{"id": "DEBIAN_DSA-3128.NASL", "bulletinFamily": "scanner", "title": "Debian DSA-3128-1 : linux - security update", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or information leaks.\n\n - CVE-2013-6885 It was discovered that under specific circumstances, a combination of write operations to write-combined memory and locked CPU instructions may cause a core hang on AMD 16h 00h through 0Fh processors. A local user can use this flaw to mount a denial of service (system hang) via a crafted application.\n\n For more information please refer to the AMD CPU erratum 793 in http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf\n\n - CVE-2014-8133 It was found that the espfix funcionality can be bypassed by installing a 16-bit RW data segment into GDT instead of LDT (which espfix checks for) and using it for stack. A local unprivileged user could potentially use this flaw to leak kernel stack addresses and thus allowing to bypass the ASLR protection mechanism.\n\n - CVE-2014-9419 It was found that on Linux kernels compiled with the 32 bit interfaces (CONFIG_X86_32) a malicious user program can do a partial ASLR bypass through TLS base addresses leak when attacking other programs.\n\n - CVE-2014-9529 It was discovered that the Linux kernel is affected by a race condition flaw when doing key garbage collection, allowing local users to cause a denial of service (memory corruption or panic).\n\n - CVE-2014-9584 It was found that the Linux kernel does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.", "published": "2015-01-16T00:00:00", "modified": "2018-12-18T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=80558", "reporter": "Tenable", "references": ["https://security-tracker.debian.org/tracker/CVE-2014-8133", "http://www.nessus.org/u?d5360cb0", "https://security-tracker.debian.org/tracker/CVE-2013-6885", "https://www.debian.org/security/2015/dsa-3128", "https://packages.debian.org/source/wheezy/linux", "https://security-tracker.debian.org/tracker/CVE-2014-9419", "https://security-tracker.debian.org/tracker/CVE-2014-9529", "https://security-tracker.debian.org/tracker/CVE-2014-9584"], "cvelist": ["CVE-2014-9529", "CVE-2014-9584", "CVE-2013-6885", "CVE-2014-8133", "CVE-2014-9419"], "type": "nessus", "lastseen": "2019-02-21T01:23:12", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:linux"], "cvelist": ["CVE-2014-9529", "CVE-2014-9584", "CVE-2013-6885", "CVE-2014-8133", "CVE-2014-9419"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or information leaks.\n\n - CVE-2013-6885 It was discovered that under specific circumstances, a combination of write operations to write-combined memory and locked CPU instructions may cause a core hang on AMD 16h 00h through 0Fh processors. A local user can use this flaw to mount a denial of service (system hang) via a crafted application.\n\n For more information please refer to the AMD CPU erratum 793 in http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf\n\n - CVE-2014-8133 It was found that the espfix funcionality can be bypassed by installing a 16-bit RW data segment into GDT instead of LDT (which espfix checks for) and using it for stack. A local unprivileged user could potentially use this flaw to leak kernel stack addresses and thus allowing to bypass the ASLR protection mechanism.\n\n - CVE-2014-9419 It was found that on Linux kernels compiled with the 32 bit interfaces (CONFIG_X86_32) a malicious user program can do a partial ASLR bypass through TLS base addresses leak when attacking other programs.\n\n - CVE-2014-9529 It was discovered that the Linux kernel is affected by a race condition flaw when doing key garbage collection, allowing local users to cause a denial of service (memory corruption or panic).\n\n - CVE-2014-9584 It was found that the Linux kernel does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.", "edition": 5, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "2e42621259234e7c415297c360dba913d33abb0773a169424d38ec0a3a5460ed", "hashmap": [{"hash": "48d60a46ed3f845ea90484e4bf421124", "key": "modified"}, {"hash": "4328bc16b89f9a6fb1abb668747ce755", "key": "description"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "73e42833b2c2a93fe859a61a5fc22eef", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "41b89214196983103f62884fbef8b134", "key": "references"}, {"hash": "e0de1108a96fe918150325bc46b8ab3d", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "4d501a5a46c11b2d0b49e720f4861c96", "key": "title"}, {"hash": "b80cb5ef104721ee06f4b6d6ebe36ad5", "key": "sourceData"}, {"hash": "c13ca1932a9528351d33c5d36a934a3f", "key": "href"}, {"hash": "5701222fdc7c2b5e901419df19ceb641", "key": "cpe"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}, {"hash": "577ef4cb2f774b0dfc1f5ba70ac1557f", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=80558", "id": "DEBIAN_DSA-3128.NASL", "lastseen": "2018-09-01T23:55:53", "modified": "2018-07-09T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "80558", "published": "2015-01-16T00:00:00", "references": ["http://www.debian.org/security/2015/dsa-3128", "https://security-tracker.debian.org/tracker/CVE-2014-8133", "http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf", "https://security-tracker.debian.org/tracker/CVE-2013-6885", "https://packages.debian.org/source/wheezy/linux", "https://security-tracker.debian.org/tracker/CVE-2014-9419", "https://security-tracker.debian.org/tracker/CVE-2014-9529", "https://security-tracker.debian.org/tracker/CVE-2014-9584"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3128. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80558);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/09 14:30:26\");\n\n script_cve_id(\"CVE-2013-6885\", \"CVE-2014-8133\", \"CVE-2014-9419\", \"CVE-2014-9529\", \"CVE-2014-9584\");\n script_bugtraq_id(63983, 71684, 71794, 71880, 71883);\n script_xref(name:\"DSA\", value:\"3128\");\n\n script_name(english:\"Debian DSA-3128-1 : linux - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or information leaks.\n\n - CVE-2013-6885\n It was discovered that under specific circumstances, a\n combination of write operations to write-combined memory\n and locked CPU instructions may cause a core hang on AMD\n 16h 00h through 0Fh processors. A local user can use\n this flaw to mount a denial of service (system hang) via\n a crafted application.\n\n For more information please refer to the AMD CPU erratum 793 in\n http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf\n\n - CVE-2014-8133\n It was found that the espfix funcionality can be\n bypassed by installing a 16-bit RW data segment into GDT\n instead of LDT (which espfix checks for) and using it\n for stack. A local unprivileged user could potentially\n use this flaw to leak kernel stack addresses and thus\n allowing to bypass the ASLR protection mechanism.\n\n - CVE-2014-9419\n It was found that on Linux kernels compiled with the 32\n bit interfaces (CONFIG_X86_32) a malicious user program\n can do a partial ASLR bypass through TLS base addresses\n leak when attacking other programs.\n\n - CVE-2014-9529\n It was discovered that the Linux kernel is affected by a\n race condition flaw when doing key garbage collection,\n allowing local users to cause a denial of service\n (memory corruption or panic).\n\n - CVE-2014-9584\n It was found that the Linux kernel does not validate a\n length value in the Extensions Reference (ER) System Use\n Field, which allows local users to obtain sensitive\n information from kernel memory via a crafted iso9660\n image.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-8133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9529\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2015/dsa-3128\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 3.2.65-1+deb7u1. Additionally this update fixes a\nsuspend/resume regression introduced with 3.2.65.\n\nFor the upcoming stable distribution (jessie) and the unstable\ndistribution (sid), these problems will be fixed soon.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"linux-doc-3.2\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-486\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-4kc-malta\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-5kc-malta\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-armel\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-armhf\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-i386\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-ia64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-mips\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-mipsel\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-powerpc\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-s390\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-s390x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-sparc\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-common\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-common-rt\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-iop32x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-itanium\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-ixp4xx\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-kirkwood\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-loongson-2f\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-mckinley\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-mv78xx0\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-mx5\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-octeon\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-omap\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-orion5x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-powerpc\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-powerpc-smp\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-powerpc64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-r4k-ip22\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-r5k-cobalt\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-r5k-ip32\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-rt-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-rt-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-s390x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-sb1-bcm91250a\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-sparc64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-sparc64-smp\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-versatile\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-vexpress\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-486\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-4kc-malta\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-5kc-malta\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-686-pae-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-amd64-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-iop32x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-itanium\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-ixp4xx\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-kirkwood\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-loongson-2f\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-mckinley\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-mv78xx0\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-mx5\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-octeon\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-omap\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-orion5x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-powerpc\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-powerpc-smp\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-powerpc64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-r4k-ip22\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-r5k-cobalt\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-r5k-ip32\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-rt-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-rt-686-pae-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-rt-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-rt-amd64-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-s390x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-s390x-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-s390x-tape\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-sb1-bcm91250a\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-sb1a-bcm91480b\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-sparc64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-sparc64-smp\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-versatile\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-vexpress\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-libc-dev\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-manual-3.2\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-source-3.2\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-support-3.2.0-4\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-linux-system-3.2.0-4-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-linux-system-3.2.0-4-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DSA-3128-1 : linux - security update", "type": "nessus", "viewCount": 2}, "differentElements": ["references", "modified", "sourceData"], "edition": 5, "lastseen": "2018-09-01T23:55:53"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:linux"], "cvelist": ["CVE-2014-9529", "CVE-2014-9584", "CVE-2013-6885", "CVE-2014-8133", "CVE-2014-9419"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or information leaks.\n\n - CVE-2013-6885 It was discovered that under specific circumstances, a combination of write operations to write-combined memory and locked CPU instructions may cause a core hang on AMD 16h 00h through 0Fh processors. A local user can use this flaw to mount a denial of service (system hang) via a crafted application.\n\n For more information please refer to the AMD CPU erratum 793 in http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf\n\n - CVE-2014-8133 It was found that the espfix funcionality can be bypassed by installing a 16-bit RW data segment into GDT instead of LDT (which espfix checks for) and using it for stack. A local unprivileged user could potentially use this flaw to leak kernel stack addresses and thus allowing to bypass the ASLR protection mechanism.\n\n - CVE-2014-9419 It was found that on Linux kernels compiled with the 32 bit interfaces (CONFIG_X86_32) a malicious user program can do a partial ASLR bypass through TLS base addresses leak when attacking other programs.\n\n - CVE-2014-9529 It was discovered that the Linux kernel is affected by a race condition flaw when doing key garbage collection, allowing local users to cause a denial of service (memory corruption or panic).\n\n - CVE-2014-9584 It was found that the Linux kernel does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.", "edition": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "ba79ab426605de920f6d93db9d6a1e73e53083d9ed4825b3fe1824539fe838e6", "hashmap": [{"hash": "4328bc16b89f9a6fb1abb668747ce755", "key": "description"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "73e42833b2c2a93fe859a61a5fc22eef", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "2d5b44735d470318a5fbc22d7068d5ca", "key": "modified"}, {"hash": "41b89214196983103f62884fbef8b134", "key": "references"}, {"hash": "cdc4036b8c9968d06e3e810bd8693924", "key": "sourceData"}, {"hash": "e0de1108a96fe918150325bc46b8ab3d", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "4d501a5a46c11b2d0b49e720f4861c96", "key": "title"}, {"hash": "c13ca1932a9528351d33c5d36a934a3f", "key": "href"}, {"hash": "5701222fdc7c2b5e901419df19ceb641", "key": "cpe"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}, {"hash": "577ef4cb2f774b0dfc1f5ba70ac1557f", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=80558", "id": "DEBIAN_DSA-3128.NASL", "lastseen": "2017-10-29T13:41:14", "modified": "2016-05-05T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "80558", "published": "2015-01-16T00:00:00", "references": ["http://www.debian.org/security/2015/dsa-3128", "https://security-tracker.debian.org/tracker/CVE-2014-8133", "http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf", "https://security-tracker.debian.org/tracker/CVE-2013-6885", "https://packages.debian.org/source/wheezy/linux", "https://security-tracker.debian.org/tracker/CVE-2014-9419", "https://security-tracker.debian.org/tracker/CVE-2014-9529", "https://security-tracker.debian.org/tracker/CVE-2014-9584"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3128. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80558);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2016/05/05 16:01:11 $\");\n\n script_cve_id(\"CVE-2013-6885\", \"CVE-2014-8133\", \"CVE-2014-9419\", \"CVE-2014-9529\", \"CVE-2014-9584\");\n script_bugtraq_id(63983, 71684, 71794, 71880, 71883);\n script_osvdb_id(115920, 116259, 116762, 116767);\n script_xref(name:\"DSA\", value:\"3128\");\n\n script_name(english:\"Debian DSA-3128-1 : linux - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or information leaks.\n\n - CVE-2013-6885\n It was discovered that under specific circumstances, a\n combination of write operations to write-combined memory\n and locked CPU instructions may cause a core hang on AMD\n 16h 00h through 0Fh processors. A local user can use\n this flaw to mount a denial of service (system hang) via\n a crafted application.\n\n For more information please refer to the AMD CPU erratum 793 in\n http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf\n\n - CVE-2014-8133\n It was found that the espfix funcionality can be\n bypassed by installing a 16-bit RW data segment into GDT\n instead of LDT (which espfix checks for) and using it\n for stack. A local unprivileged user could potentially\n use this flaw to leak kernel stack addresses and thus\n allowing to bypass the ASLR protection mechanism.\n\n - CVE-2014-9419\n It was found that on Linux kernels compiled with the 32\n bit interfaces (CONFIG_X86_32) a malicious user program\n can do a partial ASLR bypass through TLS base addresses\n leak when attacking other programs.\n\n - CVE-2014-9529\n It was discovered that the Linux kernel is affected by a\n race condition flaw when doing key garbage collection,\n allowing local users to cause a denial of service\n (memory corruption or panic).\n\n - CVE-2014-9584\n It was found that the Linux kernel does not validate a\n length value in the Extensions Reference (ER) System Use\n Field, which allows local users to obtain sensitive\n information from kernel memory via a crafted iso9660\n image.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-8133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9529\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2015/dsa-3128\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 3.2.65-1+deb7u1. Additionally this update fixes a\nsuspend/resume regression introduced with 3.2.65.\n\nFor the upcoming stable distribution (jessie) and the unstable\ndistribution (sid), these problems will be fixed soon.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"linux-doc-3.2\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-486\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-4kc-malta\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-5kc-malta\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-armel\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-armhf\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-i386\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-ia64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-mips\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-mipsel\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-powerpc\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-s390\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-s390x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-sparc\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-common\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-common-rt\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-iop32x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-itanium\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-ixp4xx\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-kirkwood\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-loongson-2f\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-mckinley\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-mv78xx0\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-mx5\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-octeon\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-omap\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-orion5x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-powerpc\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-powerpc-smp\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-powerpc64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-r4k-ip22\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-r5k-cobalt\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-r5k-ip32\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-rt-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-rt-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-s390x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-sb1-bcm91250a\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-sparc64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-sparc64-smp\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-versatile\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-vexpress\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-486\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-4kc-malta\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-5kc-malta\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-686-pae-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-amd64-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-iop32x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-itanium\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-ixp4xx\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-kirkwood\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-loongson-2f\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-mckinley\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-mv78xx0\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-mx5\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-octeon\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-omap\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-orion5x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-powerpc\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-powerpc-smp\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-powerpc64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-r4k-ip22\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-r5k-cobalt\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-r5k-ip32\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-rt-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-rt-686-pae-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-rt-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-rt-amd64-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-s390x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-s390x-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-s390x-tape\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-sb1-bcm91250a\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-sb1a-bcm91480b\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-sparc64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-sparc64-smp\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-versatile\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-vexpress\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-libc-dev\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-manual-3.2\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-source-3.2\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-support-3.2.0-4\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-linux-system-3.2.0-4-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-linux-system-3.2.0-4-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DSA-3128-1 : linux - security update", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:41:14"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2014-9529", "CVE-2014-9584", "CVE-2013-6885", "CVE-2014-8133", "CVE-2014-9419"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or information leaks.\n\n - CVE-2013-6885 It was discovered that under specific circumstances, a combination of write operations to write-combined memory and locked CPU instructions may cause a core hang on AMD 16h 00h through 0Fh processors. A local user can use this flaw to mount a denial of service (system hang) via a crafted application.\n\n For more information please refer to the AMD CPU erratum 793 in http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf\n\n - CVE-2014-8133 It was found that the espfix funcionality can be bypassed by installing a 16-bit RW data segment into GDT instead of LDT (which espfix checks for) and using it for stack. A local unprivileged user could potentially use this flaw to leak kernel stack addresses and thus allowing to bypass the ASLR protection mechanism.\n\n - CVE-2014-9419 It was found that on Linux kernels compiled with the 32 bit interfaces (CONFIG_X86_32) a malicious user program can do a partial ASLR bypass through TLS base addresses leak when attacking other programs.\n\n - CVE-2014-9529 It was discovered that the Linux kernel is affected by a race condition flaw when doing key garbage collection, allowing local users to cause a denial of service (memory corruption or panic).\n\n - CVE-2014-9584 It was found that the Linux kernel does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.", "edition": 1, "enchantments": {}, "hash": "9396a343653f02031a0ffe9bb261daa9c5cb660b08778072b868d90c78ec3bac", "hashmap": [{"hash": "4328bc16b89f9a6fb1abb668747ce755", "key": "description"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "73e42833b2c2a93fe859a61a5fc22eef", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "2d5b44735d470318a5fbc22d7068d5ca", "key": "modified"}, {"hash": "41b89214196983103f62884fbef8b134", "key": "references"}, {"hash": "cdc4036b8c9968d06e3e810bd8693924", "key": "sourceData"}, {"hash": "e0de1108a96fe918150325bc46b8ab3d", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "4d501a5a46c11b2d0b49e720f4861c96", "key": "title"}, {"hash": "c13ca1932a9528351d33c5d36a934a3f", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}, {"hash": "577ef4cb2f774b0dfc1f5ba70ac1557f", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=80558", "id": "DEBIAN_DSA-3128.NASL", "lastseen": "2016-09-26T17:25:28", "modified": "2016-05-05T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.2", "pluginID": "80558", "published": "2015-01-16T00:00:00", "references": ["http://www.debian.org/security/2015/dsa-3128", "https://security-tracker.debian.org/tracker/CVE-2014-8133", "http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf", "https://security-tracker.debian.org/tracker/CVE-2013-6885", "https://packages.debian.org/source/wheezy/linux", "https://security-tracker.debian.org/tracker/CVE-2014-9419", "https://security-tracker.debian.org/tracker/CVE-2014-9529", "https://security-tracker.debian.org/tracker/CVE-2014-9584"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3128. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80558);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2016/05/05 16:01:11 $\");\n\n script_cve_id(\"CVE-2013-6885\", \"CVE-2014-8133\", \"CVE-2014-9419\", \"CVE-2014-9529\", \"CVE-2014-9584\");\n script_bugtraq_id(63983, 71684, 71794, 71880, 71883);\n script_osvdb_id(115920, 116259, 116762, 116767);\n script_xref(name:\"DSA\", value:\"3128\");\n\n script_name(english:\"Debian DSA-3128-1 : linux - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or information leaks.\n\n - CVE-2013-6885\n It was discovered that under specific circumstances, a\n combination of write operations to write-combined memory\n and locked CPU instructions may cause a core hang on AMD\n 16h 00h through 0Fh processors. A local user can use\n this flaw to mount a denial of service (system hang) via\n a crafted application.\n\n For more information please refer to the AMD CPU erratum 793 in\n http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf\n\n - CVE-2014-8133\n It was found that the espfix funcionality can be\n bypassed by installing a 16-bit RW data segment into GDT\n instead of LDT (which espfix checks for) and using it\n for stack. A local unprivileged user could potentially\n use this flaw to leak kernel stack addresses and thus\n allowing to bypass the ASLR protection mechanism.\n\n - CVE-2014-9419\n It was found that on Linux kernels compiled with the 32\n bit interfaces (CONFIG_X86_32) a malicious user program\n can do a partial ASLR bypass through TLS base addresses\n leak when attacking other programs.\n\n - CVE-2014-9529\n It was discovered that the Linux kernel is affected by a\n race condition flaw when doing key garbage collection,\n allowing local users to cause a denial of service\n (memory corruption or panic).\n\n - CVE-2014-9584\n It was found that the Linux kernel does not validate a\n length value in the Extensions Reference (ER) System Use\n Field, which allows local users to obtain sensitive\n information from kernel memory via a crafted iso9660\n image.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-8133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9529\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2015/dsa-3128\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 3.2.65-1+deb7u1. Additionally this update fixes a\nsuspend/resume regression introduced with 3.2.65.\n\nFor the upcoming stable distribution (jessie) and the unstable\ndistribution (sid), these problems will be fixed soon.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"linux-doc-3.2\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-486\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-4kc-malta\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-5kc-malta\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-armel\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-armhf\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-i386\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-ia64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-mips\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-mipsel\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-powerpc\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-s390\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-s390x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-sparc\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-common\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-common-rt\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-iop32x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-itanium\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-ixp4xx\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-kirkwood\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-loongson-2f\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-mckinley\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-mv78xx0\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-mx5\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-octeon\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-omap\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-orion5x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-powerpc\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-powerpc-smp\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-powerpc64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-r4k-ip22\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-r5k-cobalt\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-r5k-ip32\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-rt-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-rt-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-s390x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-sb1-bcm91250a\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-sparc64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-sparc64-smp\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-versatile\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-vexpress\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-486\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-4kc-malta\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-5kc-malta\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-686-pae-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-amd64-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-iop32x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-itanium\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-ixp4xx\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-kirkwood\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-loongson-2f\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-mckinley\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-mv78xx0\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-mx5\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-octeon\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-omap\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-orion5x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-powerpc\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-powerpc-smp\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-powerpc64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-r4k-ip22\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-r5k-cobalt\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-r5k-ip32\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-rt-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-rt-686-pae-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-rt-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-rt-amd64-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-s390x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-s390x-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-s390x-tape\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-sb1-bcm91250a\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-sb1a-bcm91480b\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-sparc64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-sparc64-smp\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-versatile\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-vexpress\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-libc-dev\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-manual-3.2\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-source-3.2\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-support-3.2.0-4\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-linux-system-3.2.0-4-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-linux-system-3.2.0-4-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DSA-3128-1 : linux - security update", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:25:28"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:linux"], "cvelist": ["CVE-2014-9529", "CVE-2014-9584", "CVE-2013-6885", "CVE-2014-8133", "CVE-2014-9419"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or information leaks.\n\n - CVE-2013-6885 It was discovered that under specific circumstances, a combination of write operations to write-combined memory and locked CPU instructions may cause a core hang on AMD 16h 00h through 0Fh processors. A local user can use this flaw to mount a denial of service (system hang) via a crafted application.\n\n For more information please refer to the AMD CPU erratum 793 in http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf\n\n - CVE-2014-8133 It was found that the espfix funcionality can be bypassed by installing a 16-bit RW data segment into GDT instead of LDT (which espfix checks for) and using it for stack. A local unprivileged user could potentially use this flaw to leak kernel stack addresses and thus allowing to bypass the ASLR protection mechanism.\n\n - CVE-2014-9419 It was found that on Linux kernels compiled with the 32 bit interfaces (CONFIG_X86_32) a malicious user program can do a partial ASLR bypass through TLS base addresses leak when attacking other programs.\n\n - CVE-2014-9529 It was discovered that the Linux kernel is affected by a race condition flaw when doing key garbage collection, allowing local users to cause a denial of service (memory corruption or panic).\n\n - CVE-2014-9584 It was found that the Linux kernel does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.", "edition": 4, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "0a9e1fd9dea1077b1695f74a5c768ea8ac679aa8f8c2bc31ee0b56242832f76f", "hashmap": [{"hash": "48d60a46ed3f845ea90484e4bf421124", "key": "modified"}, {"hash": "4328bc16b89f9a6fb1abb668747ce755", "key": "description"}, {"hash": "73e42833b2c2a93fe859a61a5fc22eef", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "41b89214196983103f62884fbef8b134", "key": "references"}, {"hash": "e0de1108a96fe918150325bc46b8ab3d", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "4d501a5a46c11b2d0b49e720f4861c96", "key": "title"}, {"hash": "b80cb5ef104721ee06f4b6d6ebe36ad5", "key": "sourceData"}, {"hash": "c13ca1932a9528351d33c5d36a934a3f", "key": "href"}, {"hash": "5701222fdc7c2b5e901419df19ceb641", "key": "cpe"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}, {"hash": "577ef4cb2f774b0dfc1f5ba70ac1557f", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=80558", "id": "DEBIAN_DSA-3128.NASL", "lastseen": "2018-08-30T19:48:57", "modified": "2018-07-09T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "80558", "published": "2015-01-16T00:00:00", "references": ["http://www.debian.org/security/2015/dsa-3128", "https://security-tracker.debian.org/tracker/CVE-2014-8133", "http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf", "https://security-tracker.debian.org/tracker/CVE-2013-6885", "https://packages.debian.org/source/wheezy/linux", "https://security-tracker.debian.org/tracker/CVE-2014-9419", "https://security-tracker.debian.org/tracker/CVE-2014-9529", "https://security-tracker.debian.org/tracker/CVE-2014-9584"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3128. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80558);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/09 14:30:26\");\n\n script_cve_id(\"CVE-2013-6885\", \"CVE-2014-8133\", \"CVE-2014-9419\", \"CVE-2014-9529\", \"CVE-2014-9584\");\n script_bugtraq_id(63983, 71684, 71794, 71880, 71883);\n script_xref(name:\"DSA\", value:\"3128\");\n\n script_name(english:\"Debian DSA-3128-1 : linux - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or information leaks.\n\n - CVE-2013-6885\n It was discovered that under specific circumstances, a\n combination of write operations to write-combined memory\n and locked CPU instructions may cause a core hang on AMD\n 16h 00h through 0Fh processors. A local user can use\n this flaw to mount a denial of service (system hang) via\n a crafted application.\n\n For more information please refer to the AMD CPU erratum 793 in\n http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf\n\n - CVE-2014-8133\n It was found that the espfix funcionality can be\n bypassed by installing a 16-bit RW data segment into GDT\n instead of LDT (which espfix checks for) and using it\n for stack. A local unprivileged user could potentially\n use this flaw to leak kernel stack addresses and thus\n allowing to bypass the ASLR protection mechanism.\n\n - CVE-2014-9419\n It was found that on Linux kernels compiled with the 32\n bit interfaces (CONFIG_X86_32) a malicious user program\n can do a partial ASLR bypass through TLS base addresses\n leak when attacking other programs.\n\n - CVE-2014-9529\n It was discovered that the Linux kernel is affected by a\n race condition flaw when doing key garbage collection,\n allowing local users to cause a denial of service\n (memory corruption or panic).\n\n - CVE-2014-9584\n It was found that the Linux kernel does not validate a\n length value in the Extensions Reference (ER) System Use\n Field, which allows local users to obtain sensitive\n information from kernel memory via a crafted iso9660\n image.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-8133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9529\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2015/dsa-3128\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 3.2.65-1+deb7u1. Additionally this update fixes a\nsuspend/resume regression introduced with 3.2.65.\n\nFor the upcoming stable distribution (jessie) and the unstable\ndistribution (sid), these problems will be fixed soon.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"linux-doc-3.2\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-486\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-4kc-malta\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-5kc-malta\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-armel\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-armhf\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-i386\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-ia64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-mips\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-mipsel\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-powerpc\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-s390\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-s390x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-sparc\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-common\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-common-rt\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-iop32x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-itanium\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-ixp4xx\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-kirkwood\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-loongson-2f\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-mckinley\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-mv78xx0\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-mx5\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-octeon\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-omap\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-orion5x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-powerpc\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-powerpc-smp\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-powerpc64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-r4k-ip22\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-r5k-cobalt\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-r5k-ip32\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-rt-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-rt-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-s390x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-sb1-bcm91250a\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-sparc64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-sparc64-smp\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-versatile\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-vexpress\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-486\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-4kc-malta\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-5kc-malta\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-686-pae-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-amd64-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-iop32x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-itanium\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-ixp4xx\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-kirkwood\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-loongson-2f\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-mckinley\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-mv78xx0\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-mx5\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-octeon\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-omap\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-orion5x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-powerpc\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-powerpc-smp\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-powerpc64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-r4k-ip22\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-r5k-cobalt\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-r5k-ip32\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-rt-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-rt-686-pae-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-rt-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-rt-amd64-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-s390x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-s390x-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-s390x-tape\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-sb1-bcm91250a\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-sb1a-bcm91480b\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-sparc64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-sparc64-smp\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-versatile\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-vexpress\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-libc-dev\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-manual-3.2\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-source-3.2\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-support-3.2.0-4\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-linux-system-3.2.0-4-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-linux-system-3.2.0-4-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DSA-3128-1 : linux - security update", "type": "nessus", "viewCount": 2}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:48:57"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:linux"], "cvelist": ["CVE-2014-9529", "CVE-2014-9584", "CVE-2013-6885", "CVE-2014-8133", "CVE-2014-9419"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or information leaks.\n\n - CVE-2013-6885 It was discovered that under specific circumstances, a combination of write operations to write-combined memory and locked CPU instructions may cause a core hang on AMD 16h 00h through 0Fh processors. A local user can use this flaw to mount a denial of service (system hang) via a crafted application.\n\n For more information please refer to the AMD CPU erratum 793 in http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf\n\n - CVE-2014-8133 It was found that the espfix funcionality can be bypassed by installing a 16-bit RW data segment into GDT instead of LDT (which espfix checks for) and using it for stack. A local unprivileged user could potentially use this flaw to leak kernel stack addresses and thus allowing to bypass the ASLR protection mechanism.\n\n - CVE-2014-9419 It was found that on Linux kernels compiled with the 32 bit interfaces (CONFIG_X86_32) a malicious user program can do a partial ASLR bypass through TLS base addresses leak when attacking other programs.\n\n - CVE-2014-9529 It was discovered that the Linux kernel is affected by a race condition flaw when doing key garbage collection, allowing local users to cause a denial of service (memory corruption or panic).\n\n - CVE-2014-9584 It was found that the Linux kernel does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.", "edition": 6, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "1756d6bbed65061508cc26bb72ffd0e44cda7d8a3fa3eddbc5f110a82d5e0f89", "hashmap": [{"hash": "4328bc16b89f9a6fb1abb668747ce755", "key": "description"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "73e42833b2c2a93fe859a61a5fc22eef", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e78fa10874b77be9c47c322c7cc987fb", "key": "references"}, {"hash": "e0de1108a96fe918150325bc46b8ab3d", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "3c764d4cf584f9ded7aa4dcca57c78ff", "key": "modified"}, {"hash": "dce212b45c8f4074274e7be3f7139fc1", "key": "sourceData"}, {"hash": "4d501a5a46c11b2d0b49e720f4861c96", "key": "title"}, {"hash": "c13ca1932a9528351d33c5d36a934a3f", "key": "href"}, {"hash": "5701222fdc7c2b5e901419df19ceb641", "key": "cpe"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}, {"hash": "577ef4cb2f774b0dfc1f5ba70ac1557f", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=80558", "id": "DEBIAN_DSA-3128.NASL", "lastseen": "2018-11-13T17:01:04", "modified": "2018-11-10T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "80558", "published": "2015-01-16T00:00:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2014-8133", "http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf", "https://security-tracker.debian.org/tracker/CVE-2013-6885", "https://www.debian.org/security/2015/dsa-3128", "https://packages.debian.org/source/wheezy/linux", "https://security-tracker.debian.org/tracker/CVE-2014-9419", "https://security-tracker.debian.org/tracker/CVE-2014-9529", "https://security-tracker.debian.org/tracker/CVE-2014-9584"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3128. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80558);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/10 11:49:36\");\n\n script_cve_id(\"CVE-2013-6885\", \"CVE-2014-8133\", \"CVE-2014-9419\", \"CVE-2014-9529\", \"CVE-2014-9584\");\n script_bugtraq_id(63983, 71684, 71794, 71880, 71883);\n script_xref(name:\"DSA\", value:\"3128\");\n\n script_name(english:\"Debian DSA-3128-1 : linux - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or information leaks.\n\n - CVE-2013-6885\n It was discovered that under specific circumstances, a\n combination of write operations to write-combined memory\n and locked CPU instructions may cause a core hang on AMD\n 16h 00h through 0Fh processors. A local user can use\n this flaw to mount a denial of service (system hang) via\n a crafted application.\n\n For more information please refer to the AMD CPU erratum 793 in\n http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf\n\n - CVE-2014-8133\n It was found that the espfix funcionality can be\n bypassed by installing a 16-bit RW data segment into GDT\n instead of LDT (which espfix checks for) and using it\n for stack. A local unprivileged user could potentially\n use this flaw to leak kernel stack addresses and thus\n allowing to bypass the ASLR protection mechanism.\n\n - CVE-2014-9419\n It was found that on Linux kernels compiled with the 32\n bit interfaces (CONFIG_X86_32) a malicious user program\n can do a partial ASLR bypass through TLS base addresses\n leak when attacking other programs.\n\n - CVE-2014-9529\n It was discovered that the Linux kernel is affected by a\n race condition flaw when doing key garbage collection,\n allowing local users to cause a denial of service\n (memory corruption or panic).\n\n - CVE-2014-9584\n It was found that the Linux kernel does not validate a\n length value in the Extensions Reference (ER) System Use\n Field, which allows local users to obtain sensitive\n information from kernel memory via a crafted iso9660\n image.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-8133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9529\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3128\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 3.2.65-1+deb7u1. Additionally this update fixes a\nsuspend/resume regression introduced with 3.2.65.\n\nFor the upcoming stable distribution (jessie) and the unstable\ndistribution (sid), these problems will be fixed soon.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"linux-doc-3.2\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-486\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-4kc-malta\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-5kc-malta\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-armel\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-armhf\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-i386\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-ia64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-mips\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-mipsel\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-powerpc\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-s390\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-s390x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-sparc\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-common\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-common-rt\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-iop32x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-itanium\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-ixp4xx\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-kirkwood\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-loongson-2f\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-mckinley\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-mv78xx0\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-mx5\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-octeon\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-omap\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-orion5x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-powerpc\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-powerpc-smp\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-powerpc64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-r4k-ip22\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-r5k-cobalt\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-r5k-ip32\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-rt-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-rt-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-s390x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-sb1-bcm91250a\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-sparc64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-sparc64-smp\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-versatile\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-vexpress\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-486\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-4kc-malta\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-5kc-malta\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-686-pae-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-amd64-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-iop32x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-itanium\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-ixp4xx\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-kirkwood\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-loongson-2f\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-mckinley\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-mv78xx0\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-mx5\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-octeon\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-omap\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-orion5x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-powerpc\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-powerpc-smp\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-powerpc64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-r4k-ip22\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-r5k-cobalt\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-r5k-ip32\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-rt-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-rt-686-pae-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-rt-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-rt-amd64-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-s390x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-s390x-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-s390x-tape\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-sb1-bcm91250a\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-sb1a-bcm91480b\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-sparc64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-sparc64-smp\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-versatile\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-vexpress\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-libc-dev\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-manual-3.2\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-source-3.2\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-support-3.2.0-4\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-linux-system-3.2.0-4-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-linux-system-3.2.0-4-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DSA-3128-1 : linux - security update", "type": "nessus", "viewCount": 2}, "differentElements": ["references", "modified", "sourceData"], "edition": 6, "lastseen": "2018-11-13T17:01:04"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:linux"], "cvelist": ["CVE-2014-9529", "CVE-2014-9584", "CVE-2013-6885", "CVE-2014-8133", "CVE-2014-9419"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or information leaks.\n\n - CVE-2013-6885\n It was discovered that under specific circumstances, a\n combination of write operations to write-combined memory\n and locked CPU instructions may cause a core hang on AMD\n 16h 00h through 0Fh processors. A local user can use\n this flaw to mount a denial of service (system hang) via\n a crafted application.\n\n For more information please refer to the AMD CPU erratum 793 in\n http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf\n\n - CVE-2014-8133\n It was found that the espfix funcionality can be\n bypassed by installing a 16-bit RW data segment into GDT\n instead of LDT (which espfix checks for) and using it\n for stack. A local unprivileged user could potentially\n use this flaw to leak kernel stack addresses and thus\n allowing to bypass the ASLR protection mechanism.\n\n - CVE-2014-9419\n It was found that on Linux kernels compiled with the 32\n bit interfaces (CONFIG_X86_32) a malicious user program\n can do a partial ASLR bypass through TLS base addresses\n leak when attacking other programs.\n\n - CVE-2014-9529\n It was discovered that the Linux kernel is affected by a\n race condition flaw when doing key garbage collection,\n allowing local users to cause a denial of service\n (memory corruption or panic).\n\n - CVE-2014-9584\n It was found that the Linux kernel does not validate a\n length value in the Extensions Reference (ER) System Use\n Field, which allows local users to obtain sensitive\n information from kernel memory via a crafted iso9660\n image.", "edition": 8, "enchantments": {"dependencies": {"modified": "2019-01-16T20:20:36", "references": [{"idList": ["UBUNTU_USN-2515-2.NASL", "UBUNTU_USN-2515-1.NASL", "UBUNTU_USN-2517-1.NASL", "UBUNTU_USN-2516-1.NASL", "UBUNTU_USN-2518-1.NASL", "UBUNTU_USN-2512-1.NASL", "UBUNTU_USN-2516-2.NASL", "UBUNTU_USN-2511-1.NASL", "ORACLEVM_OVMSA-2015-0056.NASL", "UBUNTU_USN-2516-3.NASL"], "type": "nessus"}, {"idList": ["USN-2517-1", "USN-2511-1", "USN-2516-2", "USN-2516-1", "USN-2515-1", "USN-2515-2", "USN-2512-1", "USN-2514-1", "USN-2518-1", "USN-2516-3"], "type": "ubuntu"}, {"idList": ["RHSA-2015:1137", "RHSA-2015:0864", "RHSA-2015:1138", "RHSA-2015:1139"], "type": "redhat"}, {"idList": ["SOL17245", "F5:K17245", "F5:K17551", "SOL17551", "SOL17239", "F5:K17132", "SOL17132", "F5:K17239"], "type": "f5"}, {"idList": ["SECURITYVULNS:VULN:14217", "SECURITYVULNS:DOC:31768", "SECURITYVULNS:DOC:31621"], "type": "securityvulns"}, {"idList": ["CVE-2014-9529", "CVE-2014-9584", "CVE-2013-6885", "CVE-2014-8133", "CVE-2014-9419"], "type": "cve"}, {"idList": ["OPENSUSE-SU-2015:0714-1", "OPENSUSE-SU-2015:0713-1", "SUSE-SU-2015:0529-1"], "type": "suse"}, {"idList": ["CESA-2015:1137", "CESA-2015:0864"], "type": "centos"}, {"idList": ["DEBIAN:DLA-155-1:5E8B0", "DEBIAN:DSA-3128-1:80F9C"], "type": "debian"}, {"idList": ["XSA-82"], "type": "xen"}, {"idList": ["ELSA-2015-3033", "ELSA-2015-3035", "ELSA-2015-3032", "ELSA-2015-3034"], "type": "oraclelinux"}, {"idList": ["OPENVAS:1361412562310105439", "OPENVAS:1361412562310842108", "OPENVAS:1361412562310842105", "OPENVAS:1361412562310868914", "OPENVAS:1361412562310842113", "OPENVAS:1361412562310842107", "OPENVAS:1361412562310842109", "OPENVAS:1361412562310703128", "OPENVAS:1361412562310842116", "OPENVAS:703128"], "type": "openvas"}]}, "score": {"value": 5.0, "vector": "NONE"}}, "hash": "22d0489dd40ffe31875288af7ba7c2200439905837183904055d861c5fa51579", "hashmap": [{"hash": "84f8e6696448c85b8b69757bbd1f1be9", "key": "description"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "73e42833b2c2a93fe859a61a5fc22eef", "key": "pluginID"}, {"hash": "0b765324c2200d7521a1d3f879e8bc53", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8e77c7151ba1087bc7ade1792756dbb1", "key": "sourceData"}, {"hash": "e0de1108a96fe918150325bc46b8ab3d", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "4d501a5a46c11b2d0b49e720f4861c96", "key": "title"}, {"hash": "c13ca1932a9528351d33c5d36a934a3f", "key": "href"}, {"hash": "5701222fdc7c2b5e901419df19ceb641", "key": "cpe"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}, {"hash": "577ef4cb2f774b0dfc1f5ba70ac1557f", "key": "published"}, {"hash": "9decbcca8575674e02745c2d024303a0", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=80558", "id": "DEBIAN_DSA-3128.NASL", "lastseen": "2019-01-16T20:20:36", "modified": "2018-12-18T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "80558", "published": "2015-01-16T00:00:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2014-8133", "http://www.nessus.org/u?d5360cb0", "https://security-tracker.debian.org/tracker/CVE-2013-6885", "https://www.debian.org/security/2015/dsa-3128", "https://packages.debian.org/source/wheezy/linux", "https://security-tracker.debian.org/tracker/CVE-2014-9419", "https://security-tracker.debian.org/tracker/CVE-2014-9529", "https://security-tracker.debian.org/tracker/CVE-2014-9584"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3128. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80558);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/12/18 10:18:58\");\n\n script_cve_id(\"CVE-2013-6885\", \"CVE-2014-8133\", \"CVE-2014-9419\", \"CVE-2014-9529\", \"CVE-2014-9584\");\n script_bugtraq_id(63983, 71684, 71794, 71880, 71883);\n script_xref(name:\"DSA\", value:\"3128\");\n\n script_name(english:\"Debian DSA-3128-1 : linux - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or information leaks.\n\n - CVE-2013-6885\n It was discovered that under specific circumstances, a\n combination of write operations to write-combined memory\n and locked CPU instructions may cause a core hang on AMD\n 16h 00h through 0Fh processors. A local user can use\n this flaw to mount a denial of service (system hang) via\n a crafted application.\n\n For more information please refer to the AMD CPU erratum 793 in\n http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf\n\n - CVE-2014-8133\n It was found that the espfix funcionality can be\n bypassed by installing a 16-bit RW data segment into GDT\n instead of LDT (which espfix checks for) and using it\n for stack. A local unprivileged user could potentially\n use this flaw to leak kernel stack addresses and thus\n allowing to bypass the ASLR protection mechanism.\n\n - CVE-2014-9419\n It was found that on Linux kernels compiled with the 32\n bit interfaces (CONFIG_X86_32) a malicious user program\n can do a partial ASLR bypass through TLS base addresses\n leak when attacking other programs.\n\n - CVE-2014-9529\n It was discovered that the Linux kernel is affected by a\n race condition flaw when doing key garbage collection,\n allowing local users to cause a denial of service\n (memory corruption or panic).\n\n - CVE-2014-9584\n It was found that the Linux kernel does not validate a\n length value in the Extensions Reference (ER) System Use\n Field, which allows local users to obtain sensitive\n information from kernel memory via a crafted iso9660\n image.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6885\"\n );\n # http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d5360cb0\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-8133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9529\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3128\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 3.2.65-1+deb7u1. Additionally this update fixes a\nsuspend/resume regression introduced with 3.2.65.\n\nFor the upcoming stable distribution (jessie) and the unstable\ndistribution (sid), these problems will be fixed soon.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"linux-doc-3.2\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-486\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-4kc-malta\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-5kc-malta\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-armel\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-armhf\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-i386\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-ia64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-mips\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-mipsel\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-powerpc\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-s390\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-s390x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-sparc\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-common\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-common-rt\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-iop32x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-itanium\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-ixp4xx\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-kirkwood\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-loongson-2f\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-mckinley\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-mv78xx0\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-mx5\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-octeon\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-omap\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-orion5x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-powerpc\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-powerpc-smp\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-powerpc64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-r4k-ip22\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-r5k-cobalt\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-r5k-ip32\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-rt-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-rt-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-s390x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-sb1-bcm91250a\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-sparc64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-sparc64-smp\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-versatile\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-vexpress\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-486\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-4kc-malta\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-5kc-malta\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-686-pae-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-amd64-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-iop32x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-itanium\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-ixp4xx\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-kirkwood\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-loongson-2f\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-mckinley\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-mv78xx0\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-mx5\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-octeon\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-omap\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-orion5x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-powerpc\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-powerpc-smp\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-powerpc64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-r4k-ip22\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-r5k-cobalt\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-r5k-ip32\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-rt-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-rt-686-pae-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-rt-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-rt-amd64-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-s390x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-s390x-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-s390x-tape\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-sb1-bcm91250a\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-sb1a-bcm91480b\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-sparc64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-sparc64-smp\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-versatile\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-vexpress\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-libc-dev\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-manual-3.2\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-source-3.2\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-support-3.2.0-4\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-linux-system-3.2.0-4-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-linux-system-3.2.0-4-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DSA-3128-1 : linux - security update", "type": "nessus", "viewCount": 2}, "differentElements": ["description"], "edition": 8, "lastseen": "2019-01-16T20:20:36"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:linux"], "cvelist": ["CVE-2014-9529", "CVE-2014-9584", "CVE-2013-6885", "CVE-2014-8133", "CVE-2014-9419"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or information leaks.\n\n - CVE-2013-6885 It was discovered that under specific circumstances, a combination of write operations to write-combined memory and locked CPU instructions may cause a core hang on AMD 16h 00h through 0Fh processors. A local user can use this flaw to mount a denial of service (system hang) via a crafted application.\n\n For more information please refer to the AMD CPU erratum 793 in http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf\n\n - CVE-2014-8133 It was found that the espfix funcionality can be bypassed by installing a 16-bit RW data segment into GDT instead of LDT (which espfix checks for) and using it for stack. A local unprivileged user could potentially use this flaw to leak kernel stack addresses and thus allowing to bypass the ASLR protection mechanism.\n\n - CVE-2014-9419 It was found that on Linux kernels compiled with the 32 bit interfaces (CONFIG_X86_32) a malicious user program can do a partial ASLR bypass through TLS base addresses leak when attacking other programs.\n\n - CVE-2014-9529 It was discovered that the Linux kernel is affected by a race condition flaw when doing key garbage collection, allowing local users to cause a denial of service (memory corruption or panic).\n\n - CVE-2014-9584 It was found that the Linux kernel does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.", "edition": 3, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "2e42621259234e7c415297c360dba913d33abb0773a169424d38ec0a3a5460ed", "hashmap": [{"hash": "48d60a46ed3f845ea90484e4bf421124", "key": "modified"}, {"hash": "4328bc16b89f9a6fb1abb668747ce755", "key": "description"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "73e42833b2c2a93fe859a61a5fc22eef", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "41b89214196983103f62884fbef8b134", "key": "references"}, {"hash": "e0de1108a96fe918150325bc46b8ab3d", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "4d501a5a46c11b2d0b49e720f4861c96", "key": "title"}, {"hash": "b80cb5ef104721ee06f4b6d6ebe36ad5", "key": "sourceData"}, {"hash": "c13ca1932a9528351d33c5d36a934a3f", "key": "href"}, {"hash": "5701222fdc7c2b5e901419df19ceb641", "key": "cpe"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}, {"hash": "577ef4cb2f774b0dfc1f5ba70ac1557f", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=80558", "id": "DEBIAN_DSA-3128.NASL", "lastseen": "2018-07-10T06:01:26", "modified": "2018-07-09T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "80558", "published": "2015-01-16T00:00:00", "references": ["http://www.debian.org/security/2015/dsa-3128", "https://security-tracker.debian.org/tracker/CVE-2014-8133", "http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf", "https://security-tracker.debian.org/tracker/CVE-2013-6885", "https://packages.debian.org/source/wheezy/linux", "https://security-tracker.debian.org/tracker/CVE-2014-9419", "https://security-tracker.debian.org/tracker/CVE-2014-9529", "https://security-tracker.debian.org/tracker/CVE-2014-9584"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3128. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80558);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/09 14:30:26\");\n\n script_cve_id(\"CVE-2013-6885\", \"CVE-2014-8133\", \"CVE-2014-9419\", \"CVE-2014-9529\", \"CVE-2014-9584\");\n script_bugtraq_id(63983, 71684, 71794, 71880, 71883);\n script_xref(name:\"DSA\", value:\"3128\");\n\n script_name(english:\"Debian DSA-3128-1 : linux - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or information leaks.\n\n - CVE-2013-6885\n It was discovered that under specific circumstances, a\n combination of write operations to write-combined memory\n and locked CPU instructions may cause a core hang on AMD\n 16h 00h through 0Fh processors. A local user can use\n this flaw to mount a denial of service (system hang) via\n a crafted application.\n\n For more information please refer to the AMD CPU erratum 793 in\n http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf\n\n - CVE-2014-8133\n It was found that the espfix funcionality can be\n bypassed by installing a 16-bit RW data segment into GDT\n instead of LDT (which espfix checks for) and using it\n for stack. A local unprivileged user could potentially\n use this flaw to leak kernel stack addresses and thus\n allowing to bypass the ASLR protection mechanism.\n\n - CVE-2014-9419\n It was found that on Linux kernels compiled with the 32\n bit interfaces (CONFIG_X86_32) a malicious user program\n can do a partial ASLR bypass through TLS base addresses\n leak when attacking other programs.\n\n - CVE-2014-9529\n It was discovered that the Linux kernel is affected by a\n race condition flaw when doing key garbage collection,\n allowing local users to cause a denial of service\n (memory corruption or panic).\n\n - CVE-2014-9584\n It was found that the Linux kernel does not validate a\n length value in the Extensions Reference (ER) System Use\n Field, which allows local users to obtain sensitive\n information from kernel memory via a crafted iso9660\n image.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-8133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9529\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2015/dsa-3128\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 3.2.65-1+deb7u1. Additionally this update fixes a\nsuspend/resume regression introduced with 3.2.65.\n\nFor the upcoming stable distribution (jessie) and the unstable\ndistribution (sid), these problems will be fixed soon.