ID FEDORA_2013-21822.NASL Type nessus Reporter This script is Copyright (C) 2013-2021 Tenable Network Security, Inc. Modified 2013-12-01T00:00:00
Description
The stable 3.11.9 update contains a number of important fixes across
the tree. The 3.11.8 stable update contains a number of important
fixes across the tree.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2013-21822.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(71142);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2013-4563");
script_xref(name:"FEDORA", value:"2013-21822");
script_name(english:"Fedora 18 : kernel-3.11.9-100.fc18 (2013-21822)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"The stable 3.11.9 update contains a number of important fixes across
the tree. The 3.11.8 stable update contains a number of important
fixes across the tree.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1030015"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2013-November/122913.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?c8eae3e4"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected kernel package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:18");
script_set_attribute(attribute:"patch_publication_date", value:"2013/11/23");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/01");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^18([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 18.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC18", reference:"kernel-3.11.9-100.fc18")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
{"id": "FEDORA_2013-21822.NASL", "bulletinFamily": "scanner", "title": "Fedora 18 : kernel-3.11.9-100.fc18 (2013-21822)", "description": "The stable 3.11.9 update contains a number of important fixes across\nthe tree. The 3.11.8 stable update contains a number of important\nfixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2013-12-01T00:00:00", "modified": "2013-12-01T00:00:00", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "href": "https://www.tenable.com/plugins/nessus/71142", "reporter": "This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.", "references": ["http://www.nessus.org/u?c8eae3e4", "https://bugzilla.redhat.com/show_bug.cgi?id=1030015"], "cvelist": ["CVE-2013-4563"], "type": "nessus", "lastseen": "2021-01-12T10:11:21", "edition": 13, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-4563"]}, {"type": "fedora", "idList": ["FEDORA:1DA3D221C6", "FEDORA:6315E21421", "FEDORA:30991220A7", "FEDORA:56A5821917", "FEDORA:E6C59213CA", "FEDORA:9FA6021249", "FEDORA:6A93C20D15", "FEDORA:1317A20FE4", "FEDORA:30C5820E79", "FEDORA:936A4223EA"]}, {"type": "nessus", "idList": ["UBUNTU_USN-2113-1.NASL", "OPENSUSE-2014-114.NASL", "EULEROS_SA-2019-1475.NASL", "FEDORA_2013-21967.NASL", "FEDORA_2013-21807.NASL", "EULEROS_SA-2019-1500.NASL", "UBUNTU_USN-2117-1.NASL", "NEWSTART_CGSL_NS-SA-2019-0004_KERNEL.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:850565", "OPENVAS:841715", "OPENVAS:1361412562310841725", "OPENVAS:867089", "OPENVAS:1361412562310850565", "OPENVAS:1361412562311220191475", "OPENVAS:1361412562311220191500", "OPENVAS:841725", "OPENVAS:1361412562310867089", "OPENVAS:1361412562310841715"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2014:0205-1"]}, {"type": "ubuntu", "idList": ["USN-2113-1", "USN-2117-1"]}], "modified": "2021-01-12T10:11:21", "rev": 2}, "score": {"value": 4.8, "vector": "NONE", "modified": "2021-01-12T10:11:21", "rev": 2}, "vulnersScore": 4.8}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-21822.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71142);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4563\");\n script_xref(name:\"FEDORA\", value:\"2013-21822\");\n\n script_name(english:\"Fedora 18 : kernel-3.11.9-100.fc18 (2013-21822)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The stable 3.11.9 update contains a number of important fixes across\nthe tree. The 3.11.8 stable update contains a number of important\nfixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1030015\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-November/122913.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c8eae3e4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"kernel-3.11.9-100.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "naslFamily": "Fedora Local Security Checks", "pluginID": "71142", "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:kernel"], "scheme": null}
{"cve": [{"lastseen": "2020-12-09T19:52:45", "description": "The udp6_ufo_fragment function in net/ipv6/udp_offload.c in the Linux kernel through 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly perform a certain size comparison before inserting a fragment header, which allows remote attackers to cause a denial of service (panic) via a large IPv6 UDP packet, as demonstrated by use of the Token Bucket Filter (TBF) queueing discipline.", "edition": 5, "cvss3": {}, "published": "2013-11-20T13:19:00", "title": "CVE-2013-4563", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4563"], "modified": "2014-03-06T04:47:00", "cpe": ["cpe:/o:linux:linux_kernel:3.0.57", "cpe:/o:linux:linux_kernel:3.7", "cpe:/o:linux:linux_kernel:3.0.36", "cpe:/o:linux:linux_kernel:3.4.4", "cpe:/o:linux:linux_kernel:3.9", "cpe:/o:linux:linux_kernel:3.11.6", "cpe:/o:linux:linux_kernel:3.4.30", "cpe:/o:linux:linux_kernel:3.1.4", "cpe:/o:linux:linux_kernel:3.1.7", "cpe:/o:linux:linux_kernel:3.0.30", "cpe:/o:linux:linux_kernel:3.0.64", "cpe:/o:linux:linux_kernel:3.4.10", "cpe:/o:linux:linux_kernel:3.2.14", "cpe:/o:linux:linux_kernel:3.10.17", "cpe:/o:linux:linux_kernel:3.4.27", "cpe:/o:linux:linux_kernel:3.0.27", "cpe:/o:linux:linux_kernel:3.2.7", "cpe:/o:linux:linux_kernel:3.8.9", "cpe:/o:linux:linux_kernel:3.8.4", "cpe:/o:linux:linux_kernel:3.0.61", "cpe:/o:linux:linux_kernel:3.10.18", "cpe:/o:linux:linux_kernel:3.4.19", "cpe:/o:linux:linux_kernel:3.4.21", "cpe:/o:linux:linux_kernel:3.2.24", "cpe:/o:linux:linux_kernel:3.2.25", "cpe:/o:linux:linux_kernel:3.5.5", "cpe:/o:linux:linux_kernel:3.0.33", "cpe:/o:linux:linux_kernel:3.3.6", "cpe:/o:linux:linux_kernel:3.2.8", "cpe:/o:linux:linux_kernel:3.0.47", "cpe:/o:linux:linux_kernel:3.10.4", "cpe:/o:linux:linux_kernel:3.0.9", "cpe:/o:linux:linux_kernel:3.4.23", "cpe:/o:linux:linux_kernel:3.4.2", "cpe:/o:linux:linux_kernel:3.4.13", "cpe:/o:linux:linux_kernel:3.2.29", "cpe:/o:linux:linux_kernel:3.2.18", "cpe:/o:linux:linux_kernel:3.0.6", "cpe:/o:linux:linux_kernel:3.10.7", "cpe:/o:linux:linux_kernel:3.6.10", "cpe:/o:linux:linux_kernel:3.6.5", "cpe:/o:linux:linux_kernel:3.10.9", "cpe:/o:linux:linux_kernel:3.0.17", "cpe:/o:linux:linux_kernel:3.6", "cpe:/o:linux:linux_kernel:3.2.23", "cpe:/o:linux:linux_kernel:3.0.10", "cpe:/o:linux:linux_kernel:3.6.3", "cpe:/o:linux:linux_kernel:3.10.14", "cpe:/o:linux:linux_kernel:3.7.3", "cpe:/o:linux:linux_kernel:3.8.10", "cpe:/o:linux:linux_kernel:3.8.12", "cpe:/o:linux:linux_kernel:3.7.8", "cpe:/o:linux:linux_kernel:3.0.40", "cpe:/o:linux:linux_kernel:3.11.3", "cpe:/o:linux:linux_kernel:3.0.67", "cpe:/o:linux:linux_kernel:3.10.10", "cpe:/o:linux:linux_kernel:3.1.3", "cpe:/o:linux:linux_kernel:3.0.45", "cpe:/o:linux:linux_kernel:3.0.7", "cpe:/o:linux:linux_kernel:3.3", "cpe:/o:linux:linux_kernel:3.0.20", "cpe:/o:linux:linux_kernel:3.2.30", "cpe:/o:linux:linux_kernel:3.0.31", "cpe:/o:linux:linux_kernel:3.10.3", "cpe:/o:linux:linux_kernel:3.4.9", "cpe:/o:linux:linux_kernel:3.10.12", "cpe:/o:linux:linux_kernel:3.0.49", "cpe:/o:linux:linux_kernel:3.2.13", "cpe:/o:linux:linux_kernel:3.4.24", "cpe:/o:linux:linux_kernel:3.0.12", "cpe:/o:linux:linux_kernel:3.0.41", "cpe:/o:linux:linux_kernel:3.10.6", "cpe:/o:linux:linux_kernel:3.0.59", "cpe:/o:linux:linux_kernel:3.0.15", "cpe:/o:linux:linux_kernel:3.8.3", "cpe:/o:linux:linux_kernel:3.2.27", "cpe:/o:linux:linux_kernel:3.0.50", "cpe:/o:linux:linux_kernel:3.0.23", "cpe:/o:linux:linux_kernel:3.8.13", "cpe:/o:linux:linux_kernel:3.0.44", "cpe:/o:linux:linux_kernel:3.8.5", "cpe:/o:linux:linux_kernel:3.1.10", "cpe:/o:linux:linux_kernel:3.9.11", "cpe:/o:linux:linux_kernel:3.4.6", "cpe:/o:linux:linux_kernel:3.11", "cpe:/o:linux:linux_kernel:3.0.13", "cpe:/o:linux:linux_kernel:3.9.5", "cpe:/o:linux:linux_kernel:3.6.1", "cpe:/o:linux:linux_kernel:3.0.5", "cpe:/o:linux:linux_kernel:3.0.39", "cpe:/o:linux:linux_kernel:3.5.1", "cpe:/o:linux:linux_kernel:3.0.3", "cpe:/o:linux:linux_kernel:3.11.7", "cpe:/o:linux:linux_kernel:3.0.63", "cpe:/o:linux:linux_kernel:3.2.28", "cpe:/o:linux:linux_kernel:3.3.4", "cpe:/o:linux:linux_kernel:3.3.7", "cpe:/o:linux:linux_kernel:3.0.14", "cpe:/o:linux:linux_kernel:3.0.28", "cpe:/o:linux:linux_kernel:3.0.25", "cpe:/o:linux:linux_kernel:3.9.1", "cpe:/o:linux:linux_kernel:3.0.56", "cpe:/o:linux:linux_kernel:3.0.1", "cpe:/o:linux:linux_kernel:3.2.3", "cpe:/o:linux:linux_kernel:3.7.2", "cpe:/o:linux:linux_kernel:3.0.58", "cpe:/o:linux:linux_kernel:3.0.8", "cpe:/o:linux:linux_kernel:3.0.66", "cpe:/o:linux:linux_kernel:3.2.17", "cpe:/o:linux:linux_kernel:3.0.60", "cpe:/o:linux:linux_kernel:3.2.6", "cpe:/o:linux:linux_kernel:3.7.5", "cpe:/o:linux:linux_kernel:3.2.1", "cpe:/o:linux:linux_kernel:3.4.3", "cpe:/o:linux:linux_kernel:3.4.32", "cpe:/o:linux:linux_kernel:3.3.2", "cpe:/o:linux:linux_kernel:3.0.65", "cpe:/o:linux:linux_kernel:3.4.20", "cpe:/o:linux:linux_kernel:3.3.3", "cpe:/o:linux:linux_kernel:3.2.19", "cpe:/o:linux:linux_kernel:3.7.7", "cpe:/o:linux:linux_kernel:3.2.16", "cpe:/o:linux:linux_kernel:3.0.62", "cpe:/o:linux:linux_kernel:3.0.55", "cpe:/o:linux:linux_kernel:3.1.1", "cpe:/o:linux:linux_kernel:3.2.5", "cpe:/o:linux:linux_kernel:3.9.3", "cpe:/o:linux:linux_kernel:3.0.46", "cpe:/o:linux:linux_kernel:3.11.4", "cpe:/o:linux:linux_kernel:3.6.6", "cpe:/o:linux:linux_kernel:3.2.2", "cpe:/o:linux:linux_kernel:3.10.8", "cpe:/o:linux:linux_kernel:3.7.6", "cpe:/o:linux:linux_kernel:3.11.2", "cpe:/o:linux:linux_kernel:3.5.6", "cpe:/o:linux:linux_kernel:3.4.22", "cpe:/o:linux:linux_kernel:3.9.9", "cpe:/o:linux:linux_kernel:3.0.18", "cpe:/o:linux:linux_kernel:3.4.26", "cpe:/o:linux:linux_kernel:3.0.19", "cpe:/o:linux:linux_kernel:3.1.5", "cpe:/o:linux:linux_kernel:3.0.26", "cpe:/o:linux:linux_kernel:3.8.1", "cpe:/o:linux:linux_kernel:3.4", "cpe:/o:linux:linux_kernel:3.4.17", "cpe:/o:linux:linux_kernel:3.10.16", "cpe:/o:linux:linux_kernel:3.6.9", "cpe:/o:linux:linux_kernel:3.0.68", "cpe:/o:linux:linux_kernel:3.8.7", "cpe:/o:linux:linux_kernel:3.0.37", "cpe:/o:linux:linux_kernel:3.0.34", "cpe:/o:linux:linux_kernel:3.10.1", "cpe:/o:linux:linux_kernel:3.0", "cpe:/o:linux:linux_kernel:3.0.32", "cpe:/o:linux:linux_kernel:3.7.10", "cpe:/o:linux:linux_kernel:3.3.8", "cpe:/o:linux:linux_kernel:3.0.16", "cpe:/o:linux:linux_kernel:3.0.38", "cpe:/o:linux:linux_kernel:3.2.4", "cpe:/o:linux:linux_kernel:3.4.29", "cpe:/o:linux:linux_kernel:3.4.15", "cpe:/o:linux:linux_kernel:3.2.15", "cpe:/o:linux:linux_kernel:3.1.9", "cpe:/o:linux:linux_kernel:3.4.18", "cpe:/o:linux:linux_kernel:3.2.20", "cpe:/o:linux:linux_kernel:3.8.8", "cpe:/o:linux:linux_kernel:3.2.12", "cpe:/o:linux:linux_kernel:3.2.21", "cpe:/o:linux:linux_kernel:3.10.5", "cpe:/o:linux:linux_kernel:3.0.2", "cpe:/o:linux:linux_kernel:3.4.8", "cpe:/o:linux:linux_kernel:3.2.11", "cpe:/o:linux:linux_kernel:3.5.7", "cpe:/o:linux:linux_kernel:3.2.22", "cpe:/o:linux:linux_kernel:3.0.53", "cpe:/o:linux:linux_kernel:3.0.4", "cpe:/o:linux:linux_kernel:3.0.42", "cpe:/o:linux:linux_kernel:3.9.6", "cpe:/o:linux:linux_kernel:3.0.21", "cpe:/o:linux:linux_kernel:3.2.9", "cpe:/o:linux:linux_kernel:3.9.2", "cpe:/o:linux:linux_kernel:3.9.0", "cpe:/o:linux:linux_kernel:3.9.8", "cpe:/o:linux:linux_kernel:3.4.28", "cpe:/o:linux:linux_kernel:3.6.7", "cpe:/o:linux:linux_kernel:3.0.29", "cpe:/o:linux:linux_kernel:3.2", "cpe:/o:linux:linux_kernel:3.4.7", "cpe:/o:linux:linux_kernel:3.5.4", "cpe:/o:linux:linux_kernel:3.8.0", "cpe:/o:linux:linux_kernel:3.4.25", "cpe:/o:linux:linux_kernel:3.3.5", "cpe:/o:linux:linux_kernel:3.5.3", "cpe:/o:linux:linux_kernel:3.4.14", "cpe:/o:linux:linux_kernel:3.0.43", "cpe:/o:linux:linux_kernel:3.0.11", "cpe:/o:linux:linux_kernel:3.7.4", "cpe:/o:linux:linux_kernel:3.5.2", "cpe:/o:linux:linux_kernel:3.10.13", "cpe:/o:linux:linux_kernel:3.0.35", "cpe:/o:linux:linux_kernel:3.4.16", "cpe:/o:linux:linux_kernel:3.0.52", "cpe:/o:linux:linux_kernel:3.12", "cpe:/o:linux:linux_kernel:3.0.51", "cpe:/o:linux:linux_kernel:3.8.6", "cpe:/o:linux:linux_kernel:3.0.48", "cpe:/o:linux:linux_kernel:3.0.54", "cpe:/o:linux:linux_kernel:3.11.5", "cpe:/o:linux:linux_kernel:3.7.9", "cpe:/o:linux:linux_kernel:3.9.4", "cpe:/o:linux:linux_kernel:3.1", "cpe:/o:linux:linux_kernel:3.6.11", "cpe:/o:linux:linux_kernel:3.4.12", "cpe:/o:linux:linux_kernel:3.9.7", "cpe:/o:linux:linux_kernel:3.10.11", "cpe:/o:linux:linux_kernel:3.4.31", "cpe:/o:linux:linux_kernel:3.1.6", "cpe:/o:linux:linux_kernel:3.0.22", "cpe:/o:linux:linux_kernel:3.0.24", "cpe:/o:linux:linux_kernel:3.10.15", "cpe:/o:linux:linux_kernel:3.7.1", "cpe:/o:linux:linux_kernel:3.6.4", "cpe:/o:linux:linux_kernel:3.1.8", "cpe:/o:linux:linux_kernel:3.9.10", "cpe:/o:linux:linux_kernel:3.1.2", "cpe:/o:linux:linux_kernel:3.3.1", "cpe:/o:linux:linux_kernel:3.6.2", "cpe:/o:linux:linux_kernel:3.2.26", "cpe:/o:linux:linux_kernel:3.6.8", "cpe:/o:linux:linux_kernel:3.8.2", "cpe:/o:linux:linux_kernel:3.4.5", "cpe:/o:linux:linux_kernel:3.10.2", "cpe:/o:linux:linux_kernel:3.4.1", "cpe:/o:linux:linux_kernel:3.2.10", "cpe:/o:linux:linux_kernel:3.11.1", "cpe:/o:linux:linux_kernel:3.8.11", "cpe:/o:linux:linux_kernel:3.4.11"], "id": "CVE-2013-4563", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4563", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:3.9:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.53:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.68:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.37:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.47:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.39:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.0:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.31:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.43:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.44:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.59:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.62:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.45:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.66:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.54:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.49:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.64:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.42:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.51:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.61:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.32:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.55:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.57:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.31:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.36:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.40:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.60:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.41:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.56:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.34:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.0:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.48:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.35:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.50:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.32:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.33:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.63:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.52:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.46:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.65:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.58:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.38:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.67:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc7:*:*:*:*:*:*"]}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4563"], "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "modified": "2013-11-24T23:48:14", "published": "2013-11-24T23:48:14", "id": "FEDORA:6315E21421", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: kernel-3.11.9-300.fc20", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0343", "CVE-2013-1059", "CVE-2013-2232", "CVE-2013-2234", "CVE-2013-2888", "CVE-2013-2889", "CVE-2013-2891", "CVE-2013-2892", "CVE-2013-2893", "CVE-2013-2894", "CVE-2013-2895", "CVE-2013-2896", "CVE-2013-2897", "CVE-2013-2899", "CVE-2013-4125", "CVE-2013-4254", "CVE-2013-4343", "CVE-2013-4345", "CVE-2013-4348", "CVE-2013-4350", "CVE-2013-4387", "CVE-2013-4470", "CVE-2013-4563"], "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "modified": "2013-11-24T03:49:23", "published": "2013-11-24T03:49:23", "id": "FEDORA:56A5821917", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: kernel-3.11.9-200.fc19", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0343", "CVE-2013-1059", "CVE-2013-2232", "CVE-2013-2234", "CVE-2013-2888", "CVE-2013-2889", "CVE-2013-2891", "CVE-2013-2892", "CVE-2013-2893", "CVE-2013-2894", "CVE-2013-2895", "CVE-2013-2896", "CVE-2013-2897", "CVE-2013-2899", "CVE-2013-4125", "CVE-2013-4254", "CVE-2013-4343", "CVE-2013-4345", "CVE-2013-4348", "CVE-2013-4350", "CVE-2013-4387", "CVE-2013-4470", "CVE-2013-4563", "CVE-2013-6378", "CVE-2013-6380", "CVE-2013-6382", "CVE-2013-6405"], "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "modified": "2013-12-07T06:58:32", "published": "2013-12-07T06:58:32", "id": "FEDORA:1317A20FE4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: kernel-3.11.10-200.fc19", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0343", "CVE-2013-1059", "CVE-2013-2232", "CVE-2013-2234", "CVE-2013-2888", "CVE-2013-2889", "CVE-2013-2891", "CVE-2013-2892", "CVE-2013-2893", "CVE-2013-2894", "CVE-2013-2895", "CVE-2013-2896", "CVE-2013-2897", "CVE-2013-2899", "CVE-2013-4125", "CVE-2013-4254", "CVE-2013-4343", "CVE-2013-4345", "CVE-2013-4348", "CVE-2013-4350", "CVE-2013-4387", "CVE-2013-4470", "CVE-2013-4563", "CVE-2013-4587", "CVE-2013-6367", "CVE-2013-6368", "CVE-2013-6376", "CVE-2013-6378", "CVE-2013-6380", "CVE-2013-6382", "CVE-2013-6405"], "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "modified": "2013-12-21T02:15:01", "published": "2013-12-21T02:15:01", "id": "FEDORA:30991220A7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: kernel-3.12.5-200.fc19", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0343", "CVE-2013-1059", "CVE-2013-2232", "CVE-2013-2234", "CVE-2013-2888", "CVE-2013-2889", "CVE-2013-2891", "CVE-2013-2892", "CVE-2013-2893", "CVE-2013-2894", "CVE-2013-2895", "CVE-2013-2896", "CVE-2013-2897", "CVE-2013-2899", "CVE-2013-4125", "CVE-2013-4254", "CVE-2013-4343", "CVE-2013-4345", "CVE-2013-4348", "CVE-2013-4350", "CVE-2013-4387", "CVE-2013-4470", "CVE-2013-4563", "CVE-2013-4579", "CVE-2013-4587", "CVE-2013-6367", "CVE-2013-6368", "CVE-2013-6376", "CVE-2013-6378", "CVE-2013-6380", "CVE-2013-6382", "CVE-2013-6405", "CVE-2014-1438", "CVE-2014-1446"], "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "modified": "2014-01-20T03:04:41", "published": "2014-01-20T03:04:41", "id": "FEDORA:30C5820E79", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: kernel-3.12.8-200.fc19", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0343", "CVE-2013-1059", "CVE-2013-2232", "CVE-2013-2234", "CVE-2013-2888", "CVE-2013-2889", "CVE-2013-2891", "CVE-2013-2892", "CVE-2013-2893", "CVE-2013-2894", "CVE-2013-2895", "CVE-2013-2896", "CVE-2013-2897", "CVE-2013-2899", "CVE-2013-4125", "CVE-2013-4254", "CVE-2013-4343", "CVE-2013-4345", "CVE-2013-4348", "CVE-2013-4350", "CVE-2013-4387", "CVE-2013-4470", "CVE-2013-4563", "CVE-2013-4579", "CVE-2013-4587", "CVE-2013-6367", "CVE-2013-6368", "CVE-2013-6376", "CVE-2013-6378", "CVE-2013-6380", "CVE-2013-6382", "CVE-2013-6405"], "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "modified": "2014-01-14T08:35:05", "published": "2014-01-14T08:35:05", "id": "FEDORA:936A4223EA", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: kernel-3.12.7-200.fc19", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0343", "CVE-2013-1059", "CVE-2013-2232", "CVE-2013-2234", "CVE-2013-2888", "CVE-2013-2889", "CVE-2013-2891", "CVE-2013-2892", "CVE-2013-2893", "CVE-2013-2894", "CVE-2013-2895", "CVE-2013-2896", "CVE-2013-2897", "CVE-2013-2899", "CVE-2013-4125", "CVE-2013-4254", "CVE-2013-4343", "CVE-2013-4345", "CVE-2013-4348", "CVE-2013-4350", "CVE-2013-4387", "CVE-2013-4470", "CVE-2013-4563", "CVE-2013-4579", "CVE-2013-4587", "CVE-2013-6367", "CVE-2013-6368", "CVE-2013-6376", "CVE-2013-6378", "CVE-2013-6380", "CVE-2013-6382", "CVE-2013-6405", "CVE-2014-0069", "CVE-2014-1438", "CVE-2014-1446", "CVE-2014-1874", "CVE-2014-2039"], "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "modified": "2014-03-01T14:05:05", "published": "2014-03-01T14:05:05", "id": "FEDORA:1DA3D221C6", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: kernel-3.13.5-101.fc19", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0343", "CVE-2013-1059", "CVE-2013-2232", "CVE-2013-2234", "CVE-2013-2888", "CVE-2013-2889", "CVE-2013-2891", "CVE-2013-2892", "CVE-2013-2893", "CVE-2013-2894", "CVE-2013-2895", "CVE-2013-2896", "CVE-2013-2897", "CVE-2013-2899", "CVE-2013-4125", "CVE-2013-4254", "CVE-2013-4343", "CVE-2013-4345", "CVE-2013-4348", "CVE-2013-4350", "CVE-2013-4387", "CVE-2013-4470", "CVE-2013-4563", "CVE-2013-4579", "CVE-2013-4587", "CVE-2013-6367", "CVE-2013-6368", "CVE-2013-6376", "CVE-2013-6378", "CVE-2013-6380", "CVE-2013-6382", "CVE-2013-6405", "CVE-2014-0069", "CVE-2014-1438", "CVE-2014-1446", "CVE-2014-1874"], "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "modified": "2014-02-17T21:02:31", "published": "2014-02-17T21:02:31", "id": "FEDORA:E6C59213CA", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: kernel-3.12.11-201.fc19", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0343", "CVE-2013-1059", "CVE-2013-2232", "CVE-2013-2234", "CVE-2013-2888", "CVE-2013-2889", "CVE-2013-2891", "CVE-2013-2892", "CVE-2013-2893", "CVE-2013-2894", "CVE-2013-2895", "CVE-2013-2896", "CVE-2013-2897", "CVE-2013-2899", "CVE-2013-4125", "CVE-2013-4254", "CVE-2013-4343", "CVE-2013-4345", "CVE-2013-4348", "CVE-2013-4350", "CVE-2013-4387", "CVE-2013-4470", "CVE-2013-4563", "CVE-2013-4579", "CVE-2013-4587", "CVE-2013-6367", "CVE-2013-6368", "CVE-2013-6376", "CVE-2013-6378", "CVE-2013-6380", "CVE-2013-6382", "CVE-2013-6405", "CVE-2014-0049", "CVE-2014-0069", "CVE-2014-0100", "CVE-2014-0101", "CVE-2014-0102", "CVE-2014-1438", "CVE-2014-1446", "CVE-2014-1874", "CVE-2014-2039"], "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "modified": "2014-03-09T04:38:45", "published": "2014-03-09T04:38:45", "id": "FEDORA:6A93C20D15", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: kernel-3.13.5-103.fc19", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0343", "CVE-2013-1059", "CVE-2013-2232", "CVE-2013-2234", "CVE-2013-2888", "CVE-2013-2889", "CVE-2013-2891", "CVE-2013-2892", "CVE-2013-2893", "CVE-2013-2894", "CVE-2013-2895", "CVE-2013-2896", "CVE-2013-2897", "CVE-2013-2899", "CVE-2013-4125", "CVE-2013-4254", "CVE-2013-4343", "CVE-2013-4345", "CVE-2013-4348", "CVE-2013-4350", "CVE-2013-4387", "CVE-2013-4470", "CVE-2013-4563", "CVE-2013-4579", "CVE-2013-4587", "CVE-2013-6367", "CVE-2013-6368", "CVE-2013-6376", "CVE-2013-6378", "CVE-2013-6380", "CVE-2013-6382", "CVE-2013-6405", "CVE-2014-0049", "CVE-2014-0069", "CVE-2014-0100", "CVE-2014-0101", "CVE-2014-0102", "CVE-2014-0131", "CVE-2014-1438", "CVE-2014-1446", "CVE-2014-1874", "CVE-2014-2039", "CVE-2014-2309", "CVE-2014-2523"], "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "modified": "2014-03-28T03:18:14", "published": "2014-03-28T03:18:14", "id": "FEDORA:9FA6021249", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: kernel-3.13.7-100.fc19", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-12T10:11:21", "description": "The stable 3.11.9 update contains a number of important fixes across\nthe tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-11-25T00:00:00", "title": "Fedora 20 : kernel-3.11.9-300.fc20 (2013-21967)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4563"], "modified": "2013-11-25T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2013-21967.NASL", "href": "https://www.tenable.com/plugins/nessus/71068", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-21967.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71068);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4563\");\n script_bugtraq_id(63702);\n script_xref(name:\"FEDORA\", value:\"2013-21967\");\n\n script_name(english:\"Fedora 20 : kernel-3.11.9-300.fc20 (2013-21967)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The stable 3.11.9 update contains a number of important fixes across\nthe tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1030015\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-November/122652.