"]}, {"type": "f5", "idList": ["SOL15984", "SOL15983", "SOL15317", "F5:K15317"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-3010", "ELSA-2014-3009", "ELSA-2014-3011", "ELSA-2014-0159"]}], "modified": "2019-02-21T01:21:06"}, "score": {"value": 7.7, "vector": "NONE", "modified": "2019-02-21T01:21:06"}, "vulnersScore": 7.7}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2906. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73713);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/10 11:49:36\");\n\n script_cve_id(\"CVE-2013-0343\", \"CVE-2013-2147\", \"CVE-2013-2889\", \"CVE-2013-2893\", \"CVE-2013-2929\", \"CVE-2013-4162\", \"CVE-2013-4299\", \"CVE-2013-4345\", \"CVE-2013-4512\", \"CVE-2013-4587\", \"CVE-2013-6367\", \"CVE-2013-6380\", \"CVE-2013-6381\", \"CVE-2013-6382\", \"CVE-2013-6383\", \"CVE-2013-7263\", \"CVE-2013-7264\", \"CVE-2013-7265\", \"CVE-2013-7339\", \"CVE-2014-0101\", \"CVE-2014-1444\", \"CVE-2014-1445\", \"CVE-2014-1446\", \"CVE-2014-1874\", \"CVE-2014-2039\", \"CVE-2014-2523\");\n script_bugtraq_id(58795, 60280, 61411, 62042, 62050, 62740, 63183, 63510, 63887, 63888, 63889, 63890, 64270, 64328, 64677, 64685, 64686, 64952, 64953, 64954, 65459, 65700, 65943, 66279, 66351);\n script_xref(name:\"DSA\", value:\"2906\");\n\n script_name(english:\"Debian DSA-2906-1 : linux-2.6 - privilege escalation/denial of service/information leak\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service, information leak or privilege\nescalation. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2013-0343\n George Kargiotakis reported an issue in the temporary\n address handling of the IPv6 privacy extensions. Users\n on the same LAN can cause a denial of service or obtain\n access to sensitive information by sending router\n advertisement messages that cause temporary address\n generation to be disabled.\n\n - CVE-2013-2147\n Dan Carpenter reported issues in the cpqarray driver for\n Compaq Smart2 Controllers and the cciss driver for HP\n Smart Array controllers allowing users to gain access to\n sensitive kernel memory.\n\n - CVE-2013-2889\n Kees Cook discovered missing input sanitization in the\n HID driver for Zeroplus game pads that could lead to a\n local denial of service.\n\n - CVE-2013-2893\n Kees Cook discovered that missing input sanitization in\n the HID driver for various Logitech force feedback\n devices could lead to a local denial of service.\n\n - CVE-2013-2929\n Vasily Kulikov discovered that a flaw in the\n get_dumpable() function of the ptrace subsytsem could\n lead to information disclosure. Only systems with the\n fs.suid_dumpable sysctl set to a non-default value of\n '2' are vulnerable.\n\n - CVE-2013-4162\n Hannes Frederic Sowa discovered that incorrect handling\n of IPv6 sockets using the UDP_CORK option could result\n in denial of service.\n\n - CVE-2013-4299\n Fujitsu reported an issue in the device-mapper\n subsystem. Local users could gain access to sensitive\n kernel memory.\n\n - CVE-2013-4345\n Stephan Mueller found in bug in the ANSI pseudo random\n number generator which could lead to the use of less\n entropy than expected.\n\n - CVE-2013-4512\n Nico Golde and Fabian Yamaguchi reported an issue in the\n user mode linux port. A buffer overflow condition exists\n in the write method for the /proc/exitcode file. Local\n users with sufficient privileges allowing them to write\n to this file could gain further elevated privileges.\n\n - CVE-2013-4587\n Andrew Honig of Google reported an issue in the KVM\n virtualization subsystem. A local user could gain\n elevated privileges by passing a large vcpu_id\n parameter.\n\n - CVE-2013-6367\n Andrew Honig of Google reported an issue in the KVM\n virtualization subsystem. A divide-by-zero condition\n could allow a guest user to cause a denial of service on\n the host (crash).\n\n - CVE-2013-6380\n Mahesh Rajashekhara reported an issue in the aacraid\n driver for storage products from various vendors. Local\n users with CAP_SYS_ADMIN privileges could gain further\n elevated privileges.\n\n - CVE-2013-6381\n Nico Golde and Fabian Yamaguchi reported an issue in the\n Gigabit Ethernet device support for s390 systems. Local\n users could cause a denial of service or gain elevated\n privileges via the SIOC_QETH_ADP_SET_SNMP_CONTROL ioctl.\n\n - CVE-2013-6382\n Nico Golde and Fabian Yamaguchi reported an issue in the\n XFS filesystem. Local users with CAP_SYS_ADMIN\n privileges could gain further elevated privileges.\n\n - CVE-2013-6383\n Dan Carpenter reported an issue in the aacraid driver\n for storage devices from various vendors. A local user\n could gain elevated privileges due to a missing\n privilege level check in the aac_compat_ioctl function.\n\n - CVE-2013-7263 CVE-2013-7264 CVE-2013-7265\n mpb reported an information leak in the recvfrom,\n recvmmsg and recvmsg system calls. A local user could\n obtain access to sensitive kernel memory.\n\n - CVE-2013-7339\n Sasha Levin reported an issue in the RDS network\n protocol over Infiniband. A local user could cause a\n denial of service condition.\n\n - CVE-2014-0101\n Nokia Siemens Networks reported an issue in the SCTP\n network protocol subsystem. Remote users could cause a\n denial of service (NULL pointer dereference).\n\n - CVE-2014-1444\n Salva Peiro reported an issue in the FarSync WAN driver.\n Local users with the CAP_NET_ADMIN capability could gain\n access to sensitive kernel memory.\n\n - CVE-2014-1445\n Salva Peiro reported an issue in the wanXL serial card\n driver. Local users could gain access to sensitive\n kernel memory.\n\n - CVE-2014-1446\n Salva Peiro reported an issue in the YAM radio modem\n driver. Local users with the CAP_NET_ADMIN capability\n could gain access to sensitive kernel memory.\n\n - CVE-2014-1874\n Matthew Thode reported an issue in the SELinux\n subsystem. A local user with CAP_MAC_ADMIN privileges\n could cause a denial of service by setting an empty\n security context on a file.\n\n - CVE-2014-2039\n Martin Schwidefsky reported an issue on s390 systems. A\n local user could cause a denial of service (kernel oops)\n by executing an application with a linkage stack\n instruction.\n\n - CVE-2014-2523\n Daniel Borkmann provided a fix for an issue in the\n nf_conntrack_dccp module. Remote users could cause a\n denial of service (system crash) or potentially gain\n elevated privileges.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-0343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2147\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2889\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2929\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4587\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6380\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6383\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-7263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-7264\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-7265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-7339\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-0101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1444\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-2039\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-2523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/linux-2.6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2906\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux-2.6 and user-mode-linux packages.\n\nFor the oldstable distribution (squeeze), this problem has been fixed\nin version 2.6.32-48squeeze5.\n\nThe following matrix lists additional source packages that were\nrebuilt for compatibility with or to take advantage of this update :\n\n Debian 6.0 (squeeze) \n user-mode-linux 2.6.32-1um-4+48squeeze5 \nNote: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or 'leap-frog' fashion.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"firmware-linux-free\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-base\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-doc-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-486\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-4kc-malta\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-5kc-malta\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-686-bigmem\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-armel\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-i386\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-ia64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-mips\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-mipsel\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-s390\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-sparc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-openvz\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-vserver\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-xen\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-iop32x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-itanium\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-ixp4xx\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-kirkwood\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-mckinley\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-openvz-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-openvz-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-orion5x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc-smp\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r4k-ip22\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r5k-cobalt\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r5k-ip32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-s390x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sb1-bcm91250a\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sb1a-bcm91480b\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sparc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sparc64-smp\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-versatile\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-686-bigmem\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-itanium\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-mckinley\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-powerpc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-s390x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-sparc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-486\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-4kc-malta\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-5kc-malta\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686-bigmem\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686-bigmem-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-amd64-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-iop32x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-itanium\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-ixp4xx\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-kirkwood\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-mckinley\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-686-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-amd64-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-orion5x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc-smp\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r4k-ip22\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r5k-cobalt\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r5k-ip32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-s390x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-s390x-tape\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sb1-bcm91250a\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sb1a-bcm91480b\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sparc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sparc64-smp\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-versatile\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686-bigmem\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686-bigmem-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-amd64-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-itanium\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-mckinley\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-powerpc\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-powerpc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-s390x\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-sparc64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-686-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-amd64-dbg\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-libc-dev\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-manual-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-patch-debian-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-source-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-support-2.6.32-5\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-tools-2.6.32\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-linux-system-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-linux-system-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "pluginID": "73713", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:linux-2.6"], "scheme": null}
{"openvas": [{"lastseen": "2019-05-29T18:37:18", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been\ndiscovered in the Linux kernel that may lead to a denial of service,\ninformation leak or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2013-0343\nGeorge Kargiotakis reported an issue in the temporary address handling\nof the IPv6 privacy extensions. Users on the same LAN can cause a denial\nof service or obtain access to sensitive information by sending router\nadvertisement messages that cause temporary address generation to be\ndisabled.\n\nCVE-2013-2147\nDan Carpenter reported issues in the cpqarray driver for Compaq\nSmart2 Controllers and the cciss driver for HP Smart Array controllers\nallowing users to gain access to sensitive kernel memory.\n\nCVE-2013-2889\nKees Cook discovered missing input sanitization in the HID driver for\nZeroplus game pads that could lead to a local denial of service.\n\nCVE-2013-2893\nKees Cook discovered that missing input sanitization in the HID driver\nfor various Logitech force feedback devices could lead to a local denial\nof service.\n\nDescription truncated. Please see the references for more information.", "modified": "2019-03-18T00:00:00", "published": "2014-04-24T00:00:00", "id": "OPENVAS:1361412562310702906", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702906", "title": "Debian Security Advisory DSA 2906-1 (linux-2.6 - privilege escalation/denial of service/information leak)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2906.nasl 14277 2019-03-18 14:45:38Z cfischer $\n# Auto-generated from advisory DSA 2906-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702906\");\n script_version(\"$Revision: 14277 $\");\n script_cve_id(\"CVE-2013-0343\", \"CVE-2013-2147\", \"CVE-2013-2889\", \"CVE-2013-2893\",\n \"CVE-2013-2929\", \"CVE-2013-4162\", \"CVE-2013-4299\", \"CVE-2013-4345\",\n \"CVE-2013-4512\", \"CVE-2013-4587\", \"CVE-2013-6367\", \"CVE-2013-6380\",\n \"CVE-2013-6381\", \"CVE-2013-6382\", \"CVE-2013-6383\", \"CVE-2013-7263\",\n \"CVE-2013-7264\", \"CVE-2013-7265\", \"CVE-2013-7339\", \"CVE-2014-0101\",\n \"CVE-2014-1444\", \"CVE-2014-1445\", \"CVE-2014-1446\", \"CVE-2014-1874\",\n \"CVE-2014-2039\", \"CVE-2014-2523\");\n script_name(\"Debian Security Advisory DSA 2906-1 (linux-2.6 - privilege escalation/denial of service/information leak)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:45:38 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-24 00:00:00 +0200 (Thu, 24 Apr 2014)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-2906.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_tag(name:\"affected\", value:\"linux-2.6 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.6.32-48squeeze5.\n\nThe following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:\n\n?Debian 6.0 (squeeze)user-mode-linux2.6.32-1um-4+48squeeze5\nWe recommend that you upgrade your linux-2.6 and user-mode-linux packages.\n\nNote: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or leap-frog fashion.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been\ndiscovered in the Linux kernel that may lead to a denial of service,\ninformation leak or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2013-0343\nGeorge Kargiotakis reported an issue in the temporary address handling\nof the IPv6 privacy extensions. Users on the same LAN can cause a denial\nof service or obtain access to sensitive information by sending router\nadvertisement messages that cause temporary address generation to be\ndisabled.\n\nCVE-2013-2147\nDan Carpenter reported issues in the cpqarray driver for Compaq\nSmart2 Controllers and the cciss driver for HP Smart Array controllers\nallowing users to gain access to sensitive kernel memory.\n\nCVE-2013-2889\nKees Cook discovered missing input sanitization in the HID driver for\nZeroplus game pads that could lead to a local denial of service.\n\nCVE-2013-2893\nKees Cook discovered that missing input sanitization in the HID driver\nfor various Logitech force feedback devices could lead to a local denial\nof service.\n\nDescription truncated. Please see the references for more information.