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"linux-doc-3.2\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-486\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-4kc-malta\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-5kc-malta\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-armel\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-armhf\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-i386\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-ia64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-mips\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-mipsel\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-powerpc\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-s390\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-s390x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-sparc\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-common\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-common-rt\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-iop32x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-itanium\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-ixp4xx\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-kirkwood\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-loongson-2f\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-mckinley\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-mv78xx0\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-mx5\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-octeon\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-omap\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-orion5x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-powerpc\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-powerpc-smp\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-powerpc64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-r4k-ip22\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-r5k-cobalt\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-r5k-ip32\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-rt-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-rt-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-s390x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-sb1-bcm91250a\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-sparc64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-sparc64-smp\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-versatile\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-vexpress\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-486\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-4kc-malta\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-5kc-malta\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-686-pae-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-amd64-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-iop32x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-itanium\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-ixp4xx\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-kirkwood\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-loongson-2f\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-mckinley\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-mv78xx0\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-mx5\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-octeon\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-omap\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-orion5x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-powerpc\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-powerpc-smp\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-powerpc64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-r4k-ip22\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-r5k-cobalt\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-r5k-ip32\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-rt-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-rt-686-pae-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-rt-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-rt-amd64-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-s390x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-s390x-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-s390x-tape\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-sb1-bcm91250a\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-sb1a-bcm91480b\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-sparc64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-sparc64-smp\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-versatile\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-vexpress\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-libc-dev\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-manual-3.2\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-source-3.2\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-support-3.2.0-4\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-linux-system-3.2.0-4-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-linux-system-3.2.0-4-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DSA-3128-1 : linux - security update", "type": "nessus", "viewCount": 2}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-07-10T06:01:26"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:linux"], "cvelist": ["CVE-2014-9529", "CVE-2014-9584", "CVE-2013-6885", "CVE-2014-8133", "CVE-2014-9419"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or information leaks.\n\n - CVE-2013-6885 It was discovered that under specific circumstances, a combination of write operations to write-combined memory and locked CPU instructions may cause a core hang on AMD 16h 00h through 0Fh processors. A local user can use this flaw to mount a denial of service (system hang) via a crafted application.\n\n For more information please refer to the AMD CPU erratum 793 in http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf\n\n - CVE-2014-8133 It was found that the espfix funcionality can be bypassed by installing a 16-bit RW data segment into GDT instead of LDT (which espfix checks for) and using it for stack. A local unprivileged user could potentially use this flaw to leak kernel stack addresses and thus allowing to bypass the ASLR protection mechanism.\n\n - CVE-2014-9419 It was found that on Linux kernels compiled with the 32 bit interfaces (CONFIG_X86_32) a malicious user program can do a partial ASLR bypass through TLS base addresses leak when attacking other programs.\n\n - CVE-2014-9529 It was discovered that the Linux kernel is affected by a race condition flaw when doing key garbage collection, allowing local users to cause a denial of service (memory corruption or panic).\n\n - CVE-2014-9584 It was found that the Linux kernel does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.", "edition": 7, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "b1dc8ab4defa4ef62faf789c8ed47feb3d428637f183669ae4cc485e24f59977", "hashmap": [{"hash": "4328bc16b89f9a6fb1abb668747ce755", "key": "description"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "73e42833b2c2a93fe859a61a5fc22eef", "key": "pluginID"}, {"hash": "0b765324c2200d7521a1d3f879e8bc53", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8e77c7151ba1087bc7ade1792756dbb1", "key": "sourceData"}, {"hash": "e0de1108a96fe918150325bc46b8ab3d", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "4d501a5a46c11b2d0b49e720f4861c96", "key": "title"}, {"hash": "c13ca1932a9528351d33c5d36a934a3f", "key": "href"}, {"hash": "5701222fdc7c2b5e901419df19ceb641", "key": "cpe"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}, {"hash": "577ef4cb2f774b0dfc1f5ba70ac1557f", "key": "published"}, {"hash": "9decbcca8575674e02745c2d024303a0", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=80558", "id": "DEBIAN_DSA-3128.NASL", "lastseen": "2018-12-19T08:05:53", "modified": "2018-12-18T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "80558", "published": "2015-01-16T00:00:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2014-8133", "http://www.nessus.org/u?d5360cb0", "https://security-tracker.debian.org/tracker/CVE-2013-6885", "https://www.debian.org/security/2015/dsa-3128", "https://packages.debian.org/source/wheezy/linux", "https://security-tracker.debian.org/tracker/CVE-2014-9419", "https://security-tracker.debian.org/tracker/CVE-2014-9529", "https://security-tracker.debian.org/tracker/CVE-2014-9584"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3128. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80558);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/12/18 10:18:58\");\n\n script_cve_id(\"CVE-2013-6885\", \"CVE-2014-8133\", \"CVE-2014-9419\", \"CVE-2014-9529\", \"CVE-2014-9584\");\n script_bugtraq_id(63983, 71684, 71794, 71880, 71883);\n script_xref(name:\"DSA\", value:\"3128\");\n\n script_name(english:\"Debian DSA-3128-1 : linux - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or information leaks.\n\n - CVE-2013-6885\n It was discovered that under specific circumstances, a\n combination of write operations to write-combined memory\n and locked CPU instructions may cause a core hang on AMD\n 16h 00h through 0Fh processors. A local user can use\n this flaw to mount a denial of service (system hang) via\n a crafted application.\n\n For more information please refer to the AMD CPU erratum 793 in\n http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf\n\n - CVE-2014-8133\n It was found that the espfix funcionality can be\n bypassed by installing a 16-bit RW data segment into GDT\n instead of LDT (which espfix checks for) and using it\n for stack. A local unprivileged user could potentially\n use this flaw to leak kernel stack addresses and thus\n allowing to bypass the ASLR protection mechanism.\n\n - CVE-2014-9419\n It was found that on Linux kernels compiled with the 32\n bit interfaces (CONFIG_X86_32) a malicious user program\n can do a partial ASLR bypass through TLS base addresses\n leak when attacking other programs.\n\n - CVE-2014-9529\n It was discovered that the Linux kernel is affected by a\n race condition flaw when doing key garbage collection,\n allowing local users to cause a denial of service\n (memory corruption or panic).\n\n - CVE-2014-9584\n It was found that the Linux kernel does not validate a\n length value in the Extensions Reference (ER) System Use\n Field, which allows local users to obtain sensitive\n information from kernel memory via a crafted iso9660\n image.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6885\"\n );\n # http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d5360cb0\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-8133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9529\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3128\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 3.2.65-1+deb7u1. Additionally this update fixes a\nsuspend/resume regression introduced with 3.2.65.\n\nFor the upcoming stable distribution (jessie) and the unstable\ndistribution (sid), these problems will be fixed soon.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"linux-doc-3.2\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-486\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-4kc-malta\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-5kc-malta\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-armel\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-armhf\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-i386\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-ia64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-mips\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-mipsel\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-powerpc\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-s390\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-s390x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-sparc\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-common\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-common-rt\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-iop32x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-itanium\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-ixp4xx\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-kirkwood\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-loongson-2f\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-mckinley\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-mv78xx0\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-mx5\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-octeon\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-omap\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-orion5x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-powerpc\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-powerpc-smp\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-powerpc64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-r4k-ip22\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-r5k-cobalt\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-r5k-ip32\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-rt-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-rt-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-s390x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-sb1-bcm91250a\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-sparc64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-sparc64-smp\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-versatile\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-vexpress\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-486\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-4kc-malta\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-5kc-malta\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-686-pae-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-amd64-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-iop32x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-itanium\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-ixp4xx\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-kirkwood\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-loongson-2f\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-mckinley\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-mv78xx0\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-mx5\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-octeon\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-omap\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-orion5x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-powerpc\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-powerpc-smp\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-powerpc64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-r4k-ip22\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-r5k-cobalt\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-r5k-ip32\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-rt-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-rt-686-pae-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-rt-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-rt-amd64-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-s390x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-s390x-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-s390x-tape\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-sb1-bcm91250a\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-sb1a-bcm91480b\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-sparc64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-sparc64-smp\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-versatile\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-vexpress\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-libc-dev\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-manual-3.2\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-source-3.2\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-support-3.2.0-4\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-linux-system-3.2.0-4-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-linux-system-3.2.0-4-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DSA-3128-1 : linux - security update", "type": "nessus", "viewCount": 2}, "differentElements": ["description"], "edition": 7, "lastseen": "2018-12-19T08:05:53"}], "edition": 9, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "5701222fdc7c2b5e901419df19ceb641"}, {"key": "cvelist", "hash": "e0de1108a96fe918150325bc46b8ab3d"}, {"key": "cvss", "hash": "cfd16da9581e0c21db590e40dfd9e493"}, {"key": "description", "hash": "4328bc16b89f9a6fb1abb668747ce755"}, {"key": "href", "hash": "c13ca1932a9528351d33c5d36a934a3f"}, {"key": "modified", "hash": "0b765324c2200d7521a1d3f879e8bc53"}, {"key": "naslFamily", "hash": "74562d71b087df9eabd0c21f99b132cc"}, {"key": "pluginID", "hash": "73e42833b2c2a93fe859a61a5fc22eef"}, {"key": "published", "hash": "577ef4cb2f774b0dfc1f5ba70ac1557f"}, {"key": "references", "hash": "9decbcca8575674e02745c2d024303a0"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "8e77c7151ba1087bc7ade1792756dbb1"}, {"key": "title", "hash": "4d501a5a46c11b2d0b49e720f4861c96"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "b1dc8ab4defa4ef62faf789c8ed47feb3d428637f183669ae4cc485e24f59977", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310703128", "OPENVAS:703128", "OPENVAS:1361412562310105439", "OPENVAS:1361412562310842107", "OPENVAS:1361412562310842105", "OPENVAS:1361412562310842111", "OPENVAS:1361412562310842110", "OPENVAS:1361412562310842115", "OPENVAS:1361412562310842113", "OPENVAS:1361412562310842109"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3128-1:80F9C", "DEBIAN:DLA-155-1:5E8B0"]}, {"type": "cve", "idList": ["CVE-2013-6885", "CVE-2014-9584", "CVE-2014-9419", "CVE-2014-9529", "CVE-2014-8133"]}, {"type": "f5", "idList": ["F5:K17551", "F5:K17245", "SOL17245", "F5:K17239", "SOL17239", "F5:K17132", "SOL17132", "SOL17551"]}, {"type": "ubuntu", "idList": ["USN-2511-1", "USN-2512-1", "USN-2516-2", "USN-2516-1", "USN-2515-1", "USN-2515-2", "USN-2516-3", "USN-2517-1", "USN-2518-1", "USN-2490-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14217", "SECURITYVULNS:DOC:31768", "SECURITYVULNS:DOC:31621"]}, {"type": "nessus", "idList": ["UBUNTU_USN-2512-1.NASL", "UBUNTU_USN-2511-1.NASL", "UBUNTU_USN-2516-2.NASL", "UBUNTU_USN-2518-1.NASL", "UBUNTU_USN-2517-1.NASL", "UBUNTU_USN-2515-2.NASL", "UBUNTU_USN-2515-1.NASL", "UBUNTU_USN-2516-3.NASL", "UBUNTU_USN-2516-1.NASL", "ORACLEVM_OVMSA-2015-0056.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-3032", "ELSA-2015-3033", "ELSA-2015-3034", "ELSA-2015-3035"]}, {"type": "xen", "idList": ["XSA-82"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2015:0713-1", "OPENSUSE-SU-2015:0714-1"]}, {"type": "redhat", "idList": ["RHSA-2015:1137", "RHSA-2015:1138", "RHSA-2015:1139"]}], "modified": "2019-02-21T01:23:12"}, "score": {"value": 7.5, "vector": "NONE", "modified": "2019-02-21T01:23:12"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3128. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80558);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/12/18 10:18:58\");\n\n script_cve_id(\"CVE-2013-6885\", \"CVE-2014-8133\", \"CVE-2014-9419\", \"CVE-2014-9529\", \"CVE-2014-9584\");\n script_bugtraq_id(63983, 71684, 71794, 71880, 71883);\n script_xref(name:\"DSA\", value:\"3128\");\n\n script_name(english:\"Debian DSA-3128-1 : linux - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or information leaks.\n\n - CVE-2013-6885\n It was discovered that under specific circumstances, a\n combination of write operations to write-combined memory\n and locked CPU instructions may cause a core hang on AMD\n 16h 00h through 0Fh processors. A local user can use\n this flaw to mount a denial of service (system hang) via\n a crafted application.\n\n For more information please refer to the AMD CPU erratum 793 in\n http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf\n\n - CVE-2014-8133\n It was found that the espfix funcionality can be\n bypassed by installing a 16-bit RW data segment into GDT\n instead of LDT (which espfix checks for) and using it\n for stack. A local unprivileged user could potentially\n use this flaw to leak kernel stack addresses and thus\n allowing to bypass the ASLR protection mechanism.\n\n - CVE-2014-9419\n It was found that on Linux kernels compiled with the 32\n bit interfaces (CONFIG_X86_32) a malicious user program\n can do a partial ASLR bypass through TLS base addresses\n leak when attacking other programs.\n\n - CVE-2014-9529\n It was discovered that the Linux kernel is affected by a\n race condition flaw when doing key garbage collection,\n allowing local users to cause a denial of service\n (memory corruption or panic).\n\n - CVE-2014-9584\n It was found that the Linux kernel does not validate a\n length value in the Extensions Reference (ER) System Use\n Field, which allows local users to obtain sensitive\n information from kernel memory via a crafted iso9660\n image.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6885\"\n );\n # http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d5360cb0\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-8133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9529\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3128\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 3.2.65-1+deb7u1. Additionally this update fixes a\nsuspend/resume regression introduced with 3.2.65.\n\nFor the upcoming stable distribution (jessie) and the unstable\ndistribution (sid), these problems will be fixed soon.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"linux-doc-3.2\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-486\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-4kc-malta\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-5kc-malta\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-armel\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-armhf\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-i386\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-ia64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-mips\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-mipsel\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-powerpc\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-s390\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-s390x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-sparc\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-common\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-common-rt\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-iop32x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-itanium\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-ixp4xx\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-kirkwood\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-loongson-2f\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-mckinley\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-mv78xx0\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-mx5\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-octeon\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-omap\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-orion5x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-powerpc\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-powerpc-smp\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-powerpc64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-r4k-ip22\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-r5k-cobalt\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-r5k-ip32\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-rt-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-rt-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-s390x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-sb1-bcm91250a\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-sparc64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-sparc64-smp\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-versatile\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-vexpress\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-486\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-4kc-malta\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-5kc-malta\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-686-pae-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-amd64-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-iop32x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-itanium\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-ixp4xx\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-kirkwood\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-loongson-2f\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-mckinley\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-mv78xx0\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-mx5\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-octeon\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-omap\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-orion5x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-powerpc\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-powerpc-smp\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-powerpc64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-r4k-ip22\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-r5k-cobalt\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-r5k-ip32\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-rt-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-rt-686-pae-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-rt-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-rt-amd64-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-s390x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-s390x-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-s390x-tape\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-sb1-bcm91250a\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-sb1a-bcm91480b\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-sparc64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-sparc64-smp\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-versatile\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-vexpress\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-libc-dev\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-manual-3.2\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-source-3.2\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-support-3.2.0-4\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-linux-system-3.2.0-4-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-linux-system-3.2.0-4-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "pluginID": "80558", "cpe": ["cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:linux"], "scheme": null}

{"openvas": [{"lastseen": "2019-05-29T18:36:48", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been\ndiscovered in the Linux kernel that may lead to a denial of service or\ninformation leaks.\n\nCVE-2013-6885\nIt was discovered that under specific circumstances, a combination\nof write operations to write-combined memory and locked CPU\ninstructions may cause a core hang on AMD 16h 00h through 0Fh\nprocessors. A local user can use this flaw to mount a denial of\nservice (system hang) via a crafted application.\n\nCVE-2014-8133\nIt was found that the espfix funcionality can be bypassed by\ninstalling a 16-bit RW data segment into GDT instead of LDT (which\nespfix checks for) and using it for stack. A local unprivileged user\ncould potentially use this flaw to leak kernel stack addresses and\nthus allowing to bypass the ASLR protection mechanism.\n\nCVE-2014-9419\nIt was found that on Linux kernels compiled with the 32 bit\ninterfaces (CONFIG_X86_32) a malicious user program can do a\npartial ASLR bypass through TLS base addresses leak when attacking\nother programs.\n\nCVE-2014-9529\nIt was discovered that the Linux kernel is affected by a race\ncondition flaw when doing key garbage collection, allowing local\nusers to cause a denial of service (memory corruption or panic).\n\nCVE-2014-9584\nIt was found that the Linux kernel does not validate a length value\nin the Extensions Reference (ER) System Use Field, which allows\nlocal users to obtain sensitive information from kernel memory via a\ncrafted iso9660 image.", "modified": "2019-03-18T00:00:00", "published": "2015-01-15T00:00:00", "id": "OPENVAS:1361412562310703128", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703128", "title": "Debian Security Advisory DSA 3128-1 (linux - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3128.nasl 14278 2019-03-18 14:47:26Z cfischer $\n# Auto-generated from advisory DSA 3128-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703128\");\n script_version(\"$Revision: 14278 $\");\n script_cve_id(\"CVE-2013-6885\", \"CVE-2014-8133\", \"CVE-2014-9419\", \"CVE-2014-9529\",\n \"CVE-2014-9584\");\n script_name(\"Debian Security Advisory DSA 3128-1 (linux - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:47:26 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-15 00:00:00 +0100 (Thu, 15 Jan 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3128.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"linux on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy), these problems have been fixed in\nversion 3.2.65-1+deb7u1. Additionally this update fixes a suspend/resume\nregression introduced with 3.2.65.\n\nFor the upcoming stable distribution (jessie) and the unstable\ndistribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your linux packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been\ndiscovered in the Linux kernel that may lead to a denial of service or\ninformation leaks.\n\nCVE-2013-6885\nIt was discovered that under specific circumstances, a combination\nof write operations to write-combined memory and locked CPU\ninstructions may cause a core hang on AMD 16h 00h through 0Fh\nprocessors. A local user can use this flaw to mount a denial of\nservice (system hang) via a crafted application.\n\nCVE-2014-8133\nIt was found that the espfix funcionality can be bypassed by\ninstalling a 16-bit RW data segment into GDT instead of LDT (which\nespfix checks for) and using it for stack. A local unprivileged user\ncould potentially use this flaw to leak kernel stack addresses and\nthus allowing to bypass the ASLR protection mechanism.\n\nCVE-2014-9419\nIt was found that on Linux kernels compiled with the 32 bit\ninterfaces (CONFIG_X86_32) a malicious user program can do a\npartial ASLR bypass through TLS base addresses leak when attacking\nother programs.\n\nCVE-2014-9529\nIt was discovered that the Linux kernel is affected by a race\ncondition flaw when doing key garbage collection, allowing local\nusers to cause a denial of service (memory corruption or panic).\n\nCVE-2014-9584\nIt was found that the Linux kernel does not validate a length value\nin the Extensions Reference (ER) System Use Field, which allows\nlocal users to obtain sensitive information from kernel memory via a\ncrafted iso9660 image.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"linux-doc-3.2\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-486\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-4kc-malta\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-5kc-malta\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-686-pae\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-amd64\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-armel\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-armhf\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-i386\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-ia64\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mips\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mipsel\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-powerpc\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-s390\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-s390x\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-sparc\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-amd64\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common-rt\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-iop32x\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-itanium\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-ixp4xx\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-kirkwood\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-loongson-2f\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mckinley\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mv78xx0\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mx5\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-octeon\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-omap\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-orion5x\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-powerpc\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-powerpc-smp\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-powerpc64\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r4k-ip22\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-cobalt\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-ip32\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-rt-686-pae\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-rt-amd64\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-s390x\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1-bcm91250a\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sparc64\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sparc64-smp\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-versatile\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-vexpress\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-486\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-4kc-malta\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-5kc-malta\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-686-pae\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-686-pae-dbg\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-amd64\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-amd64-dbg\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-iop32x\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-itanium\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-ixp4xx\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-kirkwood\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-loongson-2f\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mckinley\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mv78xx0\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mx5\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-octeon\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-omap\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-orion5x\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-powerpc\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-powerpc-smp\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-powerpc64\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r4k-ip22\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-cobalt\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-ip32\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-686-pae\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-686-pae-dbg\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-amd64\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-amd64-dbg\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-s390x\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-s390x-dbg\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-s390x-tape\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1-bcm91250a\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1a-bcm91480b\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sparc64\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sparc64-smp\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-versatile\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-vexpress\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-manual-3.2\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-source-3.2\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-support-3.2.0-4\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-4-686-pae\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-4-amd64\", ver:\"3.2.65-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:53:52", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been\ndiscovered in the Linux kernel that may lead to a denial of service or\ninformation leaks.\n\nCVE-2013-6885\nIt was discovered that under specific circumstances, a combination\nof write operations to write-combined memory and locked CPU\ninstructions may cause a core hang on AMD 16h 00h through 0Fh\nprocessors. A local user can use this flaw to mount a denial of\nservice (system hang) via a crafted application.\n\nFor more information please refer to the AMD CPU erratum 793 in\nhttp://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdfCVE-2014-8133 \nIt was found that the espfix funcionality can be bypassed by\ninstalling a 16-bit RW data segment into GDT instead of LDT (which\nespfix checks for) and using it for stack. A local unprivileged user\ncould potentially use this flaw to leak kernel stack addresses and\nthus allowing to bypass the ASLR protection mechanism.\n\nCVE-2014-9419\nIt was found that on Linux kernels compiled with the 32 bit\ninterfaces (CONFIG_X86_32) a malicious user program can do a\npartial ASLR bypass through TLS base addresses leak when attacking\nother programs.\n\nCVE-2014-9529\nIt was discovered that the Linux kernel is affected by a race\ncondition flaw when doing key garbage collection, allowing local\nusers to cause a denial of service (memory corruption or panic).\n\nCVE-2014-9584\nIt was found that the Linux kernel does not validate a length value\nin the Extensions Reference (ER) System Use Field, which allows\nlocal users to obtain sensitive information from kernel memory via a\ncrafted iso9660 image.", "modified": "2017-07-07T00:00:00", "published": "2015-01-15T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703128", "id": "OPENVAS:703128", "title": "Debian Security Advisory DSA 3128-1 (linux - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3128.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3128-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703128);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2013-6885\", \"CVE-2014-8133\", \"CVE-2014-9419\", \"CVE-2014-9529\",\n \"CVE-2014-9584\");\n script_name(\"Debian Security Advisory DSA 3128-1 (linux - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-01-15 00:00:00 +0100 (Thu, 15 Jan 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3128.