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a6e8deb6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"kernel-3.11.9-300.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-12T10:11:21", "description": "The stable 3.11.9 update contains a number of important fixes across\nthe tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-11-25T00:00:00", "title": "Fedora 19 : kernel-3.11.9-200.fc19 (2013-21807)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4563"], "modified": "2013-11-25T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2013-21807.NASL", "href": "https://www.tenable.com/plugins/nessus/71067", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-21807.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71067);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4563\");\n script_bugtraq_id(63702);\n script_xref(name:\"FEDORA\", value:\"2013-21807\");\n\n script_name(english:\"Fedora 19 : kernel-3.11.9-200.fc19 (2013-21807)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The stable 3.11.9 update contains a number of important fixes across\nthe tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1030015\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-November/122543.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?09a46d77\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"kernel-3.11.9-200.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-20T12:27:18", "description": "The Linux Kernel was updated to version 3.11.10, fixing security\nissues and bugs :\n\n - floppy: bail out in open() if drive is not responding to\n block0 read (bnc#773058).\n\n - compat_sys_recvmmsg X32 fix (bnc#860993 CVE-2014-0038).\n\n - HID: usbhid: fix sis quirk (bnc#859804).\n\n - hwmon: (coretemp) Fix truncated name of alarm attributes\n\n - HID: usbhid: quirk for Synaptics Quad HD touchscreen\n (bnc#859804).\n\n - HID: usbhid: quirk for Synaptics HD touchscreen\n (bnc#859804).\n\n - HID: usbhid: merge the sis quirk (bnc#859804).\n\n - HID: hid-multitouch: add support for SiS panels\n (bnc#859804).\n\n - HID: usbhid: quirk for SiS Touchscreen (bnc#859804).\n\n - HID: usbhid: quirk for Synaptics Large Touchccreen\n (bnc#859804).\n\n - drivers: net: cpsw: fix dt probe for one port ethernet.\n\n - drivers: net: cpsw: fix for cpsw crash when build as\n modules.\n\n - dma: edma: Remove limits on number of slots.\n\n - dma: edma: Leave linked to Null slot instead of DUMMY\n slot.\n\n - dma: edma: Find missed events and issue them.\n\n - dma: edma: Write out and handle MAX_NR_SG at a given\n time.\n\n - dma: edma: Setup parameters to DMA MAX_NR_SG at a time.\n\n - ARM: edma: Add function to manually trigger an EDMA\n channel.\n\n - ARM: edma: Fix clearing of unused list for DT DMA\n resources.\n\n - ACPI: Add Toshiba NB100 to Vista _OSI blacklist.\n\n - ACPI: add missing win8 OSI comment to blacklist\n (bnc#856294).\n\n - ACPI: update win8 OSI blacklist.\n\n - ACPI: blacklist win8 OSI for buggy laptops.\n\n - ACPI: blacklist win8 OSI for ASUS Zenbook Prime UX31A\n (bnc#856294).\n\n - ACPI: Blacklist Win8 OSI for some HP laptop 2013 models\n (bnc#856294).\n\n - floppy: bail out in open() if drive is not responding to\n block0 read (bnc#773058).\n\n - ping: prevent NULL pointer dereference on write to\n msg_name (bnc#854175 CVE-2013-6432).\n\n - x86/dumpstack: Fix printk_address for direct addresses\n (bnc#845621).\n\n - Refresh patches.suse/stack-unwind.\n\n - Refresh patches.xen/xen-x86_64-dump-user-pgt.\n\n - KVM: x86: Convert vapic synchronization to _cached\n functions (CVE-2013-6368) (bnc#853052 CVE-2013-6368).\n\n - KVM: x86: fix guest-initiated crash with x2apic\n (CVE-2013-6376) (bnc#853053 CVE-2013-6376).\n\n - Build the KOTD against openSUSE:13.1:Update\n\n - xencons: generalize use of add_preferred_console()\n (bnc#733022, bnc#852652).\n\n - Update Xen patches to 3.11.10.\n\n - Rename patches.xen/xen-pcpu-hotplug to\n patches.xen/xen-pcpu.\n\n - KVM: x86: Fix potential divide by 0 in lapic\n (CVE-2013-6367) (bnc#853051 CVE-2013-6367).\n\n - KVM: Improve create VCPU parameter (CVE-2013-4587)\n (bnc#853050 CVE-2013-4587).\n\n - ipv6: fix headroom calculation in udp6_ufo_fragment\n (bnc#848042 CVE-2013-4563).\n\n - net: rework recvmsg handler msg_name and msg_namelen\n logic (bnc#854722).\n\n - patches.drivers/gpio-ucb1400-add-module_alias.patch:\n Update upstream reference\n\n -\n patches.drivers/gpio-ucb1400-can-be-built-as-a-module.pa\n tch: Update upstream reference\n\n - Delete patches.suse/ida-remove-warning-dump-stack.patch.\n Already included in kernel 3.11 (WARN calls dump_stack.)\n\n - xhci: Limit the spurious wakeup fix only to HP machines\n (bnc#852931).\n\n - iscsi_target: race condition on shutdown (bnc#850072).\n\n - Linux 3.11.10.\n\n - Refresh patches.xen/xen3-patch-2.6.29.\n\n - Delete\n patches.suse/btrfs-relocate-csums-properly-with-prealloc\n -extents.patch.\n\n -\n patches.drivers/xhci-Fix-spurious-wakeups-after-S5-on-Ha\n swell.patch: (bnc#852931).\n\n - Build mei and mei_me as modules (bnc#852656)\n\n - Linux 3.11.9.\n\n - Linux 3.11.8 (CVE-2013-4511 bnc#846529 bnc#849021).\n\n - Delete\n patches.drivers/ALSA-hda-Add-a-fixup-for-ASUS-N76VZ.\n\n - Delete\n patches.fixes/Fix-a-few-incorrectly-checked-io_-remap_pf\n n_range-ca.patch.\n\n - Add USB PHY support (needed to get USB and Ethernet\n working on beagle and panda boards) Add\n CONFIG_PINCTRL_SINGLE=y to be able to use Device tree\n (at least for beagle and panda boards) Add ARM SoC sound\n support Add SPI bus support Add user-space access to I2C\n and SPI\n\n -\n patches.arch/iommu-vt-d-remove-stack-trace-from-broken-i\n rq-remapping-warning.patch: Fix forward porting, sorry.\n\n - iommu: Remove stack trace from broken irq remapping\n warning (bnc#844513).\n\n - gpio: ucb1400: Add MODULE_ALIAS.\n\n - Allow NFSv4 username mapping to work properly\n (bnc#838024).\n\n - nfs: check if gssd is running before attempting to use\n krb5i auth in SETCLIENTID call.\n\n - sunrpc: replace sunrpc_net->gssd_running flag with a\n more reliable check.\n\n - sunrpc: create a new dummy pipe for gssd to hold open.\n\n - Set CONFIG_GPIO_TWL4030 as built-in (instead of module)\n as a requirement to boot on SD card on beagleboard xM\n\n - armv6hl, armv7hl: Update config files. Set\n CONFIG_BATMAN_ADV_BLA=y as all other kernel\n configuration files have.\n\n - Update config files :\n\n - CONFIG_BATMAN_ADV_NC=y, because other BATMAN_ADV options\n are all enabled so why not this one.\n\n - CONFIG_GPIO_SCH=m, CONFIG_GPIO_PCH=m, because we support\n all other features of these pieces of hardware.\n\n - CONFIG_INTEL_POWERCLAMP=m, because this small driver\n might be useful in specific cases, and there's no\n obvious reason not to include it.\n\n - Fix a few incorrectly checked [io_]remap_pfn_range()\n calls (bnc#849021, CVE-2013-4511).\n\n - Linux 3.11.7.", "edition": 21, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : kernel (openSUSE-SU-2014:0205-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0038", "CVE-2013-6432", "CVE-2013-4511", "CVE-2013-6368", "CVE-2013-4563", "CVE-2013-6367", "CVE-2013-6376", "CVE-2013-4587"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-trace", "p-cpe:/a:novell:opensuse:kernel-ec2-base", "p-cpe:/a:novell:opensuse:kernel-ec2", "p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debugsource", "p-cpe:/a:novell:opensuse:kernel-xen-devel", "p-cpe:/a:novell:opensuse:kernel-trace-base", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-base", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-base", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-ec2-debugsource", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:kernel-pae-devel", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-base", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-xen-debugsource", "p-cpe:/a:novell:opensuse:kernel-trace-devel", "p-cpe:/a:novell:opensuse:kernel-trace-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-ec2-devel", "p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-desktop-devel", "p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop", "p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-trace-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-base", "cpe:/o:novell:opensuse:13.1", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo"], "id": "OPENSUSE-2014-114.NASL", "href": "https://www.tenable.com/plugins/nessus/75252", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-114.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75252);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-4511\", \"CVE-2013-4563\", \"CVE-2013-4587\", \"CVE-2013-6367\", \"CVE-2013-6368\", \"CVE-2013-6376\", \"CVE-2013-6432\", \"CVE-2014-0038\");\n script_bugtraq_id(63512, 63702, 64135, 64270, 64291, 64319, 64328, 65255);\n\n script_name(english:\"openSUSE Security Update : kernel (openSUSE-SU-2014:0205-1)\");\n script_summary(english:\"Check for the openSUSE-2014-114 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Linux Kernel was updated to version 3.11.10, fixing security\nissues and bugs :\n\n - floppy: bail out in open() if drive is not responding to\n block0 read (bnc#773058).\n\n - compat_sys_recvmmsg X32 fix (bnc#860993 CVE-2014-0038).\n\n - HID: usbhid: fix sis quirk (bnc#859804).\n\n - hwmon: (coretemp) Fix truncated name of alarm attributes\n\n - HID: usbhid: quirk for Synaptics Quad HD touchscreen\n (bnc#859804).\n\n - HID: usbhid: quirk for Synaptics HD touchscreen\n (bnc#859804).\n\n - HID: usbhid: merge the sis quirk (bnc#859804).\n\n - HID: hid-multitouch: add support for SiS panels\n (bnc#859804).\n\n - HID: usbhid: quirk for SiS Touchscreen (bnc#859804).\n\n - HID: usbhid: quirk for Synaptics Large Touchccreen\n (bnc#859804).\n\n - drivers: net: cpsw: fix dt probe for one port ethernet.\n\n - drivers: net: cpsw: fix for cpsw crash when build as\n modules.\n\n - dma: edma: Remove limits on number of slots.\n\n - dma: edma: Leave linked to Null slot instead of DUMMY\n slot.\n\n - dma: edma: Find missed events and issue them.\n\n - dma: edma: Write out and handle MAX_NR_SG at a given\n time.\n\n - dma: edma: Setup parameters to DMA MAX_NR_SG at a time.\n\n - ARM: edma: Add function to manually trigger an EDMA\n channel.\n\n - ARM: edma: Fix clearing of unused list for DT DMA\n resources.\n\n - ACPI: Add Toshiba NB100 to Vista _OSI blacklist.\n\n - ACPI: add missing win8 OSI comment to blacklist\n (bnc#856294).\n\n - ACPI: update win8 OSI blacklist.\n\n - ACPI: blacklist win8 OSI for buggy laptops.\n\n - ACPI: blacklist win8 OSI for ASUS Zenbook Prime UX31A\n (bnc#856294).\n\n - ACPI: Blacklist Win8 OSI for some HP laptop 2013 models\n (bnc#856294).\n\n - floppy: bail out in open() if drive is not responding to\n block0 read (bnc#773058).\n\n - ping: prevent NULL pointer dereference on write to\n msg_name (bnc#854175 CVE-2013-6432).\n\n - x86/dumpstack: Fix printk_address for direct addresses\n (bnc#845621).\n\n - Refresh patches.suse/stack-unwind.\n\n - Refresh patches.xen/xen-x86_64-dump-user-pgt.\n\n - KVM: x86: Convert vapic synchronization to _cached\n functions (CVE-2013-6368) (bnc#853052 CVE-2013-6368).\n\n - KVM: x86: fix guest-initiated crash with x2apic\n (CVE-2013-6376) (bnc#853053 CVE-2013-6376).\n\n - Build the KOTD against openSUSE:13.1:Update\n\n - xencons: generalize use of add_preferred_console()\n (bnc#733022, bnc#852652).\n\n - Update Xen patches to 3.11.10.\n\n - Rename patches.xen/xen-pcpu-hotplug to\n patches.xen/xen-pcpu.\n\n - KVM: x86: Fix potential divide by 0 in lapic\n (CVE-2013-6367) (bnc#853051 CVE-2013-6367).\n\n - KVM: Improve create VCPU parameter (CVE-2013-4587)\n (bnc#853050 CVE-2013-4587).\n\n - ipv6: fix headroom calculation in udp6_ufo_fragment\n (bnc#848042 CVE-2013-4563).\n\n - net: rework recvmsg handler msg_name and msg_namelen\n logic (bnc#854722).\n\n - patches.drivers/gpio-ucb1400-add-module_alias.patch:\n Update upstream reference\n\n -\n patches.drivers/gpio-ucb1400-can-be-built-as-a-module.pa\n tch: Update upstream reference\n\n - Delete patches.suse/ida-remove-warning-dump-stack.patch.\n Already included in kernel 3.11 (WARN calls dump_stack.)\n\n - xhci: Limit the spurious wakeup fix only to HP machines\n (bnc#852931).\n\n - iscsi_target: race condition on shutdown (bnc#850072).\n\n - Linux 3.11.10.\n\n - Refresh patches.xen/xen3-patch-2.6.29.\n\n - Delete\n patches.suse/btrfs-relocate-csums-properly-with-prealloc\n -extents.patch.\n\n -\n patches.drivers/xhci-Fix-spurious-wakeups-after-S5-on-Ha\n swell.patch: (bnc#852931).\n\n - Build mei and mei_me as modules (bnc#852656)\n\n - Linux 3.11.9.\n\n - Linux 3.11.8 (CVE-2013-4511 bnc#846529 bnc#849021).\n\n - Delete\n patches.drivers/ALSA-hda-Add-a-fixup-for-ASUS-N76VZ.\n\n - Delete\n patches.fixes/Fix-a-few-incorrectly-checked-io_-remap_pf\n n_range-ca.patch.\n\n - Add USB PHY support (needed to get USB and Ethernet\n working on beagle and panda boards) Add\n CONFIG_PINCTRL_SINGLE=y to be able to use Device tree\n (at least for beagle and panda boards) Add ARM SoC sound\n support Add SPI bus support Add user-space access to I2C\n and SPI\n\n -\n patches.arch/iommu-vt-d-remove-stack-trace-from-broken-i\n rq-remapping-warning.patch: Fix forward porting, sorry.\n\n - iommu: Remove stack trace from broken irq remapping\n warning (bnc#844513).\n\n - gpio: ucb1400: Add MODULE_ALIAS.\n\n - Allow NFSv4 username mapping to work properly\n (bnc#838024).\n\n - nfs: check if gssd is running before attempting to use\n krb5i auth in SETCLIENTID call.\n\n - sunrpc: replace sunrpc_net->gssd_running flag with a\n more reliable check.\n\n - sunrpc: create a new dummy pipe for gssd to hold open.\n\n - Set CONFIG_GPIO_TWL4030 as built-in (instead of module)\n as a requirement to boot on SD card on beagleboard xM\n\n - armv6hl, armv7hl: Update config files. Set\n CONFIG_BATMAN_ADV_BLA=y as all other kernel\n configuration files have.\n\n - Update config files :\n\n - CONFIG_BATMAN_ADV_NC=y, because other BATMAN_ADV options\n are all enabled so why not this one.\n\n - CONFIG_GPIO_SCH=m, CONFIG_GPIO_PCH=m, because we support\n all other features of these pieces of hardware.\n\n - CONFIG_INTEL_POWERCLAMP=m, because this small driver\n might be useful in specific cases, and there's no\n obvious reason not to include it.\n\n - Fix a few incorrectly checked [io_]remap_pfn_range()\n calls (bnc#849021, CVE-2013-4511).\n\n - Linux 3.11.7.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=733022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=773058\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=838024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=844513\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=845621\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=846529\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=848042\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=849021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=850072\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=852652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=852656\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=852931\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=853050\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=853051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=853052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=853053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=854175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=854722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=856294\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=859804\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=860993\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-02/msg00022.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel recvmmsg Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-base-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-base-debuginfo-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-debuginfo-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-debugsource-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-devel-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-devel-debuginfo-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-devel-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-source-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-source-vanilla-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-syms-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-base-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-base-debuginfo-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-debugsource-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-devel-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-devel-debuginfo-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-base-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-base-debuginfo-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-debuginfo-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-debugsource-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-devel-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-devel-debuginfo-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-base-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-base-debuginfo-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-debuginfo-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-debugsource-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-devel-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-devel-debuginfo-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-base-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-base-debuginfo-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-debuginfo-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-debugsource-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-devel-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-devel-debuginfo-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-base-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-base-debuginfo-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-debuginfo-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-debugsource-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-devel-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-devel-debuginfo-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-vanilla-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-vanilla-debuginfo-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-vanilla-debugsource-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-vanilla-devel-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-vanilla-devel-debuginfo-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-base-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-base-debuginfo-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-debuginfo-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-debugsource-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-devel-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-devel-debuginfo-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-base-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-base-debuginfo-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-debuginfo-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-debugsource-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-devel-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-devel-debuginfo-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-debuginfo-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debuginfo-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debugsource-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-debuginfo-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-debuginfo-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-debuginfo-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-debugsource-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-devel-debuginfo-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-base-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-base-debuginfo-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-debuginfo-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-debugsource-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-devel-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-devel-debuginfo-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debuginfo-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debugsource-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-devel-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-devel-debuginfo-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.11.10-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-debuginfo-3.11.10-7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T08:56:35", "description": "According to the versions of the kernel packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - The IPv6 DCCP implementation in the Linux kernel\n mishandles inheritance, which allows local users to\n cause a denial of service or possibly have unspecified\n other impact via crafted system calls, a related issue\n to CVE-2017-8890. An unprivileged local user could use\n this flaw to induce kernel memory corruption on the\n system, leading to a crash. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.(CVE-2017-9076i1/4%0\n\n - It was found that the driver_override implementation in\n base/platform.c in the Linux kernel is susceptible to\n race condition when different threads are reading vs\n storing a different driver override.(CVE-2017-12146i1/4%0\n\n - The Linux Kernel imposes a size restriction on the\n arguments and environmental strings passed through\n RLIMIT_STACK/RLIMIT_INFINITY, but does not take the\n argument and environment pointers into account, which\n allows attackers to bypass this\n limitation.(CVE-2017-1000365i1/4%0\n\n - A buffer overflow flaw was found in the way the Linux\n kernel's eCryptfs implementation decoded encrypted file\n names. A local, unprivileged user could use this flaw\n to crash the system or, potentially, escalate their\n privileges on the system.(CVE-2014-9683i1/4%0\n\n - The Linux kernel was found vulnerable to an integer\n overflow in the\n drivers/video/fbdev/uvesafb.c:uvesafb_setcmap()\n function. The vulnerability could result in local\n attackers being able to crash the kernel or potentially\n elevate privileges.(CVE-2018-13406i1/4%0\n\n - net/ceph/auth_x.c in Ceph, as used in the Linux kernel\n before 3.16.3, does not properly validate auth replies,\n which allows remote attackers to cause a denial of\n service (system crash) or possibly have unspecified\n other impact via crafted data from the IP address of a\n Ceph Monitor.(CVE-2014-6418i1/4%0\n\n - A NULL pointer dereference flaw was found in the way\n the Linux kernel's Common Internet File System (CIFS)\n implementation handled mounting of file system shares.\n A remote attacker could use this flaw to crash a client\n system that would mount a file system share from a\n malicious server.(CVE-2014-7145i1/4%0\n\n - The udp6_ufo_fragment function in\n net/ipv6/udp_offload.c in the Linux kernel through\n 3.12, when UDP Fragmentation Offload (UFO) is enabled,\n does not properly perform a certain size comparison\n before inserting a fragment header, which allows remote\n attackers to cause a denial of service (panic) via a\n large IPv6 UDP packet, as demonstrated by use of the\n Token Bucket Filter (TBF) queueing\n discipline.(CVE-2013-4563i1/4%0\n\n - The do_umount function in fs/namespace.c in the Linux\n kernel through 3.17 does not require the CAP_SYS_ADMIN\n capability for do_remount_sb calls that change the root\n filesystem to read-only, which allows local users to\n cause a denial of service (loss of writability) by\n making certain unshare system calls, clearing the /\n MNT_LOCKED flag, and making an MNT_FORCE umount system\n call.(CVE-2014-7975i1/4%0\n\n - drivers/tty/n_tty.c in the Linux kernel before 4.14.11\n allows local attackers (who are able to access pseudo\n terminals) to hang/block further usage of any pseudo\n terminal devices due to an EXTPROC versus ICANON\n confusion in TIOCINQ.