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"firmware-linux-free\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-base\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-doc-2.6.32\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-486\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-4kc-malta\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-5kc-malta\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-686\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-686-bigmem\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-amd64\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-armel\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-i386\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-ia64\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-mips\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-mipsel\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-powerpc\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-s390\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-sparc\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-amd64\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-common\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-common-openvz\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-common-vserver\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-common-xen\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-iop32x\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-itanium\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-ixp4xx\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-kirkwood\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-mckinley\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-openvz-686\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-openvz-amd64\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-orion5x\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-powerpc\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-powerpc-smp\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-powerpc64\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-r4k-ip22\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-r5k-cobalt\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-r5k-ip32\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-s390x\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-sb1-bcm91250a\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-sb1a-bcm91480b\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-sparc64\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-sparc64-smp\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-versatile\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-686\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-686-bigmem\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-amd64\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-itanium\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-mckinley\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-powerpc\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-powerpc64\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-s390x\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-sparc64\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-xen-686\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-xen-amd64\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-486\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-4kc-malta\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-5kc-malta\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-686\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-686-bigmem\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-686-bigmem-dbg\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-amd64\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-amd64-dbg\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-iop32x\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-itanium\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-ixp4xx\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-kirkwood\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-mckinley\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-openvz-686\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-openvz-686-dbg\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-openvz-amd64\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-openvz-amd64-dbg\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-orion5x\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-powerpc\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-powerpc-smp\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-powerpc64\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-r4k-ip22\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-r5k-cobalt\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-r5k-ip32\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-s390x\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-s390x-tape\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-sb1-bcm91250a\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-sb1a-bcm91480b\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-sparc64\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-sparc64-smp\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-versatile\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-686\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-686-bigmem\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-686-bigmem-dbg\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-amd64\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-amd64-dbg\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-itanium\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-mckinley\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-powerpc\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-powerpc64\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-s390x\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-sparc64\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-xen-686\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-xen-686-dbg\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-xen-amd64\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-xen-amd64-dbg\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-manual-2.6.32\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-patch-debian-2.6.32\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-source-2.6.32\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-support-2.6.32-5\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-tools-2.6.32\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-linux-system-2.6.32-5-xen-686\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-linux-system-2.6.32-5-xen-amd64\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-03-20T16:40:08", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been\ndiscovered in the Linux kernel that may lead to a denial of service,\ninformation leak or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2013-0343\nGeorge Kargiotakis reported an issue in the temporary address handling\nof the IPv6 privacy extensions. Users on the same LAN can cause a denial\nof service or obtain access to sensitive information by sending router\nadvertisement messages that cause temporary address generation to be\ndisabled.\n\nCVE-2013-2147\nDan Carpenter reported issues in the cpqarray driver for Compaq\nSmart2 Controllers and the cciss driver for HP Smart Array controllers\nallowing users to gain access to sensitive kernel memory.\n\nCVE-2013-2889\nKees Cook discovered missing input sanitization in the HID driver for\nZeroplus game pads that could lead to a local denial of service.\n\nCVE-2013-2893\nKees Cook discovered that missing input sanitization in the HID driver\nfor various Logitech force feedback devices could lead to a local denial\nof service.\n\nCVE-2013-2929Vasily Kulikov discovered that a flaw in the get_dumpable() function of\nthe ptrace subsytsem could lead to information disclosure. Only systems\nwith the fs.suid_dumpable sysctl set to a non-default value of 2 \nare\nvulnerable.\n\nCVE-2013-4162\nHannes Frederic Sowa discovered that incorrect handling of IPv6 sockets\nusing the UDP_CORK option could result in denial of service.\n\nCVE-2013-4299\nFujitsu reported an issue in the device-mapper subsystem. Local users\ncould gain access to sensitive kernel memory.\n\nCVE-2013-4345\nStephan Mueller found in bug in the ANSI pseudo random number generator\nwhich could lead to the use of less entropy than expected.\n\nCVE-2013-4512\nNico Golde and Fabian Yamaguchi reported an issue in the user mode\nlinux port. A buffer overflow condition exists in the write method\nfor the /proc/exitcode file. Local users with sufficient privileges\nallowing them to write to this file could gain further elevated\nprivileges.\n\nCVE-2013-4587\nAndrew Honig of Google reported an issue in the KVM virtualization\nsubsystem. A local user could gain elevated privileges by passing\na large vcpu_id parameter.\n\nCVE-2013-6367\nAndrew Honig of Google reported an issue in the KVM virtualization\nsubsystem. A divide-by-zero condition could allow a guest user to\ncause a denial of service on the host (crash).\n\nCVE-2013-6380\nMahesh Rajashekhara reported an issue in the aacraid driver for storage\nproducts from various vendors. Local users with CAP_SYS_ADMIN privileges\ncould gain further elevated privileges.\n\nCVE-2013-6381\nNico Golde and Fabian Yamaguchi reported an issue in the Gigabit Ethernet\ndevice support for s390 systems. Local users could cause a denial of\nservice or gain elevated privileges via the SIOC_QETH_ADP_SET_SNMP_CONTROL\nioctl.\n\nCVE-2013-6382\nNico Golde and Fabian Yamaguchi reported an issue in the XFS filesystem.\nLocal users with CAP_SYS_ADMIN privileges could gain further elevated\nprivileges.\n\nCVE-2013-6383\nDan Carpenter reported an issue in the aacraid driver for storage devices\nfrom various vendors. A local user could gain elevated privileges due to\na missing privilege level check in the aac_compat_ioctl function.\n\nCVE-2013-7263 CVE-2013-7264 CVE-2013-7265\nmpb reported an information leak in the recvfrom, recvmmsg and recvmsg\nsystem calls. A local user could obtain access to sensitive kernel memory.\n\nCVE-2013-7339\nSasha Levin reported an issue in the RDS network protocol over Infiniband.\nA local user could cause a denial of service condition.\n\nCVE-2014-0101\nNokia Siemens Networks reported an issue in the SCTP network protocol\nsubsystem. Remote users could cause a denial of service (NULL pointer\ndereference).\n\nCVE-2014-1444\nSalva Peiro reported an issue in the FarSync WAN driver. Local users\nwith the CAP_NET_ADMIN capability could gain access to sensitive kernel\nmemory.\n\nCVE-2014-1445\nSalva Peiro reported an issue in the wanXL serial card driver. Local\nusers could gain access to sensitive kernel memory.\n\nCVE-2014-1446\nSalva Peiro reported an issue in the YAM radio modem driver. Local users\nwith the CAP_NET_ADMIN capability could gain access to sensitive kernel\nmemory.\n\nCVE-2014-1874\nMatthew Thode reported an issue in the SELinux subsystem. A local user\nwith CAP_MAC_ADMIN privileges could cause a denial of service by setting\nan empty security context on a file.\n\nCVE-2014-2039\nMartin Schwidefsky reported an issue on s390 systems. A local user\ncould cause a denial of service (kernel oops) by executing an application\nwith a linkage stack instruction.\n\nCVE-2014-2523\nDaniel Borkmann provided a fix for an issue in the nf_conntrack_dccp\nmodule. Remote users could cause a denial of service (system crash)\nor potentially gain elevated privileges.", "modified": "2018-03-19T00:00:00", "published": "2014-04-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=702906", "id": "OPENVAS:702906", "title": "Debian Security Advisory DSA 2906-1 (linux-2.6 - privilege escalation/denial of service/information leak)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2906.nasl 9136 2018-03-19 13:08:02Z cfischer $\n# Auto-generated from advisory DSA 2906-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(702906);\n script_version(\"$Revision: 9136 $\");\n script_cve_id(\"CVE-2013-0343\", \"CVE-2013-2147\", \"CVE-2013-2889\", \"CVE-2013-2893\",\n \"CVE-2013-2929\", \"CVE-2013-4162\", \"CVE-2013-4299\", \"CVE-2013-4345\",\n \"CVE-2013-4512\", \"CVE-2013-4587\", \"CVE-2013-6367\", \"CVE-2013-6380\",\n \"CVE-2013-6381\", \"CVE-2013-6382\", \"CVE-2013-6383\", \"CVE-2013-7263\",\n \"CVE-2013-7264\", \"CVE-2013-7265\", \"CVE-2013-7339\", \"CVE-2014-0101\",\n \"CVE-2014-1444\", \"CVE-2014-1445\", \"CVE-2014-1446\", \"CVE-2014-1874\",\n \"CVE-2014-2039\", \"CVE-2014-2523\");\n script_name(\"Debian Security Advisory DSA 2906-1 (linux-2.6 - privilege escalation/denial of service/information leak)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-03-19 14:08:02 +0100 (Mon, 19 Mar 2018) $\");\n script_tag(name: \"creation_date\", value: \"2014-04-24 00:00:00 +0200 (Thu, 24 Apr 2014)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2906.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"linux-2.6 on Debian Linux\");\n script_tag(name: \"insight\", value: \"The Linux kernel is the core of the Linux operating system.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.6.32-48squeeze5.\n\nThe following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:\n\n?Debian 6.0 (squeeze)user-mode-linux2.6.32-1um-4+48squeeze5 \nWe recommend that you upgrade your linux-2.6 and user-mode-linux packages.\n\nNote: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or leap-frog fashion.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities have been\ndiscovered in the Linux kernel that may lead to a denial of service,\ninformation leak or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2013-0343\nGeorge Kargiotakis reported an issue in the temporary address handling\nof the IPv6 privacy extensions. Users on the same LAN can cause a denial\nof service or obtain access to sensitive information by sending router\nadvertisement messages that cause temporary address generation to be\ndisabled.\n\nCVE-2013-2147\nDan Carpenter reported issues in the cpqarray driver for Compaq\nSmart2 Controllers and the cciss driver for HP Smart Array controllers\nallowing users to gain access to sensitive kernel memory.\n\nCVE-2013-2889\nKees Cook discovered missing input sanitization in the HID driver for\nZeroplus game pads that could lead to a local denial of service.\n\nCVE-2013-2893\nKees Cook discovered that missing input sanitization in the HID driver\nfor various Logitech force feedback devices could lead to a local denial\nof service.\n\nCVE-2013-2929Vasily Kulikov discovered that a flaw in the get_dumpable() function of\nthe ptrace subsytsem could lead to information disclosure. Only systems\nwith the fs.suid_dumpable sysctl set to a non-default value of 2 \nare\nvulnerable.\n\nCVE-2013-4162\nHannes Frederic Sowa discovered that incorrect handling of IPv6 sockets\nusing the UDP_CORK option could result in denial of service.\n\nCVE-2013-4299\nFujitsu reported an issue in the device-mapper subsystem. Local users\ncould gain access to sensitive kernel memory.\n\nCVE-2013-4345\nStephan Mueller found in bug in the ANSI pseudo random number generator\nwhich could lead to the use of less entropy than expected.\n\nCVE-2013-4512\nNico Golde and Fabian Yamaguchi reported an issue in the user mode\nlinux port. A buffer overflow condition exists in the write method\nfor the /proc/exitcode file. Local users with sufficient privileges\nallowing them to write to this file could gain further elevated\nprivileges.\n\nCVE-2013-4587\nAndrew Honig of Google reported an issue in the KVM virtualization\nsubsystem. A local user could gain elevated privileges by passing\na large vcpu_id parameter.\n\nCVE-2013-6367\nAndrew Honig of Google reported an issue in the KVM virtualization\nsubsystem. A divide-by-zero condition could allow a guest user to\ncause a denial of service on the host (crash).\n\nCVE-2013-6380\nMahesh Rajashekhara reported an issue in the aacraid driver for storage\nproducts from various vendors. Local users with CAP_SYS_ADMIN privileges\ncould gain further elevated privileges.\n\nCVE-2013-6381\nNico Golde and Fabian Yamaguchi reported an issue in the Gigabit Ethernet\ndevice support for s390 systems. Local users could cause a denial of\nservice or gain elevated privileges via the SIOC_QETH_ADP_SET_SNMP_CONTROL\nioctl.\n\nCVE-2013-6382\nNico Golde and Fabian Yamaguchi reported an issue in the XFS filesystem.\nLocal users with CAP_SYS_ADMIN privileges could gain further elevated\nprivileges.\n\nCVE-2013-6383\nDan Carpenter reported an issue in the aacraid driver for storage devices\nfrom various vendors. A local user could gain elevated privileges due to\na missing privilege level check in the aac_compat_ioctl function.\n\nCVE-2013-7263 CVE-2013-7264 CVE-2013-7265\nmpb reported an information leak in the recvfrom, recvmmsg and recvmsg\nsystem calls. A local user could obtain access to sensitive kernel memory.\n\nCVE-2013-7339\nSasha Levin reported an issue in the RDS network protocol over Infiniband.\nA local user could cause a denial of service condition.\n\nCVE-2014-0101\nNokia Siemens Networks reported an issue in the SCTP network protocol\nsubsystem. Remote users could cause a denial of service (NULL pointer\ndereference).\n\nCVE-2014-1444\nSalva Peiro reported an issue in the FarSync WAN driver. Local users\nwith the CAP_NET_ADMIN capability could gain access to sensitive kernel\nmemory.\n\nCVE-2014-1445\nSalva Peiro reported an issue in the wanXL serial card driver. Local\nusers could gain access to sensitive kernel memory.\n\nCVE-2014-1446\nSalva Peiro reported an issue in the YAM radio modem driver. Local users\nwith the CAP_NET_ADMIN capability could gain access to sensitive kernel\nmemory.\n\nCVE-2014-1874\nMatthew Thode reported an issue in the SELinux subsystem. A local user\nwith CAP_MAC_ADMIN privileges could cause a denial of service by setting\nan empty security context on a file.\n\nCVE-2014-2039\nMartin Schwidefsky reported an issue on s390 systems. A local user\ncould cause a denial of service (kernel oops) by executing an application\nwith a linkage stack instruction.\n\nCVE-2014-2523\nDaniel Borkmann provided a fix for an issue in the nf_conntrack_dccp\nmodule. Remote users could cause a denial of service (system crash)\nor potentially gain elevated privileges.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"firmware-linux-free\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-base\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-doc-2.6.32\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-486\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-4kc-malta\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-5kc-malta\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-686\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-686-bigmem\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-amd64\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-armel\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-i386\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-ia64\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-mips\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-mipsel\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-powerpc\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-s390\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-sparc\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-amd64\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-common\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-common-openvz\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-common-vserver\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-common-xen\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-iop32x\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-itanium\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-ixp4xx\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-kirkwood\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-mckinley\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-openvz-686\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-openvz-amd64\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-orion5x\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-powerpc\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-powerpc-smp\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-powerpc64\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-r4k-ip22\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-r5k-cobalt\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-r5k-ip32\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-s390x\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-sb1-bcm91250a\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-sb1a-bcm91480b\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-sparc64\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-sparc64-smp\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-versatile\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-686\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-686-bigmem\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-amd64\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-itanium\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-mckinley\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-powerpc\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-powerpc64\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-s390x\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-sparc64\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-xen-686\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-xen-amd64\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-486\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-4kc-malta\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-5kc-malta\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-686\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-686-bigmem\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