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"linux on Debian Linux\");\n script_tag(name: \"insight\", value: \"The Linux kernel is the core of the Linux operating system.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy), these problems have been fixed in\nversion 3.2.65-1+deb7u1. Additionally this update fixes a suspend/resume\nregression introduced with 3.2.65.\n\nFor the upcoming stable distribution (jessie) and the unstable\ndistribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your linux packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities have been\ndiscovered in the Linux kernel that may lead to a denial of service or\ninformation leaks.\n\nCVE-2013-6885\nIt was discovered that under specific circumstances, a combination\nof write operations to write-combined memory and locked CPU\ninstructions may cause a core hang on AMD 16h 00h through 0Fh\nprocessors. A local user can use this flaw to mount a denial of\nservice (system hang) via a crafted application.\n\nFor more information please refer to the AMD CPU erratum 793 in\nhttp://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdfCVE-2014-8133 \nIt was found that the espfix funcionality can be bypassed by\ninstalling a 16-bit RW data segment into GDT instead of LDT (which\nespfix checks for) and using it for stack. A local unprivileged user\ncould potentially use this flaw to leak kernel stack addresses and\nthus allowing to bypass the ASLR protection mechanism.\n\nCVE-2014-9419\nIt was found that on Linux kernels compiled with the 32 bit\ninterfaces (CONFIG_X86_32) a malicious user program can do a\npartial ASLR bypass through TLS base addresses leak when attacking\nother programs.\n\nCVE-2014-9529\nIt was discovered that the Linux kernel is affected by a race\ncondition flaw when doing key garbage collection, allowing local\nusers to cause a denial of service (memory corruption or panic).\n\nCVE-2014-9584\nIt was found that the Linux kernel does not validate a length value\nin the Extensions Reference (ER) System Use Field, which allows\nlocal users to obtain sensitive information from kernel memory via a\ncrafted iso9660 image.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"linux-doc-3.2\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-486\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-4kc-malta\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-5kc-malta\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-686-pae\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-amd64\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-armel\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-armhf\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-i386\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-ia64\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mips\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mipsel\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-powerpc\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-s390\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-s390x\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-sparc\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-amd64\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common-rt\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-iop32x\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-itanium\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-ixp4xx\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-kirkwood\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-loongson-2f\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mckinley\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mv78xx0\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mx5\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-octeon\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-omap\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-orion5x\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-powerpc\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-powerpc-smp\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-powerpc64\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r4k-ip22\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-cobalt\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-ip32\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-rt-686-pae\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-rt-amd64\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-s390x\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1-bcm91250a\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sparc64\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sparc64-smp\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-versatile\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-vexpress\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-486\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-4kc-malta\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-5kc-malta\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-686-pae\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-686-pae-dbg\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-amd64\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-amd64-dbg\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-iop32x\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-itanium\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-ixp4xx\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-kirkwood\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-loongson-2f\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mckinley\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mv78xx0\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mx5\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-octeon\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-omap\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-orion5x\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-powerpc\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-powerpc-smp\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-powerpc64\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r4k-ip22\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-cobalt\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-ip32\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-686-pae\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-686-pae-dbg\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-amd64\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-amd64-dbg\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-s390x\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-s390x-dbg\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-s390x-tape\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1-bcm91250a\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1a-bcm91480b\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sparc64\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sparc64-smp\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-versatile\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-vexpress\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-manual-3.2\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-source-3.2\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-support-3.2.0-4\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-4-686-pae\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-4-amd64\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:35:53", "bulletinFamily": "scanner", "description": "The remote host is missing a security patch.", "modified": "2018-10-26T00:00:00", "published": "2015-11-09T00:00:00", "id": "OPENVAS:1361412562310105439", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105439", "title": "F5 BIG-IP - SOL17551 - Linux kernel vulnerability CVE-2014-9419", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_f5_big_ip_sol17551.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# F5 BIG-IP - SOL17551 - Linux kernel vulnerability CVE-2014-9419\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/h:f5:big-ip\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105439\");\n script_cve_id(\"CVE-2014-9419\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_version(\"$Revision: 12106 $\");\n\n script_name(\"F5 BIG-IP - SOL17551 - Linux kernel vulnerability CVE-2014-9419\");\n\n script_xref(name:\"URL\", value:\"https://support.f5.com/kb/en-us/solutions/public/17000/500/sol17551.html\");\n\n script_tag(name:\"impact\", value:\"A local authenticated attacker may obtain sensitive information from kernel memory by using a specially crafted application.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address. (CVE-2014-9419)\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n script_tag(name:\"summary\", value:\"The remote host is missing a security patch.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-11-09 10:38:23 +0100 (Mon, 09 Nov 2015)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"F5 Local Security Checks\");\n script_copyright(\"This script is Copyright (C) 2015 Greenbone Networks GmbH\");\n script_dependencies(\"gb_f5_big_ip_version.nasl\");\n script_require_ports(\"Services/ssh\", 22);\n script_mandatory_keys(\"f5/big_ip/version\", \"f5/big_ip/active_modules\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"f5.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) ) exit( 0 );\n\ncheck_f5['LTM'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;');\n\ncheck_f5['AAM'] = make_array( 'affected', '11.4.0-11.6.0;',\n 'unaffected', '12.0.0;');\n\ncheck_f5['AFM'] = make_array( 'affected', '11.3.0-11.6.0;',\n 'unaffected', '12.0.0;');\n\ncheck_f5['AVR'] = make_array( 'affected', '11.0.0-11.6.0;',\n 'unaffected', '12.0.0;');\n\ncheck_f5['APM'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;');\n\ncheck_f5['ASM'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;');\n\ncheck_f5['LC'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;');\n\ncheck_f5['PEM'] = make_array( 'affected', '11.3.0-11.6.0;',\n 'unaffected', '12.0.0;');\n\nif( report = is_f5_vulnerable( ca:check_f5, version:version ) )\n{\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:35:55", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-02-27T00:00:00", "id": "OPENVAS:1361412562310842107", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842107", "title": "Ubuntu Update for linux USN-2511-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-2511-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842107\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-02-27 05:43:04 +0100 (Fri, 27 Feb 2015)\");\n script_cve_id(\"CVE-2014-9529\", \"CVE-2014-9584\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-2511-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"A race condition was discovered in the\nLinux kernel's key ring. A local user could cause a denial of service (memory\ncorruption or panic) or possibly have unspecified impact via the keyctl commands.\n(CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when parsing\nrock ridge ER records. A local user could exploit this flaw to obtain\nsensitive information from kernel memory via a crafted iso9660 image.\n(CVE-2014-9584)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2511-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2511-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-73-386\", ver:\"2.6.32-73.140\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-73-generic\", ver:\"2.6.32-73.140\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-73-generic-pae\", ver:\"2.6.32-73.140\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-73-ia64\", ver:\"2.6.32-73.140\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-73-lpia\", ver:\"2.6.32-73.140\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-73-powerpc\", ver:\"2.6.32-73.140\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-73-powerpc-smp\", ver:\"2.6.32-73.140\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-73-powerpc64-smp\", ver:\"2.6.32-73.140\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-73-preempt\", ver:\"2.6.32-73.140\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-73-server\", ver:\"2.6.32-73.140\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-73-sparc64\", ver:\"2.6.32-73.140\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-73-sparc64-smp\", ver:\"2.6.32-73.140\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-73-versatile\", ver:\"2.6.32-73.140\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-73-virtual\", ver:\"2.6.32-73.140\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:06", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-02-27T00:00:00", "id": "OPENVAS:1361412562310842105", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842105", "title": "Ubuntu Update for linux-ec2 USN-2512-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-ec2 USN-2512-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842105\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-02-27 05:42:52 +0100 (Fri, 27 Feb 2015)\");\n script_cve_id(\"CVE-2014-9529\", \"CVE-2014-9584\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-ec2 USN-2512-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-ec2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"A race condition was discovered in the Linux\nkernel's key ring. A local user could cause a denial of service (memory corruption\nor panic) or possibly have unspecified impact via the keyctl commands. (CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when parsing\nrock ridge ER records. A local user could exploit this flaw to obtain\nsensitive information from kernel memory via a crafted iso9660 image.\n(CVE-2014-9584)\");\n script_tag(name:\"affected\", value:\"linux-ec2 on Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2512-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2512-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-376-ec2\", ver:\"2.6.32-376.93\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:32", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-02-27T00:00:00", "id": "OPENVAS:1361412562310842110", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842110", "title": "Ubuntu Update for linux-lts-utopic USN-2517-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-utopic USN-2517-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842110\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-02-27 05:43:29 +0100 (Fri, 27 Feb 2015)\");\n script_cve_id(\"CVE-2015-0239\", \"CVE-2014-8133\", \"CVE-2014-8160\", \"CVE-2014-8559\",\n \"CVE-2014-8989\", \"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9428\",\n \"CVE-2014-9529\", \"CVE-2014-9584\", \"CVE-2014-9585\", \"CVE-2014-9683\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-utopic USN-2517-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-utopic'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"A flaw was discovered in the Kernel Virtual\nMachine's (KVM) emulation of the SYSTENTER instruction when the guest OS does not\ninitialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a\ndenial of service of the guest OS (crash) or potentially gain privileges on the\nguest OS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's Thread\nLocal Storage (TLS) implementation allowing users to bypass the espfix to\nobtain information that could be used to bypass the Address Space Layout\nRandomization (ASLR) protection mechanism. A local user could exploit this\nflaw to obtain potentially sensitive information from kernel memory.\n(CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules are\nspecified and the conntrack protocol handler module is not loaded into the\nLinux kernel. This flaw can cause the firewall rules on the system to be\nbypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local user\ncould exploit this flaw to cause a denial of service (deadlock and system\nhang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are handled in\ncertain namespace scenarios. A local user could exploit this flaw to bypass\nfile permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by the\ntask switching function in the Linux kernel for x86_64 based machines. A\nlocal user could exploit this flaw to bypass the Address Space Layout\nRadomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the Linux\nkernel's ISO 9660 CDROM file system. A local user could exploit this flaw\nto cause a denial of service (system crash or hang). (CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N. Advanced\nMeshing Protocol in the Linux kernel. A remote attacker could exploit this\nflaw to cause a denial of service (mesh-node system crash) via fragmented\npackets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A local\nuser could cause a denial of service (memory corruption or panic) or\npossibly have unspecified impact via the keyctl commands. (CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when parsing\nrock ridge ER records. A local user could exploit this flaw to obtain\nsensitive information from kernel memory via a crafted iso9660 image.\n(CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR) of\nthe Virtua ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"linux-lts-utopic on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2517-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2517-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-31-generic\", ver:\"3.16.0-31.41~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-31-generic-lpae\", ver:\"3.16.0-31.41~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-31-lowlatency\", ver:\"3.16.0-31.41~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-31-powerpc-e500mc\", ver:\"3.16.0-31.41~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-31-powerpc-smp\", ver:\"3.16.0-31.41~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-31-powerpc64-emb\", ver:\"3.16.0-31.41~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-31-powerpc64-smp\", ver:\"3.16.0-31.41~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:53", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-02-27T00:00:00", "id": "OPENVAS:1361412562310842111", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842111", "title": "Ubuntu Update for linux USN-2518-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-2518-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842111\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-02-27 05:43:39 +0100 (Fri, 27 Feb 2015)\");\n script_cve_id(\"CVE-2015-0239\", \"CVE-2014-8133\", \"CVE-2014-8160\", \"CVE-2014-8559\",\n \"CVE-2014-8989\", \"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9428\",\n \"CVE-2014-9529\", \"CVE-2014-9584\", \"CVE-2014-9585\", \"CVE-2014-9683\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-2518-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"A flaw was discovered in the Kernel Virtual\nMachine's (KVM) emulation of the SYSTENTER instruction when the guest OS does not\ninitialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a\ndenial of service of the guest OS (crash) or potentially gain privileges on the\nguest OS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's Thread\nLocal Storage (TLS) implementation allowing users to bypass the espfix to\nobtain information that could be used to bypass the Address Space Layout\nRandomization (ASLR) protection mechanism. A local user could exploit this\nflaw to obtain potentially sensitive information from kernel memory.\n(CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules are\nspecified and the conntrack protocol handler module is not loaded into the\nLinux kernel. This flaw can cause the firewall rules on the system to be\nbypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local user\ncould exploit this flaw to cause a denial of service (deadlock and system\nhang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are handled in\ncertain namespace scenarios. A local user could exploit this flaw to bypass\nfile permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by the\ntask switching function in the Linux kernel for x86_64 based machines. A\nlocal user could exploit this flaw to bypass the Address Space Layout\nRadomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the Linux\nkernel's ISO 9660 CDROM file system. A local user could exploit this flaw\nto cause a denial of service (system crash or hang). (CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N. Advanced\nMeshing Protocol in the Linux kernel. A remote attacker could exploit this\nflaw to cause a denial of service (mesh-node system crash) via fragmented\npackets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A local\nuser could cause a denial of service (memory corruption or panic) or\npossibly have unspecified impact via the keyctl commands. (CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when parsing\nrock ridge ER records. A local user could exploit this flaw to obtain\nsensitive information from kernel memory via a crafted iso9660 image.\n(CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR) of\nthe Virtual Dynamically l ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 14.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2518-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2518-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.10\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-31-generic\", ver:\"3.16.0-31.41\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-31-generic-lpae\", ver:\"3.16.0-31.41\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-31-lowlatency\", ver:\"3.16.0-31.41\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-31-powerpc-e500mc\", ver:\"3.16.0-31.41\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-31-powerpc-smp\", ver:\"3.16.0-31.41\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-31-powerpc64-emb\", ver:\"3.16.0-31.41\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-31-powerpc64-smp\", ver:\"3.16.0-31.41\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:50", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-03-05T00:00:00", "id": "OPENVAS:1361412562310842115", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842115", "title": "Ubuntu Update for linux USN-2516-3", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-2516-3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842115\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-05 05:43:34 +0100 (Thu, 05 Mar 2015)\");\n script_cve_id(\"CVE-2015-0239\", \"CVE-2014-8133\", \"CVE-2014-8160\", \"CVE-2014-8559\",\n \"CVE-2014-8989\", \"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9428\",\n \"CVE-2014-9529\", \"CVE-2014-9584\", \"CVE-2014-9585\", \"CVE-2014-9683\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-2516-3\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-2516-1 fixed vulnerabilities in the\nLinux kernel, and the fix in USN-2516-2 was incomplete. There was an unrelated\nregression in the use of the virtual counter (CNTVCT) on arm64 architectures.\n\nThis update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nA flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of\nthe SYSTENTER instruction when the guest OS does not initialize the\nSYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of\nservice of the guest OS (crash) or potentially gain privileges on the guest\nOS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's Thread\nLocal Storage (TLS) implementation allowing users to bypass the espfix to\nobtain information that could be used to bypass the Address Space Layout\nRandomization (ASLR) protection mechanism. A local user could exploit this\nflaw to obtain potentially sensitive information from kernel memory.\n(CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules are\nspecified and the conntrack protocol handler module is not loaded into the\nLinux kernel. This flaw can cause the firewall rules on the system to be\nbypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local user\ncould exploit this flaw to cause a denial of service (deadlock and system\nhang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are handled in\ncertain namespace scenarios. A local user could exploit this flaw to bypass\nfile permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by the\ntask switching function in the Linux kernel for x86_64 based machines. A\nlocal user could exploit this flaw to bypass the Address Space Layout\nRadomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the Linux\nkernel's ISO 9660 CDROM file system. A local user could exploit this flaw\nto cause a denial of service (system crash or hang). (CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N. Advanced\nMeshing Protocol in the Linux kernel. A remote attacker could exploit this\nflaw to cause a denial of service (mesh-node system crash) via fragmented\npackets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A local\nuser could cause a denial of service (memory corruption or panic) or\npossibly have unspecified impact via the keyctl commands. (CVE-2014-9529)\n\nA memory leak was discovered in t ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2516-3\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2516-3/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-46-generic\", ver:\"3.13.0-46.77\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-46-generic-lpae\", ver:\"3.13.0-46.77\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-46-lowlatency\", ver:\"3.13.0-46.77\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-46-powerpc-e500\", ver:\"3.13.0-46.77\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-46-powerpc-e500mc\", ver:\"3.13.0-46.77\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-46-powerpc-smp\", ver:\"3.13.0-46.77\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-46-powerpc64-emb\", ver:\"3.13.0-46.77\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-46-powerpc64-smp\", ver:\"3.13.0-46.77\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:55", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-02-27T00:00:00", "id": "OPENVAS:1361412562310842108", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842108", "title": "Ubuntu Update for linux-lts-trusty USN-2515-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-trusty USN-2515-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842108\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-02-27 05:43:06 +0100 (Fri, 27 Feb 2015)\");\n script_cve_id(\"CVE-2015-0239\", \"CVE-2014-8133\", \"CVE-2014-8160\", \"CVE-2014-8559\",\n \"CVE-2014-8989\", \"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9428\",\n \"CVE-2014-9529\", \"CVE-2014-9584\", \"CVE-2014-9585\", \"CVE-2014-9683\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-trusty USN-2515-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-trusty'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"A flaw was discovered in the Kernel Virtual\nMachine's (KVM) emulation of the SYSTENTER instruction when the guest OS does not\ninitialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a\ndenial of service of the guest OS (crash) or potentially gain privileges on the\nguest OS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's Thread\nLocal Storage (TLS) implementation allowing users to bypass the espfix to\nobtain information that could be used to bypass the Address Space Layout\nRandomization (ASLR) protection mechanism. A local user could exploit this\nflaw to obtain potentially sensitive information from kernel memory.\n(CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules are\nspecified and the conntrack protocol handler module is not loaded into the\nLinux kernel. This flaw can cause the firewall rules on the system to be\nbypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local user\ncould exploit this flaw to cause a denial of service (deadlock and system\nhang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are handled in\ncertain namespace scenarios. A local user could exploit this flaw to bypass\nfile permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by the\ntask switching function in the Linux kernel for x86_64 based machines. A\nlocal user could exploit this flaw to bypass the Address Space Layout\nRadomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the Linux\nkernel's ISO 9660 CDROM file system. A local user could exploit this flaw\nto cause a denial of service (system crash or hang). (CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N. Advanced\nMeshing Protocol in the Linux kernel. A remote attacker could exploit this\nflaw to cause a denial of service (mesh-node system crash) via fragmented\npackets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A local\nuser could cause a denial of service (memory corruption or panic) or\npossibly have unspecified impact via the keyctl commands. (CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when parsing\nrock ridge ER records. A local user could exploit this flaw to obtain\nsensitive information from kernel memory via a crafted iso9660 image.\n(CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR) of\nthe Virtua ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"linux-lts-trusty on Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2515-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2515-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-46-generic\", ver:\"3.13.0-46.75~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-46-generic-lpae\", ver:\"3.13.0-46.75~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:37:02", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-03-05T00:00:00", "id": "OPENVAS:1361412562310842116", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842116", "title": "Ubuntu Update for linux-lts-trusty USN-2515-2", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-trusty USN-2515-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842116\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-05 05:43:51 +0100 (Thu, 05 Mar 2015)\");\n script_cve_id(\"CVE-2015-0239\", \"CVE-2014-8133\", \"CVE-2014-8160\", \"CVE-2014-8559\",\n \"CVE-2014-8989\", \"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9428\",\n \"CVE-2014-9529\", \"CVE-2014-9584\", \"CVE-2014-9585\", \"CVE-2014-9683\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-trusty USN-2515-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-trusty'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-2515-1 fixed vulnerabilities in the\nLinux kernel. There was an unrelated regression in the use of the virtual counter\n(CNTVCT) on arm64 architectures. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nA flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of\nthe SYSTENTER instruction when the guest OS does not initialize the\nSYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of\nservice of the guest OS (crash) or potentially gain privileges on the guest\nOS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's Thread\nLocal Storage (TLS) implementation allowing users to bypass the espfix to\nobtain information that could be used to bypass the Address Space Layout\nRandomization (ASLR) protection mechanism. A local user could exploit this\nflaw to obtain potentially sensitive information from kernel memory.\n(CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules are\nspecified and the conntrack protocol handler module is not loaded into the\nLinux kernel. This flaw can cause the firewall rules on the system to be\nbypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local user\ncould exploit this flaw to cause a denial of service (deadlock and system\nhang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are handled in\ncertain namespace scenarios. A local user could exploit this flaw to bypass\nfile permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by the\ntask switching function in the Linux kernel for x86_64 based machines. A\nlocal user could exploit this flaw to bypass the Address Space Layout\nRadomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the Linux\nkernel's ISO 9660 CDROM file system. A local user could exploit this flaw\nto cause a denial of service (system crash or hang). (CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N. Advanced\nMeshing Protocol in the Linux kernel. A remote attacker could exploit this\nflaw to cause a denial of service (mesh-node system crash) via fragmented\npackets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A local\nuser could cause a denial of service (memory corruption or panic) or\npossibly have unspecified impact via the keyctl commands. (CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system wh ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"linux-lts-trusty on Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2515-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2515-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-46-generic\", ver:\"3.13.0-46.77~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-46-generic-lpae\", ver:\"3.13.0-46.77~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "debian": [{"lastseen": "2019-05-30T02:22:48", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3128-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nJanuary 15, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2013-6885 CVE-2014-8133 CVE-2014-9419 CVE-2014-9529 \n CVE-2014-9584\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or information leaks.\n\nCVE-2013-6885\n\n It was discovered that under specific circumstances, a combination\n of write operations to write-combined memory and locked CPU\n instructions may cause a core hang on AMD 16h 00h through 0Fh\n processors. A local user can use this flaw to mount a denial of\n service (system hang) via a crafted application.\n\n For more information please refer to the AMD CPU erratum 793 in\n http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf\n\nCVE-2014-8133\n\n It was found that the espfix funcionality can be bypassed by\n installing a 16-bit RW data segment into GDT instead of LDT (which\n espfix checks for) and using it for stack. A local unprivileged user\n could potentially use this flaw to leak kernel stack addresses and\n thus allowing to bypass the ASLR protection mechanism.\n\nCVE-2014-9419\n\n It was found that on Linux kernels compiled with the 32 bit\n interfaces (CONFIG_X86_32) a malicious user program can do a\n partial ASLR bypass through TLS base addresses leak when attacking\n other programs.\n\nCVE-2014-9529\n\n It was discovered that the Linux kernel is affected by a race\n condition flaw when doing key garbage collection, allowing local\n users to cause a denial of service (memory corruption or panic).\n\nCVE-2014-9584\n\n It was found that the Linux kernel does not validate a length value\n in the Extensions Reference (ER) System Use Field, which allows\n local users to obtain sensitive information from kernel memory via a\n crafted iso9660 image.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 3.2.65-1+deb7u1. Additionally this update fixes a suspend/resume\nregression introduced with 3.2.65.\n\nFor the upcoming stable distribution (jessie) and the unstable\ndistribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your linux packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2015-01-15T06:41:47", "published": "2015-01-15T06:41:47", "id": "DEBIAN:DSA-3128-1:80F9C", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00011.html", "title": "[SECURITY] [DSA 3128-1] linux security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:22:37", "bulletinFamily": "unix", "description": "Package : linux-2.6\nVersion : 2.6.32-48squeeze11\nCVE ID : CVE-2013-6885 CVE-2014-7822 CVE-2014-8133 CVE-2014-8134 \n CVE-2014-8160 CVE-2014-9420 CVE-2014-9584 CVE-2014-9585\n\t\t CVE-2015-1421 CVE-2015-1593\n\nThis update fixes the CVEs described below.\n\nA further issue, CVE-2014-9419, was considered, but appears to require\nextensive changes with a consequent high risk of regression. It is\nnow unlikely to be fixed in squeeze-lts.\n\nCVE-2013-6885\n\n It was discovered that under specific circumstances, a combination\n of write operations to write-combined memory and locked CPU\n instructions may cause a core hang on AMD 16h 00h through 0Fh\n processors. A local user can use this flaw to mount a denial of\n service (system hang) via a crafted application.\n\n For more information please refer to the AMD CPU erratum 793 in\n http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf\n\nCVE-2014-7822\n\n It was found that the splice() system call did not validate the\n given file offset and length. A local unprivileged user can use\n this flaw to cause filesystem corruption on ext4 filesystems, or\n possibly other effects.\n\nCVE-2014-8133\n\n It was found that the espfix functionality can be bypassed by\n installing a 16-bit RW data segment into GDT instead of LDT (which\n espfix checks for) and using it for stack. A local unprivileged user\n could potentially use this flaw to leak kernel stack addresses.\n\nCVE-2014-8134\n\n It was found that the espfix functionality is wrongly disabled in\n a 32-bit KVM guest. A local unprivileged user could potentially\n use this flaw to leak kernel stack addresses.\n\nCVE-2014-8160\n\n It was found that a netfilter (iptables or ip6tables) rule\n accepting packets to a specific SCTP, DCCP, GRE or UDPlite\n port/endpoint could result in incorrect connection tracking state.\n If only the generic connection tracking module (nf_conntrack) was\n loaded, and not the protocol-specific connection tracking module,\n this would allow access to any port/endpoint of the specified\n protocol.\n\nCVE-2014-9420\n\n It was found that the ISO-9660 filesystem implementation (isofs)\n follows arbitrarily long chains, including loops, of Continuation\n Entries (CEs). This allows local users to mount a denial of\n service via a crafted disc image.\n\nCVE-2014-9584\n\n It was found that the ISO-9660 filesystem implementation (isofs)\n does not validate a length value in the Extensions Reference (ER)\n System Use Field, which allows local users to obtain sensitive\n information from kernel memory via a crafted disc image.