(CVE-2018-18386i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 11, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-13T00:00:00", "title": "EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1500)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12146", "CVE-2018-13406", "CVE-2014-7975", "CVE-2013-4563", "CVE-2014-6418", "CVE-2018-18386", "CVE-2014-9683", "CVE-2017-9076", "CVE-2014-7145", "CVE-2017-1000365", "CVE-2017-8890"], "modified": "2019-05-13T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-devel", "cpe:/o:huawei:euleros:uvp:3.0.1.0", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:kernel-tools-libs"], "id": "EULEROS_SA-2019-1500.NASL", "href": "https://www.tenable.com/plugins/nessus/124823", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124823);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2013-4563\",\n \"CVE-2014-6418\",\n \"CVE-2014-7145\",\n \"CVE-2014-7975\",\n \"CVE-2014-9683\",\n \"CVE-2017-1000365\",\n \"CVE-2017-12146\",\n \"CVE-2017-9076\",\n \"CVE-2018-13406\",\n \"CVE-2018-18386\"\n );\n script_bugtraq_id(\n 63702,\n 69867,\n 70314,\n 70393,\n 72643\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1500)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - The IPv6 DCCP implementation in the Linux kernel\n mishandles inheritance, which allows local users to\n cause a denial of service or possibly have unspecified\n other impact via crafted system calls, a related issue\n to CVE-2017-8890. An unprivileged local user could use\n this flaw to induce kernel memory corruption on the\n system, leading to a crash. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.(CVE-2017-9076i1/4%0\n\n - It was found that the driver_override implementation in\n base/platform.c in the Linux kernel is susceptible to\n race condition when different threads are reading vs\n storing a different driver override.(CVE-2017-12146i1/4%0\n\n - The Linux Kernel imposes a size restriction on the\n arguments and environmental strings passed through\n RLIMIT_STACK/RLIMIT_INFINITY, but does not take the\n argument and environment pointers into account, which\n allows attackers to bypass this\n limitation.(CVE-2017-1000365i1/4%0\n\n - A buffer overflow flaw was found in the way the Linux\n kernel's eCryptfs implementation decoded encrypted file\n names. A local, unprivileged user could use this flaw\n to crash the system or, potentially, escalate their\n privileges on the system.(CVE-2014-9683i1/4%0\n\n - The Linux kernel was found vulnerable to an integer\n overflow in the\n drivers/video/fbdev/uvesafb.c:uvesafb_setcmap()\n function. The vulnerability could result in local\n attackers being able to crash the kernel or potentially\n elevate privileges.(CVE-2018-13406i1/4%0\n\n - net/ceph/auth_x.c in Ceph, as used in the Linux kernel\n before 3.16.3, does not properly validate auth replies,\n which allows remote attackers to cause a denial of\n service (system crash) or possibly have unspecified\n other impact via crafted data from the IP address of a\n Ceph Monitor.(CVE-2014-6418i1/4%0\n\n - A NULL pointer dereference flaw was found in the way\n the Linux kernel's Common Internet File System (CIFS)\n implementation handled mounting of file system shares.\n A remote attacker could use this flaw to crash a client\n system that would mount a file system share from a\n malicious server.(CVE-2014-7145i1/4%0\n\n - The udp6_ufo_fragment function in\n net/ipv6/udp_offload.c in the Linux kernel through\n 3.12, when UDP Fragmentation Offload (UFO) is enabled,\n does not properly perform a certain size comparison\n before inserting a fragment header, which allows remote\n attackers to cause a denial of service (panic) via a\n large IPv6 UDP packet, as demonstrated by use of the\n Token Bucket Filter (TBF) queueing\n discipline.(CVE-2013-4563i1/4%0\n\n - The do_umount function in fs/namespace.c in the Linux\n kernel through 3.17 does not require the CAP_SYS_ADMIN\n capability for do_remount_sb calls that change the root\n filesystem to read-only, which allows local users to\n cause a denial of service (loss of writability) by\n making certain unshare system calls, clearing the /\n MNT_LOCKED flag, and making an MNT_FORCE umount system\n call.(CVE-2014-7975i1/4%0\n\n - drivers/tty/n_tty.c in the Linux kernel before 4.14.11\n allows local attackers (who are able to access pseudo\n terminals) to hang/block further usage of any pseudo\n terminal devices due to an EXTPROC versus ICANON\n confusion in TIOCINQ.(CVE-2018-18386i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1500\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0fbf4f5d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-13406\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.28-1.2.117\",\n \"kernel-devel-4.19.28-1.2.117\",\n \"kernel-headers-4.19.28-1.2.117\",\n \"kernel-tools-4.19.28-1.2.117\",\n \"kernel-tools-libs-4.19.28-1.2.117\",\n \"kernel-tools-libs-devel-4.19.28-1.2.117\",\n \"perf-4.19.28-1.2.117\",\n \"python-perf-4.19.28-1.2.117\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T08:56:02", "description": "According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - The skb_flow_dissect function in\n net/core/flow_dissector.c in the Linux kernel through\n 3.12 allows remote attackers to cause a denial of\n service (infinite loop) via a small value in the IHL\n field of a packet with IPIP\n encapsulation.(CVE-2013-4348)\n\n - The IPv6 SCTP implementation in net/sctp/ipv6.c in the\n Linux kernel through 3.11.1 uses data structures and\n function calls that do not trigger an intended\n configuration of IPsec encryption, which allows remote\n attackers to obtain sensitive information by sniffing\n the network.(CVE-2013-4350)\n\n - net/ipv6/ip6_output.c in the Linux kernel through\n 3.11.4 does not properly determine the need for UDP\n Fragmentation Offload (UFO) processing of small packets\n after the UFO queueing of a large packet, which allows\n remote attackers to cause a denial of service (memory\n corruption and system crash) or possibly have\n unspecified other impact via network traffic that\n triggers a large response packet.(CVE-2013-4387)\n\n - The Linux kernel before 3.12, when UDP Fragmentation\n Offload (UFO) is enabled, does not properly initialize\n certain data structures, which allows local users to\n cause a denial of service (memory corruption and system\n crash) or possibly gain privileges via a crafted\n application that uses the UDP_CORK option in a\n setsockopt system call and sends both short and long\n packets, related to the ip_ufo_append_data function in\n net/ipv4/ip_output.c and the ip6_ufo_append_data\n function in net/ipv6/ip6_output.c.(CVE-2013-4470)\n\n - Multiple integer overflows in Alchemy LCD frame-buffer\n drivers in the Linux kernel before 3.12 allow local\n users to create a read-write memory mapping for the\n entirety of kernel memory, and consequently gain\n privileges, via crafted mmap operations, related to the\n (1) au1100fb_fb_mmap function in\n drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap\n function in drivers/video/au1200fb.c.(CVE-2013-4511)\n\n - The udp6_ufo_fragment function in\n net/ipv6/udp_offload.c in the Linux kernel through\n 3.12, when UDP Fragmentation Offload (UFO) is enabled,\n does not properly perform a certain size comparison\n before inserting a fragment header, which allows remote\n attackers to cause a denial of service (panic) via a\n large IPv6 UDP packet, as demonstrated by use of the\n Token Bucket Filter (TBF) queueing\n discipline.(CVE-2013-4563)\n\n - The ath9k_htc_set_bssid_mask function in\n drivers/net/wireless/ath/ath9k/htc_drv_main.c in the\n Linux kernel through 3.12 uses a BSSID masking approach\n to determine the set of MAC addresses on which a Wi-Fi\n device is listening, which allows remote attackers to\n discover the original MAC address after spoofing by\n sending a series of packets to MAC addresses with\n certain bit manipulations.(CVE-2013-4579)\n\n - Array index error in the kvm_vm_ioctl_create_vcpu\n function in virt/kvm/kvm_main.c in the KVM subsystem in\n the Linux kernel through 3.12.5 allows local users to\n gain privileges via a large id value.(CVE-2013-4587)\n\n - The apic_get_tmcct function in arch/x86/kvm/lapic.c in\n the KVM subsystem in the Linux kernel through 3.12.5\n allows guest OS users to cause a denial of service\n (divide-by-zero error and host OS crash) via crafted\n modifications of the TMICT value.(CVE-2013-6367)\n\n - The KVM subsystem in the Linux kernel through 3.12.5\n allows local users to gain privileges or cause a denial\n of service (system crash) via a VAPIC synchronization\n operation involving a page-end address.(CVE-2013-6368)\n\n - The recalculate_apic_map function in\n arch/x86/kvm/lapic.c in the KVM subsystem in the Linux\n kernel through 3.12.5 allows guest OS users to cause a\n denial of service (host OS crash) via a crafted ICR\n write operation in x2apic mode.(CVE-2013-6376)\n\n - The lbs_debugfs_write function in\n drivers/net/wireless/libertas/debugfs.c in the Linux\n kernel through 3.12.1 allows local users to cause a\n denial of service (OOPS) by leveraging root privileges\n for a zero-length write operation.(CVE-2013-6378)\n\n - The aac_send_raw_srb function in\n drivers/scsi/aacraid/commctrl.c in the Linux kernel\n through 3.12.1 does not properly validate a certain\n size value, which allows local users to cause a denial\n of service (invalid pointer dereference) or possibly\n have unspecified other impact via an\n FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted\n SRB command.(CVE-2013-6380)\n\n - Multiple buffer underflows in the XFS implementation in\n the Linux kernel through 3.12.1 allow local users to\n cause a denial of service (memory corruption) or\n possibly have unspecified other impact by leveraging\n the CAP_SYS_ADMIN capability for a (1)\n XFS_IOC_ATTRLIST_BY_HANDLE or (2)\n XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted\n length value, related to the xfs_attrlist_by_handle\n function in fs/xfs/xfs_ioctl.c and the\n xfs_compat_attrlist_by_handle function in\n fs/xfs/xfs_ioctl32.c.(CVE-2013-6382)\n\n - The aac_compat_ioctl function in\n drivers/scsi/aacraid/linit.c in the Linux kernel before\n 3.11.8 does not require the CAP_SYS_RAWIO capability,\n which allows local users to bypass intended access\n restrictions via a crafted ioctl call.(CVE-2013-6383)\n\n - The fib6_add function in net/ipv6/ip6_fib.c in the\n Linux kernel before 3.11.5 does not properly implement\n error-code encoding, which allows local users to cause\n a denial of service (NULL pointer dereference and\n system crash) by leveraging the CAP_NET_ADMIN\n capability for an IPv6 SIOCADDRT ioctl\n call.(CVE-2013-6431)\n\n - The uio_mmap_physical function in drivers/uio/uio.c in\n the Linux kernel before 3.12 does not validate the size\n of a memory block, which allows local users to cause a\n denial of service (memory corruption) or possibly gain\n privileges via crafted mmap operations, a different\n vulnerability than CVE-2013-4511.(CVE-2013-6763)\n\n - Multiple race conditions in ipc/shm.c in the Linux\n kernel before 3.12.2 allow local users to cause a\n denial of service (use-after-free and system crash) or\n possibly have unspecified other impact via a crafted\n application that uses shmctl IPC_RMID operations in\n conjunction with other shm system calls.(CVE-2013-7026)\n\n - The ieee80211_radiotap_iterator_init function in\n net/wireless/radiotap.c in the Linux kernel before\n 3.11.7 does not check whether a frame contains any data\n outside of the header, which might allow attackers to\n cause a denial of service (buffer over-read) via a\n crafted header.(CVE-2013-7027)\n\n - The Linux kernel before 3.12.4 updates certain length\n values before ensuring that associated data structures\n have been initialized, which allows local users to\n obtain sensitive information from kernel stack memory\n via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system\n call, related to net/ipv4/ping.c, net/ipv4/raw.c,\n net/ipv4/udp.c, net/ipv6/raw.c, and\n net/ipv6/udp.c.(CVE-2013-7263)\n\n - The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in\n the Linux kernel before 3.12.4 updates a certain length\n value before ensuring that an associated data structure\n has been initialized, which allows local users to\n obtain sensitive information from kernel stack memory\n via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system\n call.(CVE-2013-7264)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "published": "2019-05-13T00:00:00", "title": "EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1475)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-7027", "CVE-2013-6383", "CVE-2013-6378", "CVE-2013-6431", "CVE-2013-4511", "CVE-2013-7264", "CVE-2013-6368", "CVE-2013-6382", "CVE-2013-4563", "CVE-2013-4579", "CVE-2013-6367", "CVE-2013-7263", "CVE-2013-4387", "CVE-2013-6376", "CVE-2013-4350", "CVE-2013-6380", "CVE-2013-4587", "CVE-2013-6763", "CVE-2013-4348", "CVE-2013-4470", "CVE-2013-7026"], "modified": "2019-05-13T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-devel", "cpe:/o:huawei:euleros:uvp:3.0.1.0", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:kernel-tools-libs"], "id": "EULEROS_SA-2019-1475.NASL", "href": "https://www.tenable.com/plugins/nessus/124799", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124799);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2013-4348\",\n \"CVE-2013-4350\",\n \"CVE-2013-4387\",\n \"CVE-2013-4470\",\n \"CVE-2013-4511\",\n \"CVE-2013-4563\",\n \"CVE-2013-4579\",\n \"CVE-2013-4587\",\n \"CVE-2013-6367\",\n \"CVE-2013-6368\",\n \"CVE-2013-6376\",\n \"CVE-2013-6378\",\n \"CVE-2013-6380\",\n \"CVE-2013-6382\",\n \"CVE-2013-6383\",\n \"CVE-2013-6431\",\n \"CVE-2013-6763\",\n \"CVE-2013-7026\",\n \"CVE-2013-7027\",\n \"CVE-2013-7263\",\n \"CVE-2013-7264\"\n );\n script_bugtraq_id(\n 62405,\n 62696,\n 63359,\n 63512,\n 63536,\n 63702,\n 63707,\n 63743,\n 63886,\n 63887,\n 63888,\n 63889,\n 64013,\n 64137,\n 64270,\n 64291,\n 64312,\n 64319,\n 64328,\n 64685,\n 64686\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1475)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - The skb_flow_dissect function in\n net/core/flow_dissector.c in the Linux kernel through\n 3.12 allows remote attackers to cause a denial of\n service (infinite loop) via a small value in the IHL\n field of a packet with IPIP\n encapsulation.(CVE-2013-4348)\n\n - The IPv6 SCTP implementation in net/sctp/ipv6.c in the\n Linux kernel through 3.11.1 uses data structures and\n function calls that do not trigger an intended\n configuration of IPsec encryption, which allows remote\n attackers to obtain sensitive information by sniffing\n the network.(CVE-2013-4350)\n\n - net/ipv6/ip6_output.c in the Linux kernel through\n 3.11.4 does not properly determine the need for UDP\n Fragmentation Offload (UFO) processing of small packets\n after the UFO queueing of a large packet, which allows\n remote attackers to cause a denial of service (memory\n corruption and system crash) or possibly have\n unspecified other impact via network traffic that\n triggers a large response packet.(CVE-2013-4387)\n\n - The Linux kernel before 3.12, when UDP Fragmentation\n Offload (UFO) is enabled, does not properly initialize\n certain data structures, which allows local users to\n cause a denial of service (memory corruption and system\n crash) or possibly gain privileges via a crafted\n application that uses the UDP_CORK option in a\n setsockopt system call and sends both short and long\n packets, related to the ip_ufo_append_data function in\n net/ipv4/ip_output.c and the ip6_ufo_append_data\n function in net/ipv6/ip6_output.c.(CVE-2013-4470)\n\n - Multiple integer overflows in Alchemy LCD frame-buffer\n drivers in the Linux kernel before 3.12 allow local\n users to create a read-write memory mapping for the\n entirety of kernel memory, and consequently gain\n privileges, via crafted mmap operations, related to the\n (1) au1100fb_fb_mmap function in\n drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap\n function in drivers/video/au1200fb.c.(CVE-2013-4511)\n\n - The udp6_ufo_fragment function in\n net/ipv6/udp_offload.c in the Linux kernel through\n 3.12, when UDP Fragmentation Offload (UFO) is enabled,\n does not properly perform a certain size comparison\n before inserting a fragment header, which allows remote\n attackers to cause a denial of service (panic) via a\n large IPv6 UDP packet, as demonstrated by use of the\n Token Bucket Filter (TBF) queueing\n discipline.(CVE-2013-4563)\n\n - The ath9k_htc_set_bssid_mask function in\n drivers/net/wireless/ath/ath9k/htc_drv_main.c in the\n Linux kernel through 3.12 uses a BSSID masking approach\n to determine the set of MAC addresses on which a Wi-Fi\n device is listening, which allows remote attackers to\n discover the original MAC address after spoofing by\n sending a series of packets to MAC addresses with\n certain bit manipulations.(CVE-2013-4579)\n\n - Array index error in the kvm_vm_ioctl_create_vcpu\n function in virt/kvm/kvm_main.c in the KVM subsystem in\n the Linux kernel through 3.12.5 allows local users to\n gain privileges via a large id value.(CVE-2013-4587)\n\n - The apic_get_tmcct function in arch/x86/kvm/lapic.c in\n the KVM subsystem in the Linux kernel through 3.12.5\n allows guest OS users to cause a denial of service\n (divide-by-zero error and host OS crash) via crafted\n modifications of the TMICT value.(CVE-2013-6367)\n\n - The KVM subsystem in the Linux kernel through 3.12.5\n allows local users to gain privileges or cause a denial\n of service (system crash) via a VAPIC synchronization\n operation involving a page-end address.(CVE-2013-6368)\n\n - The recalculate_apic_map function in\n arch/x86/kvm/lapic.c in the KVM subsystem in the Linux\n kernel through 3.12.5 allows guest OS users to cause a\n denial of service (host OS crash) via a crafted ICR\n write operation in x2apic mode.(CVE-2013-6376)\n\n - The lbs_debugfs_write function in\n drivers/net/wireless/libertas/debugfs.c in the Linux\n kernel through 3.12.1 allows local users to cause a\n denial of service (OOPS) by leveraging root privileges\n for a zero-length write operation.(CVE-2013-6378)\n\n - The aac_send_raw_srb function in\n drivers/scsi/aacraid/commctrl.c in the Linux kernel\n through 3.12.1 does not properly validate a certain\n size value, which allows local users to cause a denial\n of service (invalid pointer dereference) or possibly\n have unspecified other impact via an\n FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted\n SRB command.(CVE-2013-6380)\n\n - Multiple buffer underflows in the XFS implementation in\n the Linux kernel through 3.12.1 allow local users to\n cause a denial of service (memory corruption) or\n possibly have unspecified other impact by leveraging\n the CAP_SYS_ADMIN capability for a (1)\n XFS_IOC_ATTRLIST_BY_HANDLE or (2)\n XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted\n length value, related to the xfs_attrlist_by_handle\n function in fs/xfs/xfs_ioctl.c and the\n xfs_compat_attrlist_by_handle function in\n fs/xfs/xfs_ioctl32.c.(CVE-2013-6382)\n\n - The aac_compat_ioctl function in\n drivers/scsi/aacraid/linit.c in the Linux kernel before\n 3.11.8 does not require the CAP_SYS_RAWIO capability,\n which allows local users to bypass intended access\n restrictions via a crafted ioctl call.(CVE-2013-6383)\n\n - The fib6_add function in net/ipv6/ip6_fib.c in the\n Linux kernel before 3.11.5 does not properly implement\n error-code encoding, which allows local users to cause\n a denial of service (NULL pointer dereference and\n system crash) by leveraging the CAP_NET_ADMIN\n capability for an IPv6 SIOCADDRT ioctl\n call.(CVE-2013-6431)\n\n - The uio_mmap_physical function in drivers/uio/uio.c in\n the Linux kernel before 3.12 does not validate the size\n of a memory block, which allows local users to cause a\n denial of service (memory corruption) or possibly gain\n privileges via crafted mmap operations, a different\n vulnerability than CVE-2013-4511.(CVE-2013-6763)\n\n - Multiple race conditions in ipc/shm.c in the Linux\n kernel before 3.12.2 allow local users to cause a\n denial of service (use-after-free and system crash) or\n possibly have unspecified other impact via a crafted\n application that uses shmctl IPC_RMID operations in\n conjunction with other shm system calls.(CVE-2013-7026)\n\n - The ieee80211_radiotap_iterator_init function in\n net/wireless/radiotap.c in the Linux kernel before\n 3.11.7 does not check whether a frame contains any data\n outside of the header, which might allow attackers to\n cause a denial of service (buffer over-read) via a\n crafted header.(CVE-2013-7027)\n\n - The Linux kernel before 3.12.4 updates certain length\n values before ensuring that associated data structures\n have been initialized, which allows local users to\n obtain sensitive information from kernel stack memory\n via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system\n call, related to net/ipv4/ping.c, net/ipv4/raw.c,\n net/ipv4/udp.c, net/ipv6/raw.c, and\n net/ipv6/udp.c.(CVE-2013-7263)\n\n - The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in\n the Linux kernel before 3.12.4 updates a certain length\n value before ensuring that an associated data structure\n has been initialized, which allows local users to\n obtain sensitive information from kernel stack memory\n via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system\n call.(CVE-2013-7264)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1475\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?83a4c385\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.6_42\",\n \"kernel-devel-3.10.0-862.14.1.6_42\",\n \"kernel-headers-3.10.0-862.14.1.6_42\",\n \"kernel-tools-3.10.0-862.14.1.6_42\",\n \"kernel-tools-libs-3.10.0-862.14.1.6_42\",\n \"kernel-tools-libs-devel-3.10.0-862.14.1.6_42\",\n \"perf-3.10.0-862.14.1.6_42\",\n \"python-perf-3.10.0-862.14.1.6_42\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T15:26:37", "description": "Saran Neti reported a flaw in the ipv6 UDP Fragmentation Offload (UFI)\nin the Linux kernel. A remote attacker could exploit this flaw to\ncause a denial of service (panic). (CVE-2013-4563)\n\nMathy Vanhoef discovered an error in the the way the ath9k driver was\nhandling the BSSID masking. A remote attacker could exploit this error\nto discover the original MAC address after a spoofing atack.\n(CVE-2013-4579)\n\nAndrew Honig reported a flaw in the Linux Kernel's\nkvm_vm_ioctl_create_vcpu function of the Kernel Virtual Machine (KVM)\nsubsystem. A local user could exploit this flaw to gain privileges on\nthe host machine. (CVE-2013-4587)\n\nAndrew Honig reported a flaw in the apic_get_tmcct function of the\nKernel Virtual Machine (KVM) subsystem if the Linux kernel. A guest OS\nuser could exploit this flaw to cause a denial of service or host OS\nsystem crash. (CVE-2013-6367)\n\nAndrew Honig reported an error in the Linux Kernel's Kernel Virtual\nMachine (KVM) VAPIC synchronization operation. A local user could\nexploit this flaw to gain privileges or cause a denial of service\n(system crash). (CVE-2013-6368)\n\nLars Bull discovered a flaw in the recalculate_apic_map function of\nthe Kernel Virtual Machine (KVM) subsystem in the Linux kernel. A\nguest OS user could exploit this flaw to cause a denial of service\n(host OS crash). (CVE-2013-6376)\n\nNico Golde and Fabian Yamaguchi reported buffer underflow errors in\nthe implementation of the XFS filesystem in the Linux kernel. A local\nuser with CAP_SYS_ADMIN could exploit these flaw to cause a denial of\nservice (memory corruption) or possibly other unspecified issues.\n(CVE-2013-6382)\n\nA flaw was discovered in the ipv4 ping_recvmsg function of the Linux\nkernel. A local user could exploit this flaw to cause a denial of\nservice (NULL pointer dereference and system crash). (CVE-2013-6432)\n\nmpd reported an information leak in the recvfrom, recvmmsg, and\nrecvmsg system calls in the Linux kernel. An unprivileged local user\ncould exploit this flaw to obtain sensitive information from kernel\nstack memory. (CVE-2013-7263)\n\nmpb reported an information leak in the Layer Two Tunneling Protocol\n(l2tp) of the Linux kernel. A local user could exploit this flaw to\nobtain sensitive information from kernel stack memory. (CVE-2013-7264)\n\nmpb reported an information leak in the Phone Network protocol\n(phonet) in the Linux kernel. A local user could exploit this flaw to\nobtain sensitive information from kernel stack memory. (CVE-2013-7265)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with ISDN sockets in the Linux kernel. A\nlocal user could exploit this leak to obtain potentially sensitive\ninformation from kernel memory. (CVE-2013-7266)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with apple talk sockets in the Linux\nkernel. A local user could exploit this leak to obtain potentially\nsensitive information from kernel memory. (CVE-2013-7267)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with ipx protocol sockets in the Linux\nkernel. A local user could exploit this leak to obtain potentially\nsensitive information from kernel memory. (CVE-2013-7268)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with the netrom address family in the\nLinux kernel. A local user could exploit this leak to obtain\npotentially sensitive information from kernel memory. (CVE-2013-7269)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with packet address family sockets in\nthe Linux kernel. A local user could exploit this leak to obtain\npotentially sensitive information from kernel memory. (CVE-2013-7270)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with x25 protocol sockets in the Linux\nkernel. A local user could exploit this leak to obtain potentially\nsensitive information from kernel memory. (CVE-2013-7271)\n\nmpb reported an information leak in the Low-Rate Wireless Personal\nArea Networks support (IEEE 802.15.4) in the Linux kernel. A local\nuser could exploit this flaw to obtain sensitive information from\nkernel stack memory. (CVE-2013-7281)\n\nhalfdog reported an error in the AMD K7 and K8 platform support in the\nLinux kernel. An unprivileged local user could exploit this flaw on\nAMD based systems to cause a denial of service (task kill) or possibly\ngain privileges via a crafted application. (CVE-2014-1438)\n\nAn information leak was discovered in the Linux kernel's hamradio YAM\ndriver for AX.25 packet radio. A local user with the CAP_NET_ADMIN\ncapability could exploit this flaw to obtain sensitive information\nfrom kernel memory. (CVE-2014-1446).