-686-bigmem-dbg\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-amd64\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-amd64-dbg\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-iop32x\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-itanium\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-ixp4xx\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-kirkwood\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-mckinley\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-openvz-686\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-openvz-686-dbg\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-openvz-amd64\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-openvz-amd64-dbg\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-orion5x\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-powerpc\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-powerpc-smp\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-powerpc64\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-r4k-ip22\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-r5k-cobalt\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-r5k-ip32\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-s390x\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-s390x-tape\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-sb1-bcm91250a\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-sb1a-bcm91480b\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-sparc64\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-sparc64-smp\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-versatile\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-686\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-686-bigmem\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-686-bigmem-dbg\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-amd64\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-amd64-dbg\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-itanium\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-mckinley\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-powerpc\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-powerpc64\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-s390x\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-sparc64\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-xen-686\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-xen-686-dbg\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-xen-amd64\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-xen-amd64-dbg\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-manual-2.6.32\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-patch-debian-2.6.32\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-source-2.6.32\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-support-2.6.32-5\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-tools-2.6.32\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-2.6.32-5-xen-686\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-2.6.32-5-xen-amd64\", ver:\"2.6.32-48squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:09", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2015-10-16T00:00:00", "id": "OPENVAS:1361412562310851057", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851057", "title": "SuSE Update for Linux SUSE-SU-2014:0696-1 (Linux)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2014_0696_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for Linux SUSE-SU-2014:0696-1 (Linux)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851057\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 19:07:12 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2013-4470\", \"CVE-2013-4579\", \"CVE-2013-6382\", \"CVE-2013-6885\", \"CVE-2013-7263\", \"CVE-2013-7264\", \"CVE-2013-7265\", \"CVE-2013-7339\", \"CVE-2014-0069\", \"CVE-2014-0101\", \"CVE-2014-0196\", \"CVE-2014-1444\", \"CVE-2014-1445\", \"CVE-2014-1446\", \"CVE-2014-1737\", \"CVE-2014-1738\", \"CVE-2014-1874\", \"CVE-2014-2039\", \"CVE-2014-2523\", \"CVE-2014-2678\", \"CVE-2014-3122\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for Linux SUSE-SU-2014:0696-1 (Linux)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The SUSE Linux Enterprise Server 11 SP2 LTSS kernel received a roll-up\n update to fix security and non-security issues.\n\n The following security bugs have been fixed:\n\n *\n\n CVE-2013-4470: The Linux kernel before 3.12, when UDP Fragmentation\n Offload (UFO) is enabled, does not properly initialize certain data\n structures, which allows local users to cause a denial of service (memory\n corruption and system crash) or possibly gain privileges via a crafted\n application that uses the UDP_CORK option in a setsockopt system call and\n sends both short and long packets, related to the ip_ufo_append_data\n function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in\n net/ipv6/ip6_output.c. (bnc#847672)\n\n *\n\n CVE-2013-4579: The ath9k_htc_set_bssid_mask function in\n drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through\n 3.12 uses a BSSID masking approach to determine the set of MAC addresses\n on which a Wi-Fi device is listening, which allows remote attackers to\n discover the original MAC address after spoofing by sending a series of\n packets to MAC addresses with certain bit manipulations. (bnc#851426)\n\n *\n\n CVE-2013-6382: Multiple buffer underflows in the XFS implementation\n in the Linux kernel through 3.12.1 allow local users to cause a denial of\n service (memory corruption) or possibly have unspecified\n other impact by leveraging the CAP_SYS_ADMIN capability for a (1)\n XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call\n with a crafted length value, related to the xfs_attrlist_by_handle\n function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle\n function in fs/xfs/xfs_ioctl32.c. (bnc#852553)\n\n *\n\n CVE-2013-6885: The microcode on AMD 16h 00h through 0Fh processors\n does not properly handle the interaction between locked instructions and\n write-combined memory types, which allows local users to cause a denial of\n service (system hang) via a crafted application, aka the errata 793 issue.\n (bnc#852967)\n\n *\n\n CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length\n values before ensuring that associated data structures have been\n initialized, which allows local users to obtain sensitive information from\n kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg\n system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c,\n net/ipv6/raw.c, and net/ipv6/udp.c. (bnc#857643)\n\n *\n\n CVE-2013-7264: The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in\n the Linux kernel before 3.12.4 updates a certain length value before\n ensuring that an ass ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"Linux on SUSE Linux Enterprise Server 11 SP2 LTSS\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"SUSE-SU\", value:\"2014:0696_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLES11\\.0SP2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"SLES11.0SP2\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~3.0.101~0.7.19.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~3.0.101~0.7.19.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~3.0.101~0.7.19.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~3.0.101~0.7.19.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~3.0.101~0.7.19.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~3.0.101~0.7.19.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~3.0.101~0.7.19.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-devel\", rpm:\"kernel-trace-devel~3.0.101~0.7.19.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~3.0.101~0.7.19.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~3.0.101~0.7.19.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~3.0.101~0.7.19.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~3.0.101~0.7.19.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~3.0.101~0.7.19.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~3.0.101~0.7.19.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-man\", rpm:\"kernel-default-man~3.0.101~0.7.19.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~3.0.101~0.7.19.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~3.0.101~0.7.19.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~3.0.101~0.7.19.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:31", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2014-02-20T00:00:00", "id": "OPENVAS:1361412562310841718", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841718", "title": "Ubuntu Update for linux-ec2 USN-2108-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2108_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for linux-ec2 USN-2108-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841718\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-20 15:16:53 +0530 (Thu, 20 Feb 2014)\");\n script_cve_id(\"CVE-2013-6383\", \"CVE-2013-7263\", \"CVE-2013-7264\", \"CVE-2013-7265\", \"CVE-2013-7281\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux-ec2 USN-2108-1\");\n\n script_tag(name:\"affected\", value:\"linux-ec2 on Ubuntu 10.04 LTS\");\n script_tag(name:\"insight\", value:\"A flaw was discovered in the Linux kernel's compat ioctls for Adaptec\nAACRAID scsi raid devices. An unprivileged local user could send\nadministrative commands to these devices potentially compromising the data\nstored on the device. (CVE-2013-6383)\n\nmpd reported an information leak in the recvfrom, recvmmsg, and recvmsg\nsystem calls in the Linux kernel. An unprivileged local user could exploit\nthis flaw to obtain sensitive information from kernel stack memory.\n(CVE-2013-7263)\n\nmpb reported an information leak in the Layer Two Tunneling Protocol (l2tp)\nof the Linux kernel. A local user could exploit this flaw to obtain\nsensitive information from kernel stack memory. (CVE-2013-7264)\n\nmpb reported an information leak in the Phone Network protocol (phonet) in\nthe Linux kernel. A local user could exploit this flaw to obtain sensitive\ninformation from kernel stack memory. (CVE-2013-7265)\n\nmpb reported an information leak in the Low-Rate Wireless Personal Area\nNetworks support (IEEE 802.15.4) in the Linux kernel. A local user could\nexploit this flaw to obtain sensitive information from kernel stack memory.\n(CVE-2013-7281)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2108-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2108-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-ec2'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-361-ec2\", ver:\"2.6.32-361.74\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:15", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2013-11-18T00:00:00", "id": "OPENVAS:1361412562310841620", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841620", "title": "Ubuntu Update for linux-ec2 USN-2016-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2016_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-ec2 USN-2016-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841620\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-18 15:54:59 +0530 (Mon, 18 Nov 2013)\");\n script_cve_id(\"CVE-2013-2147\", \"CVE-2013-2889\", \"CVE-2013-2893\", \"CVE-2013-2897\",\n \"CVE-2013-4299\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_name(\"Ubuntu Update for linux-ec2 USN-2016-1\");\n\n script_tag(name:\"affected\", value:\"linux-ec2 on Ubuntu 10.04 LTS\");\n script_tag(name:\"insight\", value:\"Dan Carpenter discovered an information leak in the HP Smart\nArray and Compaq SMART2 disk-array driver in the Linux kernel. A local user\ncould exploit this flaw to obtain sensitive information from kernel memory.\n(CVE-2013-2147)\n\nKees Cook discovered flaw in the Human Interface Device (HID) subsystem\nwhen CONFIG_HID_ZEROPLUS is enabled. A physically proximate attacker could\nleverage this flaw to cause a denial of service via a specially crafted\ndevice. (CVE-2013-2889)\n\nKees Cook discovered another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when any of CONFIG_LOGITECH_FF,\nCONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF are enabled. A physcially\nproximate attacker can leverage this flaw to cause a denial of service vias\na specially crafted device. (CVE-2013-2893)\n\nKees Cook discovered yet another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when CONFIG_HID_MULTITOUCH is enabled. A\nphysically proximate attacker could leverage this flaw to cause a denial of\nservice (OOPS) via a specially crafted device. (CVE-2013-2897)\n\nA flaw was discovered in the Linux kernel's dm snapshot facility. A remote\nauthenticated user could exploit this flaw to obtain sensitive information\nor modify/corrupt data. (CVE-2013-4299)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2016-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2016-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-ec2'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-358-ec2\", ver:\"2.6.32-358.71\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:13", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2014-02-13T00:00:00", "id": "OPENVAS:1361412562310871125", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871125", "title": "RedHat Update for kernel RHSA-2014:0159-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2014:0159-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871125\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-13 11:43:35 +0530 (Thu, 13 Feb 2014)\");\n script_cve_id(\"CVE-2013-2929\", \"CVE-2013-6381\", \"CVE-2013-7263\", \"CVE-2013-7265\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Update for kernel RHSA-2014:0159-01\");\n\n\n script_tag(name:\"affected\", value:\"kernel on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n * A buffer overflow flaw was found in the way the qeth_snmp_command()\nfunction in the Linux kernel's QETH network device driver implementation\nhandled SNMP IOCTL requests with an out-of-bounds length. A local,\nunprivileged user could use this flaw to crash the system or, potentially,\nescalate their privileges on the system. (CVE-2013-6381, Important)\n\n * A flaw was found in the way the get_dumpable() function return value was\ninterpreted in the ptrace subsystem of the Linux kernel. When\n'fs.suid_dumpable' was set to 2, a local, unprivileged local user could\nuse this flaw to bypass intended ptrace restrictions and obtain\npotentially sensitive information. (CVE-2013-2929, Low)\n\n * It was found that certain protocol handlers in the Linux kernel's\nnetworking implementation could set the addr_len value without initializing\nthe associated data structure. A local, unprivileged user could use this\nflaw to leak kernel stack memory to user space using the recvmsg, recvfrom,\nand recvmmsg system calls (CVE-2013-7263, CVE-2013-7265, Low).\n\nThis update also fixes several bugs. Documentation for these changes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:0159-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-February/msg00015.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~431.5.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~431.5.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.32~431.5.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~431.5.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.32~431.5.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-i686\", rpm:\"kernel-debuginfo-common-i686~2.6.32~431.5.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~431.5.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~431.5.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~431.5.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~2.6.32~431.5.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf-debuginfo\", rpm:\"python-perf-debuginfo~2.6.32~431.5.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~2.6.32~431.5.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~431.5.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~431.5.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~2.6.32~431.5.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:54", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2014-0159", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123469", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123469", "title": "Oracle Linux Local Check: ELSA-2014-0159", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-0159.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123469\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:04:13 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-0159\");\n script_tag(name:\"insight\", value:\"ELSA-2014-0159 - kernel security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-0159\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-0159.html\");\n script_cve_id(\"CVE-2013-2929\", \"CVE-2013-6381\", \"CVE-2013-7263\", \"CVE-2013-7265\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~431.5.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~2.6.32~431.5.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~431.5.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~431.5.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~431.5.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~431.5.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~431.5.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~431.5.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~431.5.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~2.6.32~431.5.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:16:25", "bulletinFamily": "scanner", "description": "Check for the Version of linux", "modified": "2017-12-01T00:00:00", "published": "2014-02-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=841723", "id": "OPENVAS:841723", "title": "Ubuntu Update for linux USN-2107-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2107_1.nasl 7957 2017-12-01 06:40:08Z santu $\n#\n# Ubuntu Update for linux USN-2107-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841723);\n script_version(\"$Revision: 7957 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:40:08 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-20 15:20:32 +0530 (Thu, 20 Feb 2014)\");\n script_cve_id(\"CVE-2013-6383\", \"CVE-2013-7263\", \"CVE-2013-7264\", \"CVE-2013-7265\", \"CVE-2013-7281\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux USN-2107-1\");\n\n tag_insight = \"A flaw was discovered in the Linux kernel's compat ioctls for Adaptec\nAACRAID scsi raid devices. An unprivileged local user could send\nadministrative commands to these devices potentially compromising the data\nstored on the device. (CVE-2013-6383)\n\nmpd reported an information leak in the recvfrom, recvmmsg, and recvmsg\nsystem calls in the Linux kernel. An unprivileged local user could exploit\nthis flaw to obtain sensitive information from kernel stack memory.\n(CVE-2013-7263)\n\nmpb reported an information leak in the Layer Two Tunneling Protocol (l2tp)\nof the Linux kernel. A local user could exploit this flaw to obtain\nsensitive information from kernel stack memory. (CVE-2013-7264)\n\nmpb reported an information leak in the Phone Network protocol (phonet) in\nthe Linux kernel. A local user could exploit this flaw to obtain sensitive\ninformation from kernel stack memory. (CVE-2013-7265)\n\nmpb reported an information leak in the Low-Rate Wireless Personal Area\nNetworks support (IEEE 802.15.4) in the Linux kernel. A local user could\nexploit this flaw to obtain sensitive information from kernel stack memory.