DATABASE RESOURCES PRICING ABOUT US

{"id": "FEDORA_2016-A159C484E4.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 22 : kernel (2016-a159c484e4)", "description": "The 4.4.9 update contains an number of important fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2016-07-14T00:00:00", "modified": "2021-01-11T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/92133", "reporter": "This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4485", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4482", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4581", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4486", "https://bodhi.fedoraproject.org/updates/FEDORA-2016-a159c484e4"], "cvelist": ["CVE-2016-4482", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4581"], "immutableFields": [], "lastseen": "2023-05-18T14:25:21", "viewCount": 10, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2016-703"]}, {"type": "androidsecurity", "idList": ["ANDROID:2016-08-01"]}, {"type": "centos", "idList": ["CESA-2016:2574"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:6D0A7CF1EF35A1C96485B4FC10A51978", "CFOUNDRY:96E3A8B8A251E08132E367B0C5BCD522"]}, {"type": "cve", "idList": ["CVE-2016-4482", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4581"]}, {"type": "debian", "idList": ["DEBIAN:DLA-516-1:B66B7", "DEBIAN:DSA-3607-1:0BD6E", "DEBIAN:DSA-3607-1:29E1C"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-4482", "DEBIANCVE:CVE-2016-4485", "DEBIANCVE:CVE-2016-4486", "DEBIANCVE:CVE-2016-4581"]}, {"type": "exploitdb", "idList": ["EDB-ID:46006"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:5A579BB0C6565F601142E5641AED86AB"]}, {"type": "f5", "idList": ["F5:K85332020"]}, {"type": "fedora", "idList": ["FEDORA:0A72361F0A0B", "FEDORA:16FBC6173444", "FEDORA:3AFA661CD89C", "FEDORA:3BDA3607A1A6", "FEDORA:92F7160874F1"]}, {"type": "ibm", "idList": ["2ABC4CD376C07922A3144CF8116D979F4BDDE16EED9AADA11262FBF58C851DBF", "A0B51C5217767E75AB974BA93584FB1F969514BA8D7EE9EDD025C20F274C1D2F", "B7EDA2450D13E204B60C3A3E7379E6FCCD587CB32FEB5041ADDA6CB8E3C44FC3", "F092FBBD34304315E258962CA397F72D24D88CD673A181734FDCE39754098484"]}, {"type": "lenovo", "idList": ["LENOVO:PS500321-NOSID"]}, {"type": "nessus", "idList": ["ALA_ALAS-2016-703.NASL", "CENTOS_RHSA-2016-2574.NASL", "DEBIAN_DLA-516.NASL", "DEBIAN_DSA-3607.NASL", "EULEROS_SA-2019-1492.NASL", "EULEROS_SA-2019-1494.NASL", "EULEROS_SA-2019-1516.NASL", "EULEROS_SA-2019-1520.NASL", "EULEROS_SA-2019-1534.NASL", "EULEROS_SA-2019-2531.NASL", "EULEROS_SA-2021-2857.NASL", "FEDORA_2016-06F1572324.NASL", "FEDORA_2016-4CE97823AF.NASL", "FEDORA_2016-7D900003E6.NASL", "FEDORA_2016-EF973EFAB7.NASL", "OPENSUSE-2016-1015.NASL", "OPENSUSE-2016-1029.NASL", "OPENSUSE-2016-1076.NASL", "OPENSUSE-2016-753.NASL", "OPENSUSE-2016-862.NASL", "ORACLELINUX_ELSA-2016-2574.NASL", "ORACLELINUX_ELSA-2016-3596.NASL", "ORACLELINUX_ELSA-2017-3514.NASL", "ORACLELINUX_ELSA-2017-3515.NASL", "ORACLELINUX_ELSA-2017-3516.NASL", "ORACLELINUX_ELSA-2017-3534.NASL", "ORACLELINUX_ELSA-2017-3567.NASL", "ORACLEVM_OVMSA-2016-0100.NASL", "ORACLEVM_OVMSA-2017-0039.NASL", "ORACLEVM_OVMSA-2017-0040.NASL", "ORACLEVM_OVMSA-2017-0041.NASL", "ORACLEVM_OVMSA-2017-0057.NASL", "ORACLEVM_OVMSA-2017-0106.NASL", "REDHAT-RHSA-2016-2574.NASL", "REDHAT-RHSA-2016-2584.NASL", "SL_20161103_KERNEL_ON_SL7_X.NASL", "SUSE_SU-2016-1672-1.NASL", "SUSE_SU-2016-1690-1.NASL", "SUSE_SU-2016-1696-1.NASL", "SUSE_SU-2016-2074-1.NASL", "SUSE_SU-2016-2105-1.NASL", "SUSE_SU-2016-2245-1.NASL", "SUSE_SU-2017-0333-1.NASL", "UBUNTU_USN-2989-1.NASL", "UBUNTU_USN-2996-1.NASL", "UBUNTU_USN-2998-1.NASL", "UBUNTU_USN-3000-1.NASL", "UBUNTU_USN-3001-1.NASL", "UBUNTU_USN-3002-1.NASL", "UBUNTU_USN-3003-1.NASL", "UBUNTU_USN-3004-1.NASL", "UBUNTU_USN-3005-1.NASL", "UBUNTU_USN-3006-1.NASL", "UBUNTU_USN-3007-1.NASL", "UBUNTU_USN-3016-1.NASL", "UBUNTU_USN-3016-2.NASL", "UBUNTU_USN-3016-3.NASL", "UBUNTU_USN-3016-4.NASL", "UBUNTU_USN-3017-1.NASL", "UBUNTU_USN-3017-2.NASL", "UBUNTU_USN-3017-3.NASL", "UBUNTU_USN-3018-1.NASL", "UBUNTU_USN-3018-2.NASL", "UBUNTU_USN-3019-1.NASL", "UBUNTU_USN-3020-1.NASL", "UBUNTU_USN-3021-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310120692", "OPENVAS:1361412562310703607", "OPENVAS:1361412562310808012", "OPENVAS:1361412562310808319", "OPENVAS:1361412562310808336", "OPENVAS:1361412562310808353", "OPENVAS:1361412562310808414", "OPENVAS:1361412562310842779", "OPENVAS:1361412562310842786", "OPENVAS:1361412562310842787", "OPENVAS:1361412562310842788", "OPENVAS:1361412562310842790", "OPENVAS:1361412562310842791", "OPENVAS:1361412562310842792", "OPENVAS:1361412562310842793", "OPENVAS:1361412562310842794", "OPENVAS:1361412562310842795", "OPENVAS:1361412562310842796", "OPENVAS:1361412562310842797", "OPENVAS:1361412562310842805", "OPENVAS:1361412562310842806", "OPENVAS:1361412562310842807", "OPENVAS:1361412562310842808", "OPENVAS:1361412562310842809", "OPENVAS:1361412562310842810", "OPENVAS:1361412562310842811", "OPENVAS:1361412562310842812", "OPENVAS:1361412562310842813", "OPENVAS:1361412562310842814", "OPENVAS:1361412562310842815", "OPENVAS:1361412562310842816", "OPENVAS:1361412562310842817", "OPENVAS:1361412562310851349", "OPENVAS:1361412562310851358", "OPENVAS:1361412562310851386", "OPENVAS:1361412562310851388", "OPENVAS:1361412562310851390", "OPENVAS:1361412562310871708", "OPENVAS:1361412562311220191492", "OPENVAS:1361412562311220191494", "OPENVAS:1361412562311220191516", "OPENVAS:1361412562311220191520", "OPENVAS:1361412562311220191534", "OPENVAS:1361412562311220192531", "OPENVAS:703607"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-2574", "ELSA-2016-3596", "ELSA-2017-3514", "ELSA-2017-3515", "ELSA-2017-3516", "ELSA-2017-3534", "ELSA-2017-3567"]}, {"type": "osv", "idList": ["OSV:DLA-516-1", "OSV:DSA-3607-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:150840"]}, {"type": "photon", "idList": ["PHSA-2016-0007"]}, {"type": "redhat", "idList": ["RHSA-2016:2574", "RHSA-2016:2584"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-4485", "RH:CVE-2016-4486", "RH:CVE-2016-4581"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:1641-1", "OPENSUSE-SU-2016:2144-1", "OPENSUSE-SU-2016:2184-1", "OPENSUSE-SU-2016:2290-1", "OPENSUSE-SU-2016:2649-1", "SUSE-SU-2016:1672-1", "SUSE-SU-2016:1690-1", "SUSE-SU-2016:1696-1", "SUSE-SU-2016:1937-1", "SUSE-SU-2016:1985-1", "SUSE-SU-2016:2074-1", "SUSE-SU-2016:2105-1", "SUSE-SU-2016:2245-1", "SUSE-SU-2017:0333-1"]}, {"type": "ubuntu", "idList": ["USN-2989-1", "USN-2996-1", "USN-2997-1", "USN-2998-1", "USN-3000-1", "USN-3001-1", "USN-3002-1", "USN-3003-1", "USN-3004-1", "USN-3005-1", "USN-3006-1", "USN-3007-1", "USN-3016-1", "USN-3016-2", "USN-3016-3", "USN-3016-4", "USN-3017-1", "USN-3017-2", "USN-3017-3", "USN-3018-1", "USN-3018-2", "USN-3019-1", "USN-3020-1", "USN-3021-1", "USN-3021-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-4482", "UB:CVE-2016-4485", "UB:CVE-2016-4486", "UB:CVE-2016-4581"]}, {"type": "zdt", "idList": ["1337DAY-ID-31822"]}]}, "score": {"value": 0.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2016-703"]}, {"type": "androidsecurity", "idList": ["ANDROID:2016-08-01"]}, {"type": "centos", "idList": ["CESA-2016:2574"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:6D0A7CF1EF35A1C96485B4FC10A51978"]}, {"type": "cve", "idList": ["CVE-2016-4482", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4581"]}, {"type": "debian", "idList": ["DEBIAN:DLA-516-1:B66B7"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-4482", "DEBIANCVE:CVE-2016-4485", "DEBIANCVE:CVE-2016-4486", "DEBIANCVE:CVE-2016-4581"]}, {"type": "exploitdb", "idList": ["EDB-ID:46006"]}, {"type": "fedora", "idList": ["FEDORA:0A72361F0A0B"]}, {"type": "ibm", "idList": ["2ABC4CD376C07922A3144CF8116D979F4BDDE16EED9AADA11262FBF58C851DBF"]}, {"type": "nessus", "idList": ["FEDORA_2016-06F1572324.NASL", "FEDORA_2016-4CE97823AF.NASL", "FEDORA_2016-7D900003E6.NASL", "FEDORA_2016-EF973EFAB7.NASL", "LINUX_ALT_PATCH_DETECT.NASL", "ORACLEVM_OVMSA-2017-0040.NASL", "UBUNTU_USN-3016-1.NASL", "UBUNTU_USN-3017-1.NASL", "UBUNTU_USN-3018-1.NASL", "UBUNTU_USN-3021-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310703607", "OPENVAS:1361412562310842791", "OPENVAS:1361412562310842795"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-3514"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:150840"]}, {"type": "photon", "idList": ["PHSA-2016-0007"]}, {"type": "redhat", "idList": ["RHSA-2016:2584"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-4581"]}, {"type": "suse", "idList": ["SUSE-SU-2016:2074-1"]}, {"type": "ubuntu", "idList": ["USN-3017-3"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-4482"]}, {"type": "zdt", "idList": ["1337DAY-ID-31822"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2016-4482", "epss": 0.00094, "percentile": 0.38654, "modified": "2023-05-03"}, {"cve": "CVE-2016-4485", "epss": 0.00514, "percentile": 0.7322, "modified": "2023-05-02"}, {"cve": "CVE-2016-4486", "epss": 0.00044, "percentile": 0.085, "modified": "2023-05-02"}, {"cve": "CVE-2016-4581", "epss": 0.00044, "percentile": 0.08281, "modified": "2023-05-02"}], "vulnersScore": 0.0}, "_state": {"dependencies": 1684429129, "score": 1684420145, "epss": 0}, "_internal": {"score_hash": "50e2ef3c4926eefdf950c71f98bfcdc4"}, "pluginID": "92133", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-a159c484e4.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92133);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-4482\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4581\");\n script_xref(name:\"FEDORA\", value:\"2016-a159c484e4\");\n\n script_name(english:\"Fedora 22 : kernel (2016-a159c484e4)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.4.9 update contains an number of important fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-a159c484e4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-4482\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4581\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2016-a159c484e4\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"kernel-4.4.9-200.fc22\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:22"], "solution": "Update the affected kernel package.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vendor_cvss2": {"score": 5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "vendor_cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "vpr": {"risk factor": "Medium", "score": "4.4"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2016-05-16T00:00:00", "vulnerabilityPublicationDate": "2016-05-23T00:00:00", "exploitableWith": []}

{"fedora": [{"lastseen": "2020-12-21T08:17:53", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-05-16T14:56:10", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: kernel-4.4.9-200.fc22", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4482", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4581"], "modified": "2016-05-16T14:56:10", "id": "FEDORA:16FBC6173444", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/EXUBEDCHC3X4UZZSJYZWASEA6EDDRWGA/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-05-14T23:33:19", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: kernel-4.5.4-300.fc24", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4557", "CVE-2016-4558", "CVE-2016-4569", "CVE-2016-4581"], "modified": "2016-05-14T23:33:19", "id": "FEDORA:3BDA3607A1A6", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HPCQ5RJB72AYCRLNP3WS5GEP5BU3HS3C/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.2, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-05-12T07:33:17", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: kernel-4.4.9-300.fc23", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4482"], "modified": "2016-05-12T07:33:17", "id": "FEDORA:3AFA661CD89C", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MADUBXU373P66TKT4AFO6S7CI643337E/", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.2, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-05-08T10:31:39", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: kernel-4.5.3-300.fc24", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4482"], "modified": "2016-05-08T10:31:39", "id": "FEDORA:92F7160874F1", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/O4HIRAPO7PVVPXSIA4BXKOETXSFNQBK5/", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-06-02T15:04:03", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: kernel-4.5.5-201.fc23", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0758", "CVE-2016-3713", "CVE-2016-4440", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4557", "CVE-2016-4558", "CVE-2016-4569", "CVE-2016-4581", "CVE-2016-4913"], "modified": "2016-06-02T15:04:03", "id": "FEDORA:0A72361F0A0B", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LO4QW3EVM74ZTHMT4PLBBCB2IU6322L2/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:35:34", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-08T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2016-a159c484e4", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4581", "CVE-2016-4486", "CVE-2016-4485", "CVE-2016-4482"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310808319", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808319", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2016-a159c484e4\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808319\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-08 15:39:56 +0200 (Wed, 08 Jun 2016)\");\n script_cve_id(\"CVE-2016-4581\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4482\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2016-a159c484e4\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-a159c484e4\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXUBEDCHC3X4UZZSJYZWASEA6EDDRWGA\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.4.9~200.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:35:05", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-08T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2016-ef973efab7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4581", "CVE-2016-4557", "CVE-2016-4486", "CVE-2016-4569", "CVE-2016-4558", "CVE-2016-4485"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310808414", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808414", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2016-ef973efab7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808414\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-08 15:40:38 +0200 (Wed, 08 Jun 2016)\");\n script_cve_id(\"CVE-2016-4569\", \"CVE-2016-4558\", \"CVE-2016-4557\", \"CVE-2016-4581\", \"CVE-2016-4485\", \"CVE-2016-4486\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2016-ef973efab7\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-ef973efab7\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPCQ5RJB72AYCRLNP3WS5GEP5BU3HS3C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.5.4~300.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-17T22:55:38", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2016-10-26T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2016-703)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3961", "CVE-2016-4581", "CVE-2016-4557", "CVE-2015-8839", "CVE-2016-4486", "CVE-2016-0758", "CVE-2016-4558", "CVE-2016-4485", "CVE-2016-4565"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120692", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120692", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120692\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2016-10-26 15:38:09 +0300 (Wed, 26 Oct 2016)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2016-703)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in the Linux kernel. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update kernel to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2016-703.html\");\n script_cve_id(\"CVE-2016-4557\", \"CVE-2016-3961\", \"CVE-2016-4581\", \"CVE-2016-4486\", \"CVE-2016-4485\", \"CVE-2016-4558\", \"CVE-2016-4565\", \"CVE-2016-0758\", \"CVE-2015-8839\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~4.4.10~22.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~4.4.10~22.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-debuginfo\", rpm:\"kernel-tools-debuginfo~4.4.10~22.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~4.4.10~22.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.4.10~22.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-i686\", rpm:\"kernel-debuginfo-common-i686~4.4.10~22.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.4.10~22.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~4.4.10~22.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-devel\", rpm:\"kernel-tools-devel~4.4.10~22.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~4.4.10~22.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~4.4.10~22.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~4.4.10~22.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:28", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-05-09T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2016-4", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4482"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310808012", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808012", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2016-4\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808012\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-09 05:18:01 +0200 (Mon, 09 May 2016)\");\n script_cve_id(\"CVE-2016-4482\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2016-4\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-4\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-May/184414.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.5.3~300.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:34:56", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-08T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2016-7d900003e6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4482"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310808353", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808353", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2016-7d900003e6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808353\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-08 15:44:56 +0200 (Wed, 08 Jun 2016)\");\n script_cve_id(\"CVE-2016-4482\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2016-7d900003e6\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-7d900003e6\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MADUBXU373P66TKT4AFO6S7CI643337E\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.4.9~300.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:35:30", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-xenial USN-3005-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3961", "CVE-2016-4581", "CVE-2015-8839", "CVE-2016-4486", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-4558", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-4565"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842794", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842794", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-xenial USN-3005-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842794\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-11 05:27:17 +0200 (Sat, 11 Jun 2016)\");\n script_cve_id(\"CVE-2016-2117\", \"CVE-2016-1583\", \"CVE-2015-8839\", \"CVE-2016-2187\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4558\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-xenial USN-3005-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-xenial'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux\nkernel incorrectly enables scatter/gather I/O. A remote attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap()\nhandler of a lower filesystem that did not implement one, causing a\nrecursive page fault to occur. A local unprivileged attacker could use to\ncause a denial of service (system crash) or possibly execute arbitrary code\nwith administrative privileges. (CVE-2016-1583)\n\nMultiple race conditions where discovered in the Linux kernel's ext4 file\nsystem. A local user could exploit this flaw to cause a denial of service\n(disk corruption) by writing to a page that is associated with a different\nusers file after unsynchronized hole punching and page-fault handling.\n(CVE-2015-8839)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An attacker\nwith physical access could use this to cause a denial of service (system\ncrash). (CVE-2016-2187)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress\nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest\nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2\nSupport implementations in the Linux kernel. A local attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket\ninterface (rtnetlink) implementation in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4486)\n\nJann Horn discovered that the extended Berkeley Packet Filter (eBPF)\nimplementation in the Linux kernel could overflow reference counters on\nsystems with more than 32GB of physical ram and with RLIMIT_MEMLOCK set to\ninfinite. A local unprivileged attacker could use to create a use-after-\nfree situation, causing a denial of service (system crash) or possibly gain\nadministrative privileges. (CVE-2016-4558)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel\ncould be coerced into overwriting kernel memory. A local unprivileged\nattacker could use this to possibly gain administrative privileges on\nsystems where InifiniBand related kernel modules are loaded.\n(CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle\npropagated mounts correctly. A local unprivileged attacker could use this\nto cause a denial of service (system crash). (CVE-2016-4581)\");\n script_tag(name:\"affected\", value:\"linux-lts-xenial on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3005-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3005-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-24-generic\", ver:\"4.4.0-24.43~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-24-generic-lpae\", ver:\"4.4.0-24.43~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-24-lowlatency\", ver:\"4.4.0-24.43~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-24-powerpc-e500mc\", ver:\"4.4.0-24.43~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-24-powerpc-smp\", ver:\"4.4.0-24.43~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-24-powerpc64-emb\", ver:\"4.4.0-24.43~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-24-powerpc64-smp\", ver:\"4.4.0-24.43~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:36", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-02T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-2989-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2069", "CVE-2016-4581", "CVE-2016-4486", "CVE-2015-4004", "CVE-2016-2187", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-3672"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842779", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842779", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-2989-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842779\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-02 05:21:18 +0200 (Thu, 02 Jun 2016)\");\n script_cve_id(\"CVE-2016-2117\", \"CVE-2015-4004\", \"CVE-2016-2069\", \"CVE-2016-2187\",\n \t\t\"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-4485\",\n\t\t\"CVE-2016-4486\", \"CVE-2016-4581\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-2989-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Justin Yackoski discovered that the Atheros\n L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O.\n A remote attacker could use this to obtain potentially sensitive information from\n kernel memory. (CVE-2016-2117)\n\n Jason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB\n over wifi device drivers in the Linux kernel. A remote attacker could use\n this to cause a denial of service (system crash) or obtain potentially\n sensitive information from kernel memory. (CVE-2015-4004)\n\n Andy Lutomirski discovered a race condition in the Linux kernel's\n translation lookaside buffer (TLB) handling of flush events. A local\n attacker could use this to cause a denial of service or possibly leak\n sensitive information. (CVE-2016-2069)\n\n Ralf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\n device driver did not properly validate endpoint descriptors. An attacker\n with physical access could use this to cause a denial of service (system\n crash). (CVE-2016-2187)\n\n Hector Marco and Ismael Ripoll discovered that the Linux kernel would\n improperly disable Address Space Layout Randomization (ASLR) for x86\n processes running in 32 bit mode if stack-consumption resource limits were\n disabled. A local attacker could use this to make it easier to exploit an\n existing vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\n Andrey Konovalov discovered that the CDC Network Control Model USB driver\n in the Linux kernel did not cancel work events queued if a later error\n occurred, resulting in a use-after-free. An attacker with physical access\n could use this to cause a denial of service (system crash). (CVE-2016-3951)\n\n It was discovered that an out-of-bounds write could occur when handling\n incoming packets in the USB/IP implementation in the Linux kernel. A remote\n attacker could use this to cause a denial of service (system crash) or\n possibly execute arbitrary code. (CVE-2016-3955)\n\n Kangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2\n Support implementations in the Linux kernel. A local attacker could use\n this to obtain potentially sensitive information from kernel memory.\n (CVE-2016-4485)\n\n Kangjie Lu discovered an information leak in the routing netlink socket\n interface (rtnetlink) implementation in the Linux kernel. A local attacker\n could use this to obtain potentially sensitive information from kernel\n memory. (CVE-2016-4486)\n\n It was discovered that in some situations the Linux kernel did not handle\n propagated mounts correctly. A local unprivileged attacker could use this\n to cause a denial of service (system crash). (CVE-2016-4581)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2989-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2989-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-87-generic\", ver:\"3.13.0-87.133\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-87-generic-lpae\", ver:\"3.13.0-87.133\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-87-lowlatency\", ver:\"3.13.0-87.133\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-87-powerpc-e500\", ver:\"3.13.0-87.133\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-87-powerpc-e500mc\", ver:\"3.13.0-87.133\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-87-powerpc-smp\", ver:\"3.13.0-87.133\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-87-powerpc64-emb\", ver:\"3.13.0-87.133\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-87-powerpc64-smp\", ver:\"3.13.0-87.133\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:43", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-3006-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3961", "CVE-2016-4581", "CVE-2015-8839", "CVE-2016-4486", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-4558", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-4565"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842790", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842790", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-3006-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842790\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-11 05:26:12 +0200 (Sat, 11 Jun 2016)\");\n script_cve_id(\"CVE-2016-2117\", \"CVE-2016-1583\", \"CVE-2015-8839\", \"CVE-2016-2187\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4558\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3006-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux\nkernel incorrectly enables scatter/gather I/O. A remote attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap()\nhandler of a lower filesystem that did not implement one, causing a\nrecursive page fault to occur. A local unprivileged attacker could use to\ncause a denial of service (system crash) or possibly execute arbitrary code\nwith administrative privileges. (CVE-2016-1583)\n\nMultiple race conditions where discovered in the Linux kernel's ext4 file\nsystem. A local user could exploit this flaw to cause a denial of service\n(disk corruption) by writing to a page that is associated with a different\nusers file after unsynchronized hole punching and page-fault handling.\n(CVE-2015-8839)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An attacker\nwith physical access could use this to cause a denial of service (system\ncrash). (CVE-2016-2187)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress\nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest\nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2\nSupport implementations in the Linux kernel. A local attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket\ninterface (rtnetlink) implementation in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4486)\n\nJann Horn discovered that the extended Berkeley Packet Filter (eBPF)\nimplementation in the Linux kernel could overflow reference counters on\nsystems with more than 32GB of physical ram and with RLIMIT_MEMLOCK set to\ninfinite. A local unprivileged attacker could use to create a use-after-\nfree situation, causing a denial of service (system crash) or possibly gain\nadministrative privileges. (CVE-2016-4558)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel\ncould be coerced into overwriting kernel memory. A local unprivileged\nattacker could use this to possibly gain administrative privileges on\nsystems where InifiniBand related kernel modules are loaded.\n(CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle\npropagated mounts correctly. A local unprivileged attacker could use this\nto cause a denial of service (system crash). (CVE-2016-4581)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3006-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3006-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-24-generic\", ver:\"4.4.0-24.43\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-24-generic-lpae\", ver:\"4.4.0-24.43\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-24-lowlatency\", ver:\"4.4.0-24.43\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-24-powerpc-e500mc\", ver:\"4.4.0-24.43\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-24-powerpc-smp\", ver:\"4.4.0-24.43\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-24-powerpc64-emb\", ver:\"4.4.0-24.43\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-24-powerpc64-smp\", ver:\"4.4.0-24.43\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-08T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2016-06f1572324", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4913", "CVE-2016-4581", "CVE-2016-4557", "CVE-2016-4486", "CVE-2016-0758", "CVE-2016-4569", "CVE-2016-4558", "CVE-2016-4485", "CVE-2016-4440", "CVE-2016-3713"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310808336", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808336", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2016-06f1572324\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808336\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-08 15:47:54 +0200 (Wed, 08 Jun 2016)\");\n script_cve_id(\"CVE-2016-0758\", \"CVE-2016-3713\", \"CVE-2016-4913\", \"CVE-2016-4440\", \"CVE-2016-4569\", \"CVE-2016-4558\", \"CVE-2016-4557\", \"CVE-2016-4581\", \"CVE-2016-4485\", \"CVE-2016-4486\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2016-06f1572324\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-06f1572324\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LO4QW3EVM74ZTHMT4PLBBCB2IU6322L2\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.5.5~201.