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 16, "published": "2014-02-19T00:00:00", "title": "Ubuntu 13.10 : linux vulnerabilities (USN-2117-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-7270", "CVE-2013-7265", "CVE-2013-6432", "CVE-2013-7267", "CVE-2013-7266", "CVE-2013-7264", "CVE-2014-1446", "CVE-2013-6368", "CVE-2013-6382", "CVE-2013-4563", "CVE-2013-4579", "CVE-2013-6367", "CVE-2013-7263", "CVE-2013-7269", "CVE-2013-6376", "CVE-2013-7271", "CVE-2013-7268", "CVE-2014-1438", "CVE-2013-7281", "CVE-2013-4587"], "modified": "2014-02-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.11-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.11-generic-lpae", "cpe:/o:canonical:ubuntu_linux:13.10"], "id": "UBUNTU_USN-2117-1.NASL", "href": "https://www.tenable.com/plugins/nessus/72578", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2117-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72578);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-4563\", \"CVE-2013-4579\", \"CVE-2013-4587\", \"CVE-2013-6367\", \"CVE-2013-6368\", \"CVE-2013-6376\", \"CVE-2013-6382\", \"CVE-2013-6432\", \"CVE-2013-7263\", \"CVE-2013-7264\", \"CVE-2013-7265\", \"CVE-2013-7266\", \"CVE-2013-7267\", \"CVE-2013-7268\", \"CVE-2013-7269\", \"CVE-2013-7270\", \"CVE-2013-7271\", \"CVE-2013-7281\", \"CVE-2014-1438\", \"CVE-2014-1446\");\n script_xref(name:\"USN\", value:\"2117-1\");\n\n script_name(english:\"Ubuntu 13.10 : linux vulnerabilities (USN-2117-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Saran Neti reported a flaw in the ipv6 UDP Fragmentation Offload (UFI)\nin the Linux kernel. A remote attacker could exploit this flaw to\ncause a denial of service (panic). (CVE-2013-4563)\n\nMathy Vanhoef discovered an error in the the way the ath9k driver was\nhandling the BSSID masking. A remote attacker could exploit this error\nto discover the original MAC address after a spoofing atack.\n(CVE-2013-4579)\n\nAndrew Honig reported a flaw in the Linux Kernel's\nkvm_vm_ioctl_create_vcpu function of the Kernel Virtual Machine (KVM)\nsubsystem. A local user could exploit this flaw to gain privileges on\nthe host machine. (CVE-2013-4587)\n\nAndrew Honig reported a flaw in the apic_get_tmcct function of the\nKernel Virtual Machine (KVM) subsystem if the Linux kernel. A guest OS\nuser could exploit this flaw to cause a denial of service or host OS\nsystem crash. (CVE-2013-6367)\n\nAndrew Honig reported an error in the Linux Kernel's Kernel Virtual\nMachine (KVM) VAPIC synchronization operation. A local user could\nexploit this flaw to gain privileges or cause a denial of service\n(system crash). (CVE-2013-6368)\n\nLars Bull discovered a flaw in the recalculate_apic_map function of\nthe Kernel Virtual Machine (KVM) subsystem in the Linux kernel. A\nguest OS user could exploit this flaw to cause a denial of service\n(host OS crash). (CVE-2013-6376)\n\nNico Golde and Fabian Yamaguchi reported buffer underflow errors in\nthe implementation of the XFS filesystem in the Linux kernel. A local\nuser with CAP_SYS_ADMIN could exploit these flaw to cause a denial of\nservice (memory corruption) or possibly other unspecified issues.\n(CVE-2013-6382)\n\nA flaw was discovered in the ipv4 ping_recvmsg function of the Linux\nkernel. A local user could exploit this flaw to cause a denial of\nservice (NULL pointer dereference and system crash). (CVE-2013-6432)\n\nmpd reported an information leak in the recvfrom, recvmmsg, and\nrecvmsg system calls in the Linux kernel. An unprivileged local user\ncould exploit this flaw to obtain sensitive information from kernel\nstack memory. (CVE-2013-7263)\n\nmpb reported an information leak in the Layer Two Tunneling Protocol\n(l2tp) of the Linux kernel. A local user could exploit this flaw to\nobtain sensitive information from kernel stack memory. (CVE-2013-7264)\n\nmpb reported an information leak in the Phone Network protocol\n(phonet) in the Linux kernel. A local user could exploit this flaw to\nobtain sensitive information from kernel stack memory. (CVE-2013-7265)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with ISDN sockets in the Linux kernel. A\nlocal user could exploit this leak to obtain potentially sensitive\ninformation from kernel memory. (CVE-2013-7266)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with apple talk sockets in the Linux\nkernel. A local user could exploit this leak to obtain potentially\nsensitive information from kernel memory. (CVE-2013-7267)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with ipx protocol sockets in the Linux\nkernel. A local user could exploit this leak to obtain potentially\nsensitive information from kernel memory. (CVE-2013-7268)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with the netrom address family in the\nLinux kernel. A local user could exploit this leak to obtain\npotentially sensitive information from kernel memory. (CVE-2013-7269)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with packet address family sockets in\nthe Linux kernel. A local user could exploit this leak to obtain\npotentially sensitive information from kernel memory. (CVE-2013-7270)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with x25 protocol sockets in the Linux\nkernel. A local user could exploit this leak to obtain potentially\nsensitive information from kernel memory. (CVE-2013-7271)\n\nmpb reported an information leak in the Low-Rate Wireless Personal\nArea Networks support (IEEE 802.15.4) in the Linux kernel. A local\nuser could exploit this flaw to obtain sensitive information from\nkernel stack memory. (CVE-2013-7281)\n\nhalfdog reported an error in the AMD K7 and K8 platform support in the\nLinux kernel. An unprivileged local user could exploit this flaw on\nAMD based systems to cause a denial of service (task kill) or possibly\ngain privileges via a crafted application. (CVE-2014-1438)\n\nAn information leak was discovered in the Linux kernel's hamradio YAM\ndriver for AX.25 packet radio. A local user with the CAP_NET_ADMIN\ncapability could exploit this flaw to obtain sensitive information\nfrom kernel memory. (CVE-2014-1446).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2117-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.11-generic and / or\nlinux-image-3.11-generic-lpae packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.11-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.11-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(13\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 13.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-4563\", \"CVE-2013-4579\", \"CVE-2013-4587\", \"CVE-2013-6367\", \"CVE-2013-6368\", \"CVE-2013-6376\", \"CVE-2013-6382\", \"CVE-2013-6432\", \"CVE-2013-7263\", \"CVE-2013-7264\", \"CVE-2013-7265\", \"CVE-2013-7266\", \"CVE-2013-7267\", \"CVE-2013-7268\", \"CVE-2013-7269\", \"CVE-2013-7270\", \"CVE-2013-7271\", \"CVE-2013-7281\", \"CVE-2014-1438\", \"CVE-2014-1446\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2117-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"13.10\", pkgname:\"linux-image-3.11.0-17-generic\", pkgver:\"3.11.0-17.31\")) flag++;\nif (ubuntu_check(osver:\"13.10\", pkgname:\"linux-image-3.11.0-17-generic-lpae\", pkgver:\"3.11.0-17.31\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.11-generic / linux-image-3.11-generic-lpae\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T15:26:34", "description": "Saran Neti reported a flaw in the ipv6 UDP Fragmentation Offload (UFI)\nin the Linux kernel. A remote attacker could exploit this flaw to\ncause a denial of service (panic). (CVE-2013-4563)\n\nMathy Vanhoef discovered an error in the the way the ath9k driver was\nhandling the BSSID masking. A remote attacker could exploit this error\nto discover the original MAC address after a spoofing atack.\n(CVE-2013-4579)\n\nAndrew Honig reported a flaw in the Linux Kernel's\nkvm_vm_ioctl_create_vcpu function of the Kernel Virtual Machine (KVM)\nsubsystem. A local user could exploit this flaw to gain privileges on\nthe host machine. (CVE-2013-4587)\n\nAndrew Honig reported a flaw in the apic_get_tmcct function of the\nKernel Virtual Machine (KVM) subsystem if the Linux kernel. A guest OS\nuser could exploit this flaw to cause a denial of service or host OS\nsystem crash. (CVE-2013-6367)\n\nAndrew Honig reported an error in the Linux Kernel's Kernel Virtual\nMachine (KVM) VAPIC synchronization operation. A local user could\nexploit this flaw to gain privileges or cause a denial of service\n(system crash). (CVE-2013-6368)\n\nLars Bull discovered a flaw in the recalculate_apic_map function of\nthe Kernel Virtual Machine (KVM) subsystem in the Linux kernel. A\nguest OS user could exploit this flaw to cause a denial of service\n(host OS crash). (CVE-2013-6376)\n\nNico Golde and Fabian Yamaguchi reported buffer underflow errors in\nthe implementation of the XFS filesystem in the Linux kernel. A local\nuser with CAP_SYS_ADMIN could exploit these flaw to cause a denial of\nservice (memory corruption) or possibly other unspecified issues.\n(CVE-2013-6382)\n\nA flaw was discovered in the ipv4 ping_recvmsg function of the Linux\nkernel. A local user could exploit this flaw to cause a denial of\nservice (NULL pointer dereference and system crash). (CVE-2013-6432)\n\nmpd reported an information leak in the recvfrom, recvmmsg, and\nrecvmsg system calls in the Linux kernel. An unprivileged local user\ncould exploit this flaw to obtain sensitive information from kernel\nstack memory. (CVE-2013-7263)\n\nmpb reported an information leak in the Layer Two Tunneling Protocol\n(l2tp) of the Linux kernel. A local user could exploit this flaw to\nobtain sensitive information from kernel stack memory. (CVE-2013-7264)\n\nmpb reported an information leak in the Phone Network protocol\n(phonet) in the Linux kernel. A local user could exploit this flaw to\nobtain sensitive information from kernel stack memory. (CVE-2013-7265)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with ISDN sockets in the Linux kernel. A\nlocal user could exploit this leak to obtain potentially sensitive\ninformation from kernel memory. (CVE-2013-7266)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with apple talk sockets in the Linux\nkernel. A local user could exploit this leak to obtain potentially\nsensitive information from kernel memory. (CVE-2013-7267)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with ipx protocol sockets in the Linux\nkernel. A local user could exploit this leak to obtain potentially\nsensitive information from kernel memory. (CVE-2013-7268)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with the netrom address family in the\nLinux kernel. A local user could exploit this leak to obtain\npotentially sensitive information from kernel memory. (CVE-2013-7269)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with packet address family sockets in\nthe Linux kernel. A local user could exploit this leak to obtain\npotentially sensitive information from kernel memory. (CVE-2013-7270)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with x25 protocol sockets in the Linux\nkernel. A local user could exploit this leak to obtain potentially\nsensitive information from kernel memory. (CVE-2013-7271)\n\nmpb reported an information leak in the Low-Rate Wireless Personal\nArea Networks support (IEEE 802.15.4) in the Linux kernel. A local\nuser could exploit this flaw to obtain sensitive information from\nkernel stack memory. (CVE-2013-7281)\n\nhalfdog reported an error in the AMD K7 and K8 platform support in the\nLinux kernel. An unprivileged local user could exploit this flaw on\nAMD based systems to cause a denial of service (task kill) or possibly\ngain privileges via a crafted application. (CVE-2014-1438)\n\nAn information leak was discovered in the Linux kernel's hamradio YAM\ndriver for AX.25 packet radio. A local user with the CAP_NET_ADMIN\ncapability could exploit this flaw to obtain sensitive information\nfrom kernel memory. (CVE-2014-1446).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 16, "published": "2014-02-19T00:00:00", "title": "Ubuntu 12.04 LTS : linux-lts-saucy vulnerabilities (USN-2113-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-7270", "CVE-2013-7265", "CVE-2013-6432", "CVE-2013-7267", "CVE-2013-7266", "CVE-2013-7264", "CVE-2014-1446", "CVE-2013-6368", "CVE-2013-6382", "CVE-2013-4563", "CVE-2013-4579", "CVE-2013-6367", "CVE-2013-7263", "CVE-2013-7269", "CVE-2013-6376", "CVE-2013-7271", "CVE-2013-7268", "CVE-2014-1438", "CVE-2013-7281", "CVE-2013-4587"], "modified": "2014-02-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.11-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.11-generic-lpae", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-2113-1.NASL", "href": "https://www.tenable.com/plugins/nessus/72576", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2113-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72576);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-4563\", \"CVE-2013-4579\", \"CVE-2013-4587\", \"CVE-2013-6367\", \"CVE-2013-6368\", \"CVE-2013-6376\", \"CVE-2013-6382\", \"CVE-2013-6432\", \"CVE-2013-7263\", \"CVE-2013-7264\", \"CVE-2013-7265\", \"CVE-2013-7266\", \"CVE-2013-7267\", \"CVE-2013-7268\", \"CVE-2013-7269\", \"CVE-2013-7270\", \"CVE-2013-7271\", \"CVE-2013-7281\", \"CVE-2014-1438\", \"CVE-2014-1446\");\n script_xref(name:\"USN\", value:\"2113-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux-lts-saucy vulnerabilities (USN-2113-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Saran Neti reported a flaw in the ipv6 UDP Fragmentation Offload (UFI)\nin the Linux kernel. A remote attacker could exploit this flaw to\ncause a denial of service (panic). (CVE-2013-4563)\n\nMathy Vanhoef discovered an error in the the way the ath9k driver was\nhandling the BSSID masking. A remote attacker could exploit this error\nto discover the original MAC address after a spoofing atack.\n(CVE-2013-4579)\n\nAndrew Honig reported a flaw in the Linux Kernel's\nkvm_vm_ioctl_create_vcpu function of the Kernel Virtual Machine (KVM)\nsubsystem. A local user could exploit this flaw to gain privileges on\nthe host machine. (CVE-2013-4587)\n\nAndrew Honig reported a flaw in the apic_get_tmcct function of the\nKernel Virtual Machine (KVM) subsystem if the Linux kernel. A guest OS\nuser could exploit this flaw to cause a denial of service or host OS\nsystem crash. (CVE-2013-6367)\n\nAndrew Honig reported an error in the Linux Kernel's Kernel Virtual\nMachine (KVM) VAPIC synchronization operation. A local user could\nexploit this flaw to gain privileges or cause a denial of service\n(system crash). (CVE-2013-6368)\n\nLars Bull discovered a flaw in the recalculate_apic_map function of\nthe Kernel Virtual Machine (KVM) subsystem in the Linux kernel. A\nguest OS user could exploit this flaw to cause a denial of service\n(host OS crash). (CVE-2013-6376)\n\nNico Golde and Fabian Yamaguchi reported buffer underflow errors in\nthe implementation of the XFS filesystem in the Linux kernel. A local\nuser with CAP_SYS_ADMIN could exploit these flaw to cause a denial of\nservice (memory corruption) or possibly other unspecified issues.\n(CVE-2013-6382)\n\nA flaw was discovered in the ipv4 ping_recvmsg function of the Linux\nkernel. A local user could exploit this flaw to cause a denial of\nservice (NULL pointer dereference and system crash). (CVE-2013-6432)\n\nmpd reported an information leak in the recvfrom, recvmmsg, and\nrecvmsg system calls in the Linux kernel. An unprivileged local user\ncould exploit this flaw to obtain sensitive information from kernel\nstack memory. (CVE-2013-7263)\n\nmpb reported an information leak in the Layer Two Tunneling Protocol\n(l2tp) of the Linux kernel. A local user could exploit this flaw to\nobtain sensitive information from kernel stack memory. (CVE-2013-7264)\n\nmpb reported an information leak in the Phone Network protocol\n(phonet) in the Linux kernel. A local user could exploit this flaw to\nobtain sensitive information from kernel stack memory. (CVE-2013-7265)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with ISDN sockets in the Linux kernel. A\nlocal user could exploit this leak to obtain potentially sensitive\ninformation from kernel memory. (CVE-2013-7266)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with apple talk sockets in the Linux\nkernel. A local user could exploit this leak to obtain potentially\nsensitive information from kernel memory. (CVE-2013-7267)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with ipx protocol sockets in the Linux\nkernel. A local user could exploit this leak to obtain potentially\nsensitive information from kernel memory. (CVE-2013-7268)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with the netrom address family in the\nLinux kernel. A local user could exploit this leak to obtain\npotentially sensitive information from kernel memory. (CVE-2013-7269)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with packet address family sockets in\nthe Linux kernel. A local user could exploit this leak to obtain\npotentially sensitive information from kernel memory. (CVE-2013-7270)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and\nrecvmsg systemcalls when used with x25 protocol sockets in the Linux\nkernel. A local user could exploit this leak to obtain potentially\nsensitive information from kernel memory. (CVE-2013-7271)\n\nmpb reported an information leak in the Low-Rate Wireless Personal\nArea Networks support (IEEE 802.15.4) in the Linux kernel. A local\nuser could exploit this flaw to obtain sensitive information from\nkernel stack memory. (CVE-2013-7281)\n\nhalfdog reported an error in the AMD K7 and K8 platform support in the\nLinux kernel. An unprivileged local user could exploit this flaw on\nAMD based systems to cause a denial of service (task kill) or possibly\ngain privileges via a crafted application. (CVE-2014-1438)\n\nAn information leak was discovered in the Linux kernel's hamradio YAM\ndriver for AX.25 packet radio. A local user with the CAP_NET_ADMIN\ncapability could exploit this flaw to obtain sensitive information\nfrom kernel memory. (CVE-2014-1446).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2113-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.11-generic and / or\nlinux-image-3.11-generic-lpae packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.11-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.11-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-4563\", \"CVE-2013-4579\", \"CVE-2013-4587\", \"CVE-2013-6367\", \"CVE-2013-6368\", \"CVE-2013-6376\", \"CVE-2013-6382\", \"CVE-2013-6432\", \"CVE-2013-7263\", \"CVE-2013-7264\", \"CVE-2013-7265\", \"CVE-2013-7266\", \"CVE-2013-7267\", \"CVE-2013-7268\", \"CVE-2013-7269\", \"CVE-2013-7270\", \"CVE-2013-7271\", \"CVE-2013-7281\", \"CVE-2014-1438\", \"CVE-2014-1446\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2113-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.11.0-17-generic\", pkgver:\"3.11.0-17.31~precise1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.11.0-17-generic-lpae\", pkgver:\"3.11.0-17.31~precise1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.11-generic / linux-image-3.11-generic-lpae\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:01:38", "description": "The remote NewStart CGSL host, running version MAIN 5.04, has kernel packages installed that are affected by multiple\nvulnerabilities:\n\n - Multiple array index errors in drivers/hid/hid-core.c in\n the Human Interface Device (HID) subsystem in the Linux\n kernel through 3.11 allow physically proximate attackers\n to execute arbitrary code or cause a denial of service\n (heap memory corruption) via a crafted device that\n provides an invalid Report ID. (CVE-2013-2888)\n\n - drivers/hid/hid-zpff.c in the Human Interface Device\n (HID) subsystem in the Linux kernel through 3.11, when\n CONFIG_HID_ZEROPLUS is enabled, allows physically\n proximate attackers to cause a denial of service (heap-\n based out-of-bounds write) via a crafted device.\n (CVE-2013-2889)\n\n - drivers/hid/hid-pl.c in the Human Interface Device (HID)\n subsystem in the Linux kernel through 3.11, when\n CONFIG_HID_PANTHERLORD is enabled, allows physically\n proximate attackers to cause a denial of service (heap-\n based out-of-bounds write) via a crafted device.\n (CVE-2013-2892)\n\n - The perf_trace_event_perm function in\n kernel/trace/trace_event_perf.c in the Linux kernel\n before 3.12.2 does not properly restrict access to the\n perf subsystem, which allows local users to enable\n function tracing via a crafted application.\n (CVE-2013-2930)\n\n - Use-after-free vulnerability in the\n vhost_net_set_backend function in drivers/vhost/net.c in\n the Linux kernel through 3.10.3 allows local users to\n cause a denial of service (OOPS and system crash) via\n vectors involving powering on a virtual machine.\n (CVE-2013-4127)\n\n - The udp_v6_push_pending_frames function in\n net/ipv6/udp.c in the IPv6 implementation in the Linux\n kernel through 3.10.3 makes an incorrect function call\n for pending data, which allows local users to cause a\n denial of service (BUG and system crash) via a crafted\n application that uses the UDP_CORK option in a\n setsockopt system call. (CVE-2013-4162)\n\n - The ip6_append_data_mtu function in\n net/ipv6/ip6_output.c in the IPv6 implementation in the\n Linux kernel through 3.10.3 does not properly maintain\n information about whether the IPV6_MTU setsockopt option\n had been specified, which allows local users to cause a\n denial of service (BUG and system crash) via a crafted\n application that uses the UDP_CORK option in a\n setsockopt system call. (CVE-2013-4163)\n\n - Use-after-free vulnerability in drivers/net/tun.c in the\n Linux kernel through 3.11.1 allows local users to gain\n privileges by leveraging the CAP_NET_ADMIN capability\n and providing an invalid tuntap interface name in a\n TUNSETIFF ioctl call. (CVE-2013-4343)\n\n - The skb_flow_dissect function in\n net/core/flow_dissector.c in the Linux kernel through\n 3.12 allows remote attackers to cause a denial of\n service (infinite loop) via a small value in the IHL\n field of a packet with IPIP encapsulation.