\n\nCVE-2014-9585\n\n It was discovered that address randomisation for the vDSO in\n 64-bit processes is extremely biassed. A local unprivileged user\n could potentially use this flaw to bypass the ASLR protection\n mechanism.\n\nCVE-2015-1421\n\n It was found that the SCTP implementation could free\n authentication state while it was still in use, resulting in heap\n corruption. This could allow remote users to cause a denial of\n service or privilege escalation.\n\nCVE-2015-1593\n\n It was found that address randomisation for the initial stack in\n 64-bit processes was limited to 20 rather than 22 bits of entropy.\n A local unprivileged user could potentially use this flaw to\n bypass the ASLR protection mechanism.\n\n\n-- \nBen Hutchings - Debian developer, kernel team member\n", "modified": "2015-02-18T23:22:33", "published": "2015-02-18T23:22:33", "id": "DEBIAN:DLA-155-1:5E8B0", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201502/msg00009.html", "title": "[SECURITY] [DLA 155-1] linux-2.6 security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2019-05-29T18:13:06", "bulletinFamily": "NVD", "description": "The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue.", "modified": "2017-12-16T02:29:00", "id": "CVE-2013-6885", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6885", "published": "2013-11-29T04:33:00", "title": "CVE-2013-6885", "type": "cve", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:13:50", "bulletinFamily": "NVD", "description": "The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.", "modified": "2018-01-05T02:29:00", "id": "CVE-2014-9584", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9584", "published": "2015-01-09T21:59:00", "title": "CVE-2014-9584", "type": "cve", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:13:50", "bulletinFamily": "NVD", "description": "The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address.", "modified": "2018-01-05T02:29:00", "id": "CVE-2014-9419", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9419", "published": "2014-12-26T00:59:00", "title": "CVE-2014-9419", "type": "cve", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:13:49", "bulletinFamily": "NVD", "description": "arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a set_thread_area system call and later reads a 16-bit value.", "modified": "2016-12-24T02:59:00", "id": "CVE-2014-8133", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8133", "published": "2014-12-17T11:59:00", "title": "CVE-2014-8133", "type": "cve", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:13:50", "bulletinFamily": "NVD", "description": "Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key.", "modified": "2018-01-05T02:29:00", "id": "CVE-2014-9529", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9529", "published": "2015-01-09T21:59:00", "title": "CVE-2014-9529", "type": "cve", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "f5": [{"lastseen": "2017-06-08T00:16:12", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 530413 (BIG-IP), ID 530553 (BIG-IQ), ID 530554 (Enterprise Manager), ID 520651 (FirePass), ID 461496 (ARX), and INSTALLER-1299 (Traffix) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 11.0.0 - 11.6.0* \n10.1.0 - 10.2.4* \n| 12.0.0 \n| Low | Linux kernel \n \nBIG-IP AAM | 11.4.0 - 11.6.0* \n| 12.0.0 \n| Low | Linux kernel \nBIG-IP AFM | 11.3.0 - 11.6.0* \n| 12.0.0 \n| Low | Linux kernel \nBIG-IP Analytics | 11.0.0 - 11.6.0* \n| 12.0.0 \n| Low | Linux kernel \nBIG-IP APM | 11.0.0 - 11.6.0* \n10.1.0 - 10.2.4* \n| 12.0.0 \n| Low | Linux kernel \nBIG-IP ASM | 11.0.0 - 11.6.0* \n10.1.0 - 10.2.4* \n| 12.0.0 \n| Low | Linux kernel \nBIG-IP DNS \n| None \n| 12.0.0 \n| Not vulnerable | None \nBIG-IP Edge Gateway \n| 11.0.0 - 11.3.0* \n10.1.0 - 10.2.4* \n| None \n| Low | Linux kernel \nBIG-IP GTM | 11.0.0 - 11.6.0* \n10.1.0 - 10.2.4* \n| None \n| Low | Linux kernel \nBIG-IP Link Controller | 11.0.0 - 11.6.0* \n10.1.0 - 10.2.4* \n| 12.0.0 \n| Low | Linux kernel \nBIG-IP PEM | 11.3.0 - 11.6.0* \n| 12.0.0 \n| Low | Linux kernel \nBIG-IP PSM | 11.0.0 - 11.4.1* \n10.1.0 - 10.2.4* \n| None \n| Low | Linux kernel \nBIG-IP WebAccelerator | 11.0.0 - 11.3.0* \n10.1.0 - 10.2.4* \n| None \n| Low | Linux kernel \nBIG-IP WOM | 11.0.0 - 11.3.0* \n10.1.0 - 10.2.4* \n| None \n| Low | Linux kernel \nARX | 6.0.0 - 6.4.0* \n| None \n| Low | Linux kernel \n \nEnterprise Manager | 3.0.0 - 3.1.1* \n| None | Low | Linux kernel \n \nFirePass | 7.0.0* \n6.0.0 - 6.1.0* \n| None \n| Low | Linux kernel \n \nBIG-IQ Cloud | 4.0.0 - 4.5.0* \n| None \n| Low | Linux kernel \nBIG-IQ Device | 4.2.0 - 4.5.0* \n| None \n| Low | Linux kernel \nBIG-IQ Security | 4.0.0 - 4.5.0* \n| None \n| Low | Linux kernel \nBIG-IQ ADC | 4.5.0* \n| None \n| Low | Linux kernel \nLineRate | None \n| 2.5.0 - 2.6.1 \n| Not vulnerable | None \n \nF5 WebSafe | None \n| 1.0.0 \n| Not vulnerable | None \n \nTraffix SDC | 4.0.0 - 4.4.0* \n3.3.2 - 3.5.1* \n| None \n| Low | Linux kernel \n \n* Although the software of the affected F5 products contains the vulnerable code, the affected F5 products do not use the vulnerable code in a way that exposes the vulnerability in a standard configuration. An attacker must have local shell access to the affected F5 products to trigger an exploit.\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nTo mitigate this vulnerability for affected F5 products, you should only permit management access to F5 products over a secure network and limit shell access to only trusted users. For more information about securing access to BIG-IP/Enterprise Manager systems, refer to [K13309: Restricting access to the Configuration utility by source IP address (11.x - 12.x)](<https://support.f5.com/csp/article/K13309>) and [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13902>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2016-01-09T02:25:00", "published": "2015-11-06T21:25:00", "href": "https://support.f5.com/csp/article/K17551", "id": "F5:K17551", "title": "Linux kernel vulnerability CVE-2014-9419", "type": "f5", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-04-11T19:14:37", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 505678 (BIG-IP), ID 525389 (BIG-IQ), ID 525390 (Enterprise Manager), and INSTALLER-1299 (Traffix) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H17245 on the **Diagnostics** &gt; **Identified** &gt; **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| None| Low| Linux subsystem \nBIG-IP AAM| 12.0.0 \n11.4.0 - 11.6.0| None| Low| Linux subsystem \nBIG-IP AFM| 12.0.0 \n11.3.0 - 11.6.0| None| Low| Linux subsystem \nBIG-IP Analytics| 12.0.0 \n11.0.0 - 11.6.0| None| Low| Linux subsystem \nBIG-IP APM| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| None| Low| Linux subsystem \nBIG-IP ASM| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| None| Low| Linux subsystem \nBIG-IP DNS| 12.0.0| None| Low| Linux subsystem \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| Linux subsystem \nBIG-IP GTM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| None| Low| Linux subsystem \nBIG-IP Link Controller| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| None| Low| Linux subsystem \nBIG-IP PEM| 12.0.0 \n11.3.0 - 11.6.0| None| Low| Linux subsystem \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| None| Low| Linux subsystem \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| Linux subsystem \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| Linux subsystem \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.0.0 - 3.1.1| None| Low| Linux subsystem \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Low| Linux subsystem \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Low| Linux subsystem \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Low| Linux subsystem \nBIG-IQ ADC| 4.5.0| None| Low| Linux subsystem \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| None| Low| Linux subsystem \n \n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nTo mitigate this vulnerability, you should limit system access to only trusted users. \n\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2017-04-06T19:19:00", "published": "2015-09-08T22:22:00", "id": "F5:K17245", "href": "https://support.f5.com/csp/article/K17245", "title": "Linux kernel vulnerability CVE-2014-9584", "type": "f5", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-03-19T09:01:40", "bulletinFamily": "software", "description": "**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nRecommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability, you should limit system access to only trusted users. \n\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2015-09-08T00:00:00", "published": "2015-09-08T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/17000/200/sol17245.html", "id": "SOL17245", "title": "SOL17245 - Linux kernel vulnerability CVE-2014-9584", "type": "f5", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-09-26T17:23:09", "bulletinFamily": "software", "description": "**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. \n\n\n*This vulnerability affects only 32-bit based systems. To determine if your BIG-IP device is a 32-bit based system, you can type the following command from the BIG-IP command line:\n\nuname -m\n\n32-bit systems will return **i686** or** i386** and 64-bit systems will return **x86_64**.\n\nRecommended Action\n\nThe F5 vulnerability severity has been marked as LOW due to the requirement that the attacker has local access and exposes partial confidentiality and/or integrity.\n\nTo mitigate this vulnerability for the BIG-IP system, you should permit management access to F5 products only over a secure network, and limit shell access to trusted users. For more information, refer to SOL13309: Restricting access to the Configuration utility by source IP address (11.x) and SOL13092: Overview of securing access to the BIG-IP system.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2015-08-24T00:00:00", "published": "2015-08-24T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/17000/100/sol17132.html", "id": "SOL17132", "title": "SOL17132 - Linux kernel vulnerability CVE-2014-8133", "type": "f5", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-04-10T17:14:49", "bulletinFamily": "software", "description": "\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table: \n\n\nAdditionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H17132 on the **Diagnostics** &gt; **Identified** &gt; **Low** screen.\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 10.1.0 - 10.2.4| 11.0.0 - 11.6.0| Low| Linux kernel* \nBIG-IP AAM| None| 11.4.0 - 11.6.0| Not vulnerable| None \nBIG-IP AFM| None| 11.3.0 - 11.6.0| Not vulnerable| None \nBIG-IP Analytics| None| 11.0.0 - 11.6.0| Not vulnerable| None \nBIG-IP APM| 10.1.0 - 10.2.4| 11.0.0 - 11.6.0| Low| Linux kernel* \nBIG-IP ASM| 10.1.0 - 10.2.4| 11.0.0 - 11.6.0| Low| Linux kernel* \nBIG-IP Edge Gateway| 10.1.0 - 10.2.4| 11.0.0 - 11.3.0| Low| Linux kernel* \nBIG-IP GTM| 10.1.0 - 10.2.4| 11.0.0 - 11.6.0| Low| Linux kernel* \nBIG-IP Link Controller| 10.1.0 - 10.2.4| 11.0.0 - 11.6.0| Low| Linux kernel* \nBIG-IP PEM| None| 11.3.0 - 11.6.0| Not vulnerable| None \nBIG-IP PSM| 10.1.0 - 10.2.4| 11.0.0 - 11.4.1| Low| Linux kernel* \nBIG-IP WebAccelerator| 10.1.0 - 10.2.4| 11.0.0 - 11.3.0| Low| Linux kernel* \nBIG-IP WOM| 10.1.0 - 10.2.4| 11.0.0 - 11.3.0| Low| Linux kernel* \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.0.0 - 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None \n \n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\n*This vulnerability affects only 32-bit based systems. To determine if your BIG-IP device is a 32-bit based system, you can type the following command from the BIG-IP command line:\n\nuname -m\n\n32-bit systems will return **i686** or** i386** and 64-bit systems will return **x86_64**.\n\nThe F5 vulnerability severity has been marked as LOW due to the requirement that the attacker has local access and exposes partial confidentiality and/or integrity.\n\nTo mitigate this vulnerability for the BIG-IP system, you should permit management access to F5 products only over a secure network, and limit shell access to trusted users. For more information, refer to [K13309: Restricting access to the Configuration utility by source IP address (11.x)](<https://support.f5.com/csp/article/K13309>) and [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2017-04-06T19:01:00", "published": "2015-08-25T00:34:00", "id": "F5:K17132", "href": "https://support.f5.com/csp/article/K17132", "title": "Linux kernel vulnerability CVE-2014-8133", "type": "f5", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-02T18:43:59", "bulletinFamily": "software", "description": "**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nRecommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability for affected F5 products, you should only permit management access over a secure network and limit shell access to trusted users. For more information about securing access to BIG-IP and Enterprise Manager systems, refer to SOL13309: Restricting access to the Configuration utility by source IP address (11.x) and SOL13092: Overview of securing access to the BIG-IP system.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2015-09-08T00:00:00", "published": "2015-09-08T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/17000/200/sol17239.html", "id": "SOL17239", "title": "SOL17239 - Linux kernel vulnerability CVE-2014-9529", "type": "f5", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-06-08T00:16:33", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 505673 (BIG-IP), ID 525386 (BIG-IQ), ID 525388 (Enterprise Manager), and INSTALLER-1288 (Traffix) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| None \n| Low | Linux subsystem \n \nBIG-IP AAM | 12.0.0 \n11.4.0 - 11.6.0 \n| None \n| Low | Linux subsystem \nBIG-IP AFM | 12.0.0 \n11.3.0 - 11.6.0 \n| None \n| Low | Linux subsystem \nBIG-IP Analytics | 12.0.0 \n11.0.0 - 11.6.0 \n| None \n| Low | Linux subsystem \nBIG-IP APM | 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| None \n| Low | Linux subsystem \nBIG-IP ASM | 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| None \n| Low | Linux subsystem \nBIG-IP DNS | 12.0.0 \n| None \n| Low | Linux subsystem \nBIG-IP Edge Gateway \n| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 \n| None \n| Low | Linux subsystem \nBIG-IP GTM | 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| None \n| Low | Linux subsystem \nBIG-IP Link Controller | 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| None \n| Low | Linux subsystem \nBIG-IP PEM | 12.0.0 \n11.3.0 - 11.6.0 \n| None \n| Low | Linux subsystem \nBIG-IP PSM | 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4 \n| None \n| Low | Linux subsystem \nBIG-IP WebAccelerator | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 \n| None \n| Low | Linux subsystem \nBIG-IP WOM | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 \n| None \n| Low | Linux subsystem \nARX | None \n| 6.0.0 - 6.4.0 \n| Not vulnerable | None \n \nEnterprise Manager | 3.0.0 - 3.1.1 \n| None | Low | Linux subsystem \nFirePass | None \n| 7.0.0 \n6.0.0 - 6.1.0 \n| Not vulnerable \n| None \n \nBIG-IQ Cloud | 4.0.0 - 4.5.0 \n| None \n| Low | Linux subsystem \nBIG-IQ Device | 4.2.0 - 4.5.0 \n| None \n| Low | Linux subsystem \nBIG-IQ Security | 4.0.0 - 4.5.0 \n| None \n| Low | Linux subsystem \nBIG-IQ ADC | 4.5.0 \n| None \n| Low | Linux subsystem \nLineRate | None \n| 2.5.0 - 2.6.1 \n| Not vulnerable \n| None \n \nF5 WebSafe | None \n| 1.0.0 \n| Not vulnerable | None \n \nTraffix SDC | 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 \n| None \n| Low | Linux subsystem \n \n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nTo mitigate this vulnerability for affected F5 products, you should only permit management access over a secure network and limit shell access to trusted users. For more information about securing access to BIG-IP and Enterprise Manager systems, refer to [K13309: Restricting access to the Configuration utility by source IP address (11.x)](<https://support.f5.com/csp/article/K13309>) and [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2016-01-09T02:33:00", "published": "2015-09-08T22:57:00", "id": "F5:K17239", "href": "https://support.f5.com/csp/article/K17239", "title": "Linux kernel vulnerability CVE-2014-9529", "type": "f5", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-26T17:22:58", "bulletinFamily": "software", "description": "* Although the software of the affected F5 products contains the vulnerable code, the affected F5 products do not use the vulnerable code in a way that exposes the vulnerability in a standard configuration. An attacker must have local shell access to the affected F5 products to trigger an exploit.\n\nRecommended Action\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability for affected F5 products, you should only permit management access to F5 products over a secure network and limit shell access to only trusted users. For more information about securing access to BIG-IP/Enterprise Manager systems, refer to SOL13309: Restricting access to the Configuration utility by source IP address (11.x - 12.x) and SOL13092: Overview of securing access to the BIG-IP system.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2015-11-06T00:00:00", "published": "2015-11-06T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/17000/500/sol17551.html", "id": "SOL17551", "title": "SOL17551 - Linux kernel vulnerability CVE-2014-9419", "type": "f5", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "ubuntu": [{"lastseen": "2019-05-29T19:21:10", "bulletinFamily": "unix", "description": "A race condition was discovered in the Linux kernel\u2019s key ring. A local user could cause a denial of service (memory corruption or panic) or possibly have unspecified impact via the keyctl commands. (CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when parsing rock ridge ER records. A local user could exploit this flaw to obtain sensitive information from kernel memory via a crafted iso9660 image. (CVE-2014-9584)", "modified": "2015-02-26T00:00:00", "published": "2015-02-26T00:00:00", "id": "USN-2511-1", "href": "https://usn.ubuntu.com/2511-1/", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T19:21:49", "bulletinFamily": "unix", "description": "A race condition was discovered in the Linux kernel\u2019s key ring. A local user could cause a denial of service (memory corruption or panic) or possibly have unspecified impact via the keyctl commands. (CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when parsing rock ridge ER records. A local user could exploit this flaw to obtain sensitive information from kernel memory via a crafted iso9660 image. (CVE-2014-9584)", "modified": "2015-02-26T00:00:00", "published": "2015-02-26T00:00:00", "id": "USN-2512-1", "href": "https://usn.ubuntu.com/2512-1/", "title": "Linux kernel (EC2) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T17:22:35", "bulletinFamily": "unix", "description": "USN-2516-1 fixed vulnerabilities in the Linux kernel. There was an unrelated regression in the use of the virtual counter (CNTVCT) on arm64 architectures. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nA flaw was discovered in the Kernel Virtual Machine\u2019s (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel\u2019s Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules are specified and the conntrack protocol handler module is not loaded into the Linux kernel. This flaw can cause the firewall rules on the system to be bypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local user could exploit this flaw to cause a denial of service (deadlock and system hang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are handled in certain namespace scenarios. A local user could exploit this flaw to bypass file permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by the task switching function in the Linux kernel for x86_64 based machines. A local user could exploit this flaw to bypass the Address Space Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the Linux kernel\u2019s ISO 9660 CDROM file system. A local user could exploit this flaw to cause a denial of service (system crash or hang). (CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N. Advanced Meshing Protocol in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (mesh-node system crash) via fragmented packets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel\u2019s key ring. A local user could cause a denial of service (memory corruption or panic) or possibly have unspecified impact via the keyctl commands. (CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when parsing rock ridge ER records. A local user could exploit this flaw to obtain sensitive information from kernel memory via a crafted iso9660 image. (CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR) of the Virtual Dynamically linked Shared Objects (vDSO) location. This flaw makes it easier for a local user to bypass the ASLR protection mechanism. (CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs\u2019 encrypted file name decoding. A local unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrative privileges. (CVE-2014-9683)", "modified": "2015-02-28T00:00:00", "published": "2015-02-28T00:00:00", "id": "USN-2516-2", "href": "https://usn.ubuntu.com/2516-2/", "title": "Linux kernel vulnerability regression", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T17:22:36", "bulletinFamily": "unix", "description": "USN-2516-1 fixed vulnerabilities in the Linux kernel, and the fix in USN-2516-2 was incomplete. There was an unrelated regression in the use of the virtual counter (CNTVCT) on arm64 architectures.\n\nThis update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nA flaw was discovered in the Kernel Virtual Machine\u2019s (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel\u2019s Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules are specified and the conntrack protocol handler module is not loaded into the Linux kernel. This flaw can cause the firewall rules on the system to be bypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local user could exploit this flaw to cause a denial of service (deadlock and system hang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are handled in certain namespace scenarios. A local user could exploit this flaw to bypass file permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by the task switching function in the Linux kernel for x86_64 based machines. A local user could exploit this flaw to bypass the Address Space Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the Linux kernel\u2019s ISO 9660 CDROM file system. A local user could exploit this flaw to cause a denial of service (system crash or hang). (CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N. Advanced Meshing Protocol in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (mesh-node system crash) via fragmented packets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel\u2019s key ring. A local user could cause a denial of service (memory corruption or panic) or possibly have unspecified impact via the keyctl commands. (CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when parsing rock ridge ER records. A local user could exploit this flaw to obtain sensitive information from kernel memory via a crafted iso9660 image. (CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR) of the Virtual Dynamically linked Shared Objects (vDSO) location. This flaw makes it easier for a local user to bypass the ASLR protection mechanism. (CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs\u2019 encrypted file name decoding. A local unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrative privileges. (CVE-2014-9683)", "modified": "2015-03-04T00:00:00", "published": "2015-03-04T00:00:00", "id": "USN-2516-3", "href": "https://usn.ubuntu.com/2516-3/", "title": "Linux kernel vulnerabilities regression", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T17:22:56", "bulletinFamily": "unix", "description": "A flaw was discovered in the Kernel Virtual Machine\u2019s (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel\u2019s Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules are specified and the conntrack protocol handler module is not loaded into the Linux kernel. This flaw can cause the firewall rules on the system to be bypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local user could exploit this flaw to cause a denial of service (deadlock and system hang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are handled in certain namespace scenarios. A local user could exploit this flaw to bypass file permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by the task switching function in the Linux kernel for x86_64 based machines. A local user could exploit this flaw to bypass the Address Space Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the Linux kernel\u2019s ISO 9660 CDROM file system. A local user could exploit this flaw to cause a denial of service (system crash or hang). (CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N. Advanced Meshing Protocol in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (mesh-node system crash) via fragmented packets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel\u2019s key ring. A local user could cause a denial of service (memory corruption or panic) or possibly have unspecified impact via the keyctl commands. (CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when parsing rock ridge ER records. A local user could exploit this flaw to obtain sensitive information from kernel memory via a crafted iso9660 image. (CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR) of the Virtual Dynamically linked Shared Objects (vDSO) location. This flaw makes it easier for a local user to bypass the ASLR protection mechanism. (CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs\u2019 encrypted file name decoding. A local unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrative privileges. (CVE-2014-9683)", "modified": "2015-02-26T00:00:00", "published": "2015-02-26T00:00:00", "id": "USN-2515-1", "href": "https://usn.ubuntu.com/2515-1/", "title": "Linux kernel (Trusty HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T19:21:34", "bulletinFamily": "unix", "description": "USN-2515-1 fixed vulnerabilities in the Linux kernel. There was an unrelated regression in the use of the virtual counter (CNTVCT) on arm64 architectures. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nA flaw was discovered in the Kernel Virtual Machine\u2019s (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel\u2019s Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules are specified and the conntrack protocol handler module is not loaded into the Linux kernel. This flaw can cause the firewall rules on the system to be bypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local user could exploit this flaw to cause a denial of service (deadlock and system hang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are handled in certain namespace scenarios. A local user could exploit this flaw to bypass file permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by the task switching function in the Linux kernel for x86_64 based machines. A local user could exploit this flaw to bypass the Address Space Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the Linux kernel\u2019s ISO 9660 CDROM file system. A local user could exploit this flaw to cause a denial of service (system crash or hang). (CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N. Advanced Meshing Protocol in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (mesh-node system crash) via fragmented packets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel\u2019s key ring. A local user could cause a denial of service (memory corruption or panic) or possibly have unspecified impact via the keyctl commands. (CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when parsing rock ridge ER records. A local user could exploit this flaw to obtain sensitive information from kernel memory via a crafted iso9660 image. (CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR) of the Virtual Dynamically linked Shared Objects (vDSO) location. This flaw makes it easier for a local user to bypass the ASLR protection mechanism. (CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs\u2019 encrypted file name decoding. A local unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrative privileges. (CVE-2014-9683)", "modified": "2015-03-04T00:00:00", "published": "2015-03-04T00:00:00", "id": "USN-2515-2", "href": "https://usn.ubuntu.com/2515-2/", "title": "Linux kernel (Trusty HWE) vulnerabilities regression", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T17:23:09", "bulletinFamily": "unix", "description": "A flaw was discovered in the Kernel Virtual Machine\u2019s (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel\u2019s Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules are specified and the conntrack protocol handler module is not loaded into the Linux kernel. This flaw can cause the firewall rules on the system to be bypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local user could exploit this flaw to cause a denial of service (deadlock and system hang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are handled in certain namespace scenarios. A local user could exploit this flaw to bypass file permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by the task switching function in the Linux kernel for x86_64 based machines. A local user could exploit this flaw to bypass the Address Space Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the Linux kernel\u2019s ISO 9660 CDROM file system. A local user could exploit this flaw to cause a denial of service (system crash or hang). (CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N. Advanced Meshing Protocol in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (mesh-node system crash) via fragmented packets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel\u2019s key ring. A local user could cause a denial of service (memory corruption or panic) or possibly have unspecified impact via the keyctl commands. (CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when parsing rock ridge ER records. A local user could exploit this flaw to obtain sensitive information from kernel memory via a crafted iso9660 image. (CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR) of the Virtual Dynamically linked Shared Objects (vDSO) location. This flaw makes it easier for a local user to bypass the ASLR protection mechanism. (CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs\u2019 encrypted file name decoding. A local unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrative privileges. (CVE-2014-9683)", "modified": "2015-02-26T00:00:00", "published": "2015-02-26T00:00:00", "id": "USN-2516-1", "href": "https://usn.ubuntu.com/2516-1/", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T19:21:02", "bulletinFamily": "unix", "description": "A flaw was discovered in the Kernel Virtual Machine\u2019s (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel\u2019s Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules are specified and the conntrack protocol handler module is not loaded into the Linux kernel. This flaw can cause the firewall rules on the system to be bypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local user could exploit this flaw to cause a denial of service (deadlock and system hang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are handled in certain namespace scenarios. A local user could exploit this flaw to bypass file permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by the task switching function in the Linux kernel for x86_64 based machines. A local user could exploit this flaw to bypass the Address Space Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the Linux kernel\u2019s ISO 9660 CDROM file system. A local user could exploit this flaw to cause a denial of service (system crash or hang). (CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N. Advanced Meshing Protocol in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (mesh-node system crash) via fragmented packets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel\u2019s key ring. A local user could cause a denial of service (memory corruption or panic) or possibly have unspecified impact via the keyctl commands. (CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when parsing rock ridge ER records. A local user could exploit this flaw to obtain sensitive information from kernel memory via a crafted iso9660 image. (CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR) of the Virtual Dynamically linked Shared Objects (vDSO) location. This flaw makes it easier for a local user to bypass the ASLR protection mechanism. (CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs\u2019 encrypted file name decoding. A local unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrative privileges. (CVE-2014-9683)\n\nCarl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) failed to verify symlink size info. A local attacker, who is able to mount a malicous UDF file system image, could exploit this flaw to cause a denial of service (system crash) or possibly cause other undesired behaviors. (CVE-2014-9728)\n\nCarl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) did not valid inode size information . A local attacker, who is able to mount a malicous UDF file system image, could exploit this flaw to cause a denial of service (system crash) or possibly cause other undesired behaviors. (CVE-2014-9729)\n\nCarl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) did not correctly verify the component length for symlinks. A local attacker, who is able to mount a malicous UDF file system image, could exploit this flaw to cause a denial of service (system crash) or possibly cause other undesired behaviors. (CVE-2014-9730)\n\nCarl H Lunde discovered an information leak in the UDF file system (CONFIG_UDF_FS). A local attacker, who is able to mount a malicous UDF file system image, could exploit this flaw to read potential sensitve kernel memory. (CVE-2014-9731)", "modified": "2015-02-26T00:00:00", "published": "2015-02-26T00:00:00", "id": "USN-2518-1", "href": "https://usn.ubuntu.com/2518-1/", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T17:23:33", "bulletinFamily": "unix", "description": "A flaw was discovered in the Kernel Virtual Machine\u2019s (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel\u2019s Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules are specified and the conntrack protocol handler module is not loaded into the Linux kernel. This flaw can cause the firewall rules on the system to be bypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local user could exploit this flaw to cause a denial of service (deadlock and system hang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are handled in certain namespace scenarios. A local user could exploit this flaw to bypass file permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by the task switching function in the Linux kernel for x86_64 based machines. A local user could exploit this flaw to bypass the Address Space Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the Linux kernel\u2019s ISO 9660 CDROM file system. A local user could exploit this flaw to cause a denial of service (system crash or hang). (CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N. Advanced Meshing Protocol in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (mesh-node system crash) via fragmented packets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel\u2019s key ring. A local user could cause a denial of service (memory corruption or panic) or possibly have unspecified impact via the keyctl commands. (CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when parsing rock ridge ER records. A local user could exploit this flaw to obtain sensitive information from kernel memory via a crafted iso9660 image. (CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR) of the Virtual Dynamically linked Shared Objects (vDSO) location. This flaw makes it easier for a local user to bypass the ASLR protection mechanism. (CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs\u2019 encrypted file name decoding. A local unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrative privileges. (CVE-2014-9683)\n\nCarl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) failed to verify symlink size info. A local attacker, who is able to mount a malicous UDF file system image, could exploit this flaw to cause a denial of service (system crash) or possibly cause other undesired behaviors. (CVE-2014-9728)\n\nCarl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) did not valid inode size information . A local attacker, who is able to mount a malicous UDF file system image, could exploit this flaw to cause a denial of service (system crash) or possibly cause other undesired behaviors. (CVE-2014-9729)\n\nCarl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) did not correctly verify the component length for symlinks. A local attacker, who is able to mount a malicous UDF file system image, could exploit this flaw to cause a denial of service (system crash) or possibly cause other undesired behaviors. (CVE-2014-9730)\n\nCarl H Lunde discovered an information leak in the UDF file system (CONFIG_UDF_FS). A local attacker, who is able to mount a malicous UDF file system image, could exploit this flaw to read potential sensitve kernel memory. (CVE-2014-9731)", "modified": "2015-02-26T00:00:00", "published": "2015-02-26T00:00:00", "id": "USN-2517-1", "href": "https://usn.ubuntu.com/2517-1/", "title": "Linux kernel (Utopic HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T19:21:12", "bulletinFamily": "unix", "description": "Andy Lutomirski discovered an information leak in the Linux kernel\u2019s Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-8133)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the Linux kernel\u2019s ISO 9660 CDROM file system. A local user could exploit this flaw to cause a denial of service (system crash or hang). (CVE-2014-9420)", "modified": "2015-02-04T00:00:00", "published": "2015-02-04T00:00:00", "id": "USN-2490-1", "href": "https://usn.ubuntu.com/2490-1/", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2019-02-21T01:23:34", "bulletinFamily": "scanner", "description": "A race condition was discovered in the Linux kernel's key ring. A local user could cause a denial of service (memory corruption or panic) or possibly have unspecified impact via the keyctl commands.