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:40", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-raspi2 USN-3007-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3961", "CVE-2016-4581", "CVE-2015-8839", "CVE-2016-4486", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-4558", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-4565"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842786", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842786", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-raspi2 USN-3007-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842786\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-11 05:25:29 +0200 (Sat, 11 Jun 2016)\");\n script_cve_id(\"CVE-2016-2117\", \"CVE-2016-1583\", \"CVE-2015-8839\", \"CVE-2016-2187\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4558\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-raspi2 USN-3007-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-raspi2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux\nkernel incorrectly enables scatter/gather I/O. A remote attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap()\nhandler of a lower filesystem that did not implement one, causing a\nrecursive page fault to occur. A local unprivileged attacker could use to\ncause a denial of service (system crash) or possibly execute arbitrary code\nwith administrative privileges. (CVE-2016-1583)\n\nMultiple race conditions where discovered in the Linux kernel's ext4 file\nsystem. A local user could exploit this flaw to cause a denial of service\n(disk corruption) by writing to a page that is associated with a different\nusers file after unsynchronized hole punching and page-fault handling.\n(CVE-2015-8839)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An attacker\nwith physical access could use this to cause a denial of service (system\ncrash). (CVE-2016-2187)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress\nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest\nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2\nSupport implementations in the Linux kernel. A local attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket\ninterface (rtnetlink) implementation in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4486)\n\nJann Horn discovered that the extended Berkeley Packet Filter (eBPF)\nimplementation in the Linux kernel could overflow reference counters on\nsystems with more than 32GB of physical ram and with RLIMIT_MEMLOCK set to\ninfinite. A local unprivileged attacker could use to create a use-after-\nfree situation, causing a denial of service (system crash) or possibly gain\nadministrative privileges. (CVE-2016-4558)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel\ncould be coerced into overwriting kernel memory. A local unprivileged\nattacker could use this to possibly gain administrative privileges on\nsystems where InifiniBand related kernel modules are loaded.\n(CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle\npropagated mounts correctly. A local unprivileged attacker could use this\nto cause a denial of service (system crash). (CVE-2016-4581)\");\n script_tag(name:\"affected\", value:\"linux-raspi2 on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3007-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3007-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1012-raspi2\", ver:\"4.4.0-1012.16\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:20", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-trusty USN-2998-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2069", "CVE-2016-4581", "CVE-2016-4486", "CVE-2015-4004", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-3672"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842797", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842797", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-trusty USN-2998-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842797\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-11 05:28:01 +0200 (Sat, 11 Jun 2016)\");\n script_cve_id(\"CVE-2016-2117\", \"CVE-2016-1583\", \"CVE-2015-4004\", \"CVE-2016-2069\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4581\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-trusty USN-2998-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-trusty'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux\nkernel incorrectly enables scatter/gather I/O. A remote attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap()\nhandler of a lower filesystem that did not implement one, causing a\nrecursive page fault to occur. A local unprivileged attacker could use to\ncause a denial of service (system crash) or possibly execute arbitrary code\nwith administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB\nover wifi device drivers in the Linux kernel. A remote attacker could use\nthis to cause a denial of service (system crash) or obtain potentially\nsensitive information from kernel memory. (CVE-2015-4004)\n\nAndy Lutomirski discovered a race condition in the Linux kernel's\ntranslation lookaside buffer (TLB) handling of flush events. A local\nattacker could use this to cause a denial of service or possibly leak\nsensitive information. (CVE-2016-2069)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An attacker\nwith physical access could use this to cause a denial of service (system\ncrash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits were\ndisabled. A local attacker could use this to make it easier to exploit an\nexisting vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver\nin the Linux kernel did not cancel work events queued if a later error\noccurred, resulting in a use-after-free. An attacker with physical access\ncould use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling\nincoming packets in the USB/IP implementation in the Linux kernel. A remote\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2016-3955)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2\nSupport implementations in the Linux kernel. A local attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket\ninterface (rtnetlink) implementation in the Linux kerne ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"linux-lts-trusty on Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2998-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2998-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-88-generic\", ver:\"3.13.0-88.135~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-88-generic-lpae\", ver:\"3.13.0-88.135~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-wily USN-3002-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3961", "CVE-2016-4581", "CVE-2016-4486", "CVE-2015-4004", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-4565", "CVE-2016-3672"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842788", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842788", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-wily USN-3002-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842788\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-11 05:25:57 +0200 (Sat, 11 Jun 2016)\");\n script_cve_id(\"CVE-2016-2117\", \"CVE-2016-1583\", \"CVE-2015-4004\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-wily USN-3002-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-wily'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux\nkernel incorrectly enables scatter/gather I/O. A remote attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap()\nhandler of a lower filesystem that did not implement one, causing a\nrecursive page fault to occur. A local unprivileged attacker could use to\ncause a denial of service (system crash) or possibly execute arbitrary code\nwith administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB\nover wifi device drivers in the Linux kernel. A remote attacker could use\nthis to cause a denial of service (system crash) or obtain potentially\nsensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An attacker\nwith physical access could use this to cause a denial of service (system\ncrash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits were\ndisabled. A local attacker could use this to make it easier to exploit an\nexisting vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver\nin the Linux kernel did not cancel work events queued if a later error\noccurred, resulting in a use-after-free. An attacker with physical access\ncould use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling\nincoming packets in the USB/IP implementation in the Linux kernel. A remote\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress\nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest\nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2\nSupport implementations in the Linux kernel. A local attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket\ninterface (rtnetlink) implementation in the Linux kernel. A local attacker\ncou ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"linux-lts-wily on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3002-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3002-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-38-generic\", ver:\"4.2.0-38.45~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-38-generic-lpae\", ver:\"4.2.0-38.45~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-38-lowlatency\", ver:\"4.2.0-38.45~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-38-powerpc-e500mc\", ver:\"4.2.0-38.45~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-38-powerpc-smp\", ver:\"4.2.0-38.45~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-38-powerpc64-emb\", ver:\"4.2.0-38.45~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-38-powerpc64-smp\", ver:\"4.2.0-38.45~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:16", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-raspi2 USN-3004-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3961", "CVE-2016-4581", "CVE-2016-4486", "CVE-2015-4004", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-4565", "CVE-2016-3672"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842787", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842787", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-raspi2 USN-3004-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842787\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-11 05:25:42 +0200 (Sat, 11 Jun 2016)\");\n script_cve_id(\"CVE-2016-2117\", \"CVE-2016-1583\", \"CVE-2015-4004\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-raspi2 USN-3004-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-raspi2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux\nkernel incorrectly enables scatter/gather I/O. A remote attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap()\nhandler of a lower filesystem that did not implement one, causing a\nrecursive page fault to occur. A local unprivileged attacker could use to\ncause a denial of service (system crash) or possibly execute arbitrary code\nwith administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB\nover wifi device drivers in the Linux kernel. A remote attacker could use\nthis to cause a denial of service (system crash) or obtain potentially\nsensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An attacker\nwith physical access could use this to cause a denial of service (system\ncrash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits were\ndisabled. A local attacker could use this to make it easier to exploit an\nexisting vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver\nin the Linux kernel did not cancel work events queued if a later error\noccurred, resulting in a use-after-free. An attacker with physical access\ncould use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling\nincoming packets in the USB/IP implementation in the Linux kernel. A remote\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress\nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest\nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2\nSupport implementations in the Linux kernel. A local attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket\ninterface (rtnetlink) implementation in the Linux kernel. A local attacker\ncould use ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"linux-raspi2 on Ubuntu 15.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3004-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3004-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU15\\.10\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-1031-raspi2\", ver:\"4.2.0-1031.41\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-3003-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3961", "CVE-2016-4581", "CVE-2016-4486", "CVE-2015-4004", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-4565", "CVE-2016-3672"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842791", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842791", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-3003-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842791\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-11 05:26:24 +0200 (Sat, 11 Jun 2016)\");\n script_cve_id(\"CVE-2016-2117\", \"CVE-2016-1583\", \"CVE-2015-4004\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3003-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux\nkernel incorrectly enables scatter/gather I/O. A remote attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap()\nhandler of a lower filesystem that did not implement one, causing a\nrecursive page fault to occur. A local unprivileged attacker could use to\ncause a denial of service (system crash) or possibly execute arbitrary code\nwith administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB\nover wifi device drivers in the Linux kernel. A remote attacker could use\nthis to cause a denial of service (system crash) or obtain potentially\nsensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An attacker\nwith physical access could use this to cause a denial of service (system\ncrash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits were\ndisabled. A local attacker could use this to make it easier to exploit an\nexisting vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver\nin the Linux kernel did not cancel work events queued if a later error\noccurred, resulting in a use-after-free. An attacker with physical access\ncould use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling\nincoming packets in the USB/IP implementation in the Linux kernel. A remote\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress\nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest\nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2\nSupport implementations in the Linux kernel. A local attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket\ninterface (rtnetlink) implementation in the Linux kernel. A local attacker\ncould use this t ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 15.