\n (CVE-2013-4348)\n\n - The IPv6 SCTP implementation in net/sctp/ipv6.c in the\n Linux kernel through 3.11.1 uses data structures and\n function calls that do not trigger an intended\n configuration of IPsec encryption, which allows remote\n attackers to obtain sensitive information by sniffing\n the network. (CVE-2013-4350)\n\n - net/ipv6/ip6_output.c in the Linux kernel through 3.11.4\n does not properly determine the need for UDP\n Fragmentation Offload (UFO) processing of small packets\n after the UFO queueing of a large packet, which allows\n remote attackers to cause a denial of service (memory\n corruption and system crash) or possibly have\n unspecified other impact via network traffic that\n triggers a large response packet. (CVE-2013-4387)\n\n - The udp6_ufo_fragment function in net/ipv6/udp_offload.c\n in the Linux kernel through 3.12, when UDP Fragmentation\n Offload (UFO) is enabled, does not properly perform a\n certain size comparison before inserting a fragment\n header, which allows remote attackers to cause a denial\n of service (panic) via a large IPv6 UDP packet, as\n demonstrated by use of the Token Bucket Filter (TBF)\n queueing discipline. (CVE-2013-4563)\n\n - The ath9k_htc_set_bssid_mask function in\n drivers/net/wireless/ath/ath9k/htc_drv_main.c in the\n Linux kernel through 3.12 uses a BSSID masking approach\n to determine the set of MAC addresses on which a Wi-Fi\n device is listening, which allows remote attackers to\n discover the original MAC address after spoofing by\n sending a series of packets to MAC addresses with\n certain bit manipulations. (CVE-2013-4579)\n\n - Array index error in the kvm_vm_ioctl_create_vcpu\n function in virt/kvm/kvm_main.c in the KVM subsystem in\n the Linux kernel through 3.12.5 allows local users to\n gain privileges via a large id value. (CVE-2013-4587)\n\n - The apic_get_tmcct function in arch/x86/kvm/lapic.c in\n the KVM subsystem in the Linux kernel through 3.12.5\n allows guest OS users to cause a denial of service\n (divide-by-zero error and host OS crash) via crafted\n modifications of the TMICT value. (CVE-2013-6367)\n\n - The KVM subsystem in the Linux kernel through 3.12.5\n allows local users to gain privileges or cause a denial\n of service (system crash) via a VAPIC synchronization\n operation involving a page-end address. (CVE-2013-6368)\n\n - The recalculate_apic_map function in\n arch/x86/kvm/lapic.c in the KVM subsystem in the Linux\n kernel through 3.12.5 allows guest OS users to cause a\n denial of service (host OS crash) via a crafted ICR\n write operation in x2apic mode. (CVE-2013-6376)\n\n - The lbs_debugfs_write function in\n drivers/net/wireless/libertas/debugfs.c in the Linux\n kernel through 3.12.1 allows local users to cause a\n denial of service (OOPS) by leveraging root privileges\n for a zero-length write operation. (CVE-2013-6378)\n\n - The aac_send_raw_srb function in\n drivers/scsi/aacraid/commctrl.c in the Linux kernel\n through 3.12.1 does not properly validate a certain size\n value, which allows local users to cause a denial of\n service (invalid pointer dereference) or possibly have\n unspecified other impact via an FSACTL_SEND_RAW_SRB\n ioctl call that triggers a crafted SRB command.\n (CVE-2013-6380)\n\n - Multiple buffer underflows in the XFS implementation in\n the Linux kernel through 3.12.1 allow local users to\n cause a denial of service (memory corruption) or\n possibly have unspecified other impact by leveraging the\n CAP_SYS_ADMIN capability for a (1)\n XFS_IOC_ATTRLIST_BY_HANDLE or (2)\n XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted\n length value, related to the xfs_attrlist_by_handle\n function in fs/xfs/xfs_ioctl.c and the\n xfs_compat_attrlist_by_handle function in\n fs/xfs/xfs_ioctl32.c. (CVE-2013-6382)\n\n - Multiple race conditions in ipc/shm.c in the Linux\n kernel before 3.12.2 allow local users to cause a denial\n of service (use-after-free and system crash) or possibly\n have unspecified other impact via a crafted application\n that uses shmctl IPC_RMID operations in conjunction with\n other shm system calls. (CVE-2013-7026)\n\n - The mISDN_sock_recvmsg function in\n drivers/isdn/mISDN/socket.c in the Linux kernel before\n 3.12.4 does not ensure that a certain length value is\n consistent with the size of an associated data\n structure, which allows local users to obtain sensitive\n information from kernel memory via a (1) recvfrom, (2)\n recvmmsg, or (3) recvmsg system call. (CVE-2013-7266)\n\n - The atalk_recvmsg function in net/appletalk/ddp.c in the\n Linux kernel before 3.12.4 updates a certain length\n value without ensuring that an associated data structure\n has been initialized, which allows local users to obtain\n sensitive information from kernel memory via a (1)\n recvfrom, (2) recvmmsg, or (3) recvmsg system call.\n (CVE-2013-7267)\n\n - The ipx_recvmsg function in net/ipx/af_ipx.c in the\n Linux kernel before 3.12.4 updates a certain length\n value without ensuring that an associated data structure\n has been initialized, which allows local users to obtain\n sensitive information from kernel memory via a (1)\n recvfrom, (2) recvmmsg, or (3) recvmsg system call.\n (CVE-2013-7268)\n\n - The nr_recvmsg function in net/netrom/af_netrom.c in the\n Linux kernel before 3.12.4 updates a certain length\n value without ensuring that an associated data structure\n has been initialized, which allows local users to obtain\n sensitive information from kernel memory via a (1)\n recvfrom, (2) recvmmsg, or (3) recvmsg system call.\n (CVE-2013-7269)\n\n - The packet_recvmsg function in net/packet/af_packet.c in\n the Linux kernel before 3.12.4 updates a certain length\n value before ensuring that an associated data structure\n has been initialized, which allows local users to obtain\n sensitive information from kernel memory via a (1)\n recvfrom, (2) recvmmsg, or (3) recvmsg system call.\n (CVE-2013-7270)\n\n - The x25_recvmsg function in net/x25/af_x25.c in the\n Linux kernel before 3.12.4 updates a certain length\n value without ensuring that an associated data structure\n has been initialized, which allows local users to obtain\n sensitive information from kernel memory via a (1)\n recvfrom, (2) recvmmsg, or (3) recvmsg system call.\n (CVE-2013-7271)\n\n - Buffer overflow in the complete_emulated_mmio function\n in arch/x86/kvm/x86.c in the Linux kernel before 3.13.6\n allows guest OS users to execute arbitrary code on the\n host OS by leveraging a loop that triggers an invalid\n memory copy affecting certain cancel_work_item data.\n (CVE-2014-0049)\n\n - The get_rx_bufs function in drivers/vhost/net.c in the\n vhost-net subsystem in the Linux kernel package before\n 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6\n does not properly handle vhost_get_vq_desc errors, which\n allows guest OS users to cause a denial of service (host\n OS crash) via unspecified vectors. (CVE-2014-0055)\n\n - The cifs_iovec_write function in fs/cifs/file.c in the\n Linux kernel through 3.13.5 does not properly handle\n uncached write operations that copy fewer than the\n requested number of bytes, which allows local users to\n obtain sensitive information from kernel memory, cause a\n denial of service (memory corruption and system crash),\n or possibly gain privileges via a writev system call\n with a crafted pointer. (CVE-2014-0069)\n\n - drivers/vhost/net.c in the Linux kernel before 3.13.10,\n when mergeable buffers are disabled, does not properly\n validate packet lengths, which allows guest OS users to\n cause a denial of service (memory corruption and host OS\n crash) or possibly gain privileges on the host OS via\n crafted packets, related to the handle_rx and\n get_rx_bufs functions. (CVE-2014-0077)\n\n - Race condition in the inet_frag_intern function in\n net/ipv4/inet_fragment.c in the Linux kernel through\n 3.13.6 allows remote attackers to cause a denial of\n service (use-after-free error) or possibly have\n unspecified other impact via a large series of\n fragmented ICMP Echo Request packets to a system with a\n heavy CPU load. (CVE-2014-0100)\n\n - A flaw was found in the way the Linux kernel processed\n an authenticated COOKIE_ECHO chunk during the\n initialization of an SCTP connection. A remote attacker\n could use this flaw to crash the system by initiating a\n specially crafted SCTP handshake in order to trigger a\n NULL pointer dereference on the system. (CVE-2014-0101)\n\n - The keyring_detect_cycle_iterator function in\n security/keys/keyring.c in the Linux kernel through\n 3.13.6 does not properly determine whether keyrings are\n identical, which allows local users to cause a denial of\n service (OOPS) via crafted keyctl commands.\n (CVE-2014-0102)\n\n - Use-after-free vulnerability in the skb_segment function\n in net/core/skbuff.c in the Linux kernel through 3.13.6\n allows attackers to obtain sensitive information from\n kernel memory by leveraging the absence of a certain\n orphaning operation. (CVE-2014-0131)\n\n - The ioapic_deliver function in virt/kvm/ioapic.c in the\n Linux kernel through 3.14.1 does not properly validate\n the kvm_irq_delivery_to_apic return value, which allows\n guest OS users to cause a denial of service (host OS\n crash) via a crafted entry in the redirection table of\n an I/O APIC. NOTE: the affected code was moved to the\n ioapic_service function before the vulnerability was\n announced. (CVE-2014-0155)\n\n - The restore_fpu_checking function in\n arch/x86/include/asm/fpu-internal.h in the Linux kernel\n before 3.12.8 on the AMD K7 and K8 platforms does not\n clear pending exceptions before proceeding to an EMMS\n instruction, which allows local users to cause a denial\n of service (task kill) or possibly gain privileges via a\n crafted application. (CVE-2014-1438)\n\n - The help function in net/netfilter/nf_nat_irc.c in the\n Linux kernel before 3.12.8 allows remote attackers to\n obtain sensitive information from kernel memory by\n establishing an IRC DCC session in which incorrect\n packet data is transmitted during use of the NAT mangle\n feature. (CVE-2014-1690)\n\n - The ip6_route_add function in net/ipv6/route.c in the\n Linux kernel through 3.13.6 does not properly count the\n addition of routes, which allows remote attackers to\n cause a denial of service (memory consumption) via a\n flood of ICMPv6 Router Advertisement packets.\n (CVE-2014-2309)\n\n - net/netfilter/nf_conntrack_proto_dccp.c in the Linux\n kernel through 3.13.6 uses a DCCP header pointer\n incorrectly, which allows remote attackers to cause a\n denial of service (system crash) or possibly execute\n arbitrary code via a DCCP packet that triggers a call to\n the (1) dccp_new, (2) dccp_packet, or (3) dccp_error\n function. (CVE-2014-2523)\n\n - It was found that the try_to_unmap_cluster() function in\n the Linux kernel's Memory Managment subsystem did not\n properly handle page locking in certain cases, which\n could potentially trigger the BUG_ON() macro in the\n mlock_vma_page() function. A local, unprivileged user\n could use this flaw to crash the system. (CVE-2014-3122)\n\n - A flaw was found in the way the Linux kernel's\n kvm_iommu_map_pages() function handled IOMMU mapping\n failures. A privileged user in a guest with an assigned\n host device could use this flaw to crash the host.\n (CVE-2014-3601)\n\n - It was found that KVM's Write to Model Specific Register\n (WRMSR) instruction emulation would write non-canonical\n values passed in by the guest to certain MSRs in the\n host's context. A privileged guest user could use this\n flaw to crash the host. (CVE-2014-3610)\n\n - The capabilities implementation in the Linux kernel\n before 3.14.8 does not properly consider that namespaces\n are inapplicable to inodes, which allows local users to\n bypass intended chmod restrictions by first creating a\n user namespace, as demonstrated by setting the setgid\n bit on a file with group ownership of root.\n (CVE-2014-4014)\n\n - Buffer overflow in net/ceph/auth_x.c in Ceph, as used in\n the Linux kernel before 3.16.3, allows remote attackers\n to cause a denial of service (memory corruption and\n panic) or possibly have unspecified other impact via a\n long unencrypted auth ticket. (CVE-2014-6416)\n\n - The instruction decoder in arch/x86/kvm/emulate.c in the\n KVM subsystem in the Linux kernel before 3.18-rc2 lacks\n intended decoder-table flags for certain RIP-relative\n instructions, which allows guest OS users to cause a\n denial of service (NULL pointer dereference and host OS\n crash) via a crafted application. (CVE-2014-8480)\n\n - The Linux kernel through 3.17.4 does not properly\n restrict dropping of supplemental group memberships in\n certain namespace scenarios, which allows local users to\n bypass intended file permissions by leveraging a POSIX\n ACL containing an entry for the group category that is\n more restrictive than the entry for the other category,\n aka a negative groups issue, related to\n kernel/groups.c, kernel/uid16.c, and\n kernel/user_namespace.c. (CVE-2014-8989)\n\n - net/llc/sysctl_net_llc.c in the Linux kernel before 3.19\n uses an incorrect data type in a sysctl table, which\n allows local users to obtain potentially sensitive\n information from kernel memory or possibly have\n unspecified other impact by accessing a sysctl entry.\n (CVE-2015-2041)\n\n - net/rds/sysctl.c in the Linux kernel before 3.19 uses an\n incorrect data type in a sysctl table, which allows\n local users to obtain potentially sensitive information\n from kernel memory or possibly have unspecified other\n impact by accessing a sysctl entry. (CVE-2015-2042)\n\n - A NULL-pointer dereference flaw was found in the kernel,\n which is caused by a race between revoking a user-type\n key and reading from it. The issue could be triggered by\n an unprivileged user with a local account, causing the\n kernel to crash (denial of service). (CVE-2015-7550)\n\n - The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in\n the Linux kernel before 4.6.1 supports MSR 0x2f8, which\n allows guest OS users to read or write to the\n kvm_arch_vcpu data structure, and consequently obtain\n sensitive information or cause a denial of service\n (system crash), via a crafted ioctl call.\n (CVE-2016-3713)\n\n - A flaw was found in the Linux networking subsystem where\n a local attacker with CAP_NET_ADMIN capabilities could\n cause an out-of-bounds memory access by creating a\n smaller-than-expected ICMP header and sending to its\n destination via sendto(). (CVE-2016-8399)\n\n - A race condition issue was found in the way the raw\n packet socket implementation in the Linux kernel\n networking subsystem handled synchronization. A local\n user able to open a raw packet socket (requires the\n CAP_NET_RAW capability) could use this to waste\n resources in the kernel's ring buffer or possibly cause\n an out-of-bounds read on the heap leading to a system\n crash. (CVE-2017-1000111)\n\n - An exploitable memory corruption flaw was found in the\n Linux kernel. The append path can be erroneously\n switched from UFO to non-UFO in ip_ufo_append_data()\n when building an UFO packet with MSG_MORE option. If\n unprivileged user namespaces are available, this flaw\n can be exploited to gain root privileges.\n (CVE-2017-1000112)\n\n - A use-after-free flaw was found in the Netlink\n functionality of the Linux kernel networking subsystem.\n Due to the insufficient cleanup in the mq_notify\n function, a local attacker could potentially use this\n flaw to escalate their privileges on the system.\n (CVE-2017-11176)\n\n - A divide-by-zero vulnerability was found in the\n __tcp_select_window function in the Linux kernel. This\n can result in a kernel panic causing a local denial of\n service. (CVE-2017-14106)\n\n - It was found that the code in net/sctp/socket.c in the\n Linux kernel through 4.10.1 does not properly restrict\n association peel-off operations during certain wait\n states, which allows local users to cause a denial of\n service (invalid unlock and double free) via a\n multithreaded application. This vulnerability was\n introduced by CVE-2017-5986 fix (commit 2dcab5984841).\n (CVE-2017-6353)\n\n - Out-of-bounds kernel heap access vulnerability was found\n in xfrm, kernel's IP framework for transforming packets.\n An error dealing with netlink messages from an\n unprivileged user leads to arbitrary read/write and\n privilege escalation. (CVE-2017-7184)\n\n - Kernel memory corruption due to a buffer overflow was\n found in brcmf_cfg80211_mgmt_tx() function in Linux\n kernels from v3.9-rc1 to v4.13-rc1. The vulnerability\n can be triggered by sending a crafted NL80211_CMD_FRAME\n packet via netlink. This flaw is unlikely to be\n triggered remotely as certain userspace code is needed\n for this. An unprivileged local user could use this flaw\n to induce kernel memory corruption on the system,\n leading to a crash. Due to the nature of the flaw,\n privilege escalation cannot be fully ruled out, although\n it is unlikely. (CVE-2017-7541)\n\n - An integer overflow vulnerability in\n ip6_find_1stfragopt() function was found. A local\n attacker that has privileges (of CAP_NET_RAW) to open\n raw socket can cause an infinite loop inside the\n ip6_find_1stfragopt() function. (CVE-2017-7542)\n\n - A kernel data leak due to an out-of-bound read was found\n in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill()\n and sctp_get_sctp_info() functions present since version\n 4.7-rc1 through version 4.13. A data leak happens when\n these functions fill in sockaddr data structures used to\n export socket's diagnostic information. As a result, up\n to 100 bytes of the slab data could be leaked to a\n userspace. (CVE-2017-7558)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 17, "published": "2019-08-12T00:00:00", "title": "NewStart CGSL MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0004)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3122", "CVE-2017-11176", "CVE-2014-0155", "CVE-2017-7184", "CVE-2014-0131", "CVE-2017-1000111", "CVE-2016-8399", "CVE-2013-7270", "CVE-2014-0100", "CVE-2013-4127", "CVE-2013-6378", "CVE-2015-7550", "CVE-2013-2892", "CVE-2014-3610", "CVE-2014-8480", "CVE-2013-7267", "CVE-2014-8989", "CVE-2013-4162", "CVE-2017-14106", "CVE-2013-7266", "CVE-2014-4014", "CVE-2014-3601", "CVE-2013-6368", "CVE-2017-1000112", "CVE-2014-2309", "CVE-2013-6382", "CVE-2014-6416", "CVE-2017-7558", "CVE-2013-4563", "CVE-2013-4579", "CVE-2013-4163", "CVE-2014-0102", "CVE-2017-7541", "CVE-2013-6367", "CVE-2014-0049", "CVE-2013-4387", "CVE-2013-7269", "CVE-2017-5986", "CVE-2013-6376", "CVE-2014-0055", "CVE-2013-2930", "CVE-2013-7271", "CVE-2017-6353", "CVE-2013-4350", "CVE-2013-6380", "CVE-2013-7268", "CVE-2014-1438", "CVE-2014-0077", "CVE-2017-7542", "CVE-2013-4587", "CVE-2015-2041", "CVE-2013-4348", "CVE-2013-4343", "CVE-2014-2523", "CVE-2013-2888", "CVE-2014-0101", "CVE-2014-0069", "CVE-2013-2889", "CVE-2016-3713", "CVE-2015-2042", "CVE-2014-1690", "CVE-2013-7026"], "modified": "2019-08-12T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0004_KERNEL.NASL", "href": "https://www.tenable.com/plugins/nessus/127146", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0004. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127146);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\n \"CVE-2013-2888\",\n \"CVE-2013-2889\",\n \"CVE-2013-2892\",\n \"CVE-2013-2930\",\n \"CVE-2013-4127\",\n \"CVE-2013-4162\",\n \"CVE-2013-4163\",\n \"CVE-2013-4343\",\n \"CVE-2013-4348\",\n \"CVE-2013-4350\",\n \"CVE-2013-4387\",\n \"CVE-2013-4563\",\n \"CVE-2013-4579\",\n \"CVE-2013-4587\",\n \"CVE-2013-6367\",\n \"CVE-2013-6368\",\n \"CVE-2013-6376\",\n \"CVE-2013-6378\",\n \"CVE-2013-6380\",\n \"CVE-2013-6382\",\n \"CVE-2013-7026\",\n \"CVE-2013-7266\",\n \"CVE-2013-7267\",\n \"CVE-2013-7268\",\n \"CVE-2013-7269\",\n \"CVE-2013-7270\",\n \"CVE-2013-7271\",\n \"CVE-2014-0049\",\n \"CVE-2014-0055\",\n \"CVE-2014-0069\",\n \"CVE-2014-0077\",\n \"CVE-2014-0100\",\n \"CVE-2014-0101\",\n \"CVE-2014-0102\",\n \"CVE-2014-0131\",\n \"CVE-2014-0155\",\n \"CVE-2014-1438\",\n \"CVE-2014-1690\",\n \"CVE-2014-2309\",\n \"CVE-2014-2523\",\n \"CVE-2014-3122\",\n \"CVE-2014-3601\",\n \"CVE-2014-3610\",\n \"CVE-2014-4014\",\n \"CVE-2014-6416\",\n \"CVE-2014-8480\",\n \"CVE-2014-8989\",\n \"CVE-2015-2041\",\n \"CVE-2015-2042\",\n \"CVE-2015-7550\",\n \"CVE-2016-3713\",\n \"CVE-2016-8399\",\n \"CVE-2017-6353\",\n \"CVE-2017-7184\",\n \"CVE-2017-7541\",\n \"CVE-2017-7542\",\n \"CVE-2017-7558\",\n \"CVE-2017-11176\",\n \"CVE-2017-14106\",\n \"CVE-2017-1000111\",\n \"CVE-2017-1000112\"\n );\n\n script_name(english:\"NewStart CGSL MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0004)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 5.04, has kernel packages installed that are affected by multiple\nvulnerabilities:\n\n - Multiple array index errors in drivers/hid/hid-core.c in\n the Human Interface Device (HID) subsystem in the Linux\n kernel through 3.11 allow physically proximate attackers\n to execute arbitrary code or cause a denial of service\n (heap memory corruption) via a crafted device that\n provides an invalid Report ID. (CVE-2013-2888)\n\n - drivers/hid/hid-zpff.c in the Human Interface Device\n (HID) subsystem in the Linux kernel through 3.11, when\n CONFIG_HID_ZEROPLUS is enabled, allows physically\n proximate attackers to cause a denial of service (heap-\n based out-of-bounds write) via a crafted device.\n (CVE-2013-2889)\n\n - drivers/hid/hid-pl.c in the Human Interface Device (HID)\n subsystem in the Linux kernel through 3.11, when\n CONFIG_HID_PANTHERLORD is enabled, allows physically\n proximate attackers to cause a denial of service (heap-\n based out-of-bounds write) via a crafted device.\n (CVE-2013-2892)\n\n - The perf_trace_event_perm function in\n kernel/trace/trace_event_perf.c in the Linux kernel\n before 3.12.2 does not properly restrict access to the\n perf subsystem, which allows local users to enable\n function tracing via a crafted application.\n (CVE-2013-2930)\n\n - Use-after-free vulnerability in the\n vhost_net_set_backend function in drivers/vhost/net.c in\n the Linux kernel through 3.10.3 allows local users to\n cause a denial of service (OOPS and system crash) via\n vectors involving powering on a virtual machine.\n (CVE-2013-4127)\n\n - The udp_v6_push_pending_frames function in\n net/ipv6/udp.c in the IPv6 implementation in the Linux\n kernel through 3.10.3 makes an incorrect function call\n for pending data, which allows local users to cause a\n denial of service (BUG and system crash) via a crafted\n application that uses the UDP_CORK option in a\n setsockopt system call. (CVE-2013-4162)\n\n - The ip6_append_data_mtu function in\n net/ipv6/ip6_output.c in the IPv6 implementation in the\n Linux kernel through 3.10.3 does not properly maintain\n information about whether the IPV6_MTU setsockopt option\n had been specified, which allows local users to cause a\n denial of service (BUG and system crash) via a crafted\n application that uses the UDP_CORK option in a\n setsockopt system call. (CVE-2013-4163)\n\n - Use-after-free vulnerability in drivers/net/tun.c in the\n Linux kernel through 3.11.1 allows local users to gain\n privileges by leveraging the CAP_NET_ADMIN capability\n and providing an invalid tuntap interface name in a\n TUNSETIFF ioctl call. (CVE-2013-4343)\n\n - The skb_flow_dissect function in\n net/core/flow_dissector.c in the Linux kernel through\n 3.12 allows remote attackers to cause a denial of\n service (infinite loop) via a small value in the IHL\n field of a packet with IPIP encapsulation.\n (CVE-2013-4348)\n\n - The IPv6 SCTP implementation in net/sctp/ipv6.c in the\n Linux kernel through 3.11.1 uses data structures and\n function calls that do not trigger an intended\n configuration of IPsec encryption, which allows remote\n attackers to obtain sensitive information by sniffing\n the network. (CVE-2013-4350)\n\n - net/ipv6/ip6_output.c in the Linux kernel through 3.11.4\n does not properly determine the need for UDP\n Fragmentation Offload (UFO) processing of small packets\n after the UFO queueing of a large packet, which allows\n remote attackers to cause a denial of service (memory\n corruption and system crash) or possibly have\n unspecified other impact via network traffic that\n triggers a large response packet. (CVE-2013-4387)\n\n - The udp6_ufo_fragment function in net/ipv6/udp_offload.c\n in the Linux kernel through 3.12, when UDP Fragmentation\n Offload (UFO) is enabled, does not properly perform a\n certain size comparison before inserting a fragment\n header, which allows remote attackers to cause a denial\n of service (panic) via a large IPv6 UDP packet, as\n demonstrated by use of the Token Bucket Filter (TBF)\n queueing discipline. (CVE-2013-4563)\n\n - The ath9k_htc_set_bssid_mask function in\n drivers/net/wireless/ath/ath9k/htc_drv_main.c in the\n Linux kernel through 3.12 uses a BSSID masking approach\n to determine the set of MAC addresses on which a Wi-Fi\n device is listening, which allows remote attackers to\n discover the original MAC address after spoofing by\n sending a series of packets to MAC addresses with\n certain bit manipulations. (CVE-2013-4579)\n\n - Array index error in the kvm_vm_ioctl_create_vcpu\n function in virt/kvm/kvm_main.c in the KVM subsystem in\n the Linux kernel through 3.12.5 allows local users to\n gain privileges via a large id value. (CVE-2013-4587)\n\n - The apic_get_tmcct function in arch/x86/kvm/lapic.c in\n the KVM subsystem in the Linux kernel through 3.12.5\n allows guest OS users to cause a denial of service\n (divide-by-zero error and host OS crash) via crafted\n modifications of the TMICT value. (CVE-2013-6367)\n\n - The KVM subsystem in the Linux kernel through 3.12.5\n allows local users to gain privileges or cause a denial\n of service (system crash) via a VAPIC synchronization\n operation involving a page-end address. (CVE-2013-6368)\n\n - The recalculate_apic_map function in\n arch/x86/kvm/lapic.c in the KVM subsystem in the Linux\n kernel through 3.12.5 allows guest OS users to cause a\n denial of service (host OS crash) via a crafted ICR\n write operation in x2apic mode. (CVE-2013-6376)\n\n - The lbs_debugfs_write function in\n drivers/net/wireless/libertas/debugfs.c in the Linux\n kernel through 3.12.1 allows local users to cause a\n denial of service (OOPS) by leveraging root privileges\n for a zero-length write operation. (CVE-2013-6378)\n\n - The aac_send_raw_srb function in\n drivers/scsi/aacraid/commctrl.c in the Linux kernel\n through 3.12.1 does not properly validate a certain size\n value, which allows local users to cause a denial of\n service (invalid pointer dereference) or possibly have\n unspecified other impact via an FSACTL_SEND_RAW_SRB\n ioctl call that triggers a crafted SRB command.