\n(CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when parsing rock ridge ER records. A local user could exploit this flaw to obtain sensitive information from kernel memory via a crafted iso9660 image. (CVE-2014-9584).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-2512-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81566", "published": "2015-02-27T00:00:00", "title": "Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-2512-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2512-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81566);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/12/01 15:12:39\");\n\n script_cve_id(\"CVE-2014-9529\", \"CVE-2014-9584\");\n script_xref(name:\"USN\", value:\"2512-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-2512-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A race condition was discovered in the Linux kernel's key ring. A\nlocal user could cause a denial of service (memory corruption or\npanic) or possibly have unspecified impact via the keyctl commands.\n(CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when\nparsing rock ridge ER records. A local user could exploit this flaw to\nobtain sensitive information from kernel memory via a crafted iso9660\nimage. (CVE-2014-9584).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2512-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected linux-image-2.6-ec2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-376-ec2\", pkgver:\"2.6.32-376.93\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-ec2\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:23:34", "bulletinFamily": "scanner", "description": "A race condition was discovered in the Linux kernel's key ring. A local user could cause a denial of service (memory corruption or panic) or possibly have unspecified impact via the keyctl commands.\n(CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when parsing rock ridge ER records. A local user could exploit this flaw to obtain sensitive information from kernel memory via a crafted iso9660 image. (CVE-2014-9584).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-2511-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81565", "published": "2015-02-27T00:00:00", "title": "Ubuntu 10.04 LTS : linux vulnerabilities (USN-2511-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2511-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81565);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/12/01 15:12:39\");\n\n script_cve_id(\"CVE-2014-9529\", \"CVE-2014-9584\");\n script_bugtraq_id(71880, 71883);\n script_xref(name:\"USN\", value:\"2511-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux vulnerabilities (USN-2511-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A race condition was discovered in the Linux kernel's key ring. A\nlocal user could cause a denial of service (memory corruption or\npanic) or possibly have unspecified impact via the keyctl commands.\n(CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when\nparsing rock ridge ER records. A local user could exploit this flaw to\nobtain sensitive information from kernel memory via a crafted iso9660\nimage. (CVE-2014-9584).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2511-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-73-386\", pkgver:\"2.6.32-73.140\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-73-generic\", pkgver:\"2.6.32-73.140\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-73-generic-pae\", pkgver:\"2.6.32-73.140\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-73-lpia\", pkgver:\"2.6.32-73.140\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-73-preempt\", pkgver:\"2.6.32-73.140\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-73-server\", pkgver:\"2.6.32-73.140\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-73-versatile\", pkgver:\"2.6.32-73.140\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-73-virtual\", pkgver:\"2.6.32-73.140\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-386 / linux-image-2.6-generic / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:23:35", "bulletinFamily": "scanner", "description": "A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules are specified and the conntrack protocol handler module is not loaded into the Linux kernel. This flaw can cause the firewall rules on the system to be bypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local user could exploit this flaw to cause a denial of service (deadlock and system hang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are handled in certain namespace scenarios. A local user could exploit this flaw to bypass file permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by the task switching function in the Linux kernel for x86_64 based machines. A local user could exploit this flaw to bypass the Address Space Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the Linux kernel's ISO 9660 CDROM file system. A local user could exploit this flaw to cause a denial of service (system crash or hang).\n(CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N.\nAdvanced Meshing Protocol in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (mesh-node system crash) via fragmented packets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A local user could cause a denial of service (memory corruption or panic) or possibly have unspecified impact via the keyctl commands.\n(CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when parsing rock ridge ER records. A local user could exploit this flaw to obtain sensitive information from kernel memory via a crafted iso9660 image. (CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR) of the Virtual Dynamically linked Shared Objects (vDSO) location. This flaw makes it easier for a local user to bypass the ASLR protection mechanism. (CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted file name decoding. A local unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrative privileges. (CVE-2014-9683).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-2518-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81571", "published": "2015-02-27T00:00:00", "title": "Ubuntu 14.10 : linux vulnerabilities (USN-2518-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2518-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81571);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/12/01 15:12:39\");\n\n script_cve_id(\"CVE-2014-8133\", \"CVE-2014-8160\", \"CVE-2014-8559\", \"CVE-2014-8989\", \"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9428\", \"CVE-2014-9529\", \"CVE-2014-9584\", \"CVE-2014-9585\", \"CVE-2014-9683\", \"CVE-2015-0239\");\n script_bugtraq_id(70854, 71154, 71684, 71717, 71794, 71847, 71880, 71883, 71990, 72061, 72643);\n script_xref(name:\"USN\", value:\"2518-1\");\n\n script_name(english:\"Ubuntu 14.10 : linux vulnerabilities (USN-2518-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation\nof the SYSTENTER instruction when the guest OS does not initialize the\nSYSENTER MSRs. A guest OS user could exploit this flaw to cause a\ndenial of service of the guest OS (crash) or potentially gain\nprivileges on the guest OS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's\nThread Local Storage (TLS) implementation allowing users to bypass the\nespfix to obtain information that could be used to bypass the Address\nSpace Layout Randomization (ASLR) protection mechanism. A local user\ncould exploit this flaw to obtain potentially sensitive information\nfrom kernel memory. (CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules\nare specified and the conntrack protocol handler module is not loaded\ninto the Linux kernel. This flaw can cause the firewall rules on the\nsystem to be bypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local\nuser could exploit this flaw to cause a denial of service (deadlock\nand system hang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are\nhandled in certain namespace scenarios. A local user could exploit\nthis flaw to bypass file permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by\nthe task switching function in the Linux kernel for x86_64 based\nmachines. A local user could exploit this flaw to bypass the Address\nSpace Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the\nLinux kernel's ISO 9660 CDROM file system. A local user could exploit\nthis flaw to cause a denial of service (system crash or hang).\n(CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N.\nAdvanced Meshing Protocol in the Linux kernel. A remote attacker could\nexploit this flaw to cause a denial of service (mesh-node system\ncrash) via fragmented packets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A\nlocal user could cause a denial of service (memory corruption or\npanic) or possibly have unspecified impact via the keyctl commands.\n(CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when\nparsing rock ridge ER records. A local user could exploit this flaw to\nobtain sensitive information from kernel memory via a crafted iso9660\nimage. (CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR)\nof the Virtual Dynamically linked Shared Objects (vDSO) location. This\nflaw makes it easier for a local user to bypass the ASLR protection\nmechanism. (CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted\nfile name decoding. A local unprivileged user could exploit this flaw\nto cause a denial of service (system crash) or potentially gain\nadministrative privileges. (CVE-2014-9683).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2518-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.16-generic,\nlinux-image-3.16-generic-lpae and / or linux-image-3.16-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.10\", pkgname:\"linux-image-3.16.0-31-generic\", pkgver:\"3.16.0-31.41\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"linux-image-3.16.0-31-generic-lpae\", pkgver:\"3.16.0-31.41\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"linux-image-3.16.0-31-lowlatency\", pkgver:\"3.16.0-31.41\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.16-generic / linux-image-3.16-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:23:35", "bulletinFamily": "scanner", "description": "USN-2516-1 fixed vulnerabilities in the Linux kernel. There was an unrelated regression in the use of the virtual counter (CNTVCT) on arm64 architectures. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nA flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules are specified and the conntrack protocol handler module is not loaded into the Linux kernel. This flaw can cause the firewall rules on the system to be bypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local user could exploit this flaw to cause a denial of service (deadlock and system hang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are handled in certain namespace scenarios. A local user could exploit this flaw to bypass file permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by the task switching function in the Linux kernel for x86_64 based machines. A local user could exploit this flaw to bypass the Address Space Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the Linux kernel's ISO 9660 CDROM file system. A local user could exploit this flaw to cause a denial of service (system crash or hang).\n(CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N.\nAdvanced Meshing Protocol in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (mesh-node system crash) via fragmented packets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A local user could cause a denial of service (memory corruption or panic) or possibly have unspecified impact via the keyctl commands.\n(CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when parsing rock ridge ER records. A local user could exploit this flaw to obtain sensitive information from kernel memory via a crafted iso9660 image. (CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR) of the Virtual Dynamically linked Shared Objects (vDSO) location. This flaw makes it easier for a local user to bypass the ASLR protection mechanism. (CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted file name decoding. A local unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrative privileges. (CVE-2014-9683).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-2516-2.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81590", "published": "2015-03-02T00:00:00", "title": "Ubuntu 14.04 LTS : linux vulnerability (USN-2516-2)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2516-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81590);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/12/01 15:12:39\");\n\n script_cve_id(\"CVE-2014-8133\", \"CVE-2014-8160\", \"CVE-2014-8559\", \"CVE-2014-8989\", \"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9428\", \"CVE-2014-9529\", \"CVE-2014-9584\", \"CVE-2014-9585\", \"CVE-2014-9683\", \"CVE-2015-0239\");\n script_bugtraq_id(70854, 71154, 71684, 71717, 71794, 71847, 71880, 71883, 71990, 72061, 72643, 72842);\n script_xref(name:\"USN\", value:\"2516-2\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux vulnerability (USN-2516-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-2516-1 fixed vulnerabilities in the Linux kernel. There was an\nunrelated regression in the use of the virtual counter (CNTVCT) on\narm64 architectures. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nA flaw was discovered in the Kernel Virtual Machine's (KVM) emulation\nof the SYSTENTER instruction when the guest OS does not initialize the\nSYSENTER MSRs. A guest OS user could exploit this flaw to cause a\ndenial of service of the guest OS (crash) or potentially gain\nprivileges on the guest OS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's\nThread Local Storage (TLS) implementation allowing users to bypass the\nespfix to obtain information that could be used to bypass the Address\nSpace Layout Randomization (ASLR) protection mechanism. A local user\ncould exploit this flaw to obtain potentially sensitive information\nfrom kernel memory. (CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules\nare specified and the conntrack protocol handler module is not loaded\ninto the Linux kernel. This flaw can cause the firewall rules on the\nsystem to be bypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local\nuser could exploit this flaw to cause a denial of service (deadlock\nand system hang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are\nhandled in certain namespace scenarios. A local user could exploit\nthis flaw to bypass file permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by\nthe task switching function in the Linux kernel for x86_64 based\nmachines. A local user could exploit this flaw to bypass the Address\nSpace Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the\nLinux kernel's ISO 9660 CDROM file system. A local user could exploit\nthis flaw to cause a denial of service (system crash or hang).\n(CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N.\nAdvanced Meshing Protocol in the Linux kernel. A remote attacker could\nexploit this flaw to cause a denial of service (mesh-node system\ncrash) via fragmented packets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A\nlocal user could cause a denial of service (memory corruption or\npanic) or possibly have unspecified impact via the keyctl commands.\n(CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when\nparsing rock ridge ER records. A local user could exploit this flaw to\nobtain sensitive information from kernel memory via a crafted iso9660\nimage. (CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR)\nof the Virtual Dynamically linked Shared Objects (vDSO) location. This\nflaw makes it easier for a local user to bypass the ASLR protection\nmechanism. (CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted\nfile name decoding. A local unprivileged user could exploit this flaw\nto cause a denial of service (system crash) or potentially gain\nadministrative privileges. (CVE-2014-9683).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2516-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:block-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:block-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:crypto-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:crypto-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:fat-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:fat-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:fb-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firewire-core-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:floppy-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:fs-core-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:fs-core-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:fs-secondary-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:fs-secondary-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:input-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:input-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ipmi-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ipmi-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:irda-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:irda-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kernel-image-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kernel-image-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-3.13\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-3.13\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-3.13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-3.13\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-udebs-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-udebs-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-udebs-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:md-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:md-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:message-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mouse-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mouse-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:multipath-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:multipath-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nfs-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nfs-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nic-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nic-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nic-pcmcia-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nic-shared-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nic-shared-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nic-usb-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nic-usb-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:parport-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:parport-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pata-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pcmcia-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pcmcia-storage-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:plip-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:plip-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ppp-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ppp-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:sata-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:sata-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:scsi-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:scsi-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:serial-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:speakup-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:speakup-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:squashfs-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:squashfs-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:storage-core-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:storage-core-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:usb-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:usb-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:virtio-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:vlan-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:vlan-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"block-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"block-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"crypto-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"crypto-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"fat-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"fat-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"fb-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"firewire-core-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"floppy-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"fs-core-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"fs-core-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"fs-secondary-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"fs-secondary-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"input-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"input-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"ipmi-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"ipmi-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"irda-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"irda-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"kernel-image-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"kernel-image-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-cloud-tools-3.13.0-46\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-cloud-tools-3.13.0-46-generic\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-cloud-tools-3.13.0-46-generic-lpae\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-cloud-tools-3.13.0-46-lowlatency\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-cloud-tools-common\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-doc\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-headers-3.13.0-46\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-headers-3.13.0-46-generic\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-headers-3.13.0-46-generic-lpae\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-headers-3.13.0-46-lowlatency\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-46-generic\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-46-generic-lpae\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-46-lowlatency\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-extra-3.13.0-46-generic\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-extra-3.13.0-46-generic-lpae\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-extra-3.13.0-46-lowlatency\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-libc-dev\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-source-3.13.0\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-tools-3.13.0-46\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-tools-3.13.0-46-generic\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-tools-3.13.0-46-generic-lpae\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-tools-3.13.0-46-lowlatency\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-tools-common\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-udebs-generic\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-udebs-generic-lpae\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-udebs-lowlatency\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"md-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"md-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"message-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"mouse-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"mouse-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"multipath-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"multipath-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"nfs-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"nfs-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"nic-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"nic-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"nic-pcmcia-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"nic-shared-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"nic-shared-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"nic-usb-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"nic-usb-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"parport-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"parport-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"pata-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"pcmcia-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"pcmcia-storage-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"plip-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"plip-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"ppp-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"ppp-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"sata-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"sata-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"scsi-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"scsi-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"serial-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"speakup-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"speakup-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"squashfs-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"squashfs-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"storage-core-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"storage-core-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"usb-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"usb-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"virtio-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"vlan-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"vlan-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"block-modules-3.13.0-46-generic-di / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:23:36", "bulletinFamily": "scanner", "description": "USN-2516-1 fixed vulnerabilities in the Linux kernel, and the fix in USN-2516-2 was incomplete. There was an unrelated regression in the use of the virtual counter (CNTVCT) on arm64 architectures.\n\nThis update fixes the problem.\n\nWe apologize for the inconvenience.\n\nA flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules are specified and the conntrack protocol handler module is not loaded into the Linux kernel. This flaw can cause the firewall rules on the system to be bypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local user could exploit this flaw to cause a denial of service (deadlock and system hang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are handled in certain namespace scenarios. A local user could exploit this flaw to bypass file permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by the task switching function in the Linux kernel for x86_64 based machines. A local user could exploit this flaw to bypass the Address Space Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the Linux kernel's ISO 9660 CDROM file system. A local user could exploit this flaw to cause a denial of service (system crash or hang).\n(CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N.\nAdvanced Meshing Protocol in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (mesh-node system crash) via fragmented packets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A local user could cause a denial of service (memory corruption or panic) or possibly have unspecified impact via the keyctl commands.\n(CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when parsing rock ridge ER records. A local user could exploit this flaw to obtain sensitive information from kernel memory via a crafted iso9660 image. (CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR) of the Virtual Dynamically linked Shared Objects (vDSO) location. This flaw makes it easier for a local user to bypass the ASLR protection mechanism. (CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted file name decoding. A local unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrative privileges. (CVE-2014-9683).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-2516-3.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81646", "published": "2015-03-05T00:00:00", "title": "Ubuntu 14.04 LTS : linux vulnerabilities (USN-2516-3)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2516-3. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81646);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/12/01 15:12:39\");\n\n script_cve_id(\"CVE-2014-8133\", \"CVE-2014-8160\", \"CVE-2014-8559\", \"CVE-2014-8989\", \"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9428\", \"CVE-2014-9529\", \"CVE-2014-9584\", \"CVE-2014-9585\", \"CVE-2014-9683\", \"CVE-2015-0239\");\n script_bugtraq_id(70854, 71154, 71684, 71717, 71794, 71847, 71880, 71883, 71990, 72061, 72643, 72842);\n script_xref(name:\"USN\", value:\"2516-3\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux vulnerabilities (USN-2516-3)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-2516-1 fixed vulnerabilities in the Linux kernel, and the fix in\nUSN-2516-2 was incomplete. There was an unrelated regression in the\nuse of the virtual counter (CNTVCT) on arm64 architectures.\n\nThis update fixes the problem.\n\nWe apologize for the inconvenience.\n\nA flaw was discovered in the Kernel Virtual Machine's (KVM) emulation\nof the SYSTENTER instruction when the guest OS does not initialize the\nSYSENTER MSRs. A guest OS user could exploit this flaw to cause a\ndenial of service of the guest OS (crash) or potentially gain\nprivileges on the guest OS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's\nThread Local Storage (TLS) implementation allowing users to bypass the\nespfix to obtain information that could be used to bypass the Address\nSpace Layout Randomization (ASLR) protection mechanism. A local user\ncould exploit this flaw to obtain potentially sensitive information\nfrom kernel memory. (CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules\nare specified and the conntrack protocol handler module is not loaded\ninto the Linux kernel. This flaw can cause the firewall rules on the\nsystem to be bypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local\nuser could exploit this flaw to cause a denial of service (deadlock\nand system hang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are\nhandled in certain namespace scenarios. A local user could exploit\nthis flaw to bypass file permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by\nthe task switching function in the Linux kernel for x86_64 based\nmachines. A local user could exploit this flaw to bypass the Address\nSpace Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the\nLinux kernel's ISO 9660 CDROM file system. A local user could exploit\nthis flaw to cause a denial of service (system crash or hang).\n(CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N.\nAdvanced Meshing Protocol in the Linux kernel. A remote attacker could\nexploit this flaw to cause a denial of service (mesh-node system\ncrash) via fragmented packets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A\nlocal user could cause a denial of service (memory corruption or\npanic) or possibly have unspecified impact via the keyctl commands.\n(CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when\nparsing rock ridge ER records. A local user could exploit this flaw to\nobtain sensitive information from kernel memory via a crafted iso9660\nimage. (CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR)\nof the Virtual Dynamically linked Shared Objects (vDSO) location. This\nflaw makes it easier for a local user to bypass the ASLR protection\nmechanism. (CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted\nfile name decoding. A local unprivileged user could exploit this flaw\nto cause a denial of service (system crash) or potentially gain\nadministrative privileges. (CVE-2014-9683).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2516-3/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.13-generic,\nlinux-image-3.13-generic-lpae and / or linux-image-3.13-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-46-generic\", pkgver:\"3.13.0-46.77\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-46-generic-lpae\", pkgver:\"3.13.0-46.77\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-46-lowlatency\", pkgver:\"3.13.0-46.77\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:23:34", "bulletinFamily": "scanner", "description": "A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules are specified and the conntrack protocol handler module is not loaded into the Linux kernel. This flaw can cause the firewall rules on the system to be bypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local user could exploit this flaw to cause a denial of service (deadlock and system hang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are handled in certain namespace scenarios. A local user could exploit this flaw to bypass file permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by the task switching function in the Linux kernel for x86_64 based machines. A local user could exploit this flaw to bypass the Address Space Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the Linux kernel's ISO 9660 CDROM file system. A local user could exploit this flaw to cause a denial of service (system crash or hang).\n(CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N.\nAdvanced Meshing Protocol in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (mesh-node system crash) via fragmented packets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A local user could cause a denial of service (memory corruption or panic) or possibly have unspecified impact via the keyctl commands.\n(CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when parsing rock ridge ER records. A local user could exploit this flaw to obtain sensitive information from kernel memory via a crafted iso9660 image. (CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR) of the Virtual Dynamically linked Shared Objects (vDSO) location. This flaw makes it easier for a local user to bypass the ASLR protection mechanism. (CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted file name decoding. A local unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrative privileges. (CVE-2014-9683).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-2516-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81569", "published": "2015-02-27T00:00:00", "title": "Ubuntu 14.04 LTS : linux vulnerabilities (USN-2516-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2516-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81569);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/12/01 15:12:39\");\n\n script_cve_id(\"CVE-2014-8133\", \"CVE-2014-8160\", \"CVE-2014-8559\", \"CVE-2014-8989\", \"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9428\", \"CVE-2014-9529\", \"CVE-2014-9584\", \"CVE-2014-9585\", \"CVE-2014-9683\", \"CVE-2015-0239\");\n script_bugtraq_id(70854, 71154, 71684, 71717, 71794, 71847, 71880, 71883, 71990, 72061, 72643, 72842);\n script_xref(name:\"USN\", value:\"2516-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux vulnerabilities (USN-2516-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation\nof the SYSTENTER instruction when the guest OS does not initialize the\nSYSENTER MSRs. A guest OS user could exploit this flaw to cause a\ndenial of service of the guest OS (crash) or potentially gain\nprivileges on the guest OS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's\nThread Local Storage (TLS) implementation allowing users to bypass the\nespfix to obtain information that could be used to bypass the Address\nSpace Layout Randomization (ASLR) protection mechanism. A local user\ncould exploit this flaw to obtain potentially sensitive information\nfrom kernel memory. (CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules\nare specified and the conntrack protocol handler module is not loaded\ninto the Linux kernel. This flaw can cause the firewall rules on the\nsystem to be bypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local\nuser could exploit this flaw to cause a denial of service (deadlock\nand system hang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are\nhandled in certain namespace scenarios. A local user could exploit\nthis flaw to bypass file permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by\nthe task switching function in the Linux kernel for x86_64 based\nmachines. A local user could exploit this flaw to bypass the Address\nSpace Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the\nLinux kernel's ISO 9660 CDROM file system. A local user could exploit\nthis flaw to cause a denial of service (system crash or hang).\n(CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N.\nAdvanced Meshing Protocol in the Linux kernel. A remote attacker could\nexploit this flaw to cause a denial of service (mesh-node system\ncrash) via fragmented packets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A\nlocal user could cause a denial of service (memory corruption or\npanic) or possibly have unspecified impact via the keyctl commands.