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3003-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3003-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU15\\.10\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-38-generic\", ver:\"4.2.0-38.45\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-38-generic-lpae\", ver:\"4.2.0-38.45\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-38-lowlatency\", ver:\"4.2.0-38.45\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-38-powerpc-e500mc\", ver:\"4.2.0-38.45\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-38-powerpc-smp\", ver:\"4.2.0-38.45\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-38-powerpc64-emb\", ver:\"4.2.0-38.45\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-38-powerpc64-smp\", ver:\"4.2.0-38.45\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:49", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-vivid USN-3001-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3961", "CVE-2016-4581", "CVE-2016-4486", "CVE-2015-4004", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-4565", "CVE-2016-3672"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842796", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842796", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-vivid USN-3001-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842796\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-11 05:27:47 +0200 (Sat, 11 Jun 2016)\");\n script_cve_id(\"CVE-2016-2117\", \"CVE-2016-1583\", \"CVE-2015-4004\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-vivid USN-3001-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-vivid'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux\nkernel incorrectly enables scatter/gather I/O. A remote attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap()\nhandler of a lower filesystem that did not implement one, causing a\nrecursive page fault to occur. A local unprivileged attacker could use to\ncause a denial of service (system crash) or possibly execute arbitrary code\nwith administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB\nover wifi device drivers in the Linux kernel. A remote attacker could use\nthis to cause a denial of service (system crash) or obtain potentially\nsensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An attacker\nwith physical access could use this to cause a denial of service (system\ncrash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits were\ndisabled. A local attacker could use this to make it easier to exploit an\nexisting vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver\nin the Linux kernel did not cancel work events queued if a later error\noccurred, resulting in a use-after-free. An attacker with physical access\ncould use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling\nincoming packets in the USB/IP implementation in the Linux kernel. A remote\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress\nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest\nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2\nSupport implementations in the Linux kernel. A local attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket\ninterface (rtnetlink) implementation in the Linux kernel. A local attacker\nco ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"linux-lts-vivid on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3001-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3001-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-61-generic\", ver:\"3.19.0-61.69~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-61-generic-lpae\", ver:\"3.19.0-61.69~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-61-lowlatency\", ver:\"3.19.0-61.69~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-61-powerpc-e500mc\", ver:\"3.19.0-61.69~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-61-powerpc-smp\", ver:\"3.19.0-61.69~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-61-powerpc64-emb\", ver:\"3.19.0-61.69~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-61-powerpc64-smp\", ver:\"3.19.0-61.69~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:35:48", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-22T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2016:1641-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5244", "CVE-2016-4581", "CVE-2016-2053", "CVE-2016-4557", "CVE-2016-4951", "CVE-2016-4486", "CVE-2016-1583", "CVE-2016-0758", "CVE-2016-4569", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-4482", "CVE-2016-4578", "CVE-2016-4805", "CVE-2013-7446", "CVE-2016-4565", "CVE-2016-4580", "CVE-2016-3672", "CVE-2016-3134"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851349", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851349", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851349\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-06-22 05:29:14 +0200 (Wed, 22 Jun 2016)\");\n script_cve_id(\"CVE-2013-7446\", \"CVE-2016-0758\", \"CVE-2016-1583\", \"CVE-2016-2053\",\n \"CVE-2016-3134\", \"CVE-2016-3672\", \"CVE-2016-3955\", \"CVE-2016-4482\",\n \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4557\", \"CVE-2016-4565\",\n \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4580\", \"CVE-2016-4581\",\n \"CVE-2016-4805\", \"CVE-2016-4951\", \"CVE-2016-5244\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2016:1641-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The openSUSE Leap 42.1 kernel was updated to 4.1.26 to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2016-1583: Prevent the usage of mmap when the lower file system does\n not allow it. This could have lead to local privilege escalation when\n ecryptfs-utils was installed and /sbin/mount.ecryptfs_private was setuid\n (bsc#983143).\n\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel\n incorrectly relies on the write system call, which allows local users to\n cause a denial of service (kernel memory write operation) or possibly\n have unspecified other impact via a uAPI interface. (bsc#979548)\n\n - CVE-2016-4805: Use-after-free vulnerability in\n drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to\n cause a denial of service (memory corruption and system crash,\n or spinlock) or possibly have unspecified other impact by removing a\n network namespace, related to the ppp_register_net_channel and\n ppp_unregister_channel functions. (bsc#980371).\n\n - CVE-2016-4951: The tipc_nl_publ_dump function in net/tipc/socket.c in\n the Linux kernel did not verify socket existence, which allowed local\n users to cause a denial of service (NULL pointer dereference and system\n crash) or possibly have unspecified other impact via a dumpit\n operation. (bsc#981058).\n\n - CVE-2016-5244: An information leak vulnerability in function\n rds_inc_info_copy of file net/rds/recv.c was fixed that might have\n leaked kernel stack data. (bsc#983213).\n\n - CVE-2016-4580: The x25_negotiate_facilities function in\n net/x25/x25_facilities.c in the Linux kernel did not properly initialize\n a certain data structure, which allowed attackers to\n obtain sensitive information from kernel stack memory via an X.25 Call\n Request. (bsc#981267).\n\n - CVE-2016-0758: Tags with indefinite length could have corrupted pointers\n in asn1_find_indefinite_length (bsc#979867).\n\n - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in\n the Linux kernel allowed attackers to cause a denial of service (panic)\n via an ASN.1 BER file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bnc#963762).\n\n - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the\n Linux kernel allowed local users to bypass intended AF_UNIX socket\n permissions or cause a denial of service (panic) via crafted epoll_ctl\n calls (bnc#955654).\n\n - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not\n validate certain offset fields, which allowed local users to ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"kernel on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1641-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base-debuginfo\", rpm:\"kernel-ec2-base-debuginfo~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debuginfo\", rpm:\"kernel-ec2-debuginfo~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debugsource\", rpm:\"kernel-ec2-debugsource~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv\", rpm:\"kernel-pv~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-base\", rpm:\"kernel-pv-base~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-base-debuginfo\", rpm:\"kernel-pv-base-debuginfo~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-debuginfo\", rpm:\"kernel-pv-debuginfo~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-debugsource\", rpm:\"kernel-pv-debugsource~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-devel\", rpm:\"kernel-pv-devel~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base-debuginfo\", rpm:\"kernel-xen-base-debuginfo~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build\", rpm:\"kernel-obs-build~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build-debugsource\", rpm:\"kernel-obs-build-debugsource~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa\", rpm:\"kernel-obs-qa~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa-xen\", rpm:\"kernel-obs-qa-xen~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~4.1.26~21.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-html\", rpm:\"kernel-docs-html~4.1.26~21.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-pdf\", rpm:\"kernel-docs-pdf~4.1.26~21.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base-debuginfo\", rpm:\"kernel-pae-base-debuginfo~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debuginfo\", rpm:\"kernel-pae-debuginfo~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debugsource\", rpm:\"kernel-pae-debugsource~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:27", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-utopic USN-3000-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4581", "CVE-2016-3689", "CVE-2016-4486", "CVE-2015-4004", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-3137", "CVE-2016-4485", "CVE-2016-3136", "CVE-2016-3140", "CVE-2016-2117", "CVE-2016-3672"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842793", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842793", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-utopic USN-3000-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842793\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-11 05:27:00 +0200 (Sat, 11 Jun 2016)\");\n script_cve_id(\"CVE-2016-2117\", \"CVE-2016-1583\", \"CVE-2015-4004\", \"CVE-2016-2187\", \"CVE-2016-3136\", \"CVE-2016-3137\", \"CVE-2016-3140\", \"CVE-2016-3672\", \"CVE-2016-3689\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4581\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-utopic USN-3000-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-utopic'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux\nkernel incorrectly enables scatter/gather I/O. A remote attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap()\nhandler of a lower filesystem that did not implement one, causing a\nrecursive page fault to occur. A local unprivileged attacker could use to\ncause a denial of service (system crash) or possibly execute arbitrary code\nwith administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB\nover wifi device drivers in the Linux kernel. A remote attacker could use\nthis to cause a denial of service (system crash) or obtain potentially\nsensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An attacker\nwith physical access could use this to cause a denial of service (system\ncrash). (CVE-2016-2187)\n\nSergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the\nMCT USB RS232 Converter device driver in the Linux kernel did not properly\nvalidate USB device descriptors. An attacker with physical access could use\nthis to cause a denial of service (system crash). (CVE-2016-3136)\n\nSergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the\nCypress M8 USB device driver in the Linux kernel did not properly validate\nUSB device descriptors. An attacker with physical access could use this to\ncause a denial of service (system crash). (CVE-2016-3137)\n\nSergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the\nLinux kernel's USB driver for Digi AccelePort serial converters did not\nproperly validate USB device descriptors. An attacker with physical access\ncould use this to cause a denial of service (system crash). (CVE-2016-3140)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits were\ndisabled. A local attacker could use this to make it easier to exploit an\nexisting vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\nIt was discovered that the Linux kernel's USB driver for IMS Passenger\nControl Unit devices did not properly validate the device's interfaces. An\nattacker with physical access could use this to cause a denial of service\n(system crash). (CVE-2016-3689)\n\nAndrey Konovalov discovered that the CD ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"linux-lts-utopic on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3000-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3000-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-73-generic\", ver:\"3.16.0-73.95~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-73-generic-lpae\", ver:\"3.16.0-73.95~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-73-lowlatency\", ver:\"3.16.0-73.95~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-73-powerpc-e500mc\", ver:\"3.16.0-73.95~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-73-powerpc-smp\", ver:\"3.16.0-73.95~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-73-powerpc64-emb\", ver:\"3.16.0-73.95~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-73-powerpc64-smp\", ver:\"3.16.0-73.95~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:55:05", "description": "Several vulnerabilities have been\ndiscovered in the Linux kernel that may lead to a privilege escalation, denial of\nservice or information leaks.\n\nCVE-2015-7515,\nCVE-2016-2184,\nCVE-2016-2185,\nCVE-2016-2186,\nCVE-2016-2187,\nCVE-2016-3136,\nCVE-2016-3137,\nCVE-2016-3138,\nCVE-2016-3140 \nRalf Spenneberg of OpenSource Security reported that various USB\ndrivers do not sufficiently validate USB descriptors. This\nallowed a physically present user with a specially designed USB\ndevice to cause a denial of service (crash).\n\nCVE-2016-0821Solar Designer noted that the list poisoning \nfeature, intended\nto mitigate the effects of bugs in list manipulation in the\nkernel, used poison values within the range of virtual addresses\nthat can be allocated by user processes.\n\nCVE-2016-1237 \nDavid Sinquin discovered that nfsd does not check permissions when\nsetting ACLs, allowing users to grant themselves permissions to a\nfile by setting the ACL.\n\nCVE-2016-1583 \nJann Horn of Google Project Zero reported that the eCryptfs\nfilesystem could be used together with the proc filesystem to\ncause a kernel stack overflow. If the ecryptfs-utils package is\ninstalled, local users could exploit this, via the\nmount.ecryptfs_private program, for denial of service (crash) or\npossibly for privilege escalation.\n\nCVE-2016-2117 \nJustin Yackoski of Cryptonite discovered that the Atheros L2\nethernet driver incorrectly enables scatter/gather I/O. A remote\nattacker could take advantage of this flaw to obtain potentially\nsensitive information from kernel memory.\n\nCVE-2016-2143 \nMarcin Koscielnicki discovered that the fork implementation in the\nLinux kernel on s390 platforms mishandles the case of four\npage-table levels, which allows local users to cause a denial of\nservice (system crash).\n\nCVE-2016-3070 \nJan Stancek of Red Hat discovered a local denial of service\nvulnerability in AIO handling.