\n(CVE-2013-7281)\";\n\n tag_affected = \"linux on Ubuntu 10.04 LTS\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"2107-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-2107-1/\");\n script_summary(\"Check for the Version of linux\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-56-386\", ver:\"2.6.32-56.118\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-56-generic\", ver:\"2.6.32-56.118\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-56-generic-pae\", ver:\"2.6.32-56.118\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-56-ia64\", ver:\"2.6.32-56.118\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-56-lpia\", ver:\"2.6.32-56.118\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-56-powerpc\", ver:\"2.6.32-56.118\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-56-powerpc-smp\", ver:\"2.6.32-56.118\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-56-powerpc64-smp\", ver:\"2.6.32-56.118\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-56-preempt\", ver:\"2.6.32-56.118\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-56-server\", ver:\"2.6.32-56.118\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-56-sparc64\", ver:\"2.6.32-56.118\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-56-sparc64-smp\", ver:\"2.6.32-56.118\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-56-versatile\", ver:\"2.6.32-56.118\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-56-virtual\", ver:\"2.6.32-56.118\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:37:13", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2014-02-20T00:00:00", "id": "OPENVAS:1361412562310841723", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841723", "title": "Ubuntu Update for linux USN-2107-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2107_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for linux USN-2107-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841723\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-20 15:20:32 +0530 (Thu, 20 Feb 2014)\");\n script_cve_id(\"CVE-2013-6383\", \"CVE-2013-7263\", \"CVE-2013-7264\", \"CVE-2013-7265\", \"CVE-2013-7281\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux USN-2107-1\");\n\n script_tag(name:\"affected\", value:\"linux on Ubuntu 10.04 LTS\");\n script_tag(name:\"insight\", value:\"A flaw was discovered in the Linux kernel's compat ioctls for Adaptec\nAACRAID scsi raid devices. An unprivileged local user could send\nadministrative commands to these devices potentially compromising the data\nstored on the device. (CVE-2013-6383)\n\nmpd reported an information leak in the recvfrom, recvmmsg, and recvmsg\nsystem calls in the Linux kernel. An unprivileged local user could exploit\nthis flaw to obtain sensitive information from kernel stack memory.\n(CVE-2013-7263)\n\nmpb reported an information leak in the Layer Two Tunneling Protocol (l2tp)\nof the Linux kernel. A local user could exploit this flaw to obtain\nsensitive information from kernel stack memory. (CVE-2013-7264)\n\nmpb reported an information leak in the Phone Network protocol (phonet) in\nthe Linux kernel. A local user could exploit this flaw to obtain sensitive\ninformation from kernel stack memory. (CVE-2013-7265)\n\nmpb reported an information leak in the Low-Rate Wireless Personal Area\nNetworks support (IEEE 802.15.4) in the Linux kernel. A local user could\nexploit this flaw to obtain sensitive information from kernel stack memory.\n(CVE-2013-7281)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2107-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2107-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-56-386\", ver:\"2.6.32-56.118\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-56-generic\", ver:\"2.6.32-56.118\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-56-generic-pae\", ver:\"2.6.32-56.118\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-56-ia64\", ver:\"2.6.32-56.118\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-56-lpia\", ver:\"2.6.32-56.118\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-56-powerpc\", ver:\"2.6.32-56.118\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-56-powerpc-smp\", ver:\"2.6.32-56.118\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-56-powerpc64-smp\", ver:\"2.6.32-56.118\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-56-preempt\", ver:\"2.6.32-56.118\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-56-server\", ver:\"2.6.32-56.118\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-56-sparc64\", ver:\"2.6.32-56.118\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-56-sparc64-smp\", ver:\"2.6.32-56.118\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-56-versatile\", ver:\"2.6.32-56.118\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-56-virtual\", ver:\"2.6.32-56.118\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:16:47", "bulletinFamily": "scanner", "description": "Check for the Version of linux-ec2", "modified": "2017-12-01T00:00:00", "published": "2014-02-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=841718", "id": "OPENVAS:841718", "title": "Ubuntu Update for linux-ec2 USN-2108-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2108_1.nasl 7957 2017-12-01 06:40:08Z santu $\n#\n# Ubuntu Update for linux-ec2 USN-2108-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841718);\n script_version(\"$Revision: 7957 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:40:08 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-20 15:16:53 +0530 (Thu, 20 Feb 2014)\");\n script_cve_id(\"CVE-2013-6383\", \"CVE-2013-7263\", \"CVE-2013-7264\", \"CVE-2013-7265\", \"CVE-2013-7281\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux-ec2 USN-2108-1\");\n\n tag_insight = \"A flaw was discovered in the Linux kernel's compat ioctls for Adaptec\nAACRAID scsi raid devices. An unprivileged local user could send\nadministrative commands to these devices potentially compromising the data\nstored on the device. (CVE-2013-6383)\n\nmpd reported an information leak in the recvfrom, recvmmsg, and recvmsg\nsystem calls in the Linux kernel. An unprivileged local user could exploit\nthis flaw to obtain sensitive information from kernel stack memory.\n(CVE-2013-7263)\n\nmpb reported an information leak in the Layer Two Tunneling Protocol (l2tp)\nof the Linux kernel. A local user could exploit this flaw to obtain\nsensitive information from kernel stack memory. (CVE-2013-7264)\n\nmpb reported an information leak in the Phone Network protocol (phonet) in\nthe Linux kernel. A local user could exploit this flaw to obtain sensitive\ninformation from kernel stack memory. (CVE-2013-7265)\n\nmpb reported an information leak in the Low-Rate Wireless Personal Area\nNetworks support (IEEE 802.15.4) in the Linux kernel. A local user could\nexploit this flaw to obtain sensitive information from kernel stack memory.\n(CVE-2013-7281)\";\n\n tag_affected = \"linux-ec2 on Ubuntu 10.04 LTS\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"2108-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-2108-1/\");\n script_summary(\"Check for the Version of linux-ec2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-361-ec2\", ver:\"2.6.32-361.74\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2019-05-30T02:22:14", "bulletinFamily": "unix", "description": "- ----------------------------------------------------------------------\nDebian Security Advisory DSA-2906-1 security@debian.org\nhttp://www.debian.org/security/ Dann Frazier\nApril 24, 2014 http://www.debian.org/security/faq\n- ----------------------------------------------------------------------\n\nPackage : linux-2.6\nVulnerability : privilege escalation/denial of service/information leak\nProblem type : local/remote\nDebian-specific: no\nCVE Id(s) : CVE-2013-0343 CVE-2013-2147 CVE-2013-2889 CVE-2013-2893\n CVE-2013-4162 CVE-2013-4299 CVE-2013-4345 CVE-2013-4512\n CVE-2013-4587 CVE-2013-6367 CVE-2013-6380 CVE-2013-6381\n CVE-2013-6382 CVE-2013-6383 CVE-2013-7263 CVE-2013-7264\n CVE-2013-7265 CVE-2013-7339 CVE-2014-0101 CVE-2014-1444\n CVE-2014-1445 CVE-2014-1446 CVE-2014-1874 CVE-2014-2039\n CVE-2014-2523 CVE-2103-2929\n\nSeveral vulnerabilities have been discovered in the Linux kernel that may lead\nto a denial of service, information leak or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2013-0343\n\n George Kargiotakis reported an issue in the temporary address handling\n of the IPv6 privacy extensions. Users on the same LAN can cause a denial\n of service or obtain access to sensitive information by sending router\n advertisement messages that cause temporary address generation to be\n disabled.\n\nCVE-2013-2147\n\n Dan Carpenter reported issues in the cpqarray driver for Compaq\n Smart2 Controllers and the cciss driver for HP Smart Array controllers\n allowing users to gain access to sensitive kernel memory.\n\nCVE-2013-2889\n\n Kees Cook discovered missing input sanitization in the HID driver for\n Zeroplus game pads that could lead to a local denial of service.\n\nCVE-2013-2893\n\n Kees Cook discovered that missing input sanitization in the HID driver\n for various Logitech force feedback devices could lead to a local denial\n of service.\n\nCVE-2013-2929\n\n Vasily Kulikov discovered that a flaw in the get_dumpable() function of\n the ptrace subsytsem could lead to information disclosure. Only systems\n with the fs.suid_dumpable sysctl set to a non-default value of '2' are\n vulnerable.\n\nCVE-2013-4162\n\n Hannes Frederic Sowa discovered that incorrect handling of IPv6 sockets\n using the UDP_CORK option could result in denial of service.\n\nCVE-2013-4299\n\n Fujitsu reported an issue in the device-mapper subsystem. Local users\n could gain access to sensitive kernel memory.\n\nCVE-2013-4345\n\n Stephan Mueller found in bug in the ANSI pseudo random number generator\n which could lead to the use of less entropy than expected.\n\nCVE-2013-4512\n\n Nico Golde and Fabian Yamaguchi reported an issue in the user mode\n linux port. A buffer overflow condition exists in the write method\n for the /proc/exitcode file. Local users with sufficient privileges\n allowing them to write to this file could gain further elevated\n privileges.\n\nCVE-2013-4587\n\n Andrew Honig of Google reported an issue in the KVM virtualization\n subsystem. A local user could gain elevated privileges by passing\n a large vcpu_id parameter.\n\nCVE-2013-6367\n\n Andrew Honig of Google reported an issue in the KVM virtualization\n subsystem. A divide-by-zero condition could allow a guest user to\n cause a denial of service on the host (crash).\n\nCVE-2013-6380\n\n Mahesh Rajashekhara reported an issue in the aacraid driver for storage\n products from various vendors. Local users with CAP_SYS_ADMIN privileges\n could gain further elevated privileges.\n\nCVE-2013-6381\n\n Nico Golde and Fabian Yamaguchi reported an issue in the Gigabit Ethernet\n device support for s390 systems. Local users could cause a denial of\n service or gain elevated privileges via the SIOC_QETH_ADP_SET_SNMP_CONTROL\n ioctl.\n\nCVE-2013-6382\n\n Nico Golde and Fabian Yamaguchi reported an issue in the XFS filesystem.\n Local users with CAP_SYS_ADMIN privileges could gain further elevated\n privileges.\n\nCVE-2013-6383\n\n Dan Carpenter reported an issue in the aacraid driver for storage devices\n from various vendors. A local user could gain elevated privileges due to\n a missing privilege level check in the aac_compat_ioctl function.\n\nCVE-2013-7263 CVE-2013-7264 CVE-2013-7265\n\n mpb reported an information leak in the recvfrom, recvmmsg and recvmsg\n system calls. A local user could obtain access to sensitive kernel memory.\n\nCVE-2013-7339\n\n Sasha Levin reported an issue in the RDS network protocol over Infiniband.\n A local user could cause a denial of service condition.\n\nCVE-2014-0101\n\n Nokia Siemens Networks reported an issue in the SCTP network protocol\n subsystem. Remote users could cause a denial of service (NULL pointer\n dereference).\n\nCVE-2014-1444\n\n Salva Peiro reported an issue in the FarSync WAN driver. Local users\n with the CAP_NET_ADMIN capability could gain access to sensitive kernel\n memory.\n\nCVE-2014-1445\n\n Salva Peiro reported an issue in the wanXL serial card driver. Local\n users could gain access to sensitive kernel memory.\n\nCVE-2014-1446\n\n Salva Peiro reported an issue in the YAM radio modem driver. Local users\n with the CAP_NET_ADMIN capability could gain access to sensitive kernel\n memory.\n\nCVE-2014-1874\n\n Matthew Thode reported an issue in the SELinux subsystem. A local user\n with CAP_MAC_ADMIN privileges could cause a denial of service by setting\n an empty security context on a file.\n \nCVE-2014-2039\n\n Martin Schwidefsky reported an issue on s390 systems. A local user\n could cause a denial of service (kernel oops) by executing an application\n with a linkage stack instruction.\n\nCVE-2014-2523\n\n Daniel Borkmann provided a fix for an issue in the nf_conntrack_dccp\n module. Remote users could cause a denial of service (system crash)\n or potentially gain elevated privileges.\n\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.6.32-48squeeze5.\n\nThe following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:\n\n Debian 6.0 (squeeze)\n user-mode-linux 2.6.32-1um-4+48squeeze5\n\nWe recommend that you upgrade your linux-2.6 and user-mode-linux packages.\n\nNote: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or "leap-frog" fashion.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2014-04-25T00:19:53", "published": "2014-04-25T00:19:53", "id": "DEBIAN:DSA-2906-1:5B9FC", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00092.html", "title": "[SECURITY] [DSA 2906-1] linux-2.6 security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:57:50", "bulletinFamily": "unix", "description": "The SUSE Linux Enterprise Server 11 SP2 LTSS kernel received a roll-up\n update to fix security and non-security issues.\n\n The following security bugs have been fixed:\n\n *\n\n CVE-2013-4470: The Linux kernel before 3.12, when UDP Fragmentation\n Offload (UFO) is enabled, does not properly initialize certain data\n structures, which allows local users to cause a denial of service (memory\n corruption and system crash) or possibly gain privileges via a crafted\n application that uses the UDP_CORK option in a setsockopt system call and\n sends both short and long packets, related to the ip_ufo_append_data\n function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in\n net/ipv6/ip6_output.c. (bnc#847672)\n\n *\n\n CVE-2013-4579: The ath9k_htc_set_bssid_mask function in\n drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through\n 3.12 uses a BSSID masking approach to determine the set of MAC addresses\n on which a Wi-Fi device is listening, which allows remote attackers to\n discover the original MAC address after spoofing by sending a series of\n packets to MAC addresses with certain bit manipulations. (bnc#851426)\n\n *\n\n CVE-2013-6382: Multiple buffer underflows in the XFS implementation\n in the Linux kernel through 3.12.1 allow local users to cause a denial of\n service (memory corruption) or possibly have unspecified\n other impact by leveraging the CAP_SYS_ADMIN capability for a (1)\n XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call\n with a crafted length value, related to the xfs_attrlist_by_handle\n function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle\n function in fs/xfs/xfs_ioctl32.c. (bnc#852553)\n\n *\n\n CVE-2013-6885: The microcode on AMD 16h 00h through 0Fh processors\n does not properly handle the interaction between locked instructions and\n write-combined memory types, which allows local users to cause a denial of\n service (system hang) via a crafted application, aka the errata 793 issue.\n (bnc#852967)\n\n *\n\n CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length\n values before ensuring that associated data structures have been\n initialized, which allows local users to obtain sensitive information from\n kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg\n system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c,\n net/ipv6/raw.c, and net/ipv6/udp.c. (bnc#857643)\n\n *\n\n CVE-2013-7264: The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in\n the Linux kernel before 3.12.4 updates a certain length value before\n ensuring that an associated data structure has been initialized, which\n allows local users to obtain sensitive information from kernel stack\n memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.\n (bnc#857643)\n\n *\n\n CVE-2013-7265: The pn_recvmsg function in net/phonet/datagram.c in\n the Linux kernel before 3.12.4 updates a certain length value before\n ensuring that an associated data structure has been initialized, which\n allows local users to obtain sensitive information from kernel stack\n memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.\n (bnc#857643)\n\n *\n\n CVE-2013-7339: The rds_ib_laddr_check function in net/rds/ib.c in\n the Linux kernel before 3.12.8 allows local users to cause a denial of\n service (NULL pointer dereference and system crash) or possibly have\n unspecified other impact via a bind system call for an RDS socket on a\n system that lacks RDS transports. (bnc#869563)\n\n *\n\n CVE-2014-0069: The cifs_iovec_write function in fs/cifs/file.c in\n the Linux kernel through 3.13.5 does not properly handle uncached write\n operations that copy fewer than the requested number of bytes, which\n allows local users to obtain sensitive information from kernel memory,\n cause a denial of service (memory corruption and system crash), or\n possibly gain privileges via a writev system call with a crafted pointer.\n (bnc#864025)\n\n *\n\n CVE-2014-0101: The sctp_sf_do_5_1D_ce function in\n net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not\n validate certain auth_enable and auth_capable fields before making an\n sctp_sf_authenticate call, which allows remote attackers to cause a denial\n of service (NULL pointer dereference and system crash) via an SCTP\n handshake with a modified INIT chunk and a crafted AUTH chunk before a\n COOKIE_ECHO chunk. (bnc#866102)\n\n *\n\n CVE-2014-0196: The n_tty_write function in drivers/tty/n_tty.c in\n the Linux kernel through 3.14.3 does not properly manage tty driver access\n in the "LECHO & !OPOST" case, which allows local users to cause a denial\n of service (memory corruption and system crash) or gain privileges by\n triggering a race condition involving read and write operations with long\n strings. (bnc#875690)\n\n *\n\n CVE-2014-1444: The fst_get_iface function in\n drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not\n properly initialize a certain data structure, which allows local users to\n obtain sensitive information from kernel memory by leveraging the\n CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call. (bnc#858869)\n\n *\n\n CVE-2014-1445: The wanxl_ioctl function in drivers/net/wan/wanxl.c\n in the Linux kernel before 3.11.7 does not properly initialize a certain\n data structure, which allows local users to obtain sensitive information\n from kernel memory via an ioctl call. (bnc#858870)\n\n *\n\n CVE-2014-1446: The yam_ioctl function in drivers/net/hamradio/yam.c\n in the Linux kernel before 3.12.8 does not initialize a certain structure\n member, which allows local users to obtain sensitive information from\n kernel memory by leveraging the CAP_NET_ADMIN capability for an\n SIOCYAMGCFG ioctl call. (bnc#858872)\n\n *\n\n CVE-2014-1737: The raw_cmd_copyin function in drivers/block/floppy.c\n in the Linux kernel through 3.14.3 does not properly handle error\n conditions during processing of an FDRAWCMD ioctl call, which allows local\n users to trigger kfree operations and gain privileges by leveraging write\n access to a /dev/fd device. (bnc#875798)\n\n *\n\n CVE-2014-1738: The raw_cmd_copyout function in\n drivers/block/floppy.c in the Linux kernel through 3.14.3 does not\n properly restrict access to certain pointers during processing of an\n FDRAWCMD ioctl call, which allows local users to obtain sensitive\n information from kernel heap memory by leveraging write access to a\n /dev/fd device. (bnc#875798)\n\n *\n\n CVE-2014-1874: The security_context_to_sid_core function in\n security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows\n local users to cause a denial of service (system crash) by leveraging the\n CAP_MAC_ADMIN capability to set a zero-length security context.