\n(CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when\nparsing rock ridge ER records. A local user could exploit this flaw to\nobtain sensitive information from kernel memory via a crafted iso9660\nimage. (CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR)\nof the Virtual Dynamically linked Shared Objects (vDSO) location. This\nflaw makes it easier for a local user to bypass the ASLR protection\nmechanism. (CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted\nfile name decoding. A local unprivileged user could exploit this flaw\nto cause a denial of service (system crash) or potentially gain\nadministrative privileges. (CVE-2014-9683).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2516-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.13-generic,\nlinux-image-3.13-generic-lpae and / or linux-image-3.13-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-46-generic\", pkgver:\"3.13.0-46.75\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-46-generic-lpae\", pkgver:\"3.13.0-46.75\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-46-lowlatency\", pkgver:\"3.13.0-46.75\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:23:36", "bulletinFamily": "scanner", "description": "USN-2515-1 fixed vulnerabilities in the Linux kernel. There was an unrelated regression in the use of the virtual counter (CNTVCT) on arm64 architectures. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nA flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules are specified and the conntrack protocol handler module is not loaded into the Linux kernel. This flaw can cause the firewall rules on the system to be bypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local user could exploit this flaw to cause a denial of service (deadlock and system hang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are handled in certain namespace scenarios. A local user could exploit this flaw to bypass file permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by the task switching function in the Linux kernel for x86_64 based machines. A local user could exploit this flaw to bypass the Address Space Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the Linux kernel's ISO 9660 CDROM file system. A local user could exploit this flaw to cause a denial of service (system crash or hang).\n(CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N.\nAdvanced Meshing Protocol in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (mesh-node system crash) via fragmented packets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A local user could cause a denial of service (memory corruption or panic) or possibly have unspecified impact via the keyctl commands.\n(CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when parsing rock ridge ER records. A local user could exploit this flaw to obtain sensitive information from kernel memory via a crafted iso9660 image. (CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR) of the Virtual Dynamically linked Shared Objects (vDSO) location. This flaw makes it easier for a local user to bypass the ASLR protection mechanism. (CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted file name decoding. A local unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrative privileges. (CVE-2014-9683).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-2515-2.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81645", "published": "2015-03-05T00:00:00", "title": "Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2515-2)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2515-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81645);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/12/01 15:12:39\");\n\n script_cve_id(\"CVE-2014-8133\", \"CVE-2014-8160\", \"CVE-2014-8559\", \"CVE-2014-8989\", \"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9428\", \"CVE-2014-9529\", \"CVE-2014-9584\", \"CVE-2014-9585\", \"CVE-2014-9683\", \"CVE-2015-0239\");\n script_bugtraq_id(70854, 71154, 71684, 71717, 71794, 71847, 71880, 71883, 71990, 72061, 72643, 72842);\n script_xref(name:\"USN\", value:\"2515-2\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2515-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-2515-1 fixed vulnerabilities in the Linux kernel. There was an\nunrelated regression in the use of the virtual counter (CNTVCT) on\narm64 architectures. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nA flaw was discovered in the Kernel Virtual Machine's (KVM) emulation\nof the SYSTENTER instruction when the guest OS does not initialize the\nSYSENTER MSRs. A guest OS user could exploit this flaw to cause a\ndenial of service of the guest OS (crash) or potentially gain\nprivileges on the guest OS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's\nThread Local Storage (TLS) implementation allowing users to bypass the\nespfix to obtain information that could be used to bypass the Address\nSpace Layout Randomization (ASLR) protection mechanism. A local user\ncould exploit this flaw to obtain potentially sensitive information\nfrom kernel memory. (CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules\nare specified and the conntrack protocol handler module is not loaded\ninto the Linux kernel. This flaw can cause the firewall rules on the\nsystem to be bypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local\nuser could exploit this flaw to cause a denial of service (deadlock\nand system hang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are\nhandled in certain namespace scenarios. A local user could exploit\nthis flaw to bypass file permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by\nthe task switching function in the Linux kernel for x86_64 based\nmachines. A local user could exploit this flaw to bypass the Address\nSpace Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the\nLinux kernel's ISO 9660 CDROM file system. A local user could exploit\nthis flaw to cause a denial of service (system crash or hang).\n(CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N.\nAdvanced Meshing Protocol in the Linux kernel. A remote attacker could\nexploit this flaw to cause a denial of service (mesh-node system\ncrash) via fragmented packets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A\nlocal user could cause a denial of service (memory corruption or\npanic) or possibly have unspecified impact via the keyctl commands.\n(CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when\nparsing rock ridge ER records. A local user could exploit this flaw to\nobtain sensitive information from kernel memory via a crafted iso9660\nimage. (CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR)\nof the Virtual Dynamically linked Shared Objects (vDSO) location. This\nflaw makes it easier for a local user to bypass the ASLR protection\nmechanism. (CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted\nfile name decoding. A local unprivileged user could exploit this flaw\nto cause a denial of service (system crash) or potentially gain\nadministrative privileges. (CVE-2014-9683).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2515-2/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.13-generic and / or\nlinux-image-3.13-generic-lpae packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.13.0-46-generic\", pkgver:\"3.13.0-46.77~precise1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.13.0-46-generic-lpae\", pkgver:\"3.13.0-46.77~precise1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:23:34", "bulletinFamily": "scanner", "description": "A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules are specified and the conntrack protocol handler module is not loaded into the Linux kernel. This flaw can cause the firewall rules on the system to be bypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local user could exploit this flaw to cause a denial of service (deadlock and system hang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are handled in certain namespace scenarios. A local user could exploit this flaw to bypass file permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by the task switching function in the Linux kernel for x86_64 based machines. A local user could exploit this flaw to bypass the Address Space Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the Linux kernel's ISO 9660 CDROM file system. A local user could exploit this flaw to cause a denial of service (system crash or hang).\n(CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N.\nAdvanced Meshing Protocol in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (mesh-node system crash) via fragmented packets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A local user could cause a denial of service (memory corruption or panic) or possibly have unspecified impact via the keyctl commands.\n(CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when parsing rock ridge ER records. A local user could exploit this flaw to obtain sensitive information from kernel memory via a crafted iso9660 image. (CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR) of the Virtual Dynamically linked Shared Objects (vDSO) location. This flaw makes it easier for a local user to bypass the ASLR protection mechanism. (CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted file name decoding. A local unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrative privileges. (CVE-2014-9683).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-2515-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81568", "published": "2015-02-27T00:00:00", "title": "Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2515-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2515-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81568);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/12/01 15:12:39\");\n\n script_cve_id(\"CVE-2014-8133\", \"CVE-2014-8160\", \"CVE-2014-8559\", \"CVE-2014-8989\", \"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9428\", \"CVE-2014-9529\", \"CVE-2014-9584\", \"CVE-2014-9585\", \"CVE-2014-9683\", \"CVE-2015-0239\");\n script_bugtraq_id(70854, 71154, 71684, 71717, 71794, 71847, 71880, 71883, 71990, 72061, 72643, 72842);\n script_xref(name:\"USN\", value:\"2515-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2515-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation\nof the SYSTENTER instruction when the guest OS does not initialize the\nSYSENTER MSRs. A guest OS user could exploit this flaw to cause a\ndenial of service of the guest OS (crash) or potentially gain\nprivileges on the guest OS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's\nThread Local Storage (TLS) implementation allowing users to bypass the\nespfix to obtain information that could be used to bypass the Address\nSpace Layout Randomization (ASLR) protection mechanism. A local user\ncould exploit this flaw to obtain potentially sensitive information\nfrom kernel memory. (CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules\nare specified and the conntrack protocol handler module is not loaded\ninto the Linux kernel. This flaw can cause the firewall rules on the\nsystem to be bypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local\nuser could exploit this flaw to cause a denial of service (deadlock\nand system hang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are\nhandled in certain namespace scenarios. A local user could exploit\nthis flaw to bypass file permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by\nthe task switching function in the Linux kernel for x86_64 based\nmachines. A local user could exploit this flaw to bypass the Address\nSpace Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the\nLinux kernel's ISO 9660 CDROM file system. A local user could exploit\nthis flaw to cause a denial of service (system crash or hang).\n(CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N.\nAdvanced Meshing Protocol in the Linux kernel. A remote attacker could\nexploit this flaw to cause a denial of service (mesh-node system\ncrash) via fragmented packets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A\nlocal user could cause a denial of service (memory corruption or\npanic) or possibly have unspecified impact via the keyctl commands.\n(CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when\nparsing rock ridge ER records. A local user could exploit this flaw to\nobtain sensitive information from kernel memory via a crafted iso9660\nimage. (CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR)\nof the Virtual Dynamically linked Shared Objects (vDSO) location. This\nflaw makes it easier for a local user to bypass the ASLR protection\nmechanism. (CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted\nfile name decoding. A local unprivileged user could exploit this flaw\nto cause a denial of service (system crash) or potentially gain\nadministrative privileges. (CVE-2014-9683).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2515-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.13-generic and / or\nlinux-image-3.13-generic-lpae packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.13.0-46-generic\", pkgver:\"3.13.0-46.75~precise1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.13.0-46-generic-lpae\", pkgver:\"3.13.0-46.75~precise1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:23:34", "bulletinFamily": "scanner", "description": "A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules are specified and the conntrack protocol handler module is not loaded into the Linux kernel. This flaw can cause the firewall rules on the system to be bypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local user could exploit this flaw to cause a denial of service (deadlock and system hang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are handled in certain namespace scenarios. A local user could exploit this flaw to bypass file permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by the task switching function in the Linux kernel for x86_64 based machines. A local user could exploit this flaw to bypass the Address Space Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the Linux kernel's ISO 9660 CDROM file system. A local user could exploit this flaw to cause a denial of service (system crash or hang).\n(CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N.\nAdvanced Meshing Protocol in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (mesh-node system crash) via fragmented packets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A local user could cause a denial of service (memory corruption or panic) or possibly have unspecified impact via the keyctl commands.\n(CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when parsing rock ridge ER records. A local user could exploit this flaw to obtain sensitive information from kernel memory via a crafted iso9660 image. (CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR) of the Virtual Dynamically linked Shared Objects (vDSO) location. This flaw makes it easier for a local user to bypass the ASLR protection mechanism. (CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted file name decoding. A local unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrative privileges. (CVE-2014-9683).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-2517-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81570", "published": "2015-02-27T00:00:00", "title": "Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2517-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2517-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81570);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/12/01 15:12:39\");\n\n script_cve_id(\"CVE-2014-8133\", \"CVE-2014-8160\", \"CVE-2014-8559\", \"CVE-2014-8989\", \"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9428\", \"CVE-2014-9529\", \"CVE-2014-9584\", \"CVE-2014-9585\", \"CVE-2014-9683\", \"CVE-2015-0239\");\n script_bugtraq_id(70854, 71154, 71684, 71717, 71794, 71847, 71880, 71883, 71990, 72061, 72643, 72842);\n script_xref(name:\"USN\", value:\"2517-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2517-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation\nof the SYSTENTER instruction when the guest OS does not initialize the\nSYSENTER MSRs. A guest OS user could exploit this flaw to cause a\ndenial of service of the guest OS (crash) or potentially gain\nprivileges on the guest OS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's\nThread Local Storage (TLS) implementation allowing users to bypass the\nespfix to obtain information that could be used to bypass the Address\nSpace Layout Randomization (ASLR) protection mechanism. A local user\ncould exploit this flaw to obtain potentially sensitive information\nfrom kernel memory. (CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules\nare specified and the conntrack protocol handler module is not loaded\ninto the Linux kernel. This flaw can cause the firewall rules on the\nsystem to be bypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local\nuser could exploit this flaw to cause a denial of service (deadlock\nand system hang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are\nhandled in certain namespace scenarios. A local user could exploit\nthis flaw to bypass file permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by\nthe task switching function in the Linux kernel for x86_64 based\nmachines. A local user could exploit this flaw to bypass the Address\nSpace Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the\nLinux kernel's ISO 9660 CDROM file system. A local user could exploit\nthis flaw to cause a denial of service (system crash or hang).\n(CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N.\nAdvanced Meshing Protocol in the Linux kernel. A remote attacker could\nexploit this flaw to cause a denial of service (mesh-node system\ncrash) via fragmented packets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A\nlocal user could cause a denial of service (memory corruption or\npanic) or possibly have unspecified impact via the keyctl commands.\n(CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when\nparsing rock ridge ER records. A local user could exploit this flaw to\nobtain sensitive information from kernel memory via a crafted iso9660\nimage. (CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR)\nof the Virtual Dynamically linked Shared Objects (vDSO) location. This\nflaw makes it easier for a local user to bypass the ASLR protection\nmechanism. (CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted\nfile name decoding. A local unprivileged user could exploit this flaw\nto cause a denial of service (system crash) or potentially gain\nadministrative privileges. (CVE-2014-9683).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2517-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.16-generic,\nlinux-image-3.16-generic-lpae and / or linux-image-3.16-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-31-generic\", pkgver:\"3.16.0-31.41~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-31-generic-lpae\", pkgver:\"3.16.0-31.41~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-31-lowlatency\", pkgver:\"3.16.0-31.41~14.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.16-generic / linux-image-3.16-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:24:05", "bulletinFamily": "scanner", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: 20930551] (CVE-2014-9584)\n\n - KEYS: close race between key lookup and freeing (Sasha Levin) [Orabug: 20930548] (CVE-2014-9529) (CVE-2014-9529)\n\n - mm: memcg: do not allow task about to OOM kill to bypass the limit (Johannes Weiner) [Orabug: 20930539] (CVE-2014-8171)\n\n - mm: memcg: do not declare OOM from __GFP_NOFAIL allocations (Johannes Weiner) [Orabug: 20930539] (CVE-2014-8171)\n\n - fs: buffer: move allocation failure loop into the allocator (Johannes Weiner) [Orabug: 20930539] (CVE-2014-8171)\n\n - mm: memcg: handle non-error OOM situations more gracefully (Johannes Weiner) [Orabug: 20930539] (CVE-2014-8171)\n\n - mm: memcg: do not trap chargers with full callstack on OOM (Johannes Weiner) [Orabug: 20930539] (CVE-2014-8171)\n\n - mm: memcg: rework and document OOM waiting and wakeup (Johannes Weiner) [Orabug: 20930539] (CVE-2014-8171)\n\n - mm: memcg: enable memcg OOM killer only for user faults (Johannes Weiner) [Orabug: 20930539] (CVE-2014-8171)\n\n - x86: finish user fault error path with fatal signal (Johannes Weiner) [Orabug: 20930539] (CVE-2014-8171)\n\n - arch: mm: pass userspace fault flag to generic fault handler (Johannes Weiner) [Orabug: 20930539] (CVE-2014-8171)\n\n - selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. (Stephen Smalley) [Orabug: 20930501] (CVE-2014-3215)", "modified": "2018-07-24T00:00:00", "id": "ORACLEVM_OVMSA-2015-0056.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83108", "published": "2015-04-28T00:00:00", "title": "OracleVM 3.3 : kernel-uek (OVMSA-2015-0056)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2015-0056.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83108);\n script_version(\"2.6\");\n script_cvs_date(\"Date: 2018/07/24 18:56:11\");\n\n script_cve_id(\"CVE-2014-3215\", \"CVE-2014-8171\", \"CVE-2014-9529\", \"CVE-2014-9584\");\n script_bugtraq_id(67341, 71880, 71883, 74293);\n\n script_name(english:\"OracleVM 3.3 : kernel-uek (OVMSA-2015-0056)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - isofs: Fix unchecked printing of ER records (Jan Kara)\n [Orabug: 20930551] (CVE-2014-9584)\n\n - KEYS: close race between key lookup and freeing (Sasha\n Levin) [Orabug: 20930548] (CVE-2014-9529)\n (CVE-2014-9529)\n\n - mm: memcg: do not allow task about to OOM kill to bypass\n the limit (Johannes Weiner) [Orabug: 20930539]\n (CVE-2014-8171)\n\n - mm: memcg: do not declare OOM from __GFP_NOFAIL\n allocations (Johannes Weiner) [Orabug: 20930539]\n (CVE-2014-8171)\n\n - fs: buffer: move allocation failure loop into the\n allocator (Johannes Weiner) [Orabug: 20930539]\n (CVE-2014-8171)\n\n - mm: memcg: handle non-error OOM situations more\n gracefully (Johannes Weiner) [Orabug: 20930539]\n (CVE-2014-8171)\n\n - mm: memcg: do not trap chargers with full callstack on\n OOM (Johannes Weiner) [Orabug: 20930539] (CVE-2014-8171)\n\n - mm: memcg: rework and document OOM waiting and wakeup\n (Johannes Weiner) [Orabug: 20930539] (CVE-2014-8171)\n\n - mm: memcg: enable memcg OOM killer only for user faults\n (Johannes Weiner) [Orabug: 20930539] (CVE-2014-8171)\n\n - x86: finish user fault error path with fatal signal\n (Johannes Weiner) [Orabug: 20930539] (CVE-2014-8171)\n\n - arch: mm: pass userspace fault flag to generic fault\n handler (Johannes Weiner) [Orabug: 20930539]\n (CVE-2014-8171)\n\n - selinux: Permit bounded transitions under NO_NEW_PRIVS\n or NOSUID. (Stephen Smalley) [Orabug: 20930501]\n (CVE-2014-3215)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2015-April/000307.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a1c84d76\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! ereg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"kernel-uek-3.8.13-68.1.3.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"kernel-uek-firmware-3.8.13-68.1.3.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:58", "bulletinFamily": "software", "description": "Protection bypass, privilege escalation, DoS.", "modified": "2015-01-18T00:00:00", "published": "2015-01-18T00:00:00", "id": "SECURITYVULNS:VULN:14217", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14217", "title": "Linux kernel multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:57", "bulletinFamily": "software", "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2511-1\r\nFebruary 26, 2015\r\n\r\nlinux vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 10.04 LTS\r\n\r\nSummary:\r\n\r\nSeveral security issues were fixed in the kernel.\r\n\r\nSoftware Description:\r\n- linux: Linux kernel\r\n\r\nDetails:\r\n\r\nA race condition was discovered in the Linux kernel&#39;s key ring. A local\r\nuser could cause a denial of service &#40;memory corruption or panic&#41; or\r\npossibly have unspecified impact via the keyctl commands. &#40;CVE-2014-9529&#41;\r\n\r\nA memory leak was discovered in the ISO 9660 CDROM file system when parsing\r\nrock ridge ER records. A local user could exploit this flaw to obtain\r\nsensitive information from kernel memory via a crafted iso9660 image.\r\n&#40;CVE-2014-9584&#41;\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 10.04 LTS:\r\n linux-image-2.6.32-73-386 2.6.32-73.140\r\n linux-image-2.6.32-73-generic 2.6.32-73.140\r\n linux-image-2.6.32-73-generic-pae 2.6.32-73.140\r\n linux-image-2.6.32-73-ia64 2.6.32-73.140\r\n linux-image-2.6.32-73-lpia 2.6.32-73.140\r\n linux-image-2.6.32-73-powerpc 2.6.32-73.140\r\n linux-image-2.6.32-73-powerpc-smp 2.6.32-73.140\r\n linux-image-2.6.32-73-powerpc64-smp 2.6.32-73.140\r\n linux-image-2.6.32-73-preempt 2.6.32-73.140\r\n linux-image-2.6.32-73-server 2.6.32-73.140\r\n linux-image-2.6.32-73-sparc64 2.6.32-73.140\r\n linux-image-2.6.32-73-sparc64-smp 2.6.32-73.140\r\n linux-image-2.6.32-73-versatile 2.6.32-73.140\r\n linux-image-2.6.32-73-virtual 2.6.32-73.140\r\n\r\nAfter a standard system update you need to reboot your computer to make\r\nall the necessary changes.\r\n\r\nATTENTION: Due to an unavoidable ABI change the kernel updates have\r\nbeen given a new version number, which requires you to recompile and\r\nreinstall all third party kernel modules you might have installed. If\r\nyou use linux-restricted-modules, you have to update that package as\r\nwell to get modules which work with the new kernel version. Unless you\r\nmanually uninstalled the standard kernel metapackages &#40;e.g. linux-generic,\r\nlinux-server, linux-powerpc&#41;, a standard system upgrade will automatically\r\nperform this as well.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2511-1\r\n CVE-2014-9529, CVE-2014-9584\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/linux/2.6.32-73.140\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "modified": "2015-03-07T00:00:00", "published": "2015-03-07T00:00:00", "id": "SECURITYVULNS:DOC:31768", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31768", "title": "[USN-2511-1] Linux kernel vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:56", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2015:027\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : kernel\r\n Date : January 16, 2015\r\n Affected: Business Server 1.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple vulnerabilities has been found and corrected in the Linux\r\n kernel:\r\n \r\n The SCTP implementation in the Linux kernel before 3.17.4 allows\r\n remote attackers to cause a denial of service &#40;memory consumption&#41; by\r\n triggering a large number of chunks in an association&#039;s output queue,\r\n as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and\r\n net/sctp/sm_statefuns.c &#40;CVE-2014-3688=.\r\n \r\n Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux\r\n kernel before 3.16.3, allows remote attackers to cause a denial of\r\n service &#40;memory corruption and panic&#41; or possibly have unspecified\r\n other impact via a long unencrypted auth ticket &#40;CVE-2014-6416&#41;.\r\n \r\n net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3,\r\n does not properly consider the possibility of kmalloc failure, which\r\n allows remote attackers to cause a denial of service &#40;system crash&#41;\r\n or possibly have unspecified other impact via a long unencrypted auth\r\n ticket &#40;CVE-2014-6417&#41;.\r\n \r\n net/ceph/auth_x.c in Ceph, as used in the Linux kernel before\r\n 3.16.3, does not properly validate auth replies, which allows remote\r\n attackers to cause a denial of service &#40;system crash&#41; or possibly\r\n have unspecified other impact via crafted data from the IP address\r\n of a Ceph Monitor &#40;CVE-2014-6418&#41;.\r\n \r\n The sctp_process_param function in net/sctp/sm_make_chunk.c in the\r\n SCTP implementation in the Linux kernel before 3.17.4, when ASCONF\r\n is used, allows remote attackers to cause a denial of service &#40;NULL\r\n pointer dereference and system crash&#41; via a malformed INIT chunk\r\n &#40;CVE-2014-7841&#41;.\r\n \r\n Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4\r\n allows guest OS users to cause a denial of service &#40;guest OS crash&#41;\r\n via a crafted application that performs an MMIO transaction or a\r\n PIO transaction to trigger a guest userspace emulation error report,\r\n a similar issue to CVE-2010-5313 &#40;CVE-2014-7842&#41;.\r\n \r\n arch/x86/kernel/tls.c in the Thread Local Storage &#40;TLS&#41; implementation\r\n in the Linux kernel through 3.18.1 allows local users to bypass the\r\n espfix protection mechanism, and consequently makes it easier for\r\n local users to bypass the ASLR protection mechanism, via a crafted\r\n application that makes a set_thread_area system call and later reads\r\n a 16-bit value &#40;CVE-2014-8133&#41;.\r\n \r\n Stack-based buffer overflow in the\r\n ttusbdecfe_dvbs_diseqc_send_master_cmd function in\r\n drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before\r\n 3.17.4 allows local users to cause a denial of service &#40;system crash&#41;\r\n or possibly gain privileges via a large message length in an ioctl call\r\n &#40;CVE-2014-8884&#41;.\r\n \r\n The do_double_fault function in arch/x86/kernel/traps.c in the Linux\r\n kernel through 3.17.4 does not properly handle faults associated with\r\n the Stack Segment &#40;SS&#41; segment register, which allows local users\r\n to cause a denial of service &#40;panic&#41; via a modify_ldt system call,\r\n as demonstrated by sigreturn_32 in the linux-clock-tests test suite\r\n &#40;CVE-2014-9090&#41;.\r\n \r\n arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does\r\n not properly handle faults associated with the Stack Segment &#40;SS&#41;\r\n segment register, which allows local users to gain privileges by\r\n triggering an IRET instruction that leads to access to a GS Base\r\n address from the wrong space &#40;CVE-2014-9322&#41;.\r\n \r\n The __switch_to function in arch/x86/kernel/process_64.c in the Linux\r\n kernel through 3.18.1 does not ensure that Thread Local Storage &#40;TLS&#41;\r\n descriptors are loaded before proceeding with other steps, which makes\r\n it easier for local users to bypass the ASLR protection mechanism via\r\n a crafted application that reads a TLS base address &#40;CVE-2014-9419&#41;.\r\n \r\n The rock_continue function in fs/isofs/rock.c in the Linux kernel\r\n through 3.18.1 does not restrict the number of Rock Ridge continuation\r\n entries, which allows local users to cause a denial of service\r\n &#40;infinite loop, and system crash or hang&#41; via a crafted iso9660 image\r\n &#40;CVE-2014-9420&#41;.\r\n \r\n Race condition in the key_gc_unused_keys function in security/keys/gc.c\r\n in the Linux kernel through 3.18.2 allows local users to cause a denial\r\n of service &#40;memory corruption or panic&#41; or possibly have unspecified\r\n other impact via keyctl commands that trigger access to a key structure\r\n member during garbage collection of a key &#40;CVE-2014-9529&#41;.\r\n \r\n The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in\r\n the Linux kernel before 3.18.2 does not validate a length value in\r\n the Extensions Reference &#40;ER&#41; System Use Field, which allows local\r\n users to obtain sensitive information from kernel memory via a crafted\r\n iso9660 image &#40;CVE-2014-9584&#41;.\r\n \r\n The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel\r\n through 3.18.2 does not properly choose memory locations for the\r\n vDSO area, which makes it easier for local users to bypass the ASLR\r\n protection mechanism by guessing a location at the end of a PMD\r\n &#40;CVE-2014-9585&#41;.\r\n \r\n The updated packages provides a solution for these security issues.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3688\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6416\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6417\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6418\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7841\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7842\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8133\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8884\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9090\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9322\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9419\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9420\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9529\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9584\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9585\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 1/X86_64:\r\n 84b2f7fd994f5ed9738484492cf1f6fb mbs1/x86_64/cpupower-3.4.105-2.1.mbs1.x86_64.rpm\r\n 3b7822069fb7f64c5954038f2a352816 mbs1/x86_64/kernel-firmware-3.4.105-2.1.mbs1.noarch.rpm\r\n 137bd01930fe4bdc9d1b7f095fd3237e mbs1/x86_64/kernel-headers-3.4.105-2.1.mbs1.x86_64.rpm\r\n 66eb79923df892f0492dc8b4011e3f47 mbs1/x86_64/kernel-server-3.4.105-2.1.mbs1.x86_64.rpm\r\n 6f24362ea683103e480874c2ff93407a mbs1/x86_64/kernel-server-devel-3.4.105-2.1.mbs1.x86_64.rpm\r\n 36aee1a085a5083200a7ffbd5da543f6 mbs1/x86_64/kernel-source-3.4.105-2.mbs1.noarch.rpm\r\n 93aef55bcc1f02263e07541db93b45ce mbs1/x86_64/lib64cpupower0-3.4.105-2.1.mbs1.x86_64.rpm\r\n f73d1f80d3d0db90a63d3889b71cc60f mbs1/x86_64/lib64cpupower-devel-3.4.105-2.1.mbs1.x86_64.rpm\r\n 854eb4e04b196c33441ce932ba48dfc7 mbs1/x86_64/perf-3.4.105-2.1.mbs1.x86_64.rpm \r\n 4727802fbd1d77523b157b7fd36177ea mbs1/SRPMS/cpupower-3.4.105-2.1.mbs1.src.rpm\r\n 1f2e120416115a646e0026e6079ac9df mbs1/SRPMS/kernel-firmware-3.4.105-2.1.mbs1.src.rpm\r\n cf4f1bbc72cb9369162703efa7b5adc3 mbs1/SRPMS/kernel-headers-3.4.105-2.1.mbs1.src.rpm\r\n 145c57c74bc2346e9435284873062057 mbs1/SRPMS/kernel-server-3.4.105-2.1.mbs1.src.rpm\r\n 7154bb874ff6fd31772fa2e03fc0a186 mbs1/SRPMS/kernel-source-3.4.105-2.mbs1.src.rpm\r\n acd00535b878c07c70ac0b2680d1b9cc mbs1/SRPMS/perf-3.4.105-2.1.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFUuULOmqjQ0CJFipgRAmTfAJ40ZrILR8XPoduEMKuokkZuOV2rXwCg424o\r\nPM+ddh+qKQrHCeweXyb+AdU=\r\n=zMRK\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2015-01-18T00:00:00", "published": "2015-01-18T00:00:00", "id": "SECURITYVULNS:DOC:31621", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31621", "title": "[ MDVSA-2015:027 ] kernel", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:05", "bulletinFamily": "unix", "description": "kernel-uek\n[3.8.13-68.1.3]\n- isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: 20930551] {CVE-2014-9584}\n- KEYS: close race between key lookup and freeing (Sasha Levin) [Orabug: 20930548] {CVE-2014-9529} {CVE-2014-9529}\n- mm: memcg: do not allow task about to OOM kill to bypass the limit (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- mm: memcg: do not declare OOM from __GFP_NOFAIL allocations (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- fs: buffer: move allocation failure loop into the allocator (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- mm: memcg: handle non-error OOM situations more gracefully (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- mm: memcg: do not trap chargers with full callstack on OOM (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- mm: memcg: rework and document OOM waiting and wakeup (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- mm: memcg: enable memcg OOM killer only for user faults (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- x86: finish user fault error path with fatal signal (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- arch: mm: pass userspace fault flag to generic fault handler (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. (Stephen Smalley) [Orabug: 20930501] {CVE-2014-3215}", "modified": "2015-04-23T00:00:00", "published": "2015-04-23T00:00:00", "id": "ELSA-2015-3032", "href": "http://linux.oracle.com/errata/ELSA-2015-3032.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:11", "bulletinFamily": "unix", "description": "[2.6.39-400.249.4]\n- isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: 20930552] {CVE-2014-9584}\n- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. (Stephen Smalley) [Orabug: 20930502] {CVE-2014-3215}\n- Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs (Andy Lutomirski) [Orabug: 20930518] {CVE-2014-3215}", "modified": "2015-04-23T00:00:00", "published": "2015-04-23T00:00:00", "id": "ELSA-2015-3033", "href": "http://linux.oracle.com/errata/ELSA-2015-3033.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:11", "bulletinFamily": "unix", "description": "kernel-uek\n[2.6.32-400.37.4]\n- isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: 20930553] {CVE-2014-9584}\n- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. (Stephen Smalley) [Orabug: 20930502] {CVE-2014-3215}\n- Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs (Andy Lutomirski) [Orabug: 20930519] {CVE-2014-3215}", "modified": "2015-04-23T00:00:00", "published": "2015-04-23T00:00:00", "id": "ELSA-2015-3034", "href": "http://linux.oracle.com/errata/ELSA-2015-3034.