\n\nCVE-2016-3134 \nThe Google Project Zero team found that the netfilter subsystem does\nnot sufficiently validate filter table entries. A user with the\nCAP_NET_ADMIN capability could use this for denial of service\n(crash) or possibly for privilege escalation. Debian disables\nunprivileged user namespaces by default, if locally enabled with the\nkernel.unprivileged_userns_clone sysctl, this allows privilege\nescalation.\n\nCVE-2016-3156 \nSolar Designer discovered that the IPv4 implementation in the Linux\nkernel did not perform the destruction of inet device objects\nproperly. An attacker in a guest OS could use this to cause a denial\nof service (networking outage) in the host OS.\n\nCVE-2016-3157 /\nXSA-171\n\nAndy Lutomirski discovered that the x86_64 (amd64) task switching\nimplementation did not correctly update the I/O permission level\nwhen running as a Xen paravirtual (PV) guest. In some\nconfigurations this would allow local users to cause a denial of\nservice (crash) or to escalate their privileges within the guest.\n\nCVE-2016-3672 \nHector Marco and Ismael Ripoll noted that it was possible to disable\nAddress Space Layout Randomisation (ASLR) for x86_32 (i386) programs\nby removing the stack resource limit. This made it easier for local\nusers to exploit security flaws in programs that have the setuid or\nsetgid flag set.\n\nCVE-2016-3951 \nIt was discovered that the cdc_ncm driver would free memory\nprematurely if certain errors occurred during its initialisation.\nThis allowed a physically present user with a specially designed\nUSB device to cause a denial of service (crash) or possibly to\nescalate their privileges.\n\nCVE-2016-3955 \nIgnat Korchagin reported that the usbip subsystem did not check\nthe length of data received for a USB buffer. This allowed denial\nof service (crash) or privilege escalation on a system configured\nas a usbip client, by the usbip server or by an attacker able to\nimpersonate it over the network. A system configured as a usbip\nserver might be similarly vulnerable to physically present users.\n\nCVE-2016-3961 /\nXSA-174\n\nVitaly Kuznetsov of Red Hat discovered that Linux allowed the use of\nhugetlbfs on x86 (i386 and amd64) systems even when running as a Xen\nparavirtualised (PV) guest, although Xen does not support huge\npages. This allowed users with access to /dev/hugepages to cause a\ndenial of service (crash) in the guest.\n\nCVE-2016-4470 \nDavid Howells of Red Hat discovered that a local user can trigger a\nflaw in the Linux kernel", "cvss3": {}, "published": "2016-06-28T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3607-1 (linux - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5244", "CVE-2016-3070", "CVE-2016-4913", "CVE-2016-3961", "CVE-2016-4581", "CVE-2016-4486", "CVE-2016-2186", "CVE-2016-2187", "CVE-2016-3156", "CVE-2016-1583", "CVE-2016-4569", "CVE-2016-0821", "CVE-2016-2184", "CVE-2016-5243", "CVE-2016-3951", "CVE-2016-3955", "CVE-2015-7515", "CVE-2016-3137", "CVE-2016-4485", "CVE-2016-4997", "CVE-2016-4482", "CVE-2016-3136", "CVE-2016-1237", "CVE-2016-3138", "CVE-2016-3140", "CVE-2016-2143", "CVE-2016-4578", "CVE-2016-2185", "CVE-2016-4805", "CVE-2016-3157", "CVE-2016-4470", "CVE-2016-2117", "CVE-2016-4565", "CVE-2016-4580", "CVE-2016-3672", "CVE-2016-4998", "CVE-2016-3134"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703607", "href": "http://plugins.openvas.org/nasl.php?oid=703607", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3607.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3607-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703607);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2015-7515\", \"CVE-2016-0821\", \"CVE-2016-1237\", \"CVE-2016-1583\",\n \"CVE-2016-2117\", \"CVE-2016-2143\", \"CVE-2016-2184\", \"CVE-2016-2185\",\n \"CVE-2016-2186\", \"CVE-2016-2187\", \"CVE-2016-3070\", \"CVE-2016-3134\",\n \"CVE-2016-3136\", \"CVE-2016-3137\", \"CVE-2016-3138\", \"CVE-2016-3140\",\n \"CVE-2016-3156\", \"CVE-2016-3157\", \"CVE-2016-3672\", \"CVE-2016-3951\",\n \"CVE-2016-3955\", \"CVE-2016-3961\", \"CVE-2016-4470\", \"CVE-2016-4482\",\n \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4569\",\n \"CVE-2016-4578\", \"CVE-2016-4580\", \"CVE-2016-4581\", \"CVE-2016-4805\",\n \"CVE-2016-4913\", \"CVE-2016-4997\", \"CVE-2016-4998\", \"CVE-2016-5243\",\n \"CVE-2016-5244\");\n script_name(\"Debian Security Advisory DSA 3607-1 (linux - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-06-28 00:00:00 +0200 (Tue, 28 Jun 2016)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3607.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"linux on Debian Linux\");\n script_tag(name: \"insight\", value: \"The Linux kernel is the core of the Linux operating system.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 3.16.7-ckt25-2+deb8u2.\n\nWe recommend that you upgrade your linux packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities have been\ndiscovered in the Linux kernel that may lead to a privilege escalation, denial of\nservice or information leaks.\n\nCVE-2015-7515,\nCVE-2016-2184,\nCVE-2016-2185,\nCVE-2016-2186,\nCVE-2016-2187,\nCVE-2016-3136,\nCVE-2016-3137,\nCVE-2016-3138,\nCVE-2016-3140 \nRalf Spenneberg of OpenSource Security reported that various USB\ndrivers do not sufficiently validate USB descriptors. This\nallowed a physically present user with a specially designed USB\ndevice to cause a denial of service (crash).\n\nCVE-2016-0821Solar Designer noted that the list poisoning \nfeature, intended\nto mitigate the effects of bugs in list manipulation in the\nkernel, used poison values within the range of virtual addresses\nthat can be allocated by user processes.\n\nCVE-2016-1237 \nDavid Sinquin discovered that nfsd does not check permissions when\nsetting ACLs, allowing users to grant themselves permissions to a\nfile by setting the ACL.\n\nCVE-2016-1583 \nJann Horn of Google Project Zero reported that the eCryptfs\nfilesystem could be used together with the proc filesystem to\ncause a kernel stack overflow. If the ecryptfs-utils package is\ninstalled, local users could exploit this, via the\nmount.ecryptfs_private program, for denial of service (crash) or\npossibly for privilege escalation.\n\nCVE-2016-2117 \nJustin Yackoski of Cryptonite discovered that the Atheros L2\nethernet driver incorrectly enables scatter/gather I/O. A remote\nattacker could take advantage of this flaw to obtain potentially\nsensitive information from kernel memory.\n\nCVE-2016-2143 \nMarcin Koscielnicki discovered that the fork implementation in the\nLinux kernel on s390 platforms mishandles the case of four\npage-table levels, which allows local users to cause a denial of\nservice (system crash).\n\nCVE-2016-3070 \nJan Stancek of Red Hat discovered a local denial of service\nvulnerability in AIO handling.\n\nCVE-2016-3134 \nThe Google Project Zero team found that the netfilter subsystem does\nnot sufficiently validate filter table entries. A user with the\nCAP_NET_ADMIN capability could use this for denial of service\n(crash) or possibly for privilege escalation. Debian disables\nunprivileged user namespaces by default, if locally enabled with the\nkernel.unprivileged_userns_clone sysctl, this allows privilege\nescalation.\n\nCVE-2016-3156 \nSolar Designer discovered that the IPv4 implementation in the Linux\nkernel did not perform the destruction of inet device objects\nproperly. An attacker in a guest OS could use this to cause a denial\nof service (networking outage) in the host OS.\n\nCVE-2016-3157 /\nXSA-171\n\nAndy Lutomirski discovered that the x86_64 (amd64) task switching\nimplementation did not correctly update the I/O permission level\nwhen running as a Xen paravirtual (PV) guest. In some\nconfigurations this would allow local users to cause a denial of\nservice (crash) or to escalate their privileges within the guest.\n\nCVE-2016-3672 \nHector Marco and Ismael Ripoll noted that it was possible to disable\nAddress Space Layout Randomisation (ASLR) for x86_32 (i386) programs\nby removing the stack resource limit. This made it easier for local\nusers to exploit security flaws in programs that have the setuid or\nsetgid flag set.\n\nCVE-2016-3951 \nIt was discovered that the cdc_ncm driver would free memory\nprematurely if certain errors occurred during its initialisation.\nThis allowed a physically present user with a specially designed\nUSB device to cause a denial of service (crash) or possibly to\nescalate their privileges.\n\nCVE-2016-3955 \nIgnat Korchagin reported that the usbip subsystem did not check\nthe length of data received for a USB buffer. This allowed denial\nof service (crash) or privilege escalation on a system configured\nas a usbip client, by the usbip server or by an attacker able to\nimpersonate it over the network. A system configured as a usbip\nserver might be similarly vulnerable to physically present users.\n\nCVE-2016-3961 /\nXSA-174\n\nVitaly Kuznetsov of Red Hat discovered that Linux allowed the use of\nhugetlbfs on x86 (i386 and amd64) systems even when running as a Xen\nparavirtualised (PV) guest, although Xen does not support huge\npages. This allowed users with access to /dev/hugepages to cause a\ndenial of service (crash) in the guest.\n\nCVE-2016-4470 \nDavid Howells of Red Hat discovered that a local user can trigger a\nflaw in the Linux kernel's handling of key lookups in the keychain\nsubsystem, leading to a denial of service (crash) or possibly to\nprivilege escalation.\n\nCVE-2016-4482,\nCVE-2016-4485,\nCVE-2016-4486,\nCVE-2016-4569,\nCVE-2016-4578,\nCVE-2016-4580,\nCVE-2016-5243,\nCVE-2016-5244 \nKangjie Lu reported that the USB devio, llc, rtnetlink, ALSA\ntimer, x25, tipc, and rds facilities leaked information from the\nkernel stack.\n\nCVE-2016-4565 \nJann Horn of Google Project Zero reported that various components\nin the InfiniBand stack implemented unusual semantics for the\nwrite() operation. On a system with InfiniBand drivers loaded,\nlocal users could use this for denial of service or privilege\nescalation.\n\nCVE-2016-4581 \nTycho Andersen discovered that in some situations the Linux kernel\ndid not handle propagated mounts correctly. A local user can take\nadvantage of this flaw to cause a denial of service (system crash).\n\nCVE-2016-4805 \nBaozeng Ding discovered a use-after-free in the generic PPP layer in\nthe Linux kernel. A local user can take advantage of this flaw to\ncause a denial of service (system crash), or potentially escalate\ntheir privileges.\n\nCVE-2016-4913 \nAl Viro found that the ISO9660 filesystem implementation did not\ncorrectly count the length of certain invalid name entries.\nReading a directory containing such name entries would leak\ninformation from kernel memory. Users permitted to mount disks or\ndisk images could use this to obtain sensitive information.\n\nCVE-2016-4997 /\nCVE-2016-4998 \nJesse Hertz and Tim Newsham discovered that missing input sanitising\nin Netfilter socket handling may result in denial of service. Debian\ndisables unprivileged user namespaces by default, if locally enabled\nwith the kernel.unprivileged_userns_clone sysctl, this also allows\nprivilege escalation.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-arm\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-s390\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-x86\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-doc-3.16\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-4kc-malta\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-586\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-5kc-malta\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-686-pae\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-amd64\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-arm64\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armel\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armhf\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-i386\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mips\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mipsel\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-powerpc\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-ppc64el\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-s390x\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-amd64\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-arm64\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp-lpae\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-common\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-ixp4xx\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-kirkwood\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2e\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2f\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-3\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-octeon\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-orion5x\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc-smp\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64le\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r4k-ip22\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r5k-ip32\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-s390x\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-versatile\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-4kc-malta\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-5kc-malta\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mips\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mipsel\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-loongson-2f\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-octeon\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r4k-ip22\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-cobalt\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-ip32\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-4kc-malta\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-586\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-5kc-malta\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae-dbg\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64-dbg\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64-dbg\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp-lpae\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-ixp4xx\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-kirkwood\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2e\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2f\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-3\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-octeon\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-orion5x\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc-smp\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64le\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r4k-ip22\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r5k-ip32\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x-dbg\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-versatile\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-4kc-malta\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-5kc-malta\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-loongson-2f\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-octeon\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r4k-ip22\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-cobalt\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-ip32\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1a-bcm91480b\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-libc-dev:amd64\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-libc-dev:i386\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-manual-3.16\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-source-3.16\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-support-3.16.0-4\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-4-amd64\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:35:21", "description": "Several vulnerabilities have been\ndiscovered in the Linux kernel that may lead to a privilege escalation, denial of\nservice or information leaks.