Fix possible local privilege escalation on x86_64 systems (CVE-2010-3081, CVE-2010-3301).
NOTE: All users should update because of this bug. Fix denial of service attack with large argument lists. Add support for perl and python scripting to perf. Nouveau video driver fixes :
fix oops in acpi edid support
disable acceleration on nva3/nva5/nva8
misc fixes from upstream + NVAF support Add support for the eject key on the Dell Studio 1555 fix rcu_dereference_check warning Restore appleir driver that got lost in the 2.6.35 rebase. Fix DMA in via-velocity network driver.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2010-14832.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(49635);
script_version("1.25");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2010-2954", "CVE-2010-2960", "CVE-2010-3067", "CVE-2010-3080", "CVE-2010-3081", "CVE-2010-3301");
script_bugtraq_id(42900, 42932, 43062, 43239, 43353, 43355);
script_xref(name:"FEDORA", value:"2010-14832");
script_name(english:"Fedora 14 : kernel-2.6.35.4-28.fc14 (2010-14832)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Fix possible local privilege escalation on x86_64 systems
(CVE-2010-3081, CVE-2010-3301).
- NOTE: All users should update because of this bug. Fix
denial of service attack with large argument lists. Add
support for perl and python scripting to perf. Nouveau
video driver fixes :
- fix oops in acpi edid support
- disable acceleration on nva3/nva5/nva8
- misc fixes from upstream + NVAF support Add support
for the eject key on the Dell Studio 1555 fix
rcu_dereference_check warning Restore appleir driver
that got lost in the 2.6.35 rebase. Fix DMA in
via-velocity network driver.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=627440"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=628770"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=629441"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=630551"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=634449"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=634457"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2010-September/048013.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?9ae7c1bc"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected kernel package."
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:14");
script_set_attribute(attribute:"patch_publication_date", value:"2010/09/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2010/09/22");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^14([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 14.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC14", reference:"kernel-2.6.35.4-28.fc14")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
Vendor | Product | Version |
---|---|---|
fedoraproject | fedora | kernel |
fedoraproject | fedora | 14 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2954
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2960
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3067
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3080
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3081
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3301
www.nessus.org/u?9ae7c1bc
bugzilla.redhat.com/show_bug.cgi?id=627440
bugzilla.redhat.com/show_bug.cgi?id=628770
bugzilla.redhat.com/show_bug.cgi?id=629441
bugzilla.redhat.com/show_bug.cgi?id=630551
bugzilla.redhat.com/show_bug.cgi?id=634449
bugzilla.redhat.com/show_bug.cgi?id=634457