Lucene search

K
nessusThis script is Copyright (C) 2010-2021 Tenable Network Security, Inc.FEDORA_2010-14832.NASL
HistorySep 22, 2010 - 12:00 a.m.

Fedora 14 : kernel-2.6.35.4-28.fc14 (2010-14832)

2010-09-2200:00:00
This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.
www.tenable.com
10

Fix possible local privilege escalation on x86_64 systems (CVE-2010-3081, CVE-2010-3301).

  • NOTE: All users should update because of this bug. Fix denial of service attack with large argument lists. Add support for perl and python scripting to perf. Nouveau video driver fixes :

  • fix oops in acpi edid support

    • disable acceleration on nva3/nva5/nva8

    • misc fixes from upstream + NVAF support Add support for the eject key on the Dell Studio 1555 fix rcu_dereference_check warning Restore appleir driver that got lost in the 2.6.35 rebase. Fix DMA in via-velocity network driver.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2010-14832.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(49635);
  script_version("1.25");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2010-2954", "CVE-2010-2960", "CVE-2010-3067", "CVE-2010-3080", "CVE-2010-3081", "CVE-2010-3301");
  script_bugtraq_id(42900, 42932, 43062, 43239, 43353, 43355);
  script_xref(name:"FEDORA", value:"2010-14832");

  script_name(english:"Fedora 14 : kernel-2.6.35.4-28.fc14 (2010-14832)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Fix possible local privilege escalation on x86_64 systems
(CVE-2010-3081, CVE-2010-3301).

  - NOTE: All users should update because of this bug. Fix
    denial of service attack with large argument lists. Add
    support for perl and python scripting to perf. Nouveau
    video driver fixes :

  - fix oops in acpi edid support

    - disable acceleration on nva3/nva5/nva8

    - misc fixes from upstream + NVAF support Add support
      for the eject key on the Dell Studio 1555 fix
      rcu_dereference_check warning Restore appleir driver
      that got lost in the 2.6.35 rebase. Fix DMA in
      via-velocity network driver.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=627440"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=628770"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=629441"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=630551"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=634449"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=634457"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2010-September/048013.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?9ae7c1bc"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected kernel package."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:14");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/09/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/09/22");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^14([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 14.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC14", reference:"kernel-2.6.35.4-28.fc14")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}