\n\nCVE-2015-7515,\nCVE-2016-2184,\nCVE-2016-2185,\nCVE-2016-2186,\nCVE-2016-2187,\nCVE-2016-3136,\nCVE-2016-3137,\nCVE-2016-3138,\nCVE-2016-3140\nRalf Spenneberg of OpenSource Security reported that various USB\ndrivers do not sufficiently validate USB descriptors. This\nallowed a physically present user with a specially designed USB\ndevice to cause a denial of service (crash).\n\nCVE-2016-0821Solar Designer noted that the list poisoning\nfeature, intended\nto mitigate the effects of bugs in list manipulation in the\nkernel, used poison values within the range of virtual addresses\nthat can be allocated by user processes.\n\nCVE-2016-1237\nDavid Sinquin discovered that nfsd does not check permissions when\nsetting ACLs, allowing users to grant themselves permissions to a\nfile by setting the ACL.\n\nDescription truncated. Please see the references for more information.", "cvss3": {}, "published": "2016-06-28T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3607-1 (linux - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5244", "CVE-2016-3070", "CVE-2016-4913", "CVE-2016-3961", "CVE-2016-4581", "CVE-2016-4486", "CVE-2016-2186", "CVE-2016-2187", "CVE-2016-3156", "CVE-2016-1583", "CVE-2016-4569", "CVE-2016-0821", "CVE-2016-2184", "CVE-2016-5243", "CVE-2016-3951", "CVE-2016-3955", "CVE-2015-7515", "CVE-2016-3137", "CVE-2016-4485", "CVE-2016-4997", "CVE-2016-4482", "CVE-2016-3136", "CVE-2016-1237", "CVE-2016-3138", "CVE-2016-3140", "CVE-2016-2143", "CVE-2016-4578", "CVE-2016-2185", "CVE-2016-4805", "CVE-2016-3157", "CVE-2016-4470", "CVE-2016-2117", "CVE-2016-4565", "CVE-2016-4580", "CVE-2016-3672", "CVE-2016-4998", "CVE-2016-3134"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703607", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703607", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3607.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3607-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703607\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2015-7515\", \"CVE-2016-0821\", \"CVE-2016-1237\", \"CVE-2016-1583\",\n \"CVE-2016-2117\", \"CVE-2016-2143\", \"CVE-2016-2184\", \"CVE-2016-2185\",\n \"CVE-2016-2186\", \"CVE-2016-2187\", \"CVE-2016-3070\", \"CVE-2016-3134\",\n \"CVE-2016-3136\", \"CVE-2016-3137\", \"CVE-2016-3138\", \"CVE-2016-3140\",\n \"CVE-2016-3156\", \"CVE-2016-3157\", \"CVE-2016-3672\", \"CVE-2016-3951\",\n \"CVE-2016-3955\", \"CVE-2016-3961\", \"CVE-2016-4470\", \"CVE-2016-4482\",\n \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4569\",\n \"CVE-2016-4578\", \"CVE-2016-4580\", \"CVE-2016-4581\", \"CVE-2016-4805\",\n \"CVE-2016-4913\", \"CVE-2016-4997\", \"CVE-2016-4998\", \"CVE-2016-5243\",\n \"CVE-2016-5244\");\n script_name(\"Debian Security Advisory DSA 3607-1 (linux - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-28 00:00:00 +0200 (Tue, 28 Jun 2016)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3607.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"linux on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 3.16.7-ckt25-2+deb8u2.\n\nWe recommend that you upgrade your linux packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been\ndiscovered in the Linux kernel that may lead to a privilege escalation, denial of\nservice or information leaks.\n\nCVE-2015-7515,\nCVE-2016-2184,\nCVE-2016-2185,\nCVE-2016-2186,\nCVE-2016-2187,\nCVE-2016-3136,\nCVE-2016-3137,\nCVE-2016-3138,\nCVE-2016-3140\nRalf Spenneberg of OpenSource Security reported that various USB\ndrivers do not sufficiently validate USB descriptors. This\nallowed a physically present user with a specially designed USB\ndevice to cause a denial of service (crash).\n\nCVE-2016-0821Solar Designer noted that the list poisoning\nfeature, intended\nto mitigate the effects of bugs in list manipulation in the\nkernel, used poison values within the range of virtual addresses\nthat can be allocated by user processes.\n\nCVE-2016-1237\nDavid Sinquin discovered that nfsd does not check permissions when\nsetting ACLs, allowing users to grant themselves permissions to a\nfile by setting the ACL.\n\nDescription truncated. Please see the references for more information.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed\nsoftware version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-arm\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-s390\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-x86\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-doc-3.16\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-4kc-malta\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-586\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-5kc-malta\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-686-pae\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-amd64\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-arm64\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armel\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armhf\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-i386\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mips\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mipsel\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-powerpc\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-ppc64el\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-s390x\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-amd64\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-arm64\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp-lpae\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-common\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-ixp4xx\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-kirkwood\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2e\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2f\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-3\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-octeon\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-orion5x\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc-smp\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64le\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r4k-ip22\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r5k-ip32\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-s390x\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-versatile\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-4kc-malta\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-5kc-malta\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mips\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mipsel\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-loongson-2f\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-octeon\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r4k-ip22\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-cobalt\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-ip32\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-4kc-malta\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-586\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-5kc-malta\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae-dbg\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64-dbg\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64-dbg\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp-lpae\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-ixp4xx\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-kirkwood\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2e\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2f\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-3\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-octeon\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-orion5x\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc-smp\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64le\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r4k-ip22\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r5k-ip32\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x-dbg\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-versatile\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-4kc-malta\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-5kc-malta\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-loongson-2f\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-octeon\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r4k-ip22\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-cobalt\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-ip32\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1a-bcm91480b\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-libc-dev:amd64\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-libc-dev:i386\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-manual-3.16\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-source-3.16\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-support-3.16.0-4\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-4-amd64\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:41", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-2996-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4486", "CVE-2016-2186", "CVE-2016-2187", "CVE-2016-3156", "CVE-2016-1583", "CVE-2016-2184", "CVE-2016-3955", "CVE-2016-3137", "CVE-2016-4485", "CVE-2016-3136", "CVE-2016-3138", "CVE-2016-3140", "CVE-2016-2185", "CVE-2016-3157", "CVE-2016-3672", "CVE-2016-2188"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842792", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842792", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-2996-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842792\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-11 05:26:39 +0200 (Sat, 11 Jun 2016)\");\n script_cve_id(\"CVE-2016-1583\", \"CVE-2016-2184\", \"CVE-2016-2185\", \"CVE-2016-2186\", \"CVE-2016-2187\", \"CVE-2016-2188\", \"CVE-2016-3136\", \"CVE-2016-3137\", \"CVE-2016-3138\", \"CVE-2016-3140\", \"CVE-2016-3156\", \"CVE-2016-3157\", \"CVE-2016-3672\", \"CVE-2016-3955\", \"CVE-2016-4485\", \"CVE-2016-4486\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-2996-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Jann Horn discovered that eCryptfs improperly attempted to use the mmap()\nhandler of a lower filesystem that did not implement one, causing a\nrecursive page fault to occur. A local unprivileged attacker could use to\ncause a denial of service (system crash) or possibly execute arbitrary code\nwith administrative privileges. (CVE-2016-1583)\n\nRalf Spenneberg discovered that the USB sound subsystem in the Linux kernel\ndid not properly validate USB device descriptors. An attacker with physical\naccess could use this to cause a denial of service (system crash).\n(CVE-2016-2184)\n\nRalf Spenneberg discovered that the ATI Wonder Remote II USB driver in the\nLinux kernel did not properly validate USB device descriptors. An attacker\nwith physical access could use this to cause a denial of service (system\ncrash). (CVE-2016-2185)\n\nRalf Spenneberg discovered that the PowerMate USB driver in the Linux\nkernel did not properly validate USB device descriptors. An attacker with\nphysical access could use this to cause a denial of service (system crash).\n(CVE-2016-2186)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An attacker\nwith physical access could use this to cause a denial of service (system\ncrash). (CVE-2016-2187)\n\nRalf Spenneberg discovered that the I/O-Warrior USB device driver in the\nLinux kernel did not properly validate USB device descriptors. An attacker\nwith physical access could use this to cause a denial of service (system\ncrash). (CVE-2016-2188)\n\nSergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the\nMCT USB RS232 Converter device driver in the Linux kernel did not properly\nvalidate USB device descriptors. An attacker with physical access could use\nthis to cause a denial of service (system crash). (CVE-2016-3136)\n\nSergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the\nCypress M8 USB device driver in the Linux kernel did not properly validate\nUSB device descriptors. An attacker with physical access could use this to\ncause a denial of service (system crash). (CVE-2016-3137)\n\nSergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the\nUSB abstract device control driver for modems and ISDN adapters did not\nvalidate endpoint descriptors. An attacker with physical access could use\nthis to cause a denial of service (system crash). (CVE-2016-3138)\n\nSergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the\nLinux kernel's USB driver for Digi AccelePort serial converters did not\nproperly validate USB device descriptors. An attacker with physical acc ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2996-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2996-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-104-generic\", ver:\"3.2.0-104.145\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-104-generic-pae\", ver:\"3.2.0-104.145\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-104-highbank\", ver:\"3.2.0-104.145\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-104-omap\", ver:\"3.2.0-104.145\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-104-powerpc-smp\", ver:\"3.2.0-104.145\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-104-powerpc64-smp\", ver:\"3.2.0-104.145\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-104-virtual\", ver:\"3.2.0-104.145\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:36", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-2997-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4486", "CVE-2016-2186", "CVE-2016-2187", "CVE-2016-3156", "CVE-2016-1583", "CVE-2016-2184", "CVE-2016-3955", "CVE-2016-3137", "CVE-2016-4485", "CVE-2016-3136", "CVE-2016-3138", "CVE-2016-3140", "CVE-2016-2185", "CVE-2016-3157", "CVE-2016-3672", "CVE-2016-2188"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842795", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842795", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-ti-omap4 USN-2997-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842795\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-11 05:27:28 +0200 (Sat, 11 Jun 2016)\");\n script_cve_id(\"CVE-2016-1583\", \"CVE-2016-2184\", \"CVE-2016-2185\", \"CVE-2016-2186\", \"CVE-2016-2187\", \"CVE-2016-2188\", \"CVE-2016-3136\", \"CVE-2016-3137\", \"CVE-2016-3138\", \"CVE-2016-3140\", \"CVE-2016-3156\", \"CVE-2016-3157\", \"CVE-2016-3672\", \"CVE-2016-3955\", \"CVE-2016-4485\", \"CVE-2016-4486\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-2997-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-ti-omap4'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Jann Horn discovered that eCryptfs improperly attempted to use the mmap()\nhandler of a lower filesystem that did not implement one, causing a\nrecursive page fault to occur. A local unprivileged attacker could use to\ncause a denial of service (system crash) or possibly execute arbitrary code\nwith administrative privileges. (CVE-2016-1583)\n\nRalf Spenneberg discovered that the USB sound subsystem in the Linux kernel\ndid not properly validate USB device descriptors. An attacker with physical\naccess could use this to cause a denial of service (system crash).