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:33", "bulletinFamily": "unix", "description": "kernel-uek\n[3.8.13-68.2.2]\n- crypto: aesni - fix memory usage in GCM decryption (Stephan Mueller) [Orabug: 21077385] {CVE-2015-3331}\n[3.8.13-68.2.1]\n- xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (Konrad Rzeszutek Wilk) [Orabug: 20807438] {CVE-2015-2150}\n- xen-blkfront: fix accounting of reqs when migrating (Roger Pau Monne) [Orabug: 20860817] \n- Doc/cpu-hotplug: Specify race-free way to register CPU hotplug callbacks (Srivatsa S. Bhat) [Orabug: 20917697] \n- net/iucv/iucv.c: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- net/core/flow.c: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- mm, vmstat: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- profile: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- trace, ring-buffer: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- hwmon, via-cputemp: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- hwmon, coretemp: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- octeon, watchdog: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- oprofile, nmi-timer: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- intel-idle: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- drivers/base/topology.c: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- acpi-cpufreq: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- scsi, fcoe: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- scsi, bnx2fc: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- scsi, bnx2i: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- arm64, debug-monitors: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- arm64, hw_breakpoint.c: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, kvm: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, oprofile, nmi: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, pci, amd-bus: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, hpet: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, intel, cacheinfo: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, amd, ibs: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, therm_throt.c: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, mce: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, intel, uncore: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, vsyscall: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, cpuid: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, msr: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- powerpc, sysfs: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- sparc, sysfs: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- s390, smp: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- s390, cacheinfo: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- arm, hw-breakpoint: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- ia64, err-inject: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- ia64, topology: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- ia64, palinfo: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- CPU hotplug, perf: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- CPU hotplug: Provide lockless versions of callback registration functions (Srivatsa S. Bhat) [Orabug: 20917697] \n- isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: 20930551] {CVE-2014-9584}\n- KEYS: close race between key lookup and freeing (Sasha Levin) [Orabug: 20930548] {CVE-2014-9529} {CVE-2014-9529}\n- mm: memcg: do not allow task about to OOM kill to bypass the limit (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- mm: memcg: do not declare OOM from __GFP_NOFAIL allocations (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- fs: buffer: move allocation failure loop into the allocator (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- mm: memcg: handle non-error OOM situations more gracefully (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- mm: memcg: do not trap chargers with full callstack on OOM (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- mm: memcg: rework and document OOM waiting and wakeup (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- mm: memcg: enable memcg OOM killer only for user faults (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- x86: finish user fault error path with fatal signal (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- arch: mm: pass userspace fault flag to generic fault handler (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. (Stephen Smalley) [Orabug: 20930501] {CVE-2014-3215}\n- IB/core: Prevent integer overflow in ib_umem_get address arithmetic (Shachar Raindel) [Orabug: 20799875] {CVE-2014-8159} {CVE-2014-8159}", "modified": "2015-05-13T00:00:00", "published": "2015-05-13T00:00:00", "id": "ELSA-2015-3035", "href": "http://linux.oracle.com/errata/ELSA-2015-3035.html", "title": "Unbreakable Enterprise kernel security and bugfix update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "xen": [{"lastseen": "2016-04-01T21:57:13", "bulletinFamily": "software", "description": "#### ISSUE DESCRIPTION\nAMD CPU erratum 793 &quot;Specific Combination of Writes to Write Combined Memory Types and Locked Instructions May Cause Core Hang&quot; describes a situation under which a CPU core may hang.\n#### IMPACT\nA malicious guest administrator can mount a denial of service attack affecting the whole system.\n#### VULNERABLE SYSTEMS\nThe vulnerability is applicable only to family 16h model 00h-0fh AMD CPUs.\nSuch CPUs running Xen versions 3.3 onwards are vulnerable. We have not checked earlier versions of Xen.\nHVM guests can always exploit the vulnerability if it is present. PV guests can exploit the vulnerability only if they have been granted access to physical device(s).\nNon-AMD CPUs are not vulnerable.\nCREDITS\nThis issue&#39;s security impact was discovered by Jan Beulich.\n", "modified": "2014-02-19T16:54:00", "published": "2013-12-02T17:13:00", "id": "XSA-82", "href": "http://xenbits.xen.org/xsa/advisory-82.html", "type": "xen", "title": "Guest triggerable AMD CPU erratum may cause host hang", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T12:23:18", "bulletinFamily": "unix", "description": "The Linux kernel was updated to fix bugs and security issues:\n\n Following security issues were fixed:\n - CVE-2015-1421: Use-after-free vulnerability in the sctp_assoc_update\n function in net/sctp/associola.c in the Linux kernel allowed remote\n attackers to cause a denial of service (slab corruption and panic) or\n possibly have unspecified other impact by triggering an INIT collision\n that leads to improper handling of shared-key data.\n\n - CVE-2015-2150: XSA-120: Guests were permitted to modify all bits of the\n PCI command register of passed through cards, which could lead to Host\n system crashes.\n\n - CVE-2015-0777: The XEN usb backend could leak information to the guest\n system due to copying uninitialized memory.\n\n - CVE-2015-1593: A integer overflow reduced the effectiveness of the stack\n randomization on 64-bit systems.\n\n - CVE-2014-9419: The __switch_to function in arch/x86/kernel/process_64.c\n in the Linux kernel did not ensure that Thread Local Storage (TLS)\n descriptors are loaded before proceeding with other steps, which made it\n easier for local users to bypass the ASLR protection mechanism via a\n crafted application that reads a TLS base address.\n\n - CVE-2014-9428: The batadv_frag_merge_packets function in\n net/batman-adv/fragmentation.c in the B.A.T.M.A.N. implementation in the\n Linux kernel used an incorrect length field during a calculation of an\n amount of memory, which allowed remote attackers to cause a denial of\n service (mesh-node system crash) via fragmented packets.\n\n - CVE-2014-8160: net/netfilter/nf_conntrack_proto_generic.c in the Linux\n kernel generated incorrect conntrack entries during handling of certain\n iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols,\n which allowed remote attackers to bypass intended access restrictions\n via packets with disallowed port numbers.\n\n - CVE-2014-9529: Race condition in the key_gc_unused_keys function in\n security/keys/gc.c in the Linux kernel allowed local users to cause a\n denial of service (memory corruption or panic) or possibly have\n unspecified other impact via keyctl commands that trigger access to a\n key structure member during garbage collection of a key.\n\n - CVE-2014-9420: The rock_continue function in fs/isofs/rock.c in the\n Linux kernel did not restrict the number of Rock Ridge continuation\n entries, which allowed local users to cause a denial of service\n (infinite loop, and system crash or hang) via a crafted iso9660 image.\n\n - CVE-2014-9584: The parse_rock_ridge_inode_internal function in\n fs/isofs/rock.c in the Linux kernel did not validate a length value in\n the Extensions Reference (ER) System Use Field, which allowed local\n users to obtain sensitive information from kernel memory via a crafted\n iso9660 image.\n\n - CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the\n Linux kernel did not properly choose memory locations for the vDSO area,\n which made it easier for local users to bypass the ASLR protection\n mechanism by guessing a location at the end of a PMD.\n\n - CVE-2014-8559: The d_walk function in fs/dcache.c in the Linux kernel\n through did not properly maintain the semantics of rename_lock, which\n allowed local users to cause a denial of service (deadlock and system\n hang) via a crafted application.\n\n - CVE-2014-8134: The paravirt_ops_setup function in arch/x86/kernel/kvm.c\n in the Linux kernel used an improper paravirt_enabled setting for KVM\n guest kernels, which made it easier for guest OS users to bypass the\n ASLR protection mechanism via a crafted application that reads a 16-bit\n value.\n\n Following bugs were fixed:\n - powerpc/pci: Fix IO space breakage after of_pci_range_to_resource()\n change (bnc#922542).\n\n - cifs: fix use-after-free bug in find_writable_file (bnc#909477).\n\n - usb: Do not allow usb_alloc_streams on unconfigured devices (bsc#920581).\n\n - fuse: honour max_read and max_write in direct_io mode (bnc#918954).\n\n - switch iov_iter_get_pages() to passing maximal number of pages\n (bnc#918954).\n\n - bcache: fix a livelock in btree lock v2 (bnc#910440) (bnc#910440).\n Updated because another version went upstream\n\n - drm/i915: Initialise userptr mmu_notifier serial to 1 (bnc#918970).\n\n - NFS: Don't try to reclaim delegation open state if recovery failed\n (boo#909634).\n - NFSv4: Ensure that we call FREE_STATEID when NFSv4.x stateids are\n revoked (boo#909634).\n - NFSv4: Fix races between nfs_remove_bad_delegation() and delegation\n return (boo#909634).\n - NFSv4: Ensure that we remove NFSv4.0 delegations when state has expired\n (boo#909634).\n - Fixing lease renewal (boo#909634).\n\n - bcache: Fix a bug when detaching (bsc#908582).\n\n - fix a leak in bch_cached_dev_run() (bnc#910440).\n - bcache: unregister reboot notifier when bcache fails to register a block\n device (bnc#910440).\n - bcache: fix a livelock in btree lock (bnc#910440).\n - bcache: [BUG] clear BCACHE_DEV_UNLINK_DONE flag when attaching a backing\n device (bnc#910440).\n - bcache: Add a cond_resched() call to gc (bnc#910440).\n\n - storvsc: ring buffer failures may result in I/O freeze (bnc#914175).\n\n - ALSA: seq-dummy: remove deadlock-causing events on close (boo#916608).\n - ALSA: pcm: Zero-clear reserved fields of PCM status ioctl in compat mode\n (boo#916608).\n - ALSA: bebob: Uninitialized id returned by saffirepro_both_clk_src_get\n (boo#916608).\n - ALSA: hda - Fix built-in mic on Compaq Presario CQ60 (bnc#920604).\n - ALSA: hda - Fix regression of HD-audio controller fallback modes\n (bsc#921313).\n\n - [media] sound: Update au0828 quirks table (boo#916608).\n - [media] sound: simplify au0828 quirk table (boo#916608).\n\n - ALSA: usb-audio: Add mic volume fix quirk for Logitech Webcam C210\n (boo#916608).\n - ALSA: usb-audio: extend KEF X300A FU 10 tweak to Arcam rPAC (boo#916608).\n - ALSA: usb-audio: Add ctrl message delay quirk for Marantz/Denon devices\n (boo#916608).\n - ALSA: usb-audio: Fix memory leak in FTU quirk (boo#916608).\n - ALSA: usb-audio: Fix device_del() sysfs warnings at disconnect\n (boo#916608).\n\n - ALSA: hda - Add new GPU codec ID 0x10de0072 to snd-hda (boo#916608).\n - ALSA: hda - Fix wrong gpio_dir &amp; gpio_mask hint setups for IDT/STAC\n codecs (boo#916608).\n - ALSA: hda/realtek - New codec support for ALC298 (boo#916608).\n - ALSA: hda/realtek - New codec support for ALC256 (boo#916608).\n - ALSA: hda/realtek - Add new Dell desktop for ALC3234 headset mode\n (boo#916608).\n - ALSA: hda - Add EAPD fixup for ASUS Z99He laptop (boo#916608).\n - ALSA: hda - Fix built-in mic at resume on Lenovo Ideapad S210\n (boo#916608).\n - ALSA: hda/realtek - Add headset Mic support for new Dell machine\n (boo#916608).\n - ALSA: hda_intel: Add DeviceIDs for Sunrise Point-LP (boo#916608).\n - ALSA: hda_intel: Add Device IDs for Intel Sunrise Point PCH (boo#916608).\n - ALSA: hda - add codec ID for Braswell display audio codec (boo#916608).\n - ALSA: hda - add PCI IDs for Intel Braswell (boo#916608).\n - ALSA: hda - Add dock support for Thinkpad T440 (17aa:2212) (boo#916608).\n\n - ALSA: hda - Set up GPIO for Toshiba Satellite S50D (bnc#915858).\n\n - rpm/kernel-binary.spec.in: Fix build if there is no *.crt file\n\n - mm, vmscan: prevent kswapd livelock due to pfmemalloc-throttled process\n being killed (VM Functionality bnc#910150).\n\n - Input: evdev - fix EVIOCG{type} ioctl (bnc#904899).\n\n - mnt: Implicitly add MNT_NODEV on remount when it was implicitly added by\n mount (bsc#907988).\n\n - Btrfs: fix scrub race leading to use-after-free (bnc#915456).\n - Btrfs: fix setup_leaf_for_split() to avoid leaf corruption (bnc#915454).\n - Btrfs: fix fsync log replay for inodes with a mix of regular refs and\n extrefs (bnc#915425).\n - Btrfs: fix fsync when extend references are added to an inode\n (bnc#915425).\n - Btrfs: fix directory inconsistency after fsync log replay (bnc#915425).\n - Btrfs: make xattr replace operations atomic (bnc#913466).\n - Btrfs: fix directory recovery from fsync log (bnc#895797).\n\n - bcache: add mutex lock for bch_is_open (bnc#908612).\n - bcache: Correct printing of btree_gc_max_duration_ms (bnc#908610).\n - bcache: fix crash with incomplete cache set (bnc#908608).\n - bcache: fix memory corruption in init error path (bnc#908606).\n - bcache: Fix more early shutdown bugs (bnc#908605).\n - bcache: fix use-after-free in btree_gc_coalesce() (bnc#908604).\n - bcache: Fix an infinite loop in journal replay (bnc#908603).\n - bcache: fix typo in bch_bkey_equal_header (bnc#908598).\n - bcache: Make sure to pass GFP_WAIT to mempool_alloc() (bnc#908596).\n - bcache: fix crash on shutdown in passthrough mode (bnc#908594).\n - bcache: fix lockdep warnings on shutdown (bnc#908593).\n - bcache allocator: send discards with correct size (bnc#908592).\n - bcache: Fix to remove the rcu_sched stalls (bnc#908589).\n - bcache: Fix a journal replay bug (bnc#908588).\n\n - Update x86_64 config files: CONFIG_SENSORS_NCT6683=m The nct6683 driver\n is already enabled on i386 and history suggests that it not being\n enabled on x86_64 is by mistake.\n\n - rpm/kernel-binary.spec.in: Own the modules directory in the devel\n package (bnc#910322)\n\n - Revert &quot;iwlwifi: mvm: treat EAPOLs like mgmt frames wrt rate&quot;\n (bnc#900811).\n\n - mm: free compound page with correct order (bnc#913695).\n\n - drm/i915: More cautious with pch fifo underruns (boo#907039).\n\n - Refresh patches.arch/arm64-0039-generic-pci.patch (fix PCI bridge\n support)\n\n - x86/microcode/intel: Fish out the stashed microcode for the BSP\n (bsc#903589).\n - x86, microcode: Reload microcode on resume (bsc#903589).\n - x86, microcode: Don't initialize microcode code on paravirt (bsc#903589).\n - x86, microcode, intel: Drop unused parameter (bsc#903589).\n - x86, microcode, AMD: Do not use smp_processor_id() in preemtible context\n (bsc#903589).\n - x86, microcode: Update BSPs microcode on resume (bsc#903589).\n - x86, microcode, AMD: Fix ucode patch stashing on 32-bit (bsc#903589).\n - x86, microcode: Fix accessing dis_ucode_ldr on 32-bit (bsc#903589).\n - x86, microcode, AMD: Fix early ucode loading on 32-bit (bsc#903589).\n\n - Bluetooth: Add support for Broadcom BCM20702A0 variants firmware\n download (bnc#911311).\n\n - drm/radeon: fix sad_count check for dce3 (bnc#911356).\n\n - drm/i915: Don't call intel_prepare_page_flip() multiple times\n on gen2-4 (bnc#911835).\n\n - udf: Check component length before reading it.\n - udf: Check path length when reading symlink.\n - udf: Verify symlink size before loading it.\n - udf: Verify i_size when loading inode.\n\n - arm64: Enable DRM\n\n - arm64: Enable generic PHB driver (bnc#912061).\n\n - ACPI / video: Add some Samsung models to disable_native_backlight list\n (boo#905681).\n\n - asus-nb-wmi: Add another wapf=4 quirk (boo#911438).\n - asus-nb-wmi: Add wapf4 quirk for the X550VB (boo#911438).\n - asus-nb-wmi: Add wapf4 quirk for the U32U (boo#911438).\n - asus-nb-wmi: Add wapf4 quirk for the X550CC (boo#911438).\n - asus-nb-wmi: Constify asus_quirks DMI table (boo#911438).\n - asus-nb-wmi: Add wapf4 quirk for the X550CL (boo#911438).\n - asus-nb-wmi.c: Rename x401u quirk to wapf4 (boo#911438).\n - asus-nb-wmi: Add ASUSTeK COMPUTER INC. X200CA (boo#911438).\n - WAPF 4 for ASUSTeK COMPUTER INC. X75VBP WLAN ON (boo#911438).\n\n - Input: synaptics - gate forcepad support by DMI check (bnc#911578).\n\n - ext4: introduce aging to extent status tree (bnc#893428).\n - ext4: cleanup flag definitions for extent status tree (bnc#893428).\n - ext4: limit number of scanned extents in status tree shrinker\n (bnc#893428).\n - ext4: move handling of list of shrinkable inodes into extent status code\n (bnc#893428).\n - ext4: change LRU to round-robin in extent status tree shrinker\n (bnc#893428).\n - ext4: cache extent hole in extent status tree for ext4_da_map_blocks()\n (bnc#893428).\n - ext4: fix block reservation for bigalloc filesystems (bnc#893428).\n - ext4: track extent status tree shrinker delay statictics (bnc#893428).\n - ext4: improve extents status tree trace point (bnc#893428).\n\n - rpm/kernel-binary.spec.in: Provide name-version-release for kgraft\n packages (bnc#901925)\n\n - rpm/kernel-binary.spec.in: Fix including the secure boot cert in\n /etc/uefi/certs\n\n - doc/README.SUSE: update Solid Driver team contacts\n\n - rpm/kernel-binary.spec.in: Do not sign firmware files (bnc#867199)\n\n - Port module signing changes from SLE11-SP3 (fate#314508)\n\n - doc/README.PATCH-POLICY.SUSE: add patch policy / best practices document\n after installation.\n\n", "modified": "2015-04-13T14:04:48", "published": "2015-04-13T14:04:48", "id": "OPENSUSE-SU-2015:0713-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00008.html", "title": "Security update for Linux Kernel (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:23:18", "bulletinFamily": "unix", "description": "The Linux kernel was updated to fix various bugs and security issues.\n\n Following security issues were fixed:\n - CVE-2014-8173: A NULL pointer dereference flaw was found in the way the\n Linux kernels madvise MADV_WILLNEED functionality handled page table\n locking. A local, unprivileged user could have used this flaw to crash\n the system.\n\n - CVE-2015-1593: A integer overflow reduced the effectiveness of the stack\n randomization on 64-bit systems.\n\n - CVE-2014-7822: A flaw was found in the way the Linux kernels splice()\n system call validated its parameters. On certain file systems, a local,\n unprivileged user could have used this flaw to write past the maximum\n file size, and thus crash the system.\n\n - CVE-2014-9419: The __switch_to function in arch/x86/kernel/process_64.c\n in the Linux kernel did not ensure that Thread Local Storage (TLS)\n descriptors are loaded before proceeding with other steps, which made it\n easier for local users to bypass the ASLR protection mechanism via a\n crafted application that reads a TLS base address.\n\n - CVE-2014-8134: The paravirt_ops_setup function in arch/x86/kernel/kvm.c\n in the Linux kernel used an improper paravirt_enabled setting for KVM\n guest kernels, which made it easier for guest OS users to bypass the\n ASLR protection mechanism via a crafted application that reads a 16-bit\n value.\n\n - CVE-2014-8160: net/netfilter/nf_conntrack_proto_generic.c in the Linux\n kernel generated incorrect conntrack entries during handling of certain\n iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols,\n which allowed remote attackers to bypass intended access restrictions\n via packets with disallowed port numbers.\n\n - CVE-2014-9529: Race condition in the key_gc_unused_keys function in\n security/keys/gc.c in the Linux kernel allowed local users to cause a\n denial of service (memory corruption or panic) or possibly have\n unspecified other impact via keyctl commands that trigger access to a\n key structure member during garbage collection of a key.\n\n - CVE-2014-8559: The d_walk function in fs/dcache.c in the Linux kernel\n through did not properly maintain the semantics of rename_lock, which\n allowed local users to cause a denial of service (deadlock and system\n hang) via a crafted application.\n\n - CVE-2014-9420: The rock_continue function in fs/isofs/rock.c in the\n Linux kernel did not restrict the number of Rock Ridge continuation\n entries, which allowed local users to cause a denial of service\n (infinite loop, and system crash or hang) via a crafted iso9660 image.\n\n - CVE-2014-9584: The parse_rock_ridge_inode_internal function in\n fs/isofs/rock.c in the Linux kernel did not validate a length value in\n the Extensions Reference (ER) System Use Field, which allowed local\n users to obtain sensitive information from kernel memory via a crafted\n iso9660 image.\n\n - CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the\n Linux kernel did not properly choose memory locations for the vDSO area,\n which made it easier for local users to bypass the ASLR protection\n mechanism by guessing a location at the end of a PMD.\n\n Following bugs were fixed:\n - HID: usbhid: enable always-poll quirk for Elan Touchscreen 0103\n (bnc#920901).\n - HID: usbhid: enable always-poll quirk for Elan Touchscreen 016f\n (bnc#920901).\n - HID: usbhid: enable always-poll quirk for Elan Touchscreen 009b\n (bnc#920901).\n - HID: usbhid: add another mouse that needs QUIRK_ALWAYS_POLL (bnc#920901).\n - HID: usbhid: fix PIXART optical mouse (bnc#920901).\n - HID: usbhid: enable always-poll quirk for Elan Touchscreen (bnc#920901).\n - HID: usbhid: add always-poll quirk (bnc#920901).\n\n - storvsc: ring buffer failures may result in I/O freeze (bnc#914175).\n\n - mm, vmscan: prevent kswapd livelock due to pfmemalloc-throttled process\n being killed (VM Functionality bnc#910150).\n\n - Input: evdev - fix EVIOCG{type} ioctl (bnc#904899).\n\n - mnt: Implicitly add MNT_NODEV on remount when it was implicitly added by\n mount (bsc#907988).\n\n - DocBook: Do not exceed argument list limit.\n - DocBook: Make mandocs parallel-safe.\n\n - mm: free compound page with correct order (bnc#913695).\n\n - udf: Check component length before reading it.\n - udf: Check path length when reading symlink.\n - udf: Verify symlink size before loading it.\n - udf: Verify i_size when loading inode.\n\n - xfs: remote attribute overwrite causes transaction overrun.\n\n", "modified": "2015-04-13T14:17:21", "published": "2015-04-13T14:17:21", "id": "OPENSUSE-SU-2015:0714-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html", "type": "suse", "title": "Security update for the Linux Kernel (important)", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:44:54", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the Linux kernel's implementation of vectored pipe read\nand write functionality did not take into account the I/O vectors that were\nalready processed when retrying after a failed atomic access operation,\npotentially resulting in memory corruption due to an I/O vector array\noverrun. A local, unprivileged user could use this flaw to crash the system\nor, potentially, escalate their privileges on the system. (CVE-2015-1805,\nImportant)\n\n* A race condition flaw was found in the way the Linux kernel keys\nmanagement subsystem performed key garbage collection. A local attacker\ncould attempt accessing a key while it was being garbage collected, which\nwould cause the system to crash. (CVE-2014-9529, Moderate)\n\n* A flaw was found in the way the Linux kernel's 32-bit emulation\nimplementation handled forking or closing of a task with an 'int80' entry.\nA local user could potentially use this flaw to escalate their privileges\non the system. (CVE-2015-2830, Low)\n\n* It was found that the Linux kernel's ISO file system implementation did\nnot correctly limit the traversal of Rock Ridge extension Continuation\nEntries (CE). An attacker with physical access to the system could use this\nflaw to trigger an infinite loop in the kernel, resulting in a denial of\nservice. (CVE-2014-9420, Low)\n\n* An information leak flaw was found in the way the Linux kernel's ISO9660\nfile system implementation accessed data on an ISO9660 image with RockRidge\nExtension Reference (ER) records. An attacker with physical access to the\nsystem could use this flaw to disclose up to 255 bytes of kernel memory.\n(CVE-2014-9584, Low)\n\n* A flaw was found in the way the nft_flush_table() function of the Linux\nkernel's netfilter tables implementation flushed rules that were\nreferencing deleted chains. A local user who has the CAP_NET_ADMIN\ncapability could use this flaw to crash the system. (CVE-2015-1573, Low)\n\n* An integer overflow flaw was found in the way the Linux kernel randomized\nthe stack for processes on certain 64-bit architecture systems, such as\nx86-64, causing the stack entropy to be reduced by four. (CVE-2015-1593,\nLow)\n\nRed Hat would like to thank Carl Henrik Lunde for reporting CVE-2014-9420\nand CVE-2014-9584. The security impact of the CVE-2015-1805 issue was\ndiscovered by Red Hat.\n\nThis update also fixes several bugs. Documentation for these changes is\navailable from the following Knowledgebase article:\nhttps://access.redhat.com/articles/1469163\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n", "modified": "2018-04-12T03:33:05", "published": "2015-06-23T04:00:00", "id": "RHSA-2015:1137", "href": "https://access.redhat.com/errata/RHSA-2015:1137", "type": "redhat", "title": "(RHSA-2015:1137) Important: kernel security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:15", "bulletinFamily": "unix", "description": "The kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the Linux kernel's implementation of vectored pipe read\nand write functionality did not take into account the I/O vectors that were\nalready processed when retrying after a failed atomic access operation,\npotentially resulting in memory corruption due to an I/O vector array\noverrun. A local, unprivileged user could use this flaw to crash the system\nor, potentially, escalate their privileges on the system. (CVE-2015-1805,\nImportant)\n\n* A race condition flaw was found in the way the Linux kernel keys\nmanagement subsystem performed key garbage collection. A local attacker\ncould attempt accessing a key while it was being garbage collected, which\nwould cause the system to crash. (CVE-2014-9529, Moderate)\n\n* A flaw was found in the way the Linux kernel's 32-bit emulation\nimplementation handled forking or closing of a task with an 'int80' entry.\nA local user could potentially use this flaw to escalate their privileges\non the system. (CVE-2015-2830, Low)\n\n* It was found that the Linux kernel's ISO file system implementation did\nnot correctly limit the traversal of Rock Ridge extension Continuation\nEntries (CE). An attacker with physical access to the system could use this\nflaw to trigger an infinite loop in the kernel, resulting in a denial of\nservice. (CVE-2014-9420, Low)\n\n* An information leak flaw was found in the way the Linux kernel's ISO9660\nfile system implementation accessed data on an ISO9660 image with RockRidge\nExtension Reference (ER) records. An attacker with physical access to the\nsystem could use this flaw to disclose up to 255 bytes of kernel memory.\n(CVE-2014-9584, Low)\n\n* A flaw was found in the way the nft_flush_table() function of the Linux\nkernel's netfilter tables implementation flushed rules that were\nreferencing deleted chains. A local user who has the CAP_NET_ADMIN\ncapability could use this flaw to crash the system. (CVE-2015-1573, Low)\n\n* An integer overflow flaw was found in the way the Linux kernel randomized\nthe stack for processes on certain 64-bit architecture systems, such as\nx86-64, causing the stack entropy to be reduced by four. (CVE-2015-1593,\nLow)\n\nRed Hat would like to thank Carl Henrik Lunde for reporting CVE-2014-9420\nand CVE-2014-9584. The security impact of CVE-2015-1805 was discovered by\nRed Hat.\n\nThis update provides a build of the kernel-rt package for Red Hat\nEnterprise MRG 2.5 that is layered on Red Hat Enterprise Linux 6, and\nfixes the following issues:\n\n* storvsc: get rid of overly verbose warning messages\n* storvsc: force discovery of LUNs that may have been removed\n* storvsc: in responce to a scan event, scan the hos\n* storvsc: NULL pointer dereference fix\n* futex: Mention key referencing differences between shared and private\nfutexes\n* futex: Ensure get_futex_key_refs() always implies a barrier\n* kernel module: set nx before marking module MODULE_STATE_COMING\n* kernel module: Clean up ro/nx after early module load failures\n* btrfs: make xattr replace operations atomic\n* megaraid_sas: revert: Add release date and update driver version\n* radeon: fix kernel segfault in hwmonitor\n\n(BZ#1223077)\n\nBug fix:\n\n* There is an XFS optimization that depended on a spinlock to disable\npreemption using the preempt_disable() function. When CONFIG_PREEMPT_RT is\nenabled on realtime kernels, spinlocks do not disable preemption while\nheld, so the XFS critical section was not protected from preemption.\nSystems on the Realtime kernel-rt could lock up in this XFS optimization\nwhen a task that locked all the counters was then preempted by a realtime\ntask, causing all callers of that lock to block indefinitely. This update\ndisables the optimization when building a kernel with\nCONFIG_PREEMPT_RT_FULL enabled. (BZ#1217849)\n\nAll kernel-rt users are advised to upgrade to these updated packages, which\ncorrect these issues and add these enhancements. The system must be\nrebooted for this update to take effect.\n", "modified": "2018-06-07T08:58:29", "published": "2015-06-23T04:00:00", "id": "RHSA-2015:1138", "href": "https://access.redhat.com/errata/RHSA-2015:1138", "type": "redhat", "title": "(RHSA-2015:1138) Important: kernel-rt security, bug fix, and enhancement update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:23", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way seunshare, a utility for running executables\nunder a different security context, used the capng_lock functionality of\nthe libcap-ng library. The subsequent invocation of suid root binaries that\nrelied on the fact that the setuid() system call, among others, also sets\nthe saved set-user-ID when dropping the binaries' process privileges, could\nallow a local, unprivileged user to potentially escalate their privileges\non the system. Note: the fix for this issue is the kernel part of the\noverall fix, and introduces the PR_SET_NO_NEW_PRIVS functionality and the\nrelated SELinux exec transitions support. (CVE-2014-3215, Important)\n\n* A use-after-free flaw was found in the way the Linux kernel's SCTP\nimplementation handled authentication key reference counting during INIT\ncollisions. A remote attacker could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2015-1421,\nImportant)\n\n* It was found that the Linux kernel's KVM implementation did not ensure\nthat the host CR4 control register value remained unchanged across VM\nentries on the same virtual CPU. A local, unprivileged user could use this\nflaw to cause a denial of service on the system. (CVE-2014-3690, Moderate)\n\n* An out-of-bounds memory access flaw was found in the syscall tracing\nfunctionality of the Linux kernel's perf subsystem. A local, unprivileged\nuser could use this flaw to crash the system. (CVE-2014-7825, Moderate)\n\n* An out-of-bounds memory access flaw was found in the syscall tracing\nfunctionality of the Linux kernel's ftrace subsystem. On a system with\nftrace syscall tracing enabled, a local, unprivileged user could use this\nflaw to crash the system, or escalate their privileges. (CVE-2014-7826,\nModerate)\n\n* It was found that the Linux kernel memory resource controller's (memcg)\nhandling of OOM (out of memory) conditions could lead to deadlocks.\nAn attacker able to continuously spawn new processes within a single\nmemory-constrained cgroup during an OOM event could use this flaw to lock\nup the system. (CVE-2014-8171, Moderate)\n\n* A race condition flaw was found in the way the Linux kernel keys\nmanagement subsystem performed key garbage collection. A local attacker\ncould attempt accessing a key while it was being garbage collected, which\nwould cause the system to crash. (CVE-2014-9529, Moderate)\n\n* A stack-based buffer overflow flaw was found in the TechnoTrend/Hauppauge\nDEC USB device driver. A local user with write access to the corresponding\ndevice could use this flaw to crash the kernel or, potentially, elevate\ntheir privileges on the system. (CVE-2014-8884, Low)\n\n* An information leak flaw was found in the way the Linux kernel's ISO9660\nfile system implementation accessed data on an ISO9660 image with RockRidge\nExtension Reference (ER) records. An attacker with physical access to the\nsystem could use this flaw to disclose up to 255 bytes of kernel memory.\n(CVE-2014-9584, Low)\n\nRed Hat would like to thank Andy Lutomirski for reporting CVE-2014-3215\nand CVE-2014-3690, Robert \u015awi\u0119cki for reporting CVE-2014-7825 and\nCVE-2014-7826, and Carl Henrik Lunde for reporting CVE-2014-9584. The\nCVE-2015-1421 issue was discovered by Sun Baoliang of Red Hat.\n\nThis update also fixes several bugs. Documentation for these changes is\navailable from the Technical Notes document linked to in the References\nsection.\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.", "modified": "2018-06-06T20:24:17", "published": "2015-04-21T04:00:00", "id": "RHSA-2015:0864", "href": "https://access.redhat.com/errata/RHSA-2015:0864", "type": "redhat", "title": "(RHSA-2015:0864) Important: kernel security and bug fix update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:49", "bulletinFamily": "unix", "description": "The kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the Linux kernel's implementation of vectored pipe read\nand write functionality did not take into account the I/O vectors that were\nalready processed when retrying after a failed atomic access operation,\npotentially resulting in memory corruption due to an I/O vector array\noverrun. A local, unprivileged user could use this flaw to crash the system\nor, potentially, escalate their privileges on the system. (CVE-2015-1805,\nImportant)\n\n* A race condition flaw was found in the way the Linux kernel keys\nmanagement subsystem performed key garbage collection. A local attacker\ncould attempt accessing a key while it was being garbage collected, which\nwould cause the system to crash. (CVE-2014-9529, Moderate)\n\n* A flaw was found in the way the Linux kernel's 32-bit emulation\nimplementation handled forking or closing of a task with an 'int80' entry.\nA local user could potentially use this flaw to escalate their privileges\non the system. (CVE-2015-2830, Low)\n\n* It was found that the Linux kernel's ISO file system implementation did\nnot correctly limit the traversal of Rock Ridge extension Continuation\nEntries (CE). An attacker with physical access to the system could use this\nflaw to trigger an infinite loop in the kernel, resulting in a denial of\nservice. (CVE-2014-9420, Low)\n\n* An information leak flaw was found in the way the Linux kernel's ISO9660\nfile system implementation accessed data on an ISO9660 image with RockRidge\nExtension Reference (ER) records. An attacker with physical access to the\nsystem could use this flaw to disclose up to 255 bytes of kernel memory.\n(CVE-2014-9584, Low)\n\n* A flaw was found in the way the nft_flush_table() function of the Linux\nkernel's netfilter tables implementation flushed rules that were\nreferencing deleted chains. A local user who has the CAP_NET_ADMIN\ncapability could use this flaw to crash the system. (CVE-2015-1573, Low)\n\n* An integer overflow flaw was found in the way the Linux kernel randomized\nthe stack for processes on certain 64-bit architecture systems, such as\nx86-64, causing the stack entropy to be reduced by four. (CVE-2015-1593,\nLow)\n\nRed Hat would like to thank Carl Henrik Lunde for reporting CVE-2014-9420\nand CVE-2014-9584. The security impact of CVE-2015-1805 was discovered by\nRed Hat.\n\nThe kernel-rt packages have been upgraded to version 3.10.0-229.7.2, which\nprovides a number of bug fixes and enhancements over the previous version,\nincluding:\n\n* storvsc: get rid of overly verbose warning messages\n* storvsc: force discovery of LUNs that may have been removed\n* storvsc: in responce to a scan event, scan the hos\n* storvsc: NULL pointer dereference fix\n* futex: Mention key referencing differences between shared and private\nfutexes\n* futex: Ensure get_futex_key_refs() always implies a barrier\n* kernel module: set nx before marking module MODULE_STATE_COMING\n* kernel module: Clean up ro/nx after early module load failures\n* btrfs: make xattr replace operations atomic\n* megaraid_sas: revert: Add release date and update driver version\n* radeon: fix kernel segfault in hwmonitor\n\n(BZ#1223955)\n\nBug fix:\n\n* There is an XFS optimization that depended on a spinlock to disable\npreemption using the preempt_disable() function. When CONFIG_PREEMPT_RT is\nenabled on realtime kernels, spinlocks do not disable preemption while\nheld, so the XFS critical section was not protected from preemption.\nSystems on the Realtime kernel-rt could lock up in this XFS optimization\nwhen a task that locked all the counters was then preempted by a realtime\ntask, causing all callers of that lock to block indefinitely. This update\ndisables the optimization when building a kernel with\nCONFIG_PREEMPT_RT_FULL enabled. (BZ#1223955)\n\nAll kernel-rt users are advised to upgrade to these updated packages, which\ncorrect these issues and add these enhancements. The system must be\nrebooted for this update to take effect.", "modified": "2018-03-19T16:29:50", "published": "2015-05-20T14:22:57", "id": "RHSA-2015:1139", "href": "https://access.redhat.com/errata/RHSA-2015:1139", "type": "redhat", "title": "(RHSA-2015:1139) Important: kernel-rt security, bug fix, and enhancement update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}