\n (CVE-2013-6380)\n\n - Multiple buffer underflows in the XFS implementation in\n the Linux kernel through 3.12.1 allow local users to\n cause a denial of service (memory corruption) or\n possibly have unspecified other impact by leveraging the\n CAP_SYS_ADMIN capability for a (1)\n XFS_IOC_ATTRLIST_BY_HANDLE or (2)\n XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted\n length value, related to the xfs_attrlist_by_handle\n function in fs/xfs/xfs_ioctl.c and the\n xfs_compat_attrlist_by_handle function in\n fs/xfs/xfs_ioctl32.c. (CVE-2013-6382)\n\n - Multiple race conditions in ipc/shm.c in the Linux\n kernel before 3.12.2 allow local users to cause a denial\n of service (use-after-free and system crash) or possibly\n have unspecified other impact via a crafted application\n that uses shmctl IPC_RMID operations in conjunction with\n other shm system calls. (CVE-2013-7026)\n\n - The mISDN_sock_recvmsg function in\n drivers/isdn/mISDN/socket.c in the Linux kernel before\n 3.12.4 does not ensure that a certain length value is\n consistent with the size of an associated data\n structure, which allows local users to obtain sensitive\n information from kernel memory via a (1) recvfrom, (2)\n recvmmsg, or (3) recvmsg system call. (CVE-2013-7266)\n\n - The atalk_recvmsg function in net/appletalk/ddp.c in the\n Linux kernel before 3.12.4 updates a certain length\n value without ensuring that an associated data structure\n has been initialized, which allows local users to obtain\n sensitive information from kernel memory via a (1)\n recvfrom, (2) recvmmsg, or (3) recvmsg system call.\n (CVE-2013-7267)\n\n - The ipx_recvmsg function in net/ipx/af_ipx.c in the\n Linux kernel before 3.12.4 updates a certain length\n value without ensuring that an associated data structure\n has been initialized, which allows local users to obtain\n sensitive information from kernel memory via a (1)\n recvfrom, (2) recvmmsg, or (3) recvmsg system call.\n (CVE-2013-7268)\n\n - The nr_recvmsg function in net/netrom/af_netrom.c in the\n Linux kernel before 3.12.4 updates a certain length\n value without ensuring that an associated data structure\n has been initialized, which allows local users to obtain\n sensitive information from kernel memory via a (1)\n recvfrom, (2) recvmmsg, or (3) recvmsg system call.\n (CVE-2013-7269)\n\n - The packet_recvmsg function in net/packet/af_packet.c in\n the Linux kernel before 3.12.4 updates a certain length\n value before ensuring that an associated data structure\n has been initialized, which allows local users to obtain\n sensitive information from kernel memory via a (1)\n recvfrom, (2) recvmmsg, or (3) recvmsg system call.\n (CVE-2013-7270)\n\n - The x25_recvmsg function in net/x25/af_x25.c in the\n Linux kernel before 3.12.4 updates a certain length\n value without ensuring that an associated data structure\n has been initialized, which allows local users to obtain\n sensitive information from kernel memory via a (1)\n recvfrom, (2) recvmmsg, or (3) recvmsg system call.\n (CVE-2013-7271)\n\n - Buffer overflow in the complete_emulated_mmio function\n in arch/x86/kvm/x86.c in the Linux kernel before 3.13.6\n allows guest OS users to execute arbitrary code on the\n host OS by leveraging a loop that triggers an invalid\n memory copy affecting certain cancel_work_item data.\n (CVE-2014-0049)\n\n - The get_rx_bufs function in drivers/vhost/net.c in the\n vhost-net subsystem in the Linux kernel package before\n 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6\n does not properly handle vhost_get_vq_desc errors, which\n allows guest OS users to cause a denial of service (host\n OS crash) via unspecified vectors. (CVE-2014-0055)\n\n - The cifs_iovec_write function in fs/cifs/file.c in the\n Linux kernel through 3.13.5 does not properly handle\n uncached write operations that copy fewer than the\n requested number of bytes, which allows local users to\n obtain sensitive information from kernel memory, cause a\n denial of service (memory corruption and system crash),\n or possibly gain privileges via a writev system call\n with a crafted pointer. (CVE-2014-0069)\n\n - drivers/vhost/net.c in the Linux kernel before 3.13.10,\n when mergeable buffers are disabled, does not properly\n validate packet lengths, which allows guest OS users to\n cause a denial of service (memory corruption and host OS\n crash) or possibly gain privileges on the host OS via\n crafted packets, related to the handle_rx and\n get_rx_bufs functions. (CVE-2014-0077)\n\n - Race condition in the inet_frag_intern function in\n net/ipv4/inet_fragment.c in the Linux kernel through\n 3.13.6 allows remote attackers to cause a denial of\n service (use-after-free error) or possibly have\n unspecified other impact via a large series of\n fragmented ICMP Echo Request packets to a system with a\n heavy CPU load. (CVE-2014-0100)\n\n - A flaw was found in the way the Linux kernel processed\n an authenticated COOKIE_ECHO chunk during the\n initialization of an SCTP connection. A remote attacker\n could use this flaw to crash the system by initiating a\n specially crafted SCTP handshake in order to trigger a\n NULL pointer dereference on the system. (CVE-2014-0101)\n\n - The keyring_detect_cycle_iterator function in\n security/keys/keyring.c in the Linux kernel through\n 3.13.6 does not properly determine whether keyrings are\n identical, which allows local users to cause a denial of\n service (OOPS) via crafted keyctl commands.\n (CVE-2014-0102)\n\n - Use-after-free vulnerability in the skb_segment function\n in net/core/skbuff.c in the Linux kernel through 3.13.6\n allows attackers to obtain sensitive information from\n kernel memory by leveraging the absence of a certain\n orphaning operation. (CVE-2014-0131)\n\n - The ioapic_deliver function in virt/kvm/ioapic.c in the\n Linux kernel through 3.14.1 does not properly validate\n the kvm_irq_delivery_to_apic return value, which allows\n guest OS users to cause a denial of service (host OS\n crash) via a crafted entry in the redirection table of\n an I/O APIC. NOTE: the affected code was moved to the\n ioapic_service function before the vulnerability was\n announced. (CVE-2014-0155)\n\n - The restore_fpu_checking function in\n arch/x86/include/asm/fpu-internal.h in the Linux kernel\n before 3.12.8 on the AMD K7 and K8 platforms does not\n clear pending exceptions before proceeding to an EMMS\n instruction, which allows local users to cause a denial\n of service (task kill) or possibly gain privileges via a\n crafted application. (CVE-2014-1438)\n\n - The help function in net/netfilter/nf_nat_irc.c in the\n Linux kernel before 3.12.8 allows remote attackers to\n obtain sensitive information from kernel memory by\n establishing an IRC DCC session in which incorrect\n packet data is transmitted during use of the NAT mangle\n feature. (CVE-2014-1690)\n\n - The ip6_route_add function in net/ipv6/route.c in the\n Linux kernel through 3.13.6 does not properly count the\n addition of routes, which allows remote attackers to\n cause a denial of service (memory consumption) via a\n flood of ICMPv6 Router Advertisement packets.\n (CVE-2014-2309)\n\n - net/netfilter/nf_conntrack_proto_dccp.c in the Linux\n kernel through 3.13.6 uses a DCCP header pointer\n incorrectly, which allows remote attackers to cause a\n denial of service (system crash) or possibly execute\n arbitrary code via a DCCP packet that triggers a call to\n the (1) dccp_new, (2) dccp_packet, or (3) dccp_error\n function. (CVE-2014-2523)\n\n - It was found that the try_to_unmap_cluster() function in\n the Linux kernel's Memory Managment subsystem did not\n properly handle page locking in certain cases, which\n could potentially trigger the BUG_ON() macro in the\n mlock_vma_page() function. A local, unprivileged user\n could use this flaw to crash the system. (CVE-2014-3122)\n\n - A flaw was found in the way the Linux kernel's\n kvm_iommu_map_pages() function handled IOMMU mapping\n failures. A privileged user in a guest with an assigned\n host device could use this flaw to crash the host.\n (CVE-2014-3601)\n\n - It was found that KVM's Write to Model Specific Register\n (WRMSR) instruction emulation would write non-canonical\n values passed in by the guest to certain MSRs in the\n host's context. A privileged guest user could use this\n flaw to crash the host. (CVE-2014-3610)\n\n - The capabilities implementation in the Linux kernel\n before 3.14.8 does not properly consider that namespaces\n are inapplicable to inodes, which allows local users to\n bypass intended chmod restrictions by first creating a\n user namespace, as demonstrated by setting the setgid\n bit on a file with group ownership of root.\n (CVE-2014-4014)\n\n - Buffer overflow in net/ceph/auth_x.c in Ceph, as used in\n the Linux kernel before 3.16.3, allows remote attackers\n to cause a denial of service (memory corruption and\n panic) or possibly have unspecified other impact via a\n long unencrypted auth ticket. (CVE-2014-6416)\n\n - The instruction decoder in arch/x86/kvm/emulate.c in the\n KVM subsystem in the Linux kernel before 3.18-rc2 lacks\n intended decoder-table flags for certain RIP-relative\n instructions, which allows guest OS users to cause a\n denial of service (NULL pointer dereference and host OS\n crash) via a crafted application. (CVE-2014-8480)\n\n - The Linux kernel through 3.17.4 does not properly\n restrict dropping of supplemental group memberships in\n certain namespace scenarios, which allows local users to\n bypass intended file permissions by leveraging a POSIX\n ACL containing an entry for the group category that is\n more restrictive than the entry for the other category,\n aka a negative groups issue, related to\n kernel/groups.c, kernel/uid16.c, and\n kernel/user_namespace.c. (CVE-2014-8989)\n\n - net/llc/sysctl_net_llc.c in the Linux kernel before 3.19\n uses an incorrect data type in a sysctl table, which\n allows local users to obtain potentially sensitive\n information from kernel memory or possibly have\n unspecified other impact by accessing a sysctl entry.\n (CVE-2015-2041)\n\n - net/rds/sysctl.c in the Linux kernel before 3.19 uses an\n incorrect data type in a sysctl table, which allows\n local users to obtain potentially sensitive information\n from kernel memory or possibly have unspecified other\n impact by accessing a sysctl entry. (CVE-2015-2042)\n\n - A NULL-pointer dereference flaw was found in the kernel,\n which is caused by a race between revoking a user-type\n key and reading from it. The issue could be triggered by\n an unprivileged user with a local account, causing the\n kernel to crash (denial of service). (CVE-2015-7550)\n\n - The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in\n the Linux kernel before 4.6.1 supports MSR 0x2f8, which\n allows guest OS users to read or write to the\n kvm_arch_vcpu data structure, and consequently obtain\n sensitive information or cause a denial of service\n (system crash), via a crafted ioctl call.\n (CVE-2016-3713)\n\n - A flaw was found in the Linux networking subsystem where\n a local attacker with CAP_NET_ADMIN capabilities could\n cause an out-of-bounds memory access by creating a\n smaller-than-expected ICMP header and sending to its\n destination via sendto(). (CVE-2016-8399)\n\n - A race condition issue was found in the way the raw\n packet socket implementation in the Linux kernel\n networking subsystem handled synchronization. A local\n user able to open a raw packet socket (requires the\n CAP_NET_RAW capability) could use this to waste\n resources in the kernel's ring buffer or possibly cause\n an out-of-bounds read on the heap leading to a system\n crash. (CVE-2017-1000111)\n\n - An exploitable memory corruption flaw was found in the\n Linux kernel. The append path can be erroneously\n switched from UFO to non-UFO in ip_ufo_append_data()\n when building an UFO packet with MSG_MORE option. If\n unprivileged user namespaces are available, this flaw\n can be exploited to gain root privileges.\n (CVE-2017-1000112)\n\n - A use-after-free flaw was found in the Netlink\n functionality of the Linux kernel networking subsystem.\n Due to the insufficient cleanup in the mq_notify\n function, a local attacker could potentially use this\n flaw to escalate their privileges on the system.\n (CVE-2017-11176)\n\n - A divide-by-zero vulnerability was found in the\n __tcp_select_window function in the Linux kernel. This\n can result in a kernel panic causing a local denial of\n service. (CVE-2017-14106)\n\n - It was found that the code in net/sctp/socket.c in the\n Linux kernel through 4.10.1 does not properly restrict\n association peel-off operations during certain wait\n states, which allows local users to cause a denial of\n service (invalid unlock and double free) via a\n multithreaded application. This vulnerability was\n introduced by CVE-2017-5986 fix (commit 2dcab5984841).\n (CVE-2017-6353)\n\n - Out-of-bounds kernel heap access vulnerability was found\n in xfrm, kernel's IP framework for transforming packets.\n An error dealing with netlink messages from an\n unprivileged user leads to arbitrary read/write and\n privilege escalation. (CVE-2017-7184)\n\n - Kernel memory corruption due to a buffer overflow was\n found in brcmf_cfg80211_mgmt_tx() function in Linux\n kernels from v3.9-rc1 to v4.13-rc1. The vulnerability\n can be triggered by sending a crafted NL80211_CMD_FRAME\n packet via netlink. This flaw is unlikely to be\n triggered remotely as certain userspace code is needed\n for this. An unprivileged local user could use this flaw\n to induce kernel memory corruption on the system,\n leading to a crash. Due to the nature of the flaw,\n privilege escalation cannot be fully ruled out, although\n it is unlikely. (CVE-2017-7541)\n\n - An integer overflow vulnerability in\n ip6_find_1stfragopt() function was found. A local\n attacker that has privileges (of CAP_NET_RAW) to open\n raw socket can cause an infinite loop inside the\n ip6_find_1stfragopt() function. (CVE-2017-7542)\n\n - A kernel data leak due to an out-of-bound read was found\n in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill()\n and sctp_get_sctp_info() functions present since version\n 4.7-rc1 through version 4.13. A data leak happens when\n these functions fill in sockaddr data structures used to\n export socket's diagnostic information. As a result, up\n to 100 bytes of the slab data could be leaked to a\n userspace. (CVE-2017-7558)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0004\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-2523\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL MAIN 5.04\": [\n \"kernel-3.10.0-693.5.2.el7.cgsl2058\",\n \"kernel-abi-whitelists-3.10.0-693.5.2.el7.cgsl2058\",\n \"kernel-debug-3.10.0-693.5.2.el7.cgsl2058\",\n \"kernel-debug-debuginfo-3.10.0-693.5.2.el7.cgsl2058\",\n \"kernel-debug-devel-3.10.0-693.5.2.el7.cgsl2058\",\n \"kernel-debuginfo-3.10.0-693.5.2.el7.cgsl2058\",\n \"kernel-debuginfo-common-x86_64-3.10.0-693.5.2.el7.cgsl2058\",\n \"kernel-devel-3.10.0-693.5.2.el7.cgsl2058\",\n \"kernel-doc-3.10.0-693.5.2.el7.cgsl2058\",\n \"kernel-headers-3.10.0-693.5.2.el7.cgsl2058\",\n \"kernel-tools-3.10.0-693.5.2.el7.cgsl2058\",\n \"kernel-tools-debuginfo-3.10.0-693.5.2.el7.cgsl2058\",\n \"kernel-tools-libs-3.10.0-693.5.2.el7.cgsl2058\",\n \"kernel-tools-libs-devel-3.10.0-693.5.2.el7.cgsl2058\",\n \"perf-3.10.0-693.5.2.el7.cgsl2058\",\n \"perf-debuginfo-3.10.0-693.5.2.el7.cgsl2058\",\n \"python-perf-3.10.0-693.5.2.el7.cgsl2058\",\n \"python-perf-debuginfo-3.10.0-693.5.2.el7.cgsl2058\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-01-31T18:39:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0038", "CVE-2013-6432", "CVE-2013-4511", "CVE-2013-6368", "CVE-2013-4563", "CVE-2013-6367", "CVE-2013-6376", "CVE-2013-4587"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2014-02-11T00:00:00", "id": "OPENVAS:1361412562310850565", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850565", "type": "openvas", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2014:0205-1)", "sourceData": "# Copyright (C) 2014 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850565\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-02-11 10:38:00 +0530 (Tue, 11 Feb 2014)\");\n script_cve_id(\"CVE-2013-4511\", \"CVE-2013-4563\", \"CVE-2013-4587\", \"CVE-2013-6367\",\n \"CVE-2013-6368\", \"CVE-2013-6376\", \"CVE-2013-6432\", \"CVE-2014-0038\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2014:0205-1)\");\n\n script_tag(name:\"affected\", value:\"kernel on openSUSE 13.1\");\n\n script_tag(name:\"insight\", value:\"The Linux Kernel was updated to version 3.11.10, fixing\n security issues and bugs:\n\n - floppy: bail out in open() if drive is not responding to\n block0 read (bnc#773058).\n\n - compat_sys_recvmmsg X32 fix (bnc#860993 CVE-2014-0038).\n\n - HID: usbhid: fix sis quirk (bnc#859804).\n\n - hwmon: (coretemp) Fix truncated name of alarm attributes\n\n - HID: usbhid: quirk for Synaptics Quad HD touchscreen\n (bnc#859804).\n\n - HID: usbhid: quirk for Synaptics HD touchscreen\n (bnc#859804).\n\n - HID: usbhid: merge the sis quirk (bnc#859804).\n\n - HID: hid-multitouch: add support for SiS panels\n (bnc#859804).\n\n - HID: usbhid: quirk for SiS Touchscreen (bnc#859804).\n\n - HID: usbhid: quirk for Synaptics Large Touchccreen\n (bnc#859804).\n\n - drivers: net: cpsw: fix dt probe for one port ethernet.\n\n - drivers: net: cpsw: fix for cpsw crash when build as\n modules.\n\n - dma: edma: Remove limits on number of slots.\n\n - dma: edma: Leave linked to Null slot instead of DUMMY\n slot.\n\n - dma: edma: Find missed events and issue them.\n\n - dma: edma: Write out and handle MAX_NR_SG at a given time.\n\n - dma: edma: Setup parameters to DMA MAX_NR_SG at a time.\n\n - ARM: edma: Add function to manually trigger an EDMA\n channel.\n\n - ARM: edma: Fix clearing of unused list for DT DMA\n resources.\n\n - ACPI: Add Toshiba NB100 to Vista _OSI blacklist.\n\n - ACPI: add missing win8 OSI comment to blacklist\n (bnc#856294).\n\n - ACPI: update win8 OSI blacklist.\n\n - ACPI: blacklist win8 OSI for buggy laptops.\n\n - ACPI: blacklist win8 OSI for ASUS Zenbook Prime UX31A\n (bnc#856294).\n\n - ACPI: Blacklist Win8 OSI for some HP laptop 2013 models\n (bnc#856294).\n\n - floppy: bail out in open() if drive is not responding to\n block0 read (bnc#773058).\n\n - ping: prevent NULL pointer dereference on write to\n msg_name (bnc#854175 CVE-2013-6432).\n\n - x86/dumpstack: Fix printk_address for direct addresses\n (bnc#845621).\n\n - Refresh patches.suse/stack-unwind.\n\n - Refresh patches.xen/xen-x86_64-dump-user-pgt.\n\n - KVM: x86: Convert vapic synchronization to _cached\n functions (CVE-2013-6368) (bnc#853052 CVE-2013-6368).\n\n - KVM: x86: fix guest-initiated crash with x2apic\n (CVE-2013-6376) (bnc#853053 CVE-2013-6376).\n\n - Build the KOTD against openSUSE:13.1:Update\n\n - xencons: generalize use of add_preferred_console()\n (bnc#733022, bnc#852652).\n\n - Update Xen patches to 3.11.10.\n\n - Rename patches.xen/xen-pcpu-hotplug to\n patches.xen/xen-pcpu.\n\n - KVM: x86: Fix potential divide by 0 in lapic\n (CVE-2013-6367) (bnc#853051 CVE-2013-6367).\n\n - KVM: Improve create VCPU parameter (CVE-2013-4587)\n (bnc#853050 CVE-2013-4587).\n\n - ipv6: fix he ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"openSUSE-SU\", value:\"2014:0205-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.1\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel-debuginfo\", rpm:\"kernel-default-devel-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop\", rpm:\"kernel-desktop~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-base\", rpm:\"kernel-desktop-base~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-base-debuginfo\", rpm:\"kernel-desktop-base-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-debuginfo\", rpm:\"kernel-desktop-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-debugsource\", rpm:\"kernel-desktop-debugsource~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-devel\", rpm:\"kernel-desktop-devel~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-devel-debuginfo\", rpm:\"kernel-desktop-devel-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base-debuginfo\", rpm:\"kernel-ec2-base-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debuginfo\", rpm:\"kernel-ec2-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debugsource\", rpm:\"kernel-ec2-debugsource~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-devel-debuginfo\", rpm:\"kernel-ec2-devel-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-base-debuginfo\", rpm:\"kernel-trace-base-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-debuginfo\", rpm:\"kernel-trace-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-debugsource\", rpm:\"kernel-trace-debugsource~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-devel\", rpm:\"kernel-trace-devel~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-devel-debuginfo\", rpm:\"kernel-trace-devel-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel-debuginfo\", rpm:\"kernel-vanilla-devel-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base-debuginfo\", rpm:\"kernel-xen-base-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel-debuginfo\", rpm:\"kernel-xen-devel-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~3.11.10~7.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base-debuginfo\", rpm:\"kernel-pae-base-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debuginfo\", rpm:\"kernel-pae-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debugsource\", rpm:\"kernel-pae-debugsource~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-devel-debuginfo\", rpm:\"kernel-pae-devel-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-12T11:10:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0038", "CVE-2013-6432", "CVE-2013-4511", "CVE-2013-6368", "CVE-2013-4563", "CVE-2013-6367", "CVE-2013-6376", "CVE-2013-4587"], "description": "Check for the Version of kernel", "modified": "2017-12-08T00:00:00", "published": "2014-02-11T00:00:00", "id": "OPENVAS:850565", "href": "http://plugins.openvas.org/nasl.php?oid=850565", "type": "openvas", "title": "SuSE Update for kernel openSUSE-SU-2014:0205-1 (kernel)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2014_0205_1.nasl 8044 2017-12-08 08:32:49Z santu $\n#\n# SuSE Update for kernel openSUSE-SU-2014:0205-1 (kernel)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(850565);\n script_version(\"$Revision: 8044 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 09:32:49 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-11 10:38:00 +0530 (Tue, 11 Feb 2014)\");\n script_cve_id(\"CVE-2013-4511\", \"CVE-2013-4563\", \"CVE-2013-4587\", \"CVE-2013-6367\",\n \"CVE-2013-6368\", \"CVE-2013-6376\", \"CVE-2013-6432\", \"CVE-2014-0038\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Update for kernel openSUSE-SU-2014:0205-1 (kernel)\");\n\n tag_insight = \"\n The Linux Kernel was updated to version 3.11.10, fixing\n security issues and bugs:\n\n - floppy: bail out in open() if drive is not responding to\n block0 read (bnc#773058).\n\n - compat_sys_recvmmsg X32 fix (bnc#860993 CVE-2014-0038).\n\n - HID: usbhid: fix sis quirk (bnc#859804).\n\n - hwmon: (coretemp) Fix truncated name of alarm attributes\n\n - HID: usbhid: quirk for Synaptics Quad HD touchscreen\n (bnc#859804).\n - HID: usbhid: quirk for Synaptics HD touchscreen\n (bnc#859804).\n - HID: usbhid: merge the sis quirk (bnc#859804).\n - HID: hid-multitouch: add support for SiS panels\n (bnc#859804).\n - HID: usbhid: quirk for SiS Touchscreen (bnc#859804).\n - HID: usbhid: quirk for Synaptics Large Touchccreen\n (bnc#859804).\n\n - drivers: net: cpsw: fix dt probe for one port ethernet.\n - drivers: net: cpsw: fix for cpsw crash when build as\n modules.\n - dma: edma: Remove limits on number of slots.\n - dma: edma: Leave linked to Null slot instead of DUMMY\n slot.\n - dma: edma: Find missed events and issue them.\n - dma: edma: Write out and handle MAX_NR_SG at a given time.\n - dma: edma: Setup parameters to DMA MAX_NR_SG at a time.\n - ARM: edma: Add function to manually trigger an EDMA\n channel.\n - ARM: edma: Fix clearing of unused list for DT DMA\n resources.\n\n - ACPI: Add Toshiba NB100 to Vista _OSI blacklist.