\n (bnc#863335)\n\n *\n\n CVE-2014-2039: arch/s390/kernel/head64.S in the Linux kernel before\n 3.13.5 on the s390 platform does not properly handle attempted use of the\n linkage stack, which allows local users to cause a denial of service\n (system crash) by executing a crafted instruction. (bnc#865307)\n\n *\n\n CVE-2014-2523: net/netfilter/nf_conntrack_proto_dccp.c in the Linux\n kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows\n remote attackers to cause a denial of service (system crash)\n or possibly execute arbitrary code via a DCCP packet that triggers a\n call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.\n (bnc#868653)\n\n *\n\n CVE-2014-2678: The rds_iw_laddr_check function in net/rds/iw.c in\n the Linux kernel through 3.14 allows local users to cause a denial of\n service (NULL pointer dereference and system crash) or possibly have\n unspecified other impact via a bind system call for an RDS socket on a\n system that lacks RDS transports. (bnc#871561)\n\n *\n\n CVE-2014-3122: The try_to_unmap_cluster function in mm/rmap.c in the\n Linux kernel before 3.14.3 does not properly consider which pages must be\n locked, which allows local users to cause a denial of service (system\n crash) by triggering a memory-usage pattern that requires removal of\n page-table mappings. (bnc#876102)\n\n Also the following non-security bugs have been fixed:\n\n * kabi: protect symbols modified by bnc#864833 fix (bnc#864833).\n * arch: Fix incorrect config symbol in #ifdef (bnc#844513).\n * ACPICA: Add a lock to the internal object reference count mechanism\n (bnc#857499).\n * x86/PCI: reduce severity of host bridge window conflict warnings\n (bnc#858534).\n * ia64: Change default PSR.ac from "1" to "0" (Fix erratum #237)\n (bnc#874108).\n * timer: Prevent overflow in apply_slack (bnc#873061).\n * xen: Close a race condition in Xen nested spinlock (bnc#858280,\n bnc#819351).\n * storvsc: NULL pointer dereference fix (bnc#865330).\n * sched: Make scale_rt_power() deal with backward clocks (bnc#865310).\n * sched: Use CPUPRI_NR_PRIORITIES instead of MAX_RT_PRIO in cpupri\n check (bnc#871861).\n *\n\n sched: update_rq_clock() must skip ONE update (bnc#868528,\n bnc#869033).\n\n *\n\n md: Change handling of save_raid_disk and metadata update during\n recovery (bnc#849364).\n\n * dm-mpath: Fixup race condition in activate_path() (bnc#708296).\n * dm-mpath: do not detach stale hardware handler (bnc#708296).\n * dm-multipath: Improve logging (bnc#708296).\n * scsi_dh_alua: Simplify state machine (bnc#854025).\n * scsi_dh_alua: endless STPG retries for a failed LUN (bnc#865342).\n *\n\n scsi_dh_alua: fixup RTPG retry delay miscalculation (bnc#854025).\n\n *\n\n vfs,proc: guarantee unique inodes in /proc.\n\n * FS-Cache: Handle removal of unadded object to the\n fscache_object_list rb tree (bnc#855885).\n * NFSD/sunrpc: avoid deadlock on TCP connection due to memory pressure\n (bnc#853455).\n * NFS: Avoid occasional hang with NFS (bnc#852488).\n * NFS: do not try to use lock state when we hold a delegation\n (bnc#831029) - add to series.conf\n * btrfs: do not loop on large offsets in readdir (bnc#863300).\n * btrfs: restrict snapshotting to own subvolumes (bnc#736697).\n * btrfs: fix extent boundary check in bio_readpage_error.\n *\n\n btrfs: fix extent_map block_len after merging.\n\n *\n\n net: add missing bh_unlock_sock() calls (bnc#862429).\n\n * inet: Pass inetpeer root into inet_getpeer*() interfaces\n (bnc#864833).\n * inet: Hide route peer accesses behind helpers (bnc#864833).\n * inet: Avoid potential NULL peer dereference (bnc#864833).\n * inet: handle rt{,6}_bind_peer() failure correctly (bnc#870801).\n * inetpeer: prevent unlinking from unused list twice (bnc#867953).\n * net/mlx4_en: Fix pages never dma unmapped on rx (bnc#858604).\n * tcp: clear xmit timers in tcp_v4_syn_recv_sock() (bnc#862429).\n * ipv6: fix race condition regarding dst->expires and dst->from\n (bnc#843185).\n *\n\n ipv6 routing, NLM_F_* flag support: REPLACE and EXCL flags support,\n warn about missing CREATE flag (bnc#865783).\n\n *\n\n mpt2sas: Do not check DIF for unwritten blocks (bnc#746500,\n bnc#836347).\n\n * mpt2sas: Add a module parameter that permits overriding protection\n capabilities (bnc#746500).\n *\n\n mpt2sas: Return the correct sense key for DIF errors (bnc#746500).\n\n *\n\n s390/cio: Delay scan for newly available I/O devices (bnc#855347,\n bnc#814788, bnc#856083).\n\n * s390/cio: More efficient handling of CHPID availability events\n (bnc#855347, bnc#814788, bnc#856083).\n * s390/cio: Relax subchannel scan loop (bnc#855347, bnc#814788,\n bnc#856083).\n *\n\n s390/css: stop stsch loop after cc 3 (bnc#855347, bnc#814788,\n bnc#856083).\n\n *\n\n supported.conf: Driver corgi_bl was renamed to generic_bl in kernel\n 2.6.29.\n\n * supported.conf: Add drivers/of/of_mdio That was a missing dependency\n for mdio-gpio on ppc64.\n * supported.conf: Fix mdio-gpio module name Module mdio-ofgpio was\n renamed to mdio-gpio in kernel 2.6.29, this should have been\n reflected in supported.conf.\n * supported.conf: Adjust radio-si470x module names\n * Update config files: re-enable twofish crypto support. (bnc#871325)\n", "modified": "2014-05-22T02:04:17", "published": "2014-05-22T02:04:17", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00013.html", "id": "SUSE-SU-2014:0696-1", "type": "suse", "title": "Security update for Linux kernel (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2019-05-29T18:13:06", "bulletinFamily": "NVD", "description": "Buffer overflow in the qeth_snmp_command function in drivers/s390/net/qeth_core_main.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service or possibly have unspecified other impact via an SNMP ioctl call with a length value that is incompatible with the command-buffer size.", "modified": "2016-12-31T02:59:00", "id": "CVE-2013-6381", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6381", "published": "2013-11-27T04:43:00", "title": "CVE-2013-6381", "type": "cve", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:13:07", "bulletinFamily": "NVD", "description": "The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.", "modified": "2017-12-16T02:29:00", "id": "CVE-2013-7265", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7265", "published": "2014-01-06T16:55:00", "title": "CVE-2013-7265", "type": "cve", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-05-29T18:13:04", "bulletinFamily": "NVD", "description": "Buffer overflow in the exitcode_proc_write function in arch/um/kernel/exitcode.c in the Linux kernel before 3.12 allows local users to cause a denial of service or possibly have unspecified other impact by leveraging root privileges for a write operation.", "modified": "2016-12-31T02:59:00", "id": "CVE-2013-4512", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4512", "published": "2013-11-12T14:35:00", "title": "CVE-2013-4512", "type": "cve", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:13:07", "bulletinFamily": "NVD", "description": "The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.", "modified": "2017-12-16T02:29:00", "id": "CVE-2013-7264", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7264", "published": "2014-01-06T16:55:00", "title": "CVE-2013-7264", "type": "cve", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-05-29T18:13:06", "bulletinFamily": "NVD", "description": "The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call.", "modified": "2014-03-26T04:54:00", "id": "CVE-2013-6383", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6383", "published": "2013-11-27T04:43:00", "title": "CVE-2013-6383", "type": "cve", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:13:06", "bulletinFamily": "NVD", "description": "Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for a (1) XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value, related to the xfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c.", "modified": "2016-12-31T02:59:00", "id": "CVE-2013-6382", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6382", "published": "2013-11-27T04:43:00", "title": "CVE-2013-6382", "type": "cve", "cvss": {"score": 4.0, "vector": "AV:L/AC:H/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:13:07", "bulletinFamily": "NVD", "description": "The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel before 3.12.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports.", "modified": "2014-07-17T05:03:00", "id": "CVE-2013-7339", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7339", "published": "2014-03-24T16:40:00", "title": "CVE-2013-7339", "type": "cve", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:13:06", "bulletinFamily": "NVD", "description": "The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command.", "modified": "2014-03-16T04:42:00", "id": "CVE-2013-6380", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6380", "published": "2013-11-27T04:43:00", "title": "CVE-2013-6380", "type": "cve", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:13:44", "bulletinFamily": "NVD", "description": "net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.", "modified": "2017-12-16T02:29:00", "id": "CVE-2014-2523", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2523", "published": "2014-03-24T16:40:00", "title": "CVE-2014-2523", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:13:07", "bulletinFamily": "NVD", "description": "The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c.", "modified": "2017-12-16T02:29:00", "id": "CVE-2013-7263", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7263", "published": "2014-01-06T16:55:00", "title": "CVE-2013-7263", "type": "cve", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}], "nessus": [{"lastseen": "2019-02-21T01:20:28", "bulletinFamily": "scanner", "description": "The 3.11.10 stable update contains a number of important fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2015-10-19T00:00:00", "id": "FEDORA_2013-22695.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=71283", "published": "2013-12-10T00:00:00", "title": "Fedora 18 : kernel-3.11.10-100.fc18 (2013-22695)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-22695.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71283);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 21:47:13 $\");\n\n script_cve_id(\"CVE-2013-6378\", \"CVE-2013-6380\", \"CVE-2013-6382\", \"CVE-2013-7263\", \"CVE-2013-7264\", \"CVE-2013-7265\");\n script_xref(name:\"FEDORA\", value:\"2013-22695\");\n\n script_name(english:\"Fedora 18 : kernel-3.11.10-100.fc18 (2013-22695)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 3.11.10 stable update contains a number of important fixes across\nthe tree\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1033578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1033593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1033603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1035875\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/123338.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bdebe835\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"kernel-3.11.10-100.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:20:28", "bulletinFamily": "scanner", "description": "The 3.11.10 stable update contains a number of important fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2015-10-19T00:00:00", "id": "FEDORA_2013-22669.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=71249", "published": "2013-12-08T00:00:00", "title": "Fedora 19 : kernel-3.11.10-200.fc19 (2013-22669)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-22669.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71249);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 21:47:13 $\");\n\n script_cve_id(\"CVE-2013-6378\", \"CVE-2013-6380\", \"CVE-2013-6382\", \"CVE-2013-7263\", \"CVE-2013-7264\", \"CVE-2013-7265\");\n script_xref(name:\"FEDORA\", value:\"2013-22669\");\n\n script_name(english:\"Fedora 19 : kernel-3.11.10-200.fc19 (2013-22669)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 3.11.10 stable update contains a number of important fixes across\nthe tree\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1033578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1033593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1033603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1035875\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/123200.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?828af8fd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"kernel-3.11.10-200.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:20:48", "bulletinFamily": "scanner", "description": "A flaw was discovered in the Linux kernel's compat ioctls for Adaptec AACRAID scsi raid devices. An unprivileged local user could send administrative commands to these devices potentially compromising the data stored on the device. (CVE-2013-6383)\n\nmpd reported an information leak in the recvfrom, recvmmsg, and recvmsg system calls in the Linux kernel. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7263)\n\nmpb reported an information leak in the Layer Two Tunneling Protocol (l2tp) of the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7264)\n\nmpb reported an information leak in the Phone Network protocol (phonet) in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7265)\n\nmpb reported an information leak in the Low-Rate Wireless Personal Area Networks support (IEEE 802.15.4) in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7281).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-2107-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=72571", "published": "2014-02-19T00:00:00", "title": "Ubuntu 10.04 LTS : linux vulnerabilities (USN-2107-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2107-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72571);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/12/01 15:12:38\");\n\n script_cve_id(\"CVE-2013-6383\", \"CVE-2013-7263\", \"CVE-2013-7264\", \"CVE-2013-7265\", \"CVE-2013-7281\");\n script_xref(name:\"USN\", value:\"2107-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux vulnerabilities (USN-2107-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was discovered in the Linux kernel's compat ioctls for Adaptec\nAACRAID scsi raid devices. An unprivileged local user could send\nadministrative commands to these devices potentially compromising the\ndata stored on the device. (CVE-2013-6383)\n\nmpd reported an information leak in the recvfrom, recvmmsg, and\nrecvmsg system calls in the Linux kernel. An unprivileged local user\ncould exploit this flaw to obtain sensitive information from kernel\nstack memory. (CVE-2013-7263)\n\nmpb reported an information leak in the Layer Two Tunneling Protocol\n(l2tp) of the Linux kernel. A local user could exploit this flaw to\nobtain sensitive information from kernel stack memory. (CVE-2013-7264)\n\nmpb reported an information leak in the Phone Network protocol\n(phonet) in the Linux kernel. A local user could exploit this flaw to\nobtain sensitive information from kernel stack memory. (CVE-2013-7265)\n\nmpb reported an information leak in the Low-Rate Wireless Personal\nArea Networks support (IEEE 802.15.4) in the Linux kernel. A local\nuser could exploit this flaw to obtain sensitive information from\nkernel stack memory. (CVE-2013-7281).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2107-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-56-386\", pkgver:\"2.6.32-56.118\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-56-generic\", pkgver:\"2.6.32-56.118\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-56-generic-pae\", pkgver:\"2.6.32-56.118\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-56-lpia\", pkgver:\"2.6.32-56.118\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-56-preempt\", pkgver:\"2.6.32-56.118\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-56-server\", pkgver:\"2.6.32-56.118\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-56-versatile\", pkgver:\"2.6.32-56.118\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-56-virtual\", pkgver:\"2.6.32-56.118\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-386 / linux-image-2.6-generic / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:20:20", "bulletinFamily": "scanner", "description": "Dan Carpenter discovered an information leak in the HP Smart Aray and Compaq SMART2 disk-array driver in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2147)\n\nKees Cook discovered flaw in the Human Interface Device (HID) subsystem when CONFIG_HID_ZEROPLUS is enabled. A physically proximate attacker could leverage this flaw to cause a denial of service via a specially crafted device. (CVE-2013-2889)\n\nKees Cook discovered another flaw in the Human Interface Device (HID) subsystem of the Linux kernel when any of CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF are enabled. A physcially proximate attacker can leverage this flaw to cause a denial of service vias a specially crafted device. (CVE-2013-2893)\n\nKees Cook discovered yet another flaw in the Human Interface Device (HID) subsystem of the Linux kernel when CONFIG_HID_MULTITOUCH is enabled. A physically proximate attacker could leverage this flaw to cause a denial of service (OOPS) via a specially crafted device.\n(CVE-2013-2897)\n\nA flaw was discovered in the Linux kernel's dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. (CVE-2013-4299).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-2015-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=70799", "published": "2013-11-09T00:00:00", "title": "Ubuntu 10.04 LTS : linux vulnerabilities (USN-2015-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2015-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70799);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/12/01 13:19:08\");\n\n script_cve_id(\"CVE-2013-2147\", \"CVE-2013-2889\", \"CVE-2013-2893\", \"CVE-2013-2897\", \"CVE-2013-4299\");\n script_bugtraq_id(60280, 62042, 62044, 62050, 63183);\n script_xref(name:\"USN\", value:\"2015-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux vulnerabilities (USN-2015-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Dan Carpenter discovered an information leak in the HP Smart Aray and\nCompaq SMART2 disk-array driver in the Linux kernel. A local user\ncould exploit this flaw to obtain sensitive information from kernel\nmemory. (CVE-2013-2147)\n\nKees Cook discovered flaw in the Human Interface Device (HID)\nsubsystem when CONFIG_HID_ZEROPLUS is enabled. A physically proximate\nattacker could leverage this flaw to cause a denial of service via a\nspecially crafted device. (CVE-2013-2889)\n\nKees Cook discovered another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when any of CONFIG_LOGITECH_FF,\nCONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF are enabled. A physcially\nproximate attacker can leverage this flaw to cause a denial of service\nvias a specially crafted device. (CVE-2013-2893)\n\nKees Cook discovered yet another flaw in the Human Interface Device\n(HID) subsystem of the Linux kernel when CONFIG_HID_MULTITOUCH is\nenabled. A physically proximate attacker could leverage this flaw to\ncause a denial of service (OOPS) via a specially crafted device.