\n(CVE-2016-2184)\n\nRalf Spenneberg discovered that the ATI Wonder Remote II USB driver in the\nLinux kernel did not properly validate USB device descriptors. An attacker\nwith physical access could use this to cause a denial of service (system\ncrash). (CVE-2016-2185)\n\nRalf Spenneberg discovered that the PowerMate USB driver in the Linux\nkernel did not properly validate USB device descriptors. An attacker with\nphysical access could use this to cause a denial of service (system crash).\n(CVE-2016-2186)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An attacker\nwith physical access could use this to cause a denial of service (system\ncrash). (CVE-2016-2187)\n\nRalf Spenneberg discovered that the I/O-Warrior USB device driver in the\nLinux kernel did not properly validate USB device descriptors. An attacker\nwith physical access could use this to cause a denial of service (system\ncrash). (CVE-2016-2188)\n\nSergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the\nMCT USB RS232 Converter device driver in the Linux kernel did not properly\nvalidate USB device descriptors. An attacker with physical access could use\nthis to cause a denial of service (system crash). (CVE-2016-3136)\n\nSergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the\nCypress M8 USB device driver in the Linux kernel did not properly validate\nUSB device descriptors. An attacker with physical access could use this to\ncause a denial of service (system crash). (CVE-2016-3137)\n\nSergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the\nUSB abstract device control driver for modems and ISDN adapters did not\nvalidate endpoint descriptors. An attacker with physical access could use\nthis to cause a denial of service (system crash). (CVE-2016-3138)\n\nSergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the\nLinux kernel's USB driver for Digi AccelePort serial converters did not\nproperly validate USB device descriptors. An attacker with phy ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"linux-ti-omap4 on Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2997-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2997-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-1482-omap4\", ver:\"3.2.0-1482.109\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-14T18:55:52", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-09-13T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2016:2290-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8787", "CVE-2016-6480", "CVE-2016-4557", "CVE-2016-4951", "CVE-2016-2847", "CVE-2016-5696", "CVE-2016-4486", "CVE-2016-3156", "CVE-2016-4569", "CVE-2016-6828", "CVE-2016-4485", "CVE-2016-1237", "CVE-2016-4578", "CVE-2016-4805", "CVE-2016-4580", "CVE-2016-4998", "CVE-2003-1604", "CVE-2016-3134"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851390", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851390", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851390\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-09-13 05:46:53 +0200 (Tue, 13 Sep 2016)\");\n script_cve_id(\"CVE-2015-8787\", \"CVE-2016-1237\", \"CVE-2016-2847\", \"CVE-2016-3134\",\n \"CVE-2016-3156\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4557\",\n \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4580\", \"CVE-2016-4805\",\n \"CVE-2016-4951\", \"CVE-2016-4998\", \"CVE-2016-5696\", \"CVE-2016-6480\",\n \"CVE-2016-6828\", \"CVE-2003-1604\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2016:2290-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The openSUSE Leap 42.1 kernel was updated to 4.1.31 to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of\n unread data in pipes, which allowed local users to cause a denial of\n service (memory consumption) by creating many pipes with non-default\n sizes (bnc#970948).\n\n - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not\n validate certain offset fields, which allowed local users to gain\n privileges or cause a denial of service (heap memory corruption) via an\n IPT_SO_SET_REPLACE setsockopt call (bnc#971126).\n\n - CVE-2016-3156: The IPv4 implementation in the Linux kernel mishandled\n destruction of device objects, which allowed guest OS users to cause a\n denial of service (host OS networking outage) by arranging for a large\n number of IP addresses (bnc#971360).\n\n - CVE-2016-4485: The llc_cmsg_rcv function in net/llc/af_llc.c in the\n Linux kernel did not initialize a certain data structure, which allowed\n attackers to obtain sensitive information from kernel stack memory by\n reading a message (bnc#978821).\n\n - CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c\n in the Linux kernel did not initialize a certain data structure, which\n allowed local users to obtain sensitive information from kernel stack\n memory by reading a Netlink message (bnc#978822).\n\n - CVE-2016-4557: The replace_map_fd_with_map_ptr function in\n kernel/bpf/verifier.c in the Linux kernel did not properly maintain an\n fd data structure, which allowed local users to gain privileges or cause\n a denial of service (use-after-free) via crafted BPF instructions that\n reference an incorrect file descriptor (bnc#979018).\n\n - CVE-2016-4580: The x25_negotiate_facilities function in\n net/x25/x25_facilities.c in the Linux kernel did not properly initialize\n a certain data structure, which allowed attackers to obtain sensitive\n information from kernel stack memory via an X.25 Call Request\n (bnc#981267).\n\n - CVE-2016-4805: Use-after-free vulnerability in\n drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to\n cause a denial of service (memory corruption and system crash, or\n spinlock) or possibly have unspecified other impact by removing a\n network namespace, related to the ppp_register_net_channel and\n ppp_unregister_channel functions (bnc#980371).\n\n - CVE-2016-4951: The tipc_nl_publ_dump function in net/tipc/socket.c in\n the Linux kernel did not verify socket existence, which allowed local\n users to cause a denial of service (NULL pointer derefe ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"Kernel on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:2290-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-debugsource\", rpm:\"hdjmod-debugsource~1.28~24.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-default\", rpm:\"hdjmod-kmp-default~1.28_k4.1.31_30~24.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-default-debuginfo\", rpm:\"hdjmod-kmp-default-debuginfo~1.28_k4.1.31_30~24.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-pv\", rpm:\"hdjmod-kmp-pv~1.28_k4.1.31_30~24.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-pv-debuginfo\", rpm:\"hdjmod-kmp-pv-debuginfo~1.28_k4.1.31_30~24.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-xen\", rpm:\"hdjmod-kmp-xen~1.28_k4.1.31_30~24.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-xen-debuginfo\", rpm:\"hdjmod-kmp-xen-debuginfo~1.28_k4.1.31_30~24.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset\", rpm:\"ipset~6.25.1~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-debuginfo\", rpm:\"ipset-debuginfo~6.25.1~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-debugsource\", rpm:\"ipset-debugsource~6.25.1~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-devel\", rpm:\"ipset-devel~6.25.1~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-default\", rpm:\"ipset-kmp-default~6.25.1_k4.1.31_30~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-default-debuginfo\", rpm:\"ipset-kmp-default-debuginfo~6.25.1_k4.1.31_30~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-pv\", rpm:\"ipset-kmp-pv~6.25.1_k4.1.31_30~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-pv-debuginfo\", rpm:\"ipset-kmp-pv-debuginfo~6.25.1_k4.1.31_30~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-xen\", rpm:\"ipset-kmp-xen~6.25.1_k4.1.31_30~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-xen-debuginfo\", rpm:\"ipset-kmp-xen-debuginfo~6.25.1_k4.1.31_30~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~4.1.31~30.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~4.1.31~30.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~4.1.31~30.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~4.1.31~30.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~4.1.31~30.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~4.1.31~30.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build\", rpm:\"kernel-obs-build~4.1.31~30.3\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build-debugsource\", rpm:\"kernel-obs-build-debugsource~4.1.31~30.3\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa\", rpm:\"kernel-obs-qa~4.1.31~30.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa-xen\", rpm:\"kernel-obs-qa-xen~4.1.31~30.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~4.1.31~30.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libipset3\", rpm:\"libipset3~6.25.1~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libipset3-debuginfo\", rpm:\"libipset3-debuginfo~6.25.1~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock\", rpm:\"pcfclock~0.44~266.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-debuginfo\", rpm:\"pcfclock-debuginfo~0.44~266.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-debugsource\", rpm:\"pcfclock-debugsource~0.44~266.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-default\", rpm:\"pcfclock-kmp-default~0.44_k4.1.31_30~266.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-default-debuginfo\", rpm:\"pcfclock-kmp-default-debuginfo~0.44_k4.1.31_30~266.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-pv\", rpm:\"pcfclock-kmp-pv~0.44_k4.1.31_30~266.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-pv-debuginfo\", rpm:\"pcfclock-kmp-pv-debuginfo~0.44_k4.1.31_30~266.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-debugsource\", rpm:\"vhba-kmp-debugsource~20140928~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-default-\", rpm:\"vhba-kmp-default~20140928_k4.1.31_30~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-default-debuginfo-\", rpm:\"vhba-kmp-default-debuginfo~20140928_k4.1.31_30~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-pv-\", rpm:\"vhba-kmp-pv~20140928_k4.1.31_30~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-pv-debuginfo-\", rpm:\"vhba-kmp-pv-debuginfo~20140928_k4.1.31_30~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-xen-\", rpm:\"vhba-kmp-xen~20140928_k4.1.31_30~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-xen-debuginfo-\", rpm:\"vhba-kmp-xen-debuginfo~20140928_k4.1.31_30~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~4.1.31~30.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~4.1.31~30.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~4.1.31~30.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~4.1.31~30.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~4.1.31~30.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~4.1.31~30.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~4.1.31~30.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~4.1.31~30.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~4.1.31~30.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base-debuginfo\", rpm:\"kernel-ec2-base-debuginfo~4.1.31~30.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debuginfo\", rpm:\"kernel-ec2-debuginfo~4.1.31~30.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debugsource\", rpm:\"kernel-ec2-debugsource~4.1.31~30.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~4.1.31~30.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv\", rpm:\"kernel-pv~4.1.31~30.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-base\", rpm:\"kernel-pv-base~4.1.31~30.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-base-debuginfo\", rpm:\"kernel-pv-base-debuginfo~4.1.31~30.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-debuginfo\", rpm:\"kernel-pv-debuginfo~4.1.31~30.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-debugsource\", rpm:\"kernel-pv-debugsource~4.1.31~30.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-devel\", rpm:\"kernel-pv-devel~4.1.31~30.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~4.1.31~30.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~4.1.31~30.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~4.1.31~30.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~4.1.31~30.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~4.1.31~30.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~4.1.31~30.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base-debuginfo\", rpm:\"kernel-xen-base-debuginfo~4.1.31~30.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~4.1.31~30.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~4.1.31~30.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~4.1.31~30.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"drbd\", rpm:\"drbd~8.4.6~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"drbd-debugsource\", rpm:\"drbd-debugsource~8.4.6~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"drbd-kmp-default\", rpm:\"drbd-kmp-default~8.4.6_k4.1.31_30~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"drbd-kmp-default-debuginfo\", rpm:\"drbd-kmp-default-debuginfo~8.4.6_k4.1.31_30~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"drbd-kmp-pv\", rpm:\"drbd-kmp-pv~8.4.6_k4.1.31_30~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"drbd-kmp-pv-debuginfo\", rpm:\"drbd-kmp-pv-debuginfo~8.4.6_k4.1.31_30~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"drbd-kmp-xen\", rpm:\"drbd-kmp-xen~8.4.6_k4.1.31_30~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"drbd-kmp-xen-debuginfo\", rpm:\"drbd-kmp-xen-debuginfo~8.4.6_k4.1.31_30~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lttng-modules\", rpm:\"lttng-modules~2.7.0~2.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lttng-modules-debugsource\", rpm:\"lttng-modules-debugsource~2.7.0~2.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lttng-modules-kmp-default\", rpm:\"lttng-modules-kmp-default~2.7.0_k4.1.31_30~2.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lttng-modules-kmp-default-debuginfo\", rpm:\"lttng-modules-kmp-default-debuginfo~2.7.0_k4.1.31_30~2.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lttng-modules-kmp-pv\", rpm:\"lttng-modules-kmp-pv~2.7.0_k4.1.31_30~2.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lttng-modules-kmp-pv-debuginfo\", rpm:\"lttng-modules-kmp-pv-debuginfo~2.7.0_k4.1.31_30~2.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.1.31~30.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~4.1.31~30.3\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-html\", rpm:\"kernel-docs-html~4.1.31~30.3\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-pdf\", rpm:\"kernel-docs-pdf~4.1.31~30.3\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~4.1.31~30.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~4.1.31~30.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~4.1.31~30.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~4.1.31~30.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~4.1.31~30.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base-debuginfo\", rpm:\"kernel-pae-base-debuginfo~4.1.31~30.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debuginfo\", rpm:\"kernel-pae-debuginfo~4.1.31~30.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debugsource\", rpm:\"kernel-pae-debugsource~4.1.31~30.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~4.1.31~30.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-pae\", rpm:\"hdjmod-kmp-pae~1.28_k4.1.31_30~24.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-pae-debuginfo\", rpm:\"hdjmod-kmp-pae-debuginfo~1.28_k4.1.31_30~24.