\n - ACPI: add missing win8 OSI comment to blacklist\n (bnc#856294).\n - ACPI: update win8 OSI blacklist.\n - ACPI: blacklist win8 OSI for buggy laptops.\n - ACPI: blacklist win8 OSI for ASUS Zenbook Prime UX31A\n (bnc#856294).\n\n - ACPI: Blacklist Win8 OSI for some HP laptop 2013 models\n (bnc#856294).\n\n - floppy: bail out in open() if drive is not responding to\n block0 read (bnc#773058).\n\n - ping: prevent NULL pointer dereference on write to\n msg_name (bnc#854175 CVE-2013-6432).\n\n - x86/dumpstack: Fix printk_address for direct addresses\n (bnc#845621).\n - Refresh patches.suse/stack-unwind.\n - Refresh patches.xen/xen-x86_64-dump-user-pgt.\n\n - KVM: x86: Convert vapic synchronization to _cached\n functions (CVE-2013-6368) (bnc#853052 CVE-2013-6368).\n\n - KVM: x86: fix guest-initiated crash with x2apic\n (CVE-2013-6376) (bnc#853053 CVE-2013-6376).\n\n - Build the KOTD against openSUSE:13.1:Update\n\n - xencons: generalize use of add_preferred_console()\n (bnc#733022, bnc#852652).\n - Update Xen patches to 3.11.10.\n - Rename patches.xen/xen-pcpu-hotplug to\n patches.xen/xen-pcpu.\n\n - KVM: x86: Fix potential divide by 0 in lapic\n (CVE-2013-6367) (bnc#853051 CVE-2013-6367).\n\n - KVM: Improve create VCPU parameter (CVE-2013-4587)\n (bnc#853050 CVE-2013-4587).\n\n - ipv6: fix he ...\n\n Description truncated, for more information please check the Reference URL\";\n\n tag_affected = \"kernel on openSUSE 13.1\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"openSUSE-SU\", value: \"2014:0205_1\");\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE13.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-devel-debuginfo\", rpm:\"kernel-default-devel-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop\", rpm:\"kernel-desktop~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop-base\", rpm:\"kernel-desktop-base~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop-base-debuginfo\", rpm:\"kernel-desktop-base-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop-debuginfo\", rpm:\"kernel-desktop-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop-debugsource\", rpm:\"kernel-desktop-debugsource~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop-devel\", rpm:\"kernel-desktop-devel~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop-devel-debuginfo\", rpm:\"kernel-desktop-devel-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-base-debuginfo\", rpm:\"kernel-ec2-base-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-debuginfo\", rpm:\"kernel-ec2-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-debugsource\", rpm:\"kernel-ec2-debugsource~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-devel-debuginfo\", rpm:\"kernel-ec2-devel-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-base-debuginfo\", rpm:\"kernel-trace-base-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-debuginfo\", rpm:\"kernel-trace-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-debugsource\", rpm:\"kernel-trace-debugsource~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-devel\", rpm:\"kernel-trace-devel~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-devel-debuginfo\", rpm:\"kernel-trace-devel-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla-devel-debuginfo\", rpm:\"kernel-vanilla-devel-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-base-debuginfo\", rpm:\"kernel-xen-base-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel-debuginfo\", rpm:\"kernel-xen-devel-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~3.11.10~7.3\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-base-debuginfo\", rpm:\"kernel-pae-base-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-debuginfo\", rpm:\"kernel-pae-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-debugsource\", rpm:\"kernel-pae-debugsource~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-devel-debuginfo\", rpm:\"kernel-pae-devel-debuginfo~3.11.10~7.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-02-05T16:41:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12146", "CVE-2018-13406", "CVE-2014-7975", "CVE-2013-4563", "CVE-2014-6418", "CVE-2018-18386", "CVE-2014-9683", "CVE-2017-9076", "CVE-2014-7145", "CVE-2017-1000365", "CVE-2017-8890"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-02-05T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191500", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191500", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1500)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1500\");\n script_version(\"2020-02-05T08:56:28+0000\");\n script_cve_id(\"CVE-2013-4563\", \"CVE-2014-6418\", \"CVE-2014-7145\", \"CVE-2014-7975\", \"CVE-2014-9683\", \"CVE-2017-1000365\", \"CVE-2017-12146\", \"CVE-2017-9076\", \"CVE-2018-13406\", \"CVE-2018-18386\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-05 08:56:28 +0000 (Wed, 05 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:57:39 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1500)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1500\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1500\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1500 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The IPv6 DCCP implementation in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2017-9076)\n\nIt was found that the driver_override implementation in base/platform.c in the Linux kernel is susceptible to race condition when different threads are reading vs storing a different driver override.(CVE-2017-12146)\n\nThe Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIMIT_INFINITY, but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation.(CVE-2017-1000365)\n\nA buffer overflow flaw was found in the way the Linux kernel's eCryptfs implementation decoded encrypted file names. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.(CVE-2014-9683)\n\nThe Linux kernel was found vulnerable to an integer overflow in the drivers/video/fbdev/uvesafb.c:uvesafb_setcmap() function. The vulnerability could result in local attackers being able to crash the kernel or potentially elevate privileges.(CVE-2018-13406)\n\nnet/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly validate auth replies, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via crafted data from the IP address of a Ceph Monitor.(CVE-2014-6418)\n\nA NULL pointer dereference flaw was found in the way the Linux kernel's Common Internet File System (CIFS) implementation handled mounting of file system shares. A remote attacker could use this flaw to crash a client system that would mount a file system share from a malicious server.(CVE-2014-7145)\n\nThe udp6_ufo_fragment function in net/ipv6/udp_offload.c in the Linux kernel through 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly perform a certain size comparison before inserting a fragment header, which allows remote attackers to cause a denial of service (panic) via a large IPv6 UDP packet, as demonstrated by use of the Token Bucket Filter (TBF) queueing discipline.(CVE-2013-4563)\n\nThe do_umount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAP_SYS_ADMIN capabilit ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-27T18:37:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-7027", "CVE-2013-6383", "CVE-2013-6378", "CVE-2013-6431", "CVE-2013-4511", "CVE-2013-7264", "CVE-2013-6368", "CVE-2013-6382", "CVE-2013-4563", "CVE-2013-4579", "CVE-2013-6367", "CVE-2013-7263", "CVE-2013-4387", "CVE-2013-6376", "CVE-2013-4350", "CVE-2013-6380", "CVE-2013-4587", "CVE-2013-6763", "CVE-2013-4348", "CVE-2013-4470", "CVE-2013-7026"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191475", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191475", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1475)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1475\");\n script_version(\"2020-01-23T14:09:13+0000\");\n script_cve_id(\"CVE-2013-4348\", \"CVE-2013-4350\", \"CVE-2013-4387\", \"CVE-2013-4470\", \"CVE-2013-4511\", \"CVE-2013-4563\", \"CVE-2013-4579\", \"CVE-2013-4587\", \"CVE-2013-6367\", \"CVE-2013-6368\", \"CVE-2013-6376\", \"CVE-2013-6378\", \"CVE-2013-6380\", \"CVE-2013-6382\", \"CVE-2013-6383\", \"CVE-2013-6431\", \"CVE-2013-6763\", \"CVE-2013-7026\", \"CVE-2013-7027\", \"CVE-2013-7263\", \"CVE-2013-7264\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 14:09:13 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:50:08 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1475)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1475\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1475\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1475 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel through 3.12 allows remote attackers to cause a denial of service (infinite loop) via a small value in the IHL field of a packet with IPIP encapsulation.(CVE-2013-4348)\n\nThe IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended configuration of IPsec encryption, which allows remote attackers to obtain sensitive information by sniffing the network.(CVE-2013-4350)\n\nnet/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not properly determine the need for UDP Fragmentation Offload (UFO) processing of small packets after the UFO queueing of a large packet, which allows remote attackers to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via network traffic that triggers a large response packet.(CVE-2013-4387)\n\nThe Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c.(CVE-2013-4470)\n\nMultiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c.(CVE-2013-4511)\n\nThe udp6_ufo_fragment function in net/ipv6/udp_offload.c in the Linux kernel through 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly perform a certain size comparison before inserting a fragment header, which allows remote attackers to cause a denial of service (panic) via a large IPv6 UDP packet, as demonstrated by use of the Token Bucket Filter (TBF) queueing discipline.(CVE-2013-4563)\n\nThe ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the original MAC address after spoofing by sending a ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:16:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-7270", "CVE-2013-7265", "CVE-2013-6432", "CVE-2013-7267", "CVE-2013-7266", "CVE-2013-7264", "CVE-2014-1446", "CVE-2013-6368", "CVE-2013-6382", "CVE-2013-4563", "CVE-2013-4579", "CVE-2013-6367", "CVE-2013-7263", "CVE-2013-7269", "CVE-2013-6376", "CVE-2013-7271", "CVE-2013-7268", "CVE-2014-1438", "CVE-2013-7281", "CVE-2013-4587"], "description": "Check for the Version of linux-lts-saucy", "modified": "2017-12-01T00:00:00", "published": "2014-02-20T00:00:00", "id": "OPENVAS:841725", "href": "http://plugins.openvas.org/nasl.php?oid=841725", "type": "openvas", "title": "Ubuntu Update for linux-lts-saucy USN-2113-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2113_1.nasl 7957 2017-12-01 06:40:08Z santu $\n#\n# Ubuntu Update for linux-lts-saucy USN-2113-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841725);\n script_version(\"$Revision: 7957 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:40:08 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-20 15:22:00 +0530 (Thu, 20 Feb 2014)\");\n script_cve_id(\"CVE-2013-4563\", \"CVE-2013-4579\", \"CVE-2013-4587\", \"CVE-2013-6367\",\n \"CVE-2013-6368\", \"CVE-2013-6376\", \"CVE-2013-6382\", \"CVE-2013-6432\",\n \"CVE-2013-7263\", \"CVE-2013-7264\", \"CVE-2013-7265\", \"CVE-2013-7266\",\n \"CVE-2013-7267\", \"CVE-2013-7268\", \"CVE-2013-7269\", \"CVE-2013-7270\",\n \"CVE-2013-7271\", \"CVE-2013-7281\", \"CVE-2014-1438\", \"CVE-2014-1446\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux-lts-saucy USN-2113-1\");\n\n tag_insight = \"Saran Neti reported a flaw in the ipv6 UDP Fragmentation Offload (UFI) in\nthe Linux kernel. A remote attacker could exploit this flaw to cause a\ndenial of service (panic). (CVE-2013-4563)\n\nMathy Vanhoef discovered an error in the the way the ath9k driver was\nhandling the BSSID masking. A remote attacker could exploit this error to\ndiscover the original MAC address after a spoofing atack. (CVE-2013-4579)\n\nAndrew Honig reported a flaw in the Linux Kernel's kvm_vm_ioctl_create_vcpu\nfunction of the Kernel Virtual Machine (KVM) subsystem. A local user could\nexploit this flaw to gain privileges on the host machine. (CVE-2013-4587)\n\nAndrew Honig reported a flaw in the apic_get_tmcct function of the Kernel\nVirtual Machine (KVM) subsystem if the Linux kernel. A guest OS user could\nexploit this flaw to cause a denial of service or host OS system crash.\n(CVE-2013-6367)\n\nAndrew Honig reported an error in the Linux Kernel's Kernel Virtual Machine\n(KVM) VAPIC synchronization operation. A local user could exploit this flaw\nto gain privileges or cause a denial of service (system crash).\n(CVE-2013-6368)\n\nLars Bull discovered a flaw in the recalculate_apic_map function of the\nKernel Virtual Machine (KVM) subsystem in the Linux kernel. A guest OS user\ncould exploit this flaw to cause a denial of service (host OS crash).\n(CVE-2013-6376)\n\nNico Golde and Fabian Yamaguchi reported buffer underflow errors in the\nimplementation of the XFS filesystem in the Linux kernel. A local user with\nCAP_SYS_ADMIN could exploit these flaw to cause a denial of service (memory\ncorruption) or possibly other unspecified issues. (CVE-2013-6382)\n\nA flaw was discovered in the ipv4 ping_recvmsg function of the Linux\nkernel. A local user could exploit this flaw to cause a denial of service\n(NULL pointer dereference and system crash). (CVE-2013-6432)\n\nmpd reported an information leak in the recvfrom, recvmmsg, and recvmsg\nsystem calls in the Linux kernel. An unprivileged local user could exploit\nthis flaw to obtain sensitive information from kernel stack memory.\n(CVE-2013-7263)\n\nmpb reported an information leak in the Layer Two Tunneling Protocol (l2tp)\nof the Linux kernel. A local user could exploit this flaw to obtain\nsensitive information from kernel stack memory. (CVE-2013-7264)\n\nmpb reported an information leak in the Phone Network protocol (phonet) in\nthe Linux kernel. A local user could exploit this flaw to obtain sensitive\ninformation from kernel stack memory. (CVE-2013-7265)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg\nsystemcalls when used with ISDN sockets in the Linux kernel. A local us ... \n\n Description truncated, for more information please check the Reference URL\";\n\n tag_affected = \"linux-lts-saucy on Ubuntu 12.04 LTS\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"2113-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-2113-1/\");\n script_summary(\"Check for the Version of linux-lts-saucy\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.11.0-17-generic\", ver:\"3.11.0-17.31~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.11.0-17-generic-lpae\", ver:\"3.11.0-17.31~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-06-11T17:44:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-7270", "CVE-2013-7265", "CVE-2013-6432", "CVE-2013-7267", "CVE-2013-7266", "CVE-2013-7264", "CVE-2014-1446", "CVE-2013-6368", "CVE-2013-6382", "CVE-2013-4563", "CVE-2013-4579", "CVE-2013-6367", "CVE-2013-7263", "CVE-2013-7269", "CVE-2013-6376", "CVE-2013-7271", "CVE-2013-7268", "CVE-2014-1438", "CVE-2013-7281", "CVE-2013-4587"], "description": "The remote host is missing an update for the ", "modified": "2020-06-09T00:00:00", "published": "2014-02-20T00:00:00", "id": "OPENVAS:1361412562310841725", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841725", "type": "openvas", "title": "Ubuntu Update for linux-lts-saucy USN-2113-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-saucy USN-2113-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841725\");\n script_version(\"2020-06-09T14:44:58+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 14:44:58 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-02-20 15:22:00 +0530 (Thu, 20 Feb 2014)\");\n script_cve_id(\"CVE-2013-4563\", \"CVE-2013-4579\", \"CVE-2013-4587\", \"CVE-2013-6367\",\n \"CVE-2013-6368\", \"CVE-2013-6376\", \"CVE-2013-6382\", \"CVE-2013-6432\",\n \"CVE-2013-7263\", \"CVE-2013-7264\", \"CVE-2013-7265\", \"CVE-2013-7266\",\n \"CVE-2013-7267\", \"CVE-2013-7268\", \"CVE-2013-7269\", \"CVE-2013-7270\",\n \"CVE-2013-7271\", \"CVE-2013-7281\", \"CVE-2014-1438\", \"CVE-2014-1446\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux-lts-saucy USN-2113-1\");\n\n script_tag(name:\"affected\", value:\"linux-lts-saucy on Ubuntu 12.04 LTS\");\n script_tag(name:\"insight\", value:\"Saran Neti reported a flaw in the ipv6 UDP Fragmentation Offload (UFI) in\nthe Linux kernel. A remote attacker could exploit this flaw to cause a\ndenial of service (panic). (CVE-2013-4563)\n\nMathy Vanhoef discovered an error in the the way the ath9k driver was\nhandling the BSSID masking. A remote attacker could exploit this error to\ndiscover the original MAC address after a spoofing attack. (CVE-2013-4579)\n\nAndrew Honig reported a flaw in the Linux Kernel's kvm_vm_ioctl_create_vcpu\nfunction of the Kernel Virtual Machine (KVM) subsystem. A local user could\nexploit this flaw to gain privileges on the host machine. (CVE-2013-4587)\n\nAndrew Honig reported a flaw in the apic_get_tmcct function of the Kernel\nVirtual Machine (KVM) subsystem if the Linux kernel. A guest OS user could\nexploit this flaw to cause a denial of service or host OS system crash.\n(CVE-2013-6367)\n\nAndrew Honig reported an error in the Linux Kernel's Kernel Virtual Machine\n(KVM) VAPIC synchronization operation. A local user could exploit this flaw\nto gain privileges or cause a denial of service (system crash).\n(CVE-2013-6368)\n\nLars Bull discovered a flaw in the recalculate_apic_map function of the\nKernel Virtual Machine (KVM) subsystem in the Linux kernel. A guest OS user\ncould exploit this flaw to cause a denial of service (host OS crash).\n(CVE-2013-6376)\n\nNico Golde and Fabian Yamaguchi reported buffer underflow errors in the\nimplementation of the XFS filesystem in the Linux kernel. A local user with\nCAP_SYS_ADMIN could exploit these flaw to cause a denial of service (memory\ncorruption) or possibly other unspecified issues. (CVE-2013-6382)\n\nA flaw was discovered in the ipv4 ping_recvmsg function of the Linux\nkernel. A local user could exploit this flaw to cause a denial of service\n(NULL pointer dereference and system crash). (CVE-2013-6432)\n\nmpd reported an information leak in the recvfrom, recvmmsg, and recvmsg\nsystem calls in the Linux kernel. An unprivileged local user could exploit\nthis flaw to obtain sensitive information from kernel stack memory.\n(CVE-2013-7263)\n\nmpb reported an information leak in the Layer Two Tunneling Protocol (l2tp)\nof the Linux kernel. A local user could exploit this flaw to obtain\nsensitive information from kernel stack memory. (CVE-2013-7264)\n\nmpb reported an information leak in the Phone Network protocol (phonet) in\nthe Linux kernel. A local user could exploit this flaw to obtain sensitive\ninformation from kernel stack memory. (CVE-2013-7265)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg\nsystemcalls when used with ISDN sockets in the Linux kernel. A local us ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2113-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2113-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-saucy'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.11.0-17-generic\", ver:\"3.11.0-17.31~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.11.0-17-generic-lpae\", ver:\"3.11.0-17.31~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:16:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-7270", "CVE-2013-7265", "CVE-2013-6432", "CVE-2013-7267", "CVE-2013-7266", "CVE-2013-7264", "CVE-2014-1446", "CVE-2013-6368", "CVE-2013-6382", "CVE-2013-4563", "CVE-2013-4579", "CVE-2013-6367", "CVE-2013-7263", "CVE-2013-7269", "CVE-2013-6376", "CVE-2013-7271", "CVE-2013-7268", "CVE-2014-1438", "CVE-2013-7281", "CVE-2013-4587"], "description": "Check for the Version of linux", "modified": "2017-12-01T00:00:00", "published": "2014-02-20T00:00:00", "id": "OPENVAS:841715", "href": "http://plugins.openvas.org/nasl.php?oid=841715", "type": "openvas", "title": "Ubuntu Update for linux USN-2117-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2117_1.nasl 7957 2017-12-01 06:40:08Z santu $\n#\n# Ubuntu Update for linux USN-2117-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841715);\n script_version(\"$Revision: 7957 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:40:08 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-20 15:14:40 +0530 (Thu, 20 Feb 2014)\");\n script_cve_id(\"CVE-2013-4563\", \"CVE-2013-4579\", \"CVE-2013-4587\", \"CVE-2013-6367\",\n \"CVE-2013-6368\", \"CVE-2013-6376\", \"CVE-2013-6382\", \"CVE-2013-6432\",\n \"CVE-2013-7263\", \"CVE-2013-7264\", \"CVE-2013-7265\", \"CVE-2013-7266\",\n \"CVE-2013-7267\", \"CVE-2013-7268\", \"CVE-2013-7269\", \"CVE-2013-7270\",\n \"CVE-2013-7271\", \"CVE-2013-7281\", \"CVE-2014-1438\", \"CVE-2014-1446\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux USN-2117-1\");\n\n tag_insight = \"Saran Neti reported a flaw in the ipv6 UDP Fragmentation Offload (UFI) in\nthe Linux kernel. A remote attacker could exploit this flaw to cause a\ndenial of service (panic). (CVE-2013-4563)\n\nMathy Vanhoef discovered an error in the the way the ath9k driver was\nhandling the BSSID masking. A remote attacker could exploit this error to\ndiscover the original MAC address after a spoofing atack. (CVE-2013-4579)\n\nAndrew Honig reported a flaw in the Linux Kernel's kvm_vm_ioctl_create_vcpu\nfunction of the Kernel Virtual Machine (KVM) subsystem. A local user could\nexploit this flaw to gain privileges on the host machine. (CVE-2013-4587)\n\nAndrew Honig reported a flaw in the apic_get_tmcct function of the Kernel\nVirtual Machine (KVM) subsystem if the Linux kernel. A guest OS user could\nexploit this flaw to cause a denial of service or host OS system crash.\n(CVE-2013-6367)\n\nAndrew Honig reported an error in the Linux Kernel's Kernel Virtual Machine\n(KVM) VAPIC synchronization operation. A local user could exploit this flaw\nto gain privileges or cause a denial of service (system crash).\n(CVE-2013-6368)\n\nLars Bull discovered a flaw in the recalculate_apic_map function of the\nKernel Virtual Machine (KVM) subsystem in the Linux kernel. A guest OS user\ncould exploit this flaw to cause a denial of service (host OS crash).\n(CVE-2013-6376)\n\nNico Golde and Fabian Yamaguchi reported buffer underflow errors in the\nimplementation of the XFS filesystem in the Linux kernel. A local user with\nCAP_SYS_ADMIN could exploit these flaw to cause a denial of service (memory\ncorruption) or possibly other unspecified issues. (CVE-2013-6382)\n\nA flaw was discovered in the ipv4 ping_recvmsg function of the Linux\nkernel. A local user could exploit this flaw to cause a denial of service\n(NULL pointer dereference and system crash). (CVE-2013-6432)\n\nmpd reported an information leak in the recvfrom, recvmmsg, and recvmsg\nsystem calls in the Linux kernel. An unprivileged local user could exploit\nthis flaw to obtain sensitive information from kernel stack memory.\n(CVE-2013-7263)\n\nmpb reported an information leak in the Layer Two Tunneling Protocol (l2tp)\nof the Linux kernel. A local user could exploit this flaw to obtain\nsensitive information from kernel stack memory. (CVE-2013-7264)\n\nmpb reported an information leak in the Phone Network protocol (phonet) in\nthe Linux kernel. A local user could exploit this flaw to obtain sensitive\ninformation from kernel stack memory. (CVE-2013-7265)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg\nsystemcalls when used with ISDN sockets in the Linux kernel. A local user\ncould explo ... \n\n Description truncated, for more information please check the Reference URL\";\n\n tag_affected = \"linux on Ubuntu 13.10\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"2117-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-2117-1/\");\n script_summary(\"Check for the Version of linux\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.11.0-17-generic\", ver:\"3.11.0-17.31\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.11.0-17-generic-lpae\", ver:\"3.11.0-17.31\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-06-11T17:43:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-7270", "CVE-2013-7265", "CVE-2013-6432", "CVE-2013-7267", "CVE-2013-7266", "CVE-2013-7264", "CVE-2014-1446", "CVE-2013-6368", "CVE-2013-6382", "CVE-2013-4563", "CVE-2013-4579", "CVE-2013-6367", "CVE-2013-7263", "CVE-2013-7269", "CVE-2013-6376", "CVE-2013-7271", "CVE-2013-7268", "CVE-2014-1438", "CVE-2013-7281", "CVE-2013-4587"], "description": "The remote host is missing an update for the ", "modified": "2020-06-09T00:00:00", "published": "2014-02-20T00:00:00", "id": "OPENVAS:1361412562310841715", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841715", "type": "openvas", "title": "Ubuntu Update for linux USN-2117-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-2117-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841715\");\n script_version(\"2020-06-09T14:44:58+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 14:44:58 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-02-20 15:14:40 +0530 (Thu, 20 Feb 2014)\");\n script_cve_id(\"CVE-2013-4563\", \"CVE-2013-4579\", \"CVE-2013-4587\", \"CVE-2013-6367\",\n \"CVE-2013-6368\", \"CVE-2013-6376\", \"CVE-2013-6382\", \"CVE-2013-6432\",\n \"CVE-2013-7263\", \"CVE-2013-7264\", \"CVE-2013-7265\", \"CVE-2013-7266\",\n \"CVE-2013-7267\", \"CVE-2013-7268\", \"CVE-2013-7269\", \"CVE-2013-7270\",\n \"CVE-2013-7271\", \"CVE-2013-7281\", \"CVE-2014-1438\", \"CVE-2014-1446\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux USN-2117-1\");\n\n script_tag(name:\"affected\", value:\"linux on Ubuntu 13.10\");\n script_tag(name:\"insight\", value:\"Saran Neti reported a flaw in the ipv6 UDP Fragmentation Offload (UFI) in\nthe Linux kernel. A remote attacker could exploit this flaw to cause a\ndenial of service (panic). (CVE-2013-4563)\n\nMathy Vanhoef discovered an error in the the way the ath9k driver was\nhandling the BSSID masking. A remote attacker could exploit this error to\ndiscover the original MAC address after a spoofing attack. (CVE-2013-4579)\n\nAndrew Honig reported a flaw in the Linux Kernel's kvm_vm_ioctl_create_vcpu\nfunction of the Kernel Virtual Machine (KVM) subsystem. A local user could\nexploit this flaw to gain privileges on the host machine. (CVE-2013-4587)\n\nAndrew Honig reported a flaw in the apic_get_tmcct function of the Kernel\nVirtual Machine (KVM) subsystem if the Linux kernel. A guest OS user could\nexploit this flaw to cause a denial of service or host OS system crash.\n(CVE-2013-6367)\n\nAndrew Honig reported an error in the Linux Kernel's Kernel Virtual Machine\n(KVM) VAPIC synchronization operation. A local user could exploit this flaw\nto gain privileges or cause a denial of service (system crash).\n(CVE-2013-6368)\n\nLars Bull discovered a flaw in the recalculate_apic_map function of the\nKernel Virtual Machine (KVM) subsystem in the Linux kernel. A guest OS user\ncould exploit this flaw to cause a denial of service (host OS crash).\n(CVE-2013-6376)\n\nNico Golde and Fabian Yamaguchi reported buffer underflow errors in the\nimplementation of the XFS filesystem in the Linux kernel. A local user with\nCAP_SYS_ADMIN could exploit these flaw to cause a denial of service (memory\ncorruption) or possibly other unspecified issues. (CVE-2013-6382)\n\nA flaw was discovered in the ipv4 ping_recvmsg function of the Linux\nkernel. A local user could exploit this flaw to cause a denial of service\n(NULL pointer dereference and system crash). (CVE-2013-6432)\n\nmpd reported an information leak in the recvfrom, recvmmsg, and recvmsg\nsystem calls in the Linux kernel. An unprivileged local user could exploit\nthis flaw to obtain sensitive information from kernel stack memory.\n(CVE-2013-7263)\n\nmpb reported an information leak in the Layer Two Tunneling Protocol (l2tp)\nof the Linux kernel. A local user could exploit this flaw to obtain\nsensitive information from kernel stack memory. (CVE-2013-7264)\n\nmpb reported an information leak in the Phone Network protocol (phonet) in\nthe Linux kernel. A local user could exploit this flaw to obtain sensitive\ninformation from kernel stack memory. (CVE-2013-7265)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg\nsystemcalls when used with ISDN sockets in the Linux kernel. A local user\ncould explo ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2117-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2117-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU13\\.10\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.11.0-17-generic\", ver:\"3.11.0-17.31\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.11.0-17-generic-lpae\", ver:\"3.11.0-17.31\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-23T13:09:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2234", "CVE-2013-4345", "CVE-2013-2894", "CVE-2013-2896", "CVE-2013-2891", "CVE-2013-4254", "CVE-2013-2892", "CVE-2013-1059", "CVE-2013-2897", "CVE-2013-2232", "CVE-2013-4563", "CVE-2013-2899", "CVE-2013-4125", "CVE-2013-4387", "CVE-2013-4350", "CVE-2013-0343", "CVE-2013-2895", "CVE-2013-4348", "CVE-2013-4470", "CVE-2013-4343", "CVE-2013-2888", "CVE-2013-2889", "CVE-2013-2893"], "description": "Check for the Version of kernel", "modified": "2018-01-23T00:00:00", "published": "2013-11-26T00:00:00", "id": "OPENVAS:867089", "href": "http://plugins.openvas.org/nasl.php?oid=867089", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2013-21807", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2013-21807\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867089);\n script_version(\"$Revision: 8494 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 07:57:55 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-26 10:20:46 +0530 (Tue, 26 Nov 2013)\");\n script_cve_id(\"CVE-2013-4563\", \"CVE-2013-4348\", \"CVE-2013-4470\", \"CVE-2013-4387\", \"CVE-2013-4345\", \"CVE-2013-4350\", \"CVE-2013-4343\", \"CVE-2013-2888\", \"CVE-2013-2889\", \"CVE-2013-2891\", \"CVE-2013-2892\", \"CVE-2013-2893\", \"CVE-2013-2894\", \"CVE-2013-2895\", \"CVE-2013-2896\", \"CVE-2013-2897\", \"CVE-2013-2899\", \"CVE-2013-0343\", \"CVE-2013-4254\", \"CVE-2013-4125\", \"CVE-2013-2232\", \"CVE-2013-1059\", \"CVE-2013-2234\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"Fedora Update for kernel FEDORA-2013-21807\");\n\n tag_insight = \"The kernel package contains the Linux kernel (vmlinuz), the core of any\nLinux operating system. The kernel handles the basic functions\nof the operating system: memory allocation, process allocation, device\ninput and output, etc.\n\";\n\n tag_affected = \"kernel on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-21807\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-November/122543.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.11.9~200.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2234", "CVE-2013-4345", "CVE-2013-2894", "CVE-2013-2896", "CVE-2013-2891", "CVE-2013-4254", "CVE-2013-2892", "CVE-2013-1059", "CVE-2013-2897", "CVE-2013-2232", "CVE-2013-4563", "CVE-2013-2899", "CVE-2013-4125", "CVE-2013-4387", "CVE-2013-4350", "CVE-2013-0343", "CVE-2013-2895", "CVE-2013-4348", "CVE-2013-4470", "CVE-2013-4343", "CVE-2013-2888", "CVE-2013-2889", "CVE-2013-2893"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-11-26T00:00:00", "id": "OPENVAS:1361412562310867089", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867089", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2013-21807", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2013-21807\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867089\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-26 10:20:46 +0530 (Tue, 26 Nov 2013)\");\n script_cve_id(\"CVE-2013-4563\", \"CVE-2013-4348\", \"CVE-2013-4470\", \"CVE-2013-4387\", \"CVE-2013-4345\", \"CVE-2013-4350\", \"CVE-2013-4343\", \"CVE-2013-2888\", \"CVE-2013-2889\", \"CVE-2013-2891\", \"CVE-2013-2892\", \"CVE-2013-2893\", \"CVE-2013-2894\", \"CVE-2013-2895\", \"CVE-2013-2896\", \"CVE-2013-2897\", \"CVE-2013-2899\", \"CVE-2013-0343\", \"CVE-2013-4254\", \"CVE-2013-4125\", \"CVE-2013-2232\", \"CVE-2013-1059\", \"CVE-2013-2234\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"Fedora Update for kernel FEDORA-2013-21807\");\n\n\n script_tag(name:\"affected\", value:\"kernel on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-21807\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-November/122543.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.11.9~200.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:41:55", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0038", "CVE-2013-6432", "CVE-2013-4511", "CVE-2013-6368", "CVE-2013-4563", "CVE-2013-6367", "CVE-2013-6376", "CVE-2013-4587"], "description": "The Linux Kernel was updated to version 3.11.10, fixing\n security issues and bugs:\n\n - floppy: bail out in open() if drive is not responding to\n block0 read (bnc#773058).\n\n - compat_sys_recvmmsg X32 fix (bnc#860993 CVE-2014-0038).\n\n - HID: usbhid: fix sis quirk (bnc#859804).\n\n - hwmon: (coretemp) Fix truncated name of alarm attributes\n\n - HID: usbhid: quirk for Synaptics Quad HD touchscreen\n (bnc#859804).\n - HID: usbhid: quirk for Synaptics HD touchscreen\n (bnc#859804).\n - HID: usbhid: merge the sis quirk (bnc#859804).\n - HID: hid-multitouch: add support for SiS panels\n (bnc#859804).\n - HID: usbhid: quirk for SiS Touchscreen (bnc#859804).\n - HID: usbhid: quirk for Synaptics Large Touchccreen\n (bnc#859804).\n\n - drivers: net: cpsw: fix dt probe for one port ethernet.\n - drivers: net: cpsw: fix for cpsw crash when build as\n modules.\n - dma: edma: Remove limits on number of slots.\n - dma: edma: Leave linked to Null slot instead of DUMMY\n slot.\n - dma: edma: Find missed events and issue them.\n - dma: edma: Write out and handle MAX_NR_SG at a given time.\n - dma: edma: Setup parameters to DMA MAX_NR_SG at a time.\n - ARM: edma: Add function to manually trigger an EDMA\n channel.\n - ARM: edma: Fix clearing of unused list for DT DMA\n resources.\n\n - ACPI: Add Toshiba NB100 to Vista _OSI blacklist.\n - ACPI: add missing win8 OSI comment to blacklist\n (bnc#856294).\n - ACPI: update win8 OSI blacklist.\n - ACPI: blacklist win8 OSI for buggy laptops.\n - ACPI: blacklist win8 OSI for ASUS Zenbook Prime UX31A\n (bnc#856294).\n\n - ACPI: Blacklist Win8 OSI for some HP laptop 2013 models\n (bnc#856294).\n\n - floppy: bail out in open() if drive is not responding to\n block0 read (bnc#773058).\n\n - ping: prevent NULL pointer dereference on write to\n msg_name (bnc#854175 CVE-2013-6432).\n\n - x86/dumpstack: Fix printk_address for direct addresses\n (bnc#845621).\n - Refresh patches.suse/stack-unwind.\n - Refresh patches.xen/xen-x86_64-dump-user-pgt.\n\n - KVM: x86: Convert vapic synchronization to _cached\n functions (CVE-2013-6368) (bnc#853052 CVE-2013-6368).\n\n - KVM: x86: fix guest-initiated crash with x2apic\n (CVE-2013-6376) (bnc#853053 CVE-2013-6376).\n\n - Build the KOTD against openSUSE:13.1:Update\n\n - xencons: generalize use of add_preferred_console()\n (bnc#733022, bnc#852652).\n - Update Xen patches to 3.11.10.\n - Rename patches.xen/xen-pcpu-hotplug to\n patches.xen/xen-pcpu.\n\n - KVM: x86: Fix potential divide by 0 in lapic\n (CVE-2013-6367) (bnc#853051 CVE-2013-6367).\n\n - KVM: Improve create VCPU parameter (CVE-2013-4587)\n (bnc#853050 CVE-2013-4587).\n\n - ipv6: fix headroom calculation in udp6_ufo_fragment\n (bnc#848042 CVE-2013-4563).\n\n - net: rework recvmsg handler msg_name and msg_namelen\n logic (bnc#854722).\n\n - patches.drivers/gpio-ucb1400-add-module_alias.patch:\n Update upstream reference\n -\n patches.drivers/gpio-ucb1400-can-be-built-as-a-module.patch:\n Update upstream reference\n\n - Delete patches.suse/ida-remove-warning-dump-stack.patch.\n Already included in kernel 3.11 (WARN calls dump_stack.)\n\n - xhci: Limit the spurious wakeup fix only to HP machines\n (bnc#852931).\n\n - iscsi_target: race condition on shutdown (bnc#850072).\n\n - Linux 3.11.10.\n - Refresh patches.xen/xen3-patch-2.6.29.\n - Delete\n patches.suse/btrfs-relocate-csums-properly-with-prealloc-ext\n ents.patch.\n\n -\n patches.drivers/xhci-Fix-spurious-wakeups-after-S5-on-Haswel\n l.patch: (bnc#852931).\n\n - Build mei and mei_me as modules (bnc#852656)\n\n - Linux 3.11.9.\n\n - Linux 3.11.8 (CVE-2013-4511 bnc#846529 bnc#849021).\n - Delete\n patches.drivers/ALSA-hda-Add-a-fixup-for-ASUS-N76VZ.\n - Delete\n patches.fixes/Fix-a-few-incorrectly-checked-io_-remap_pfn_ra\n nge-ca.patch.\n\n - Add USB PHY support (needed to get USB and Ethernet\n working on beagle and panda boards) Add\n CONFIG_PINCTRL_SINGLE=y to be able to use Device tree (at\n least for beagle and panda boards) Add ARM SoC sound\n support Add SPI bus support Add user-space access to I2C\n and SPI\n\n -\n patches.arch/iommu-vt-d-remove-stack-trace-from-broken-irq-r\n emapping-warning.patch: Fix forward porting, sorry.\n\n - iommu: Remove stack trace from broken irq remapping\n warning (bnc#844513).\n\n - gpio: ucb1400: Add MODULE_ALIAS.\n\n - Allow NFSv4 username mapping to work properly\n (bnc#838024).\n\n - nfs: check if gssd is running before attempting to use\n krb5i auth in SETCLIENTID call.\n - sunrpc: replace sunrpc_net->gssd_running flag with a more\n reliable check.\n - sunrpc: create a new dummy pipe for gssd to hold open.\n\n - Set CONFIG_GPIO_TWL4030 as built-in (instead of module)\n as a requirement to boot on SD card on beagleboard xM\n\n - armv6hl, armv7hl: Update config files. Set\n CONFIG_BATMAN_ADV_BLA=y as all other kernel configuration\n files have.\n\n - Update config files:\n * CONFIG_BATMAN_ADV_NC=y, because other BATMAN_ADV\n options are all enabled so why not this one.\n * CONFIG_GPIO_SCH=m, CONFIG_GPIO_PCH=m, because we\n support all other features of these pieces of hardware.\n * CONFIG_INTEL_POWERCLAMP=m, because this small driver\n might be useful in specific cases, and there's no\n obvious reason not to include it.\n\n - Fix a few incorrectly checked [io_]remap_pfn_range()\n calls (bnc#849021, CVE-2013-4511).\n - Linux 3.11.7.\n\n", "edition": 1, "modified": "2014-02-06T19:21:55", "published": "2014-02-06T19:21:55", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00003.html", "id": "OPENSUSE-SU-2014:0205-1", "title": "kernel to 3.11.10 (important)", "type": "suse", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2020-07-02T11:35:39", "bulletinFamily": "unix", "cvelist": ["CVE-2013-7270", "CVE-2013-7265", "CVE-2013-6432", "CVE-2013-7267", "CVE-2013-7266", "CVE-2013-7264", "CVE-2014-1446", "CVE-2013-6368", "CVE-2013-7339", "CVE-2013-6382", "CVE-2013-4563", "CVE-2013-4579", "CVE-2013-6367", "CVE-2013-7263", "CVE-2013-7269", "CVE-2013-6376", "CVE-2013-7271", "CVE-2013-7268", "CVE-2014-1438", "CVE-2013-7281", "CVE-2013-4587"], "description": "Saran Neti reported a flaw in the ipv6 UDP Fragmentation Offload (UFI) in \nthe Linux kernel. A remote attacker could exploit this flaw to cause a \ndenial of service (panic). (CVE-2013-4563)\n\nMathy Vanhoef discovered an error in the the way the ath9k driver was \nhandling the BSSID masking. A remote attacker could exploit this error to \ndiscover the original MAC address after a spoofing atack. (CVE-2013-4579)\n\nAndrew Honig reported a flaw in the Linux Kernel's kvm_vm_ioctl_create_vcpu \nfunction of the Kernel Virtual Machine (KVM) subsystem. A local user could \nexploit this flaw to gain privileges on the host machine. (CVE-2013-4587)\n\nAndrew Honig reported a flaw in the apic_get_tmcct function of the Kernel \nVirtual Machine (KVM) subsystem if the Linux kernel. A guest OS user could \nexploit this flaw to cause a denial of service or host OS system crash. \n(CVE-2013-6367)\n\nAndrew Honig reported an error in the Linux Kernel's Kernel Virtual Machine \n(KVM) VAPIC synchronization operation. A local user could exploit this flaw \nto gain privileges or cause a denial of service (system crash). \n(CVE-2013-6368)\n\nLars Bull discovered a flaw in the recalculate_apic_map function of the \nKernel Virtual Machine (KVM) subsystem in the Linux kernel. A guest OS user \ncould exploit this flaw to cause a denial of service (host OS crash). \n(CVE-2013-6376)\n\nNico Golde and Fabian Yamaguchi reported buffer underflow errors in the \nimplementation of the XFS filesystem in the Linux kernel. A local user with \nCAP_SYS_ADMIN could exploit these flaw to cause a denial of service (memory \ncorruption) or possibly other unspecified issues. (CVE-2013-6382)\n\nA flaw was discovered in the ipv4 ping_recvmsg function of the Linux \nkernel. A local user could exploit this flaw to cause a denial of service \n(NULL pointer dereference and system crash). (CVE-2013-6432)\n\nmpd reported an information leak in the recvfrom, recvmmsg, and recvmsg \nsystem calls in the Linux kernel. An unprivileged local user could exploit \nthis flaw to obtain sensitive information from kernel stack memory. \n(CVE-2013-7263)\n\nmpb reported an information leak in the Layer Two Tunneling Protocol (l2tp) \nof the Linux kernel. A local user could exploit this flaw to obtain \nsensitive information from kernel stack memory. (CVE-2013-7264)\n\nmpb reported an information leak in the Phone Network protocol (phonet) in \nthe Linux kernel. A local user could exploit this flaw to obtain sensitive \ninformation from kernel stack memory. (CVE-2013-7265)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with ISDN sockets in the Linux kernel. A local user \ncould exploit this leak to obtain potentially sensitive information from \nkernel memory. (CVE-2013-7266)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with apple talk sockets in the Linux kernel. A local \nuser could exploit this leak to obtain potentially sensitive information \nfrom kernel memory. (CVE-2013-7267)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with ipx protocol sockets in the Linux kernel. A \nlocal user could exploit this leak to obtain potentially sensitive \ninformation from kernel memory. (CVE-2013-7268)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with the netrom address family in the Linux kernel. A \nlocal user could exploit this leak to obtain potentially sensitive \ninformation from kernel memory. (CVE-2013-7269)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with packet address family sockets in the Linux \nkernel. A local user could exploit this leak to obtain potentially \nsensitive information from kernel memory. (CVE-2013-7270)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with x25 protocol sockets in the Linux kernel. A \nlocal user could exploit this leak to obtain potentially sensitive \ninformation from kernel memory. (CVE-2013-7271)\n\nmpb reported an information leak in the Low-Rate Wireless Personal Area \nNetworks support (IEEE 802.15.4) in the Linux kernel. A local user could \nexploit this flaw to obtain sensitive information from kernel stack memory. \n(CVE-2013-7281)\n\nA flaw was discovered in the Reliable Datagram Sockets (RDS) protocol \nimplementation in the Linux kernel for systems that lack RDS transports. An \nunprivileged local user could exploit this flaw to cause a denial of \nservice (system crash). (CVE-2013-7339)\n\nhalfdog reported an error in the AMD K7 and K8 platform support in the \nLinux kernel. An unprivileged local user could exploit this flaw on AMD \nbased systems to cause a denial of service (task kill) or possibly gain \nprivileges via a crafted application. (CVE-2014-1438)\n\nAn information leak was discovered in the Linux kernel's hamradio YAM \ndriver for AX.25 packet radio. A local user with the CAP_NET_ADMIN \ncapability could exploit this flaw to obtain sensitive information from \nkernel memory. (CVE-2014-1446)", "edition": 5, "modified": "2014-02-18T00:00:00", "published": "2014-02-18T00:00:00", "id": "USN-2113-1", "href": "https://ubuntu.com/security/notices/USN-2113-1", "title": "Linux kernel (Saucy HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:24:32", "bulletinFamily": "unix", "cvelist": ["CVE-2013-7270", "CVE-2013-7265", "CVE-2013-6432", "CVE-2013-7267", "CVE-2013-7266", "CVE-2013-7264", "CVE-2014-1446", "CVE-2013-6368", "CVE-2013-7339", "CVE-2013-6382", "CVE-2013-4563", "CVE-2013-4579", "CVE-2013-6367", "CVE-2013-7263", "CVE-2013-7269", "CVE-2013-6376", "CVE-2013-7271", "CVE-2013-7268", "CVE-2014-1438", "CVE-2013-7281", "CVE-2013-4587"], "description": "Saran Neti reported a flaw in the ipv6 UDP Fragmentation Offload (UFI) in \nthe Linux kernel. A remote attacker could exploit this flaw to cause a \ndenial of service (panic). (CVE-2013-4563)\n\nMathy Vanhoef discovered an error in the the way the ath9k driver was \nhandling the BSSID masking. A remote attacker could exploit this error to \ndiscover the original MAC address after a spoofing atack. (CVE-2013-4579)\n\nAndrew Honig reported a flaw in the Linux Kernel's kvm_vm_ioctl_create_vcpu \nfunction of the Kernel Virtual Machine (KVM) subsystem. A local user could \nexploit this flaw to gain privileges on the host machine. (CVE-2013-4587)\n\nAndrew Honig reported a flaw in the apic_get_tmcct function of the Kernel \nVirtual Machine (KVM) subsystem if the Linux kernel. A guest OS user could \nexploit this flaw to cause a denial of service or host OS system crash. \n(CVE-2013-6367)\n\nAndrew Honig reported an error in the Linux Kernel's Kernel Virtual Machine \n(KVM) VAPIC synchronization operation. A local user could exploit this flaw \nto gain privileges or cause a denial of service (system crash). \n(CVE-2013-6368)\n\nLars Bull discovered a flaw in the recalculate_apic_map function of the \nKernel Virtual Machine (KVM) subsystem in the Linux kernel. A guest OS user \ncould exploit this flaw to cause a denial of service (host OS crash). \n(CVE-2013-6376)\n\nNico Golde and Fabian Yamaguchi reported buffer underflow errors in the \nimplementation of the XFS filesystem in the Linux kernel. A local user with \nCAP_SYS_ADMIN could exploit these flaw to cause a denial of service (memory \ncorruption) or possibly other unspecified issues. (CVE-2013-6382)\n\nA flaw was discovered in the ipv4 ping_recvmsg function of the Linux \nkernel. A local user could exploit this flaw to cause a denial of service \n(NULL pointer dereference and system crash). (CVE-2013-6432)\n\nmpd reported an information leak in the recvfrom, recvmmsg, and recvmsg \nsystem calls in the Linux kernel. An unprivileged local user could exploit \nthis flaw to obtain sensitive information from kernel stack memory. \n(CVE-2013-7263)\n\nmpb reported an information leak in the Layer Two Tunneling Protocol (l2tp) \nof the Linux kernel. A local user could exploit this flaw to obtain \nsensitive information from kernel stack memory. (CVE-2013-7264)\n\nmpb reported an information leak in the Phone Network protocol (phonet) in \nthe Linux kernel. A local user could exploit this flaw to obtain sensitive \ninformation from kernel stack memory. (CVE-2013-7265)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with ISDN sockets in the Linux kernel. A local user \ncould exploit this leak to obtain potentially sensitive information from \nkernel memory. (CVE-2013-7266)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with apple talk sockets in the Linux kernel. A local \nuser could exploit this leak to obtain potentially sensitive information \nfrom kernel memory. (CVE-2013-7267)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with ipx protocol sockets in the Linux kernel. A \nlocal user could exploit this leak to obtain potentially sensitive \ninformation from kernel memory. (CVE-2013-7268)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with the netrom address family in the Linux kernel. A \nlocal user could exploit this leak to obtain potentially sensitive \ninformation from kernel memory. (CVE-2013-7269)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with packet address family sockets in the Linux \nkernel. A local user could exploit this leak to obtain potentially \nsensitive information from kernel memory. (CVE-2013-7270)\n\nAn information leak was discovered in the recvfrom, recvmmsg, and recvmsg \nsystemcalls when used with x25 protocol sockets in the Linux kernel. A \nlocal user could exploit this leak to obtain potentially sensitive \ninformation from kernel memory. (CVE-2013-7271)\n\nmpb reported an information leak in the Low-Rate Wireless Personal Area \nNetworks support (IEEE 802.15.4) in the Linux kernel. A local user could \nexploit this flaw to obtain sensitive information from kernel stack memory. \n(CVE-2013-7281)\n\nA flaw was discovered in the Reliable Datagram Sockets (RDS) protocol \nimplementation in the Linux kernel for systems that lack RDS transports. An \nunprivileged local user could exploit this flaw to cause a denial of \nservice (system crash). (CVE-2013-7339)\n\nhalfdog reported an error in the AMD K7 and K8 platform support in the \nLinux kernel. An unprivileged local user could exploit this flaw on AMD \nbased systems to cause a denial of service (task kill) or possibly gain \nprivileges via a crafted application. (CVE-2014-1438)\n\nAn information leak was discovered in the Linux kernel's hamradio YAM \ndriver for AX.25 packet radio. A local user with the CAP_NET_ADMIN \ncapability could exploit this flaw to obtain sensitive information from \nkernel memory. (CVE-2014-1446)", "edition": 5, "modified": "2014-02-18T00:00:00", "published": "2014-02-18T00:00:00", "id": "USN-2117-1", "href": "https://ubuntu.com/security/notices/USN-2117-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}