\n(CVE-2013-2897)\n\nA flaw was discovered in the Linux kernel's dm snapshot facility. A\nremote authenticated user could exploit this flaw to obtain sensitive\ninformation or modify/corrupt data. (CVE-2013-4299).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2015-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-53-386\", pkgver:\"2.6.32-53.115\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-53-generic\", pkgver:\"2.6.32-53.115\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-53-generic-pae\", pkgver:\"2.6.32-53.115\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-53-lpia\", pkgver:\"2.6.32-53.115\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-53-preempt\", pkgver:\"2.6.32-53.115\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-53-server\", pkgver:\"2.6.32-53.115\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-53-versatile\", pkgver:\"2.6.32-53.115\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-53-virtual\", pkgver:\"2.6.32-53.115\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-386 / linux-image-2.6-generic / etc\");\n}\n", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:20:47", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2014:0159 :\n\nUpdated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\n* A buffer overflow flaw was found in the way the qeth_snmp_command() function in the Linux kernel's QETH network device driver implementation handled SNMP IOCTL requests with an out-of-bounds length. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.\n(CVE-2013-6381, Important)\n\n* A flaw was found in the way the get_dumpable() function return value was interpreted in the ptrace subsystem of the Linux kernel. When 'fs.suid_dumpable' was set to 2, a local, unprivileged local user could use this flaw to bypass intended ptrace restrictions and obtain potentially sensitive information. (CVE-2013-2929, Low)\n\n* It was found that certain protocol handlers in the Linux kernel's networking implementation could set the addr_len value without initializing the associated data structure. A local, unprivileged user could use this flaw to leak kernel stack memory to user space using the recvmsg, recvfrom, and recvmmsg system calls (CVE-2013-7263, CVE-2013-7265, Low).\n\nThis update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section.\n\nAll kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "modified": "2018-07-18T00:00:00", "id": "ORACLELINUX_ELSA-2014-0159.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=72469", "published": "2014-02-13T00:00:00", "title": "Oracle Linux 6 : kernel (ELSA-2014-0159)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:0159 and \n# Oracle Linux Security Advisory ELSA-2014-0159 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72469);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2013-2929\", \"CVE-2013-6381\", \"CVE-2013-7263\", \"CVE-2013-7265\");\n script_bugtraq_id(63744, 63890, 64111, 64677, 64686);\n script_xref(name:\"RHSA\", value:\"2014:0159\");\n\n script_name(english:\"Oracle Linux 6 : kernel (ELSA-2014-0159)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:0159 :\n\nUpdated kernel packages that fix multiple security issues and several\nbugs are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A buffer overflow flaw was found in the way the qeth_snmp_command()\nfunction in the Linux kernel's QETH network device driver\nimplementation handled SNMP IOCTL requests with an out-of-bounds\nlength. A local, unprivileged user could use this flaw to crash the\nsystem or, potentially, escalate their privileges on the system.\n(CVE-2013-6381, Important)\n\n* A flaw was found in the way the get_dumpable() function return value\nwas interpreted in the ptrace subsystem of the Linux kernel. When\n'fs.suid_dumpable' was set to 2, a local, unprivileged local user\ncould use this flaw to bypass intended ptrace restrictions and obtain\npotentially sensitive information. (CVE-2013-2929, Low)\n\n* It was found that certain protocol handlers in the Linux kernel's\nnetworking implementation could set the addr_len value without\ninitializing the associated data structure. A local, unprivileged user\ncould use this flaw to leak kernel stack memory to user space using\nthe recvmsg, recvfrom, and recvmmsg system calls (CVE-2013-7263,\nCVE-2013-7265, Low).\n\nThis update also fixes several bugs. Documentation for these changes\nwill be available shortly from the Technical Notes document linked to\nin the References section.\n\nAll kernel users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The system\nmust be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-February/003958.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-2.6.32-431.5.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-abi-whitelists-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-abi-whitelists-2.6.32-431.5.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-debug-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-debug-2.6.32-431.5.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-debug-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-debug-devel-2.6.32-431.5.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-devel-2.6.32-431.5.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-doc-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-doc-2.6.32-431.5.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-firmware-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-firmware-2.6.32-431.5.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-headers-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-headers-2.6.32-431.5.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perf-2.6.32-431.5.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"python-perf-2.6.32-431.5.1.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:20:47", "bulletinFamily": "scanner", "description": "Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\n* A buffer overflow flaw was found in the way the qeth_snmp_command() function in the Linux kernel's QETH network device driver implementation handled SNMP IOCTL requests with an out-of-bounds length. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.\n(CVE-2013-6381, Important)\n\n* A flaw was found in the way the get_dumpable() function return value was interpreted in the ptrace subsystem of the Linux kernel. When 'fs.suid_dumpable' was set to 2, a local, unprivileged local user could use this flaw to bypass intended ptrace restrictions and obtain potentially sensitive information. (CVE-2013-2929, Low)\n\n* It was found that certain protocol handlers in the Linux kernel's networking implementation could set the addr_len value without initializing the associated data structure. A local, unprivileged user could use this flaw to leak kernel stack memory to user space using the recvmsg, recvfrom, and recvmmsg system calls (CVE-2013-7263, CVE-2013-7265, Low).\n\nThis update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section.\n\nAll kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "modified": "2018-11-10T00:00:00", "id": "REDHAT-RHSA-2014-0159.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=72454", "published": "2014-02-12T00:00:00", "title": "RHEL 6 : kernel (RHSA-2014:0159)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0159. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72454);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/10 11:49:53\");\n\n script_cve_id(\"CVE-2013-2929\", \"CVE-2013-6381\", \"CVE-2013-7263\", \"CVE-2013-7265\");\n script_bugtraq_id(63890, 64111, 64677, 64686);\n script_xref(name:\"RHSA\", value:\"2014:0159\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2014:0159)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix multiple security issues and several\nbugs are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A buffer overflow flaw was found in the way the qeth_snmp_command()\nfunction in the Linux kernel's QETH network device driver\nimplementation handled SNMP IOCTL requests with an out-of-bounds\nlength. A local, unprivileged user could use this flaw to crash the\nsystem or, potentially, escalate their privileges on the system.\n(CVE-2013-6381, Important)\n\n* A flaw was found in the way the get_dumpable() function return value\nwas interpreted in the ptrace subsystem of the Linux kernel. When\n'fs.suid_dumpable' was set to 2, a local, unprivileged local user\ncould use this flaw to bypass intended ptrace restrictions and obtain\npotentially sensitive information. (CVE-2013-2929, Low)\n\n* It was found that certain protocol handlers in the Linux kernel's\nnetworking implementation could set the addr_len value without\ninitializing the associated data structure. A local, unprivileged user\ncould use this flaw to leak kernel stack memory to user space using\nthe recvmsg, recvfrom, and recvmmsg system calls (CVE-2013-7263,\nCVE-2013-7265, Low).\n\nThis update also fixes several bugs. Documentation for these changes\nwill be available shortly from the Technical Notes document linked to\nin the References section.\n\nAll kernel users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The system\nmust be rebooted for this update to take effect.\"\n );\n # https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c6b506c4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0159\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2929\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-7265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-6381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-7263\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0159\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-2.6.32-431.5.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-2.6.32-431.5.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-2.6.32-431.5.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-abi-whitelists-2.6.32-431.5.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-2.6.32-431.5.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-2.6.32-431.5.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-431.5.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-2.6.32-431.5.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-2.6.32-431.5.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-431.5.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.32-431.5.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.32-431.5.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-431.5.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-2.6.32-431.5.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-2.6.32-431.5.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-431.5.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-2.6.32-431.5.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-2.6.32-431.5.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-431.5.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-devel-2.6.32-431.5.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-devel-2.6.32-431.5.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-431.5.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-doc-2.6.32-431.5.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-firmware-2.6.32-431.5.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-headers-2.6.32-431.5.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-headers-2.6.32-431.5.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-431.5.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.32-431.5.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-2.6.32-431.5.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.32-431.5.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-2.6.32-431.5.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-2.6.32-431.5.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-2.6.32-431.5.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-debuginfo-2.6.32-431.5.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-debuginfo-2.6.32-431.5.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-431.5.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-perf-2.6.32-431.5.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-perf-2.6.32-431.5.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-perf-2.6.32-431.5.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-perf-debuginfo-2.6.32-431.5.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-perf-debuginfo-2.6.32-431.5.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-2.6.32-431.5.1.el6\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:20:31", "bulletinFamily": "scanner", "description": "Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for a (1) XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value, related to the xfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c.", "modified": "2018-04-18T00:00:00", "id": "ALA_ALAS-2013-258.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=71398", "published": "2013-12-14T00:00:00", "title": "Amazon Linux AMI : kernel (ALAS-2013-258)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2013-258.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71398);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2013-6382\", \"CVE-2013-7263\", \"CVE-2013-7264\", \"CVE-2013-7265\");\n script_xref(name:\"ALAS\", value:\"2013-258\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2013-258)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple buffer underflows in the XFS implementation in the Linux\nkernel through 3.12.1 allow local users to cause a denial of service\n(memory corruption) or possibly have unspecified other impact by\nleveraging the CAP_SYS_ADMIN capability for a (1)\nXFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl\ncall with a crafted length value, related to the\nxfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the\nxfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2013-258.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Run 'yum update kernel' to update your system. You will need to reboot\nyour system in order for the new kernel to be running.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"kernel-3.4.73-64.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-debuginfo-3.4.73-64.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-3.4.73-64.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.4.73-64.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-devel-3.4.73-64.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-doc-3.4.73-64.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-headers-3.4.73-64.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-3.4.73-64.112.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-debuginfo-3.4.73-64.112.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:20:48", "bulletinFamily": "scanner", "description": "A flaw was discovered in the Linux kernel's compat ioctls for Adaptec AACRAID scsi raid devices. An unprivileged local user could send administrative commands to these devices potentially compromising the data stored on the device. (CVE-2013-6383)\n\nmpd reported an information leak in the recvfrom, recvmmsg, and recvmsg system calls in the Linux kernel. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7263)\n\nmpb reported an information leak in the Layer Two Tunneling Protocol (l2tp) of the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7264)\n\nmpb reported an information leak in the Phone Network protocol (phonet) in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7265)\n\nmpb reported an information leak in the Low-Rate Wireless Personal Area Networks support (IEEE 802.15.4) in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7281).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-2108-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=72572", "published": "2014-02-19T00:00:00", "title": "Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-2108-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2108-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72572);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/12/01 15:12:38\");\n\n script_cve_id(\"CVE-2013-6383\", \"CVE-2013-7263\", \"CVE-2013-7264\", \"CVE-2013-7265\", \"CVE-2013-7281\");\n script_xref(name:\"USN\", value:\"2108-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-2108-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was discovered in the Linux kernel's compat ioctls for Adaptec\nAACRAID scsi raid devices. An unprivileged local user could send\nadministrative commands to these devices potentially compromising the\ndata stored on the device. (CVE-2013-6383)\n\nmpd reported an information leak in the recvfrom, recvmmsg, and\nrecvmsg system calls in the Linux kernel. An unprivileged local user\ncould exploit this flaw to obtain sensitive information from kernel\nstack memory. (CVE-2013-7263)\n\nmpb reported an information leak in the Layer Two Tunneling Protocol\n(l2tp) of the Linux kernel. A local user could exploit this flaw to\nobtain sensitive information from kernel stack memory. (CVE-2013-7264)\n\nmpb reported an information leak in the Phone Network protocol\n(phonet) in the Linux kernel. A local user could exploit this flaw to\nobtain sensitive information from kernel stack memory. (CVE-2013-7265)\n\nmpb reported an information leak in the Low-Rate Wireless Personal\nArea Networks support (IEEE 802.15.4) in the Linux kernel. A local\nuser could exploit this flaw to obtain sensitive information from\nkernel stack memory. (CVE-2013-7281).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2108-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected linux-image-2.6-ec2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-361-ec2\", pkgver:\"2.6.32-361.74\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-ec2\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:20:46", "bulletinFamily": "scanner", "description": "Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\n* A buffer overflow flaw was found in the way the qeth_snmp_command() function in the Linux kernel's QETH network device driver implementation handled SNMP IOCTL requests with an out-of-bounds length. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.\n(CVE-2013-6381, Important)\n\n* A flaw was found in the way the get_dumpable() function return value was interpreted in the ptrace subsystem of the Linux kernel. When 'fs.suid_dumpable' was set to 2, a local, unprivileged local user could use this flaw to bypass intended ptrace restrictions and obtain potentially sensitive information. (CVE-2013-2929, Low)\n\n* It was found that certain protocol handlers in the Linux kernel's networking implementation could set the addr_len value without initializing the associated data structure. A local, unprivileged user could use this flaw to leak kernel stack memory to user space using the recvmsg, recvfrom, and recvmmsg system calls (CVE-2013-7263, CVE-2013-7265, Low).\n\nThis update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section.\n\nAll kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2014-0159.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=72437", "published": "2014-02-12T00:00:00", "title": "CentOS 6 : kernel (CESA-2014:0159)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0159 and \n# CentOS Errata and Security Advisory 2014:0159 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72437);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/11/10 11:49:30\");\n\n script_cve_id(\"CVE-2013-2929\", \"CVE-2013-6381\", \"CVE-2013-7263\", \"CVE-2013-7265\");\n script_bugtraq_id(63890, 64111, 64677, 64686);\n script_xref(name:\"RHSA\", value:\"2014:0159\");\n\n script_name(english:\"CentOS 6 : kernel (CESA-2014:0159)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix multiple security issues and several\nbugs are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A buffer overflow flaw was found in the way the qeth_snmp_command()\nfunction in the Linux kernel's QETH network device driver\nimplementation handled SNMP IOCTL requests with an out-of-bounds\nlength. A local, unprivileged user could use this flaw to crash the\nsystem or, potentially, escalate their privileges on the system.\n(CVE-2013-6381, Important)\n\n* A flaw was found in the way the get_dumpable() function return value\nwas interpreted in the ptrace subsystem of the Linux kernel. When\n'fs.suid_dumpable' was set to 2, a local, unprivileged local user\ncould use this flaw to bypass intended ptrace restrictions and obtain\npotentially sensitive information. (CVE-2013-2929, Low)\n\n* It was found that certain protocol handlers in the Linux kernel's\nnetworking implementation could set the addr_len value without\ninitializing the associated data structure. A local, unprivileged user\ncould use this flaw to leak kernel stack memory to user space using\nthe recvmsg, recvfrom, and recvmmsg system calls (CVE-2013-7263,\nCVE-2013-7265, Low).\n\nThis update also fixes several bugs. Documentation for these changes\nwill be available shortly from the Technical Notes document linked to\nin the References section.\n\nAll kernel users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The system\nmust be rebooted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-February/020150.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?93ab98c2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-2.6.32-431.5.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-abi-whitelists-2.6.32-431.5.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-debug-2.6.32-431.5.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-debug-devel-2.6.32-431.5.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-devel-2.6.32-431.5.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-doc-2.6.32-431.5.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-firmware-2.6.32-431.5.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-headers-2.6.32-431.5.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perf-2.6.32-431.5.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"python-perf-2.6.32-431.5.1.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:20:47", "bulletinFamily": "scanner", "description": "* A buffer overflow flaw was found in the way the qeth_snmp_command() function in the Linux kernel's QETH network device driver implementation handled SNMP IOCTL requests with an out-of-bounds length. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.\n(CVE-2013-6381, Important)\n\n* A flaw was found in the way the get_dumpable() function return value was interpreted in the ptrace subsystem of the Linux kernel. When 'fs.suid_dumpable' was set to 2, a local, unprivileged local user could use this flaw to bypass intended ptrace restrictions and obtain potentially sensitive information. (CVE-2013-2929, Low)\n\n* It was found that certain protocol handlers in the Linux kernel's networking implementation could set the addr_len value without initializing the associated data structure. A local, unprivileged user could use this flaw to leak kernel stack memory to user space using the recvmsg, recvfrom, and recvmmsg system calls (CVE-2013-7263, CVE-2013-7265, Low).\n\nThe system must be rebooted for this update to take effect.", "modified": "2018-12-28T00:00:00", "id": "SL_20140211_KERNEL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=72475", "published": "2014-02-13T00:00:00", "title": "Scientific Linux Security Update : kernel on SL6.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72475);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/12/28 10:10:35\");\n\n script_cve_id(\"CVE-2013-2929\", \"CVE-2013-6381\", \"CVE-2013-7263\", \"CVE-2013-7265\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"* A buffer overflow flaw was found in the way the qeth_snmp_command()\nfunction in the Linux kernel's QETH network device driver\nimplementation handled SNMP IOCTL requests with an out-of-bounds\nlength. A local, unprivileged user could use this flaw to crash the\nsystem or, potentially, escalate their privileges on the system.\n(CVE-2013-6381, Important)\n\n* A flaw was found in the way the get_dumpable() function return value\nwas interpreted in the ptrace subsystem of the Linux kernel. When\n'fs.suid_dumpable' was set to 2, a local, unprivileged local user\ncould use this flaw to bypass intended ptrace restrictions and obtain\npotentially sensitive information. (CVE-2013-2929, Low)\n\n* It was found that certain protocol handlers in the Linux kernel's\nnetworking implementation could set the addr_len value without\ninitializing the associated data structure. A local, unprivileged user\ncould use this flaw to leak kernel stack memory to user space using\nthe recvmsg, recvfrom, and recvmmsg system calls (CVE-2013-7263,\nCVE-2013-7265, Low).\n\nThe system must be rebooted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1402&L=scientific-linux-errata&T=0&P=1319\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?70b4c52f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"kernel-2.6.32-431.5.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-abi-whitelists-2.6.32-431.5.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-2.6.32-431.5.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-debuginfo-2.6.32-431.5.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-devel-2.6.32-431.5.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debuginfo-2.6.32-431.5.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"i386\", reference:\"kernel-debuginfo-common-i686-2.6.32-431.5.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-431.5.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-devel-2.6.32-431.5.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-doc-2.6.32-431.5.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-firmware-2.6.32-431.5.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-headers-2.6.32-431.5.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-2.6.32-431.5.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-debuginfo-2.6.32-431.5.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-2.6.32-431.5.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-debuginfo-2.6.32-431.5.1.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:49", "bulletinFamily": "software", "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2015-1\r\nNovember 08, 2013\r\n\r\nlinux vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 10.04 LTS\r\n\r\nSummary:\r\n\r\nSeveral security issues were fixed in the kernel.\r\n\r\nSoftware Description:\r\n- linux: Linux kernel\r\n\r\nDetails:\r\n\r\nDan Carpenter discovered an information leak in the HP Smart Aray and\r\nCompaq SMART2 disk-array driver in the Linux kernel. A local user could\r\nexploit this flaw to obtain sensitive information from kernel memory.\r\n(CVE-2013-2147)\r\n\r\nKees Cook discovered flaw in the Human Interface Device (HID) subsystem\r\nwhen CONFIG_HID_ZEROPLUS is enabled. A physically proximate attacker could\r\nleverage this flaw to cause a denial of service via a specially crafted\r\ndevice. (CVE-2013-2889)\r\n\r\nKees Cook discovered another flaw in the Human Interface Device (HID)\r\nsubsystem of the Linux kernel when any of CONFIG_LOGITECH_FF,\r\nCONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF are enabled. A physcially\r\nproximate attacker can leverage this flaw to cause a denial of service vias\r\na specially crafted device. (CVE-2013-2893)\r\n\r\nKees Cook discovered yet another flaw in the Human Interface Device (HID)\r\nsubsystem of the Linux kernel when CONFIG_HID_MULTITOUCH is enabled. A\r\nphysically proximate attacker could leverage this flaw to cause a denial of\r\nservice (OOPS) via a specially crafted device. (CVE-2013-2897)\r\n\r\nA flaw was discovered in the Linux kernel's dm snapshot facility. A remote\r\nauthenticated user could exploit this flaw to obtain sensitive information\r\nor modify/corrupt data. (CVE-2013-4299)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 10.04 LTS:\r\n linux-image-2.6.32-53-386 2.6.32-53.115\r\n linux-image-2.6.32-53-generic 2.6.32-53.115\r\n linux-image-2.6.32-53-generic-pae 2.6.32-53.115\r\n linux-image-2.6.32-53-ia64 2.6.32-53.115\r\n linux-image-2.6.32-53-lpia 2.6.32-53.115\r\n linux-image-2.6.32-53-powerpc 2.6.32-53.115\r\n linux-image-2.6.32-53-powerpc-smp 2.6.32-53.115\r\n linux-image-2.6.32-53-powerpc64-smp 2.6.32-53.115\r\n linux-image-2.6.32-53-preempt 2.6.32-53.115\r\n linux-image-2.6.32-53-server 2.6.32-53.115\r\n linux-image-2.6.32-53-sparc64 2.6.32-53.115\r\n linux-image-2.6.32-53-sparc64-smp 2.6.32-53.115\r\n linux-image-2.6.32-53-versatile 2.6.32-53.115\r\n linux-image-2.6.32-53-virtual 2.6.32-53.115\r\n\r\nAfter a standard system update you need to reboot your computer to make\r\nall the necessary changes.\r\n\r\nATTENTION: Due to an unavoidable ABI change the kernel updates have\r\nbeen given a new version number, which requires you to recompile and\r\nreinstall all third party kernel modules you might have installed. If\r\nyou use linux-restricted-modules, you have to update that package as\r\nwell to get modules which work with the new kernel version. Unless you\r\nmanually uninstalled the standard kernel metapackages (e.g. linux-generic,\r\nlinux-server, linux-powerpc), a standard system upgrade will automatically\r\nperform this as well.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2015-1\r\n CVE-2013-2147, CVE-2013-2889, CVE-2013-2893, CVE-2013-2897,\r\n CVE-2013-4299\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/linux/2.6.32-53.115\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n", "modified": "2013-11-13T00:00:00", "published": "2013-11-13T00:00:00", "id": "SECURITYVULNS:DOC:29993", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29993", "title": "[USN-2015-1] Linux kernel vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2019-05-29T14:34:30", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A buffer overflow flaw was found in the way the qeth_snmp_command()\nfunction in the Linux kernel's QETH network device driver implementation\nhandled SNMP IOCTL requests with an out-of-bounds length. A local,\nunprivileged user could use this flaw to crash the system or, potentially,\nescalate their privileges on the system. (CVE-2013-6381, Important)\n\n* A flaw was found in the way the get_dumpable() function return value was\ninterpreted in the ptrace subsystem of the Linux kernel. When\n'fs.suid_dumpable' was set to 2, a local, unprivileged local user could\nuse this flaw to bypass intended ptrace restrictions and obtain\npotentially sensitive information. (CVE-2013-2929, Low)\n\n* It was found that certain protocol handlers in the Linux kernel's\nnetworking implementation could set the addr_len value without initializing\nthe associated data structure. A local, unprivileged user could use this\nflaw to leak kernel stack memory to user space using the recvmsg, recvfrom,\nand recvmmsg system calls (CVE-2013-7263, CVE-2013-7265, Low).\n\nThis update also fixes several bugs. Documentation for these changes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n", "modified": "2018-06-06T20:24:11", "published": "2014-02-11T05:00:00", "id": "RHSA-2014:0159", "href": "https://access.redhat.com/errata/RHSA-2014:0159", "type": "redhat", "title": "(RHSA-2014:0159) Important: kernel security and bug fix update", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2019-05-29T17:22:30", "bulletinFamily": "unix", "description": "Dan Carpenter discovered an information leak in the HP Smart Array and Compaq SMART2 disk-array driver in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2147)\n\nKees Cook discovered flaw in the Human Interface Device (HID) subsystem when CONFIG_HID_ZEROPLUS is enabled. A physically proximate attacker could leverage this flaw to cause a denial of service via a specially crafted device. (CVE-2013-2889)\n\nKees Cook discovered another flaw in the Human Interface Device (HID) subsystem of the Linux kernel when any of CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF are enabled. A physcially proximate attacker can leverage this flaw to cause a denial of service vias a specially crafted device. (CVE-2013-2893)\n\nKees Cook discovered yet another flaw in the Human Interface Device (HID) subsystem of the Linux kernel when CONFIG_HID_MULTITOUCH is enabled. A physically proximate attacker could leverage this flaw to cause a denial of service (OOPS) via a specially crafted device. (CVE-2013-2897)\n\nA flaw was discovered in the Linux kernel\u2019s dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. (CVE-2013-4299)", "modified": "2013-11-08T00:00:00", "published": "2013-11-08T00:00:00", "id": "USN-2015-1", "href": "https://usn.ubuntu.com/2015-1/", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T17:23:19", "bulletinFamily": "unix", "description": "A flaw was discovered in the Linux kernel\u2019s compat ioctls for Adaptec AACRAID scsi raid devices. An unprivileged local user could send administrative commands to these devices potentially compromising the data stored on the device. (CVE-2013-6383)\n\nmpd reported an information leak in the recvfrom, recvmmsg, and recvmsg system calls in the Linux kernel. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7263)\n\nmpb reported an information leak in the Layer Two Tunneling Protocol (l2tp) of the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7264)\n\nmpb reported an information leak in the Phone Network protocol (phonet) in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7265)\n\nmpb reported an information leak in the Low-Rate Wireless Personal Area Networks support (IEEE 802.15.4) in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7281)", "modified": "2014-02-18T00:00:00", "published": "2014-02-18T00:00:00", "id": "USN-2107-1", "href": "https://usn.ubuntu.com/2107-1/", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T17:22:30", "bulletinFamily": "unix", "description": "A flaw was discovered in the Linux kernel\u2019s compat ioctls for Adaptec AACRAID scsi raid devices. An unprivileged local user could send administrative commands to these devices potentially compromising the data stored on the device. (CVE-2013-6383)\n\nmpd reported an information leak in the recvfrom, recvmmsg, and recvmsg system calls in the Linux kernel. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7263)\n\nmpb reported an information leak in the Layer Two Tunneling Protocol (l2tp) of the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7264)\n\nmpb reported an information leak in the Phone Network protocol (phonet) in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7265)\n\nmpb reported an information leak in the Low-Rate Wireless Personal Area Networks support (IEEE 802.15.4) in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7281)", "modified": "2014-02-18T00:00:00", "published": "2014-02-18T00:00:00", "id": "USN-2108-1", "href": "https://usn.ubuntu.com/2108-1/", "title": "Linux kernel (EC2) vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T19:22:20", "bulletinFamily": "unix", "description": "Dan Carpenter discovered an information leak in the HP Smart Array and Compaq SMART2 disk-array driver in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2147)\n\nKees Cook discovered flaw in the Human Interface Device (HID) subsystem when CONFIG_HID_ZEROPLUS is enabled. A physically proximate attacker could leverage this flaw to cause a denial of service via a specially crafted device. (CVE-2013-2889)\n\nKees Cook discovered another flaw in the Human Interface Device (HID) subsystem of the Linux kernel when any of CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF are enabled. A physcially proximate attacker can leverage this flaw to cause a denial of service vias a specially crafted device. (CVE-2013-2893)\n\nKees Cook discovered yet another flaw in the Human Interface Device (HID) subsystem of the Linux kernel when CONFIG_HID_MULTITOUCH is enabled. A physically proximate attacker could leverage this flaw to cause a denial of service (OOPS) via a specially crafted device. (CVE-2013-2897)\n\nA flaw was discovered in the Linux kernel\u2019s dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. (CVE-2013-4299)", "modified": "2013-11-08T00:00:00", "published": "2013-11-08T00:00:00", "id": "USN-2016-1", "href": "https://usn.ubuntu.com/2016-1/", "title": "Linux kernel (EC2) vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T17:22:49", "bulletinFamily": "unix", "description": "An information leak was discovered in the Linux kernel when inotify is used to monitor the /dev/ptmx device. A local user could exploit this flaw to discover keystroke timing and potentially discover sensitive information like password length. (CVE-2013-0160)\n\nVasily Kulikov reported a flaw in the Linux kernel\u2019s implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2929)\n\nAndrew Honig reported a flaw in the Linux Kernel\u2019s kvm_vm_ioctl_create_vcpu function of the Kernel Virtual Machine (KVM) subsystem. A local user could exploit this flaw to gain privileges on the host machine. (CVE-2013-4587)\n\nAndrew Honig reported a flaw in the apic_get_tmcct function of the Kernel Virtual Machine (KVM) subsystem if the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service or host OS system crash. (CVE-2013-6367)\n\nNico Golde and Fabian Yamaguchi reported a flaw in the driver for Adaptec AACRAID scsi raid devices in the Linux kernel. A local user could use this flaw to cause a denial of service or possibly other unspecified impact. (CVE-2013-6380)\n\nNico Golde and Fabian Yamaguchi reported buffer underflow errors in the implementation of the XFS filesystem in the Linux kernel. A local user with CAP_SYS_ADMIN could exploit these flaw to cause a denial of service (memory corruption) or possibly other unspecified issues. (CVE-2013-6382)\n\nEvan Huus reported a buffer overflow in the Linux kernel\u2019s radiotap header parsing. A remote attacker could cause a denial of service (buffer over- read) via a specially crafted header. (CVE-2013-7027)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with ISDN sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7266)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with apple talk sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7267)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with ipx protocol sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7268)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with the netrom address family in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7269)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with packet address family sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7270)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with x25 protocol sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7271)\n\nAn information leak was discovered in the Linux kernel\u2019s SIOCWANDEV ioctl call. A local user with the CAP_NET_ADMIN capability could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-1444)\n\nAn information leak was discovered in the wanxl ioctl function the Linux kernel. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-1445)\n\nAn information leak was discovered in the Linux kernel\u2019s hamradio YAM driver for AX.25 packet radio. A local user with the CAP_NET_ADMIN capability could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2014-1446)\n\nMatthew Thode reported a denial of service vulnerability in the Linux kernel when SELinux support is enabled. A local user with the CAP_MAC_ADMIN capability (and the SELinux mac_admin permission if running in enforcing mode) could exploit this flaw to cause a denial of service (kernel crash). (CVE-2014-1874)", "modified": "2014-03-05T00:00:00", "published": "2014-03-05T00:00:00", "id": "USN-2128-1", "href": "https://usn.ubuntu.com/2128-1/", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T17:21:35", "bulletinFamily": "unix", "description": "Vasily Kulikov reported a flaw in the Linux kernel\u2019s implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2929)\n\nStephan Mueller reported an error in the Linux kernel\u2019s ansi cprng random number generator. This flaw makes it easier for a local attacker to break cryptographic protections. (CVE-2013-4345)\n\nJason Wang discovered a bug in the network flow dissector in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (infinite loop). (CVE-2013-4348)\n\nAndrew Honig reported a flaw in the Linux Kernel\u2019s kvm_vm_ioctl_create_vcpu function of the Kernel Virtual Machine (KVM) subsystem. A local user could exploit this flaw to gain privileges on the host machine. (CVE-2013-4587)\n\nAndrew Honig reported a flaw in the apic_get_tmcct function of the Kernel Virtual Machine (KVM) subsystem if the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service or host OS system crash. (CVE-2013-6367)\n\nNico Golde and Fabian Yamaguchi reported a flaw in the driver for Adaptec AACRAID scsi raid devices in the Linux kernel. A local user could use this flaw to cause a denial of service or possibly other unspecified impact. (CVE-2013-6380)\n\nNico Golde and Fabian Yamaguchi reported buffer underflow errors in the implementation of the XFS filesystem in the Linux kernel. A local user with CAP_SYS_ADMIN could exploit these flaw to cause a denial of service (memory corruption) or possibly other unspecified issues. (CVE-2013-6382)\n\nmpd reported an information leak in the recvfrom, recvmmsg, and recvmsg system calls in the Linux kernel. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7263)\n\nmpb reported an information leak in the Layer Two Tunneling Protocol (l2tp) of the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7264)\n\nmpb reported an information leak in the Phone Network protocol (phonet) in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7265)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with ISDN sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7266)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with apple talk sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7267)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with ipx protocol sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7268)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with the netrom address family in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7269)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with packet address family sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7270)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with x25 protocol sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7271)\n\nmpb reported an information leak in the Low-Rate Wireless Personal Area Networks support (IEEE 802.15.4) in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7281)", "modified": "2014-02-18T00:00:00", "published": "2014-02-18T00:00:00", "id": "USN-2110-1", "href": "https://usn.ubuntu.com/2110-1/", "title": "Linux kernel (OMAP4) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T17:23:21", "bulletinFamily": "unix", "description": "Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker could exploit this error to discover the original MAC address after a spoofing atack. (CVE-2013-4579)\n\nAndrew Honig reported a flaw in the Linux Kernel\u2019s kvm_vm_ioctl_create_vcpu function of the Kernel Virtual Machine (KVM) subsystem. A local user could exploit this flaw to gain privileges on the host machine. (CVE-2013-4587)\n\nAndrew Honig reported a flaw in the apic_get_tmcct function of the Kernel Virtual Machine (KVM) subsystem if the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service or host OS system crash. (CVE-2013-6367)\n\nAndrew Honig reported an error in the Linux Kernel\u2019s Kernel Virtual Machine (KVM) VAPIC synchronization operation. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash). (CVE-2013-6368)\n\nLars Bull discovered a flaw in the recalculate_apic_map function of the Kernel Virtual Machine (KVM) subsystem in the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service (host OS crash). (CVE-2013-6376)\n\nNico Golde and Fabian Yamaguchi reported a flaw in the driver for Adaptec AACRAID scsi raid devices in the Linux kernel. A local user could use this flaw to cause a denial of service or possibly other unspecified impact. (CVE-2013-6380)\n\nmpd reported an information leak in the recvfrom, recvmmsg, and recvmsg system calls in the Linux kernel. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7263)\n\nmpb reported an information leak in the Layer Two Tunneling Protocol (l2tp) of the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7264)\n\nmpb reported an information leak in the Phone Network protocol (phonet) in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7265)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with ISDN sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7266)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with apple talk sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7267)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with ipx protocol sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7268)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with the netrom address family in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7269)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with packet address family sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7270)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with x25 protocol sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7271)\n\nmpb reported an information leak in the Low-Rate Wireless Personal Area Networks support (IEEE 802.15.4) in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7281)\n\nA flaw was discovered in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel for systems that lack RDS transports. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). (CVE-2013-7339)\n\nhalfdog reported an error in the AMD K7 and K8 platform support in the Linux kernel. An unprivileged local user could exploit this flaw on AMD based systems to cause a denial of service (task kill) or possibly gain privileges via a crafted application. (CVE-2014-1438)\n\nAn information leak was discovered in the Linux kernel\u2019s hamradio YAM driver for AX.25 packet radio. A local user with the CAP_NET_ADMIN capability could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2014-1446)\n\nMatthew Thode reported a denial of service vulnerability in the Linux kernel when SELinux support is enabled. A local user with the CAP_MAC_ADMIN capability (and the SELinux mac_admin permission if running in enforcing mode) could exploit this flaw to cause a denial of service (kernel crash). (CVE-2014-1874)", "modified": "2014-03-07T00:00:00", "published": "2014-03-07T00:00:00", "id": "USN-2136-1", "href": "https://usn.ubuntu.com/2136-1/", "title": "Linux kernel (Raring HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T19:21:19", "bulletinFamily": "unix", "description": "Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker could exploit this error to discover the original MAC address after a spoofing atack. (CVE-2013-4579)\n\nAndrew Honig reported a flaw in the Linux Kernel\u2019s kvm_vm_ioctl_create_vcpu function of the Kernel Virtual Machine (KVM) subsystem. A local user could exploit this flaw to gain privileges on the host machine. (CVE-2013-4587)\n\nAndrew Honig reported a flaw in the apic_get_tmcct function of the Kernel Virtual Machine (KVM) subsystem if the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service or host OS system crash. (CVE-2013-6367)\n\nAndrew Honig reported an error in the Linux Kernel\u2019s Kernel Virtual Machine (KVM) VAPIC synchronization operation. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash). (CVE-2013-6368)\n\nNico Golde and Fabian Yamaguchi reported buffer underflow errors in the implementation of the XFS filesystem in the Linux kernel. A local user with CAP_SYS_ADMIN could exploit these flaw to cause a denial of service (memory corruption) or possibly other unspecified issues. (CVE-2013-6382)\n\nmpd reported an information leak in the recvfrom, recvmmsg, and recvmsg system calls in the Linux kernel. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7263)\n\nmpb reported an information leak in the Layer Two Tunneling Protocol (l2tp) of the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7264)\n\nmpb reported an information leak in the Phone Network protocol (phonet) in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7265)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with ISDN sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7266)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with apple talk sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7267)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with ipx protocol sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7268)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with the netrom address family in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7269)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with packet address family sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7270)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with x25 protocol sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7271)\n\nmpb reported an information leak in the Low-Rate Wireless Personal Area Networks support (IEEE 802.15.4) in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7281)\n\nA flaw was discovered in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel for systems that lack RDS transports. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). (CVE-2013-7339)\n\nhalfdog reported an error in the AMD K7 and K8 platform support in the Linux kernel. An unprivileged local user could exploit this flaw on AMD based systems to cause a denial of service (task kill) or possibly gain privileges via a crafted application. (CVE-2014-1438)\n\nAn information leak was discovered in the Linux kernel\u2019s hamradio YAM driver for AX.25 packet radio. A local user with the CAP_NET_ADMIN capability could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2014-1446)\n\nMatthew Thode reported a denial of service vulnerability in the Linux kernel when SELinux support is enabled. A local user with the CAP_MAC_ADMIN capability (and the SELinux mac_admin permission if running in enforcing mode) could exploit this flaw to cause a denial of service (kernel crash). (CVE-2014-1874)", "modified": "2014-03-07T00:00:00", "published": "2014-03-07T00:00:00", "id": "USN-2141-1", "href": "https://usn.ubuntu.com/2141-1/", "title": "Linux kernel (OMAP4) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-05-29T18:34:03", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2014:0159\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A buffer overflow flaw was found in the way the qeth_snmp_command()\nfunction in the Linux kernel's QETH network device driver implementation\nhandled SNMP IOCTL requests with an out-of-bounds length. A local,\nunprivileged user could use this flaw to crash the system or, potentially,\nescalate their privileges on the system. (CVE-2013-6381, Important)\n\n* A flaw was found in the way the get_dumpable() function return value was\ninterpreted in the ptrace subsystem of the Linux kernel. When\n'fs.suid_dumpable' was set to 2, a local, unprivileged local user could\nuse this flaw to bypass intended ptrace restrictions and obtain\npotentially sensitive information. (CVE-2013-2929, Low)\n\n* It was found that certain protocol handlers in the Linux kernel's\nnetworking implementation could set the addr_len value without initializing\nthe associated data structure. A local, unprivileged user could use this\nflaw to leak kernel stack memory to user space using the recvmsg, recvfrom,\nand recvmmsg system calls (CVE-2013-7263, CVE-2013-7265, Low).\n\nThis update also fixes several bugs. Documentation for these changes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-February/020150.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-firmware\nkernel-headers\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-0159.html", "modified": "2014-02-12T04:44:55", "published": "2014-02-12T04:44:55", "href": "http://lists.centos.org/pipermail/centos-announce/2014-February/020150.html", "id": "CESA-2014:0159", "title": "kernel, perf, python security update", "type": "centos", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:58", "bulletinFamily": "unix", "description": "[2.6.32-400.34.3]\n- inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu functions (Hannes Frederic Sowa) [18247290] {CVE-2013-7263} {CVE-2013-7265}\n[2.6.32-400.34.2]\n- exec/ptrace: fix get_dumpable() incorrect tests (Kees Cook) [18239033] {CVE-2013-2929} {CVE-2013-2929}\n- inet: prevent leakage of uninitialized memory to user in recv syscalls (Hannes Frederic Sowa) [18239036] {CVE-2013-7263} {CVE-2013-7265}", "modified": "2014-02-14T00:00:00", "published": "2014-02-14T00:00:00", "id": "ELSA-2014-3010", "href": "http://linux.oracle.com/errata/ELSA-2014-3010.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-05-29T18:38:13", "bulletinFamily": "unix", "description": "[2.6.39-400.214.3]\n- inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu functions (Hannes Frederic Sowa) [18247289] {CVE-2013-7263} {CVE-2013-7265}\n[2.6.39-400.214.2]\n- inet: prevent leakage of uninitialized memory to user in recv syscalls (Hannes Frederic Sowa) [18238382] {CVE-2013-7263} {CVE-2013-7265}\n- exec/ptrace: fix get_dumpable() incorrect tests (Kees Cook) [18238353] {CVE-2013-2929}", "modified": "2014-02-13T00:00:00", "published": "2014-02-13T00:00:00", "id": "ELSA-2014-3009", "href": "http://linux.oracle.com/errata/ELSA-2014-3009.html", "title": "unbreakable enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-05-29T18:35:16", "bulletinFamily": "unix", "description": "[3.8.13-26.1.1.el6uek]\n- inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu functions (Hannes Frederic Sowa) [18247287] {CVE-2013-7263} {CVE-2013-7265}\n- inet: prevent leakage of uninitialized memory to user in recv syscalls (Hannes Frederic Sowa) [18238377] {CVE-2013-7263} {CVE-2013-7265}\n- exec/ptrace: fix get_dumpable() incorrect tests (Kees Cook) [18238348] {CVE-2013-2929}", "modified": "2014-02-14T00:00:00", "published": "2014-02-14T00:00:00", "id": "ELSA-2014-3011", "href": "http://linux.oracle.com/errata/ELSA-2014-3011.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}], "f5": [{"lastseen": "2016-09-26T17:22:57", "bulletinFamily": "software", "description": "Recommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 is responding to this vulnerability as determined by the parameters defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability, you should only permit management access to F5 products over a secure network and limit shell access to trusted users. For more information, refer to SOL13309: Restricting access to the Configuration utility by source IP address (11.x) and SOL13092: Overview of securing access to the BIG-IP system. \n\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2015-01-14T00:00:00", "published": "2015-01-14T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/900/sol15984.html", "id": "SOL15984", "title": "SOL15984 - Linux kernel vulnerability CVE-2013-7265", "type": "f5", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2016-09-26T17:23:31", "bulletinFamily": "software", "description": "Recommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 is responding to this vulnerability as determined by the parameters defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability, you should only permit management access to F5 products over a secure network and limit shell access to trusted users. For more information, refer to SOL13309: Restricting access to the Configuration utility by source IP address (11.x) and SOL13092: Overview of securing access to the BIG-IP system.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2015-01-12T00:00:00", "published": "2015-01-12T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/900/sol15983.html", "id": "SOL15983", "title": "SOL15983 - Linux kernel vulnerability CVE-2013-7263", "type": "f5", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2016-09-26T17:22:51", "bulletinFamily": "software", "description": "The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk. ([CVE-2014-0101](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0101>))\n", "modified": "2016-07-21T00:00:00", "published": "2014-06-05T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15317.html", "id": "SOL15317", "title": "SOL15317 - Linux kernel vulnerability CVE-2014-0101", "type": "f5", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-03-12T00:17:20", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 454180 (BIG-IP), ID 462326 (Enterprise Manager), and ID 462324 (BIG-IQ) to this vulnerability. In addition, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) lists Heuristic 464523 on the **Diagnostics** > **Identified** > **High **screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM| 11.1.0 - 11.5.3| 12.0.0 \n11.6.0 \n11.0.0 \n10.0.0 - 10.2.4| Linux kernel \nBIG-IP AAM| 11.4.0 - 11.5.3| 12.0.0 \n11.6.0| Linux kernel \nBIG-IP AFM| 11.3.0 - 11.5.3| 12.0.0 \n11.6.0| Linux kernel \nBIG-IP Analytics| 11.1.0 - 11.5.3| 12.0.0 \n11.6.0 \n11.0.0| Linux kernel \nBIG-IP APM| 11.1.0 - 11.5.3| 12.0.0 \n11.6.0 \n11.0.0 \n10.1.0 - 10.2.4| Linux kernel \nBIG-IP ASM| 11.1.0 - 11.5.3| 12.0.0 \n11.6.0 \n11.0.0 \n10.0.0 - 10.2.4| Linux kernel \nBIG-IP Edge Gateway| 11.1.0 - 11.3.0| 11.0.0 \n10.1.0 - 10.2.4| Linux kernel \nBIG-IP GTM| 11.1.0 - 11.5.3| 11.6.0 \n11.0.0 \n10.0.0 - 10.2.4| Linux kernel \nBIG-IP Link Controller| 11.1.0 - 11.5.3| 12.0.0 \n11.6.0 \n11.0.0 \n10.0.0 - 10.2.4| Linux kernel \nBIG-IP PEM| 11.3.0 - 11.5.3| 12.0.0 \n11.6.0| Linux kernel \nBIG-IP PSM| 11.1.0 - 11.4.1| 11.0.0 \n10.0.0 - 10.2.4| Linux kernel \nBIG-IP WebAccelerator| 11.1.0 - 11.3.0| 11.0.0 \n10.0.0 - 10.2.4| Linux kernel \nBIG-IP WOM| 11.1.0 - 11.3.0| 11.0.0 \n10.0.0 - 10.2.4| Linux kernel \nARX| None| 6.0.0 - 6.4.0| None \nEnterprise Manager| 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0| None| Linux kernel \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Linux kernel \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Linux kernel \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Linux kernel \nBIG-IQ ADC| 4.5.0| None| Linux kernel \nBIG-IQ Centralized Management| 4.6.0| 5.0.0| Linux kernel \nBIG-IQ Cloud and Orchestration| None| 1.0.0| None \nLineRate| None| 2.2.0 - 2.3.1| None\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 is responding to this vulnerability as determined by the parameters defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>). \n\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2017-04-06T16:51:00", "published": "2014-06-05T19:56:00", "id": "F5:K15317", "href": "https://support.f5.com/csp/article/K15317", "title": "Linux kernel vulnerability CVE-2014-0101", "type": "f5", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}]}