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-pae\", rpm:\"ipset-kmp-pae~6.25.1_k4.1.31_30~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-pae-debuginfo\", rpm:\"ipset-kmp-pae-debuginfo~6.25.1_k4.1.31_30~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-pae\", rpm:\"pcfclock-kmp-pae~0.44_k4.1.31_30~266.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-pae-debuginfo\", rpm:\"pcfclock-kmp-pae-debuginfo~0.44_k4.1.31_30~266.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-pae-\", rpm:\"vhba-kmp-pae~20140928_k4.1.31_30~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-pae-debuginfo-\", rpm:\"vhba-kmp-pae-debuginfo~20140928_k4.1.31_30~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:11", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-28T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-raspi2 USN-3016-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4913", "CVE-2016-4951", "CVE-2016-4569", "CVE-2016-4997", "CVE-2016-4482", "CVE-2016-4578", "CVE-2016-4580", "CVE-2016-4998"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842809", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842809", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-raspi2 USN-3016-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842809\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-28 05:25:19 +0200 (Tue, 28 Jun 2016)\");\n script_cve_id(\"CVE-2016-4997\", \"CVE-2016-4482\", \"CVE-2016-4569\", \"CVE-2016-4578\",\n\t\t\"CVE-2016-4580\", \"CVE-2016-4913\", \"CVE-2016-4951\", \"CVE-2016-4998\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-raspi2 USN-3016-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-raspi2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Jesse Hertz and Tim Newsham discovered that\n the Linux netfilter implementation did not correctly perform validation when\n handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A\n local unprivileged attacker could use this to cause a denial of service (system\n crash) or execute arbitrary code with administrative privileges.\n (CVE-2016-4997)\n\nKangjie Lu discovered an information leak in the core USB implementation in\nthe Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4482)\n\nKangjie Lu discovered an information leak in the timer handling\nimplementation in the Advanced Linux Sound Architecture (ALSA) subsystem of\nthe Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4569, CVE-2016-4578)\n\nKangjie Lu discovered an information leak in the X.25 Call Request handling\nin the Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4580)\n\nIt was discovered that an information leak exists in the Rock Ridge\nimplementation in the Linux kernel. A local attacker who is able to mount a\nmalicious iso9660 file system image could exploit this flaw to obtain\npotentially sensitive information from kernel memory. (CVE-2016-4913)\n\nBaozeng Ding discovered that the Transparent Inter-process Communication\n(TIPC) implementation in the Linux kernel did not verify socket existence\nbefore use in some situations. A local attacker could use this to cause a\ndenial of service (system crash). (CVE-2016-4951)\n\nJesse Hertz and Tim Newsham discovered that the Linux netfilter\nimplementation did not correctly perform validation when handling\nIPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to\ncause a denial of service (system crash) or obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4998)\");\n script_tag(name:\"affected\", value:\"linux-raspi2 on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3016-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3016-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1016-raspi2\", ver:\"4.4.0-1016.22\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:10", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-28T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-3021-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4913", "CVE-2016-4569", "CVE-2016-3951", "CVE-2016-4482", "CVE-2016-4578", "CVE-2016-4805", "CVE-2016-4565", "CVE-2016-4580"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842814", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842814", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-ti-omap4 USN-3021-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842814\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-28 05:26:02 +0200 (Tue, 28 Jun 2016)\");\n script_cve_id(\"CVE-2016-3951\", \"CVE-2016-4482\", \"CVE-2016-4565\", \"CVE-2016-4569\",\n\t\t\"CVE-2016-4578\", \"CVE-2016-4580\", \"CVE-2016-4805\", \"CVE-2016-4913\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-3021-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-ti-omap4'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Andrey Konovalov discovered that the CDC\n Network Control Model USB driver in the Linux kernel did not cancel work events\n queued if a later error occurred, resulting in a use-after-free. An attacker\n with physical access could use this to cause a denial of service (system crash).\n (CVE-2016-3951)\n\nKangjie Lu discovered an information leak in the core USB implementation in\nthe Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4482)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel\ncould be coerced into overwriting kernel memory. A local unprivileged\nattacker could use this to possibly gain administrative privileges on\nsystems where InifiniBand related kernel modules are loaded.\n(CVE-2016-4565)\n\nKangjie Lu discovered an information leak in the timer handling\nimplementation in the Advanced Linux Sound Architecture (ALSA) subsystem of\nthe Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4569, CVE-2016-4578)\n\nKangjie Lu discovered an information leak in the X.25 Call Request handling\nin the Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4580)\n\nBaozeng Ding discovered a use-after-free issue in the generic PPP layer in\nthe Linux kernel. A local attacker could use this to cause a denial of\nservice (system crash). (CVE-2016-4805)\n\nIt was discovered that an information leak exists in the Rock Ridge\nimplementation in the Linux kernel. A local attacker who is able to mount a\nmalicious iso9660 file system image could exploit this flaw to obtain\npotentially sensitive information from kernel memory. (CVE-2016-4913)\");\n script_tag(name:\"affected\", value:\"linux-ti-omap4 on Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3021-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3021-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-1483-omap4\", ver:\"3.2.0-1483.110\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:27", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-28T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-3017-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4913", "CVE-2016-4951", "CVE-2016-4569", "CVE-2016-4997", "CVE-2016-4482", "CVE-2016-4578", "CVE-2016-4580", "CVE-2016-4998"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842806", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842806", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-3017-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842806\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-28 05:24:53 +0200 (Tue, 28 Jun 2016)\");\n script_cve_id(\"CVE-2016-4997\", \"CVE-2016-4482\", \"CVE-2016-4569\", \"CVE-2016-4578\",\n\t\t\"CVE-2016-4580\", \"CVE-2016-4913\", \"CVE-2016-4951\", \"CVE-2016-4998\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3017-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Jesse Hertz and Tim Newsham discovered\n that the Linux netfilter implementation did not correctly perform validation\n when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit\n platforms. A local unprivileged attacker could use this to cause a denial\n of service (system crash) or execute arbitrary code with administrative\n privileges. (CVE-2016-4997)\n\nKangjie Lu discovered an information leak in the core USB implementation in\nthe Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4482)\n\nKangjie Lu discovered an information leak in the timer handling\nimplementation in the Advanced Linux Sound Architecture (ALSA) subsystem of\nthe Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4569, CVE-2016-4578)\n\nKangjie Lu discovered an information leak in the X.25 Call Request handling\nin the Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4580)\n\nIt was discovered that an information leak exists in the Rock Ridge\nimplementation in the Linux kernel. A local attacker who is able to mount a\nmalicious iso9660 file system image could exploit this flaw to obtain\npotentially sensitive information from kernel memory. (CVE-2016-4913)\n\nBaozeng Ding discovered that the Transparent Inter-process Communication\n(TIPC) implementation in the Linux kernel did not verify socket existence\nbefore use in some situations. A local attacker could use this to cause a\ndenial of service (system crash). (CVE-2016-4951)\n\nJesse Hertz and Tim Newsham discovered that the Linux netfilter\nimplementation did not correctly perform validation when handling\nIPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to\ncause a denial of service (system crash) or obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4998)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 15.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3017-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3017-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU15\\.10\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-41-generic\", ver:\"4.2.0-41.48\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-41-generic-lpae\", ver:\"4.2.0-41.48\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-41-lowlatency\", ver:\"4.2.0-41.48\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-41-powerpc-e500mc\", ver:\"4.2.0-41.48\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-41-powerpc-smp\", ver:\"4.2.0-41.48\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-41-powerpc64-emb\", ver:\"4.2.0-41.48\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-41-powerpc64-smp\", ver:\"4.2.0-41.48\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:16", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-28T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-xenial USN-3016-4", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4913", "CVE-2016-4951", "CVE-2016-4569", "CVE-2016-4997", "CVE-2016-4482", "CVE-2016-4578", "CVE-2016-4580", "CVE-2016-4998"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842811", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842811", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-xenial USN-3016-4\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842811\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-28 05:25:36 +0200 (Tue, 28 Jun 2016)\");\n script_cve_id(\"CVE-2016-4997\", \"CVE-2016-4482\", \"CVE-2016-4569\", \"CVE-2016-4578\",\n \t\t\"CVE-2016-4580\", \"CVE-2016-4913\", \"CVE-2016-4951\", \"CVE-2016-4998\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-xenial USN-3016-4\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-xenial'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3016-1 fixed vulnerabilities in the\n Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding\n updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for\n Ubuntu 14.04 LTS.\n\nJesse Hertz and Tim Newsham discovered that the Linux netfilter\nimplementation did not correctly perform validation when handling 32 bit\ncompatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local\nunprivileged attacker could use this to cause a denial of service (system\ncrash) or execute arbitrary code with administrative privileges.\n(CVE-2016-4997)\n\nKangjie Lu discovered an information leak in the core USB implementation in\nthe Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4482)\n\nKangjie Lu discovered an information leak in the timer handling\nimplementation in the Advanced Linux Sound Architecture (ALSA) subsystem of\nthe Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4569, CVE-2016-4578)\n\nKangjie Lu discovered an information leak in the X.25 Call Request handling\nin the Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4580)\n\nIt was discovered that an information leak exists in the Rock Ridge\nimplementation in the Linux kernel. A local attacker who is able to mount a\nmalicious iso9660 file system image could exploit this flaw to obtain\npotentially sensitive information from kernel memory. (CVE-2016-4913)\n\nBaozeng Ding discovered that the Transparent Inter-process Communication\n(TIPC) implementation in the Linux kernel did not verify socket existence\nbefore use in some situations. A local attacker could use this to cause a\ndenial of service (system crash). (CVE-2016-4951)\n\nJesse Hertz and Tim Newsham discovered that the Linux netfilter\nimplementation did not correctly perform validation when handling\nIPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to\ncause a denial of service (system crash) or obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4998)\");\n script_tag(name:\"affected\", value:\"linux-lts-xenial on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3016-4\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3016-4/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-28-generic\", ver:\"4.4.0-28.47~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-28-generic-lpae\", ver:\"4.4.0-28.47~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-28-lowlatency\", ver:\"4.4.0-28.47~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-28-powerpc-e500mc\", ver:\"4.4.0-28.47~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-28-powerpc-smp\", ver:\"4.4.0-28.47~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-28-powerpc64-emb\", ver:\"4.4.0-28.47~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-28-powerpc64-smp\", ver:\"4.4.0-28.47~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:03", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-28T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-3021-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4913", "CVE-2016-4569", "CVE-2016-3951", "CVE-2016-4482", "CVE-2016-4578", "CVE-2016-4805", "CVE-2016-4565", "CVE-2016-4580"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842816", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842816", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-3021-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842816\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-28 05:26:20 +0200 (Tue, 28 Jun 2016)\");\n script_cve_id(\"CVE-2016-3951\", \"CVE-2016-4482\", \"CVE-2016-4565\", \"CVE-2016-4569\",\n \t\t\"CVE-2016-4578\", \"CVE-2016-4580\", \"CVE-2016-4805\", \"CVE-2016-4913\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3021-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Andrey Konovalov discovered that the CDC\n Network Control Model USB driver in the Linux kernel did not cancel work events\n queued if a later error occurred, resulting in a use-after-free. An attacker with\n physical access could use this to cause a denial of service (system crash).\n (CVE-2016-3951)\n\nKangjie Lu discovered an information leak in the core USB implementation in\nthe Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4482)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel\ncould be coerced into overwriting kernel memory. A local unprivileged\nattacker could use this to possibly gain administrative privileges on\nsystems where InifiniBand related kernel modules are loaded.\n(CVE-2016-4565)\n\nKangjie Lu discovered an information leak in the timer handling\nimplementation in the Advanced Linux Sound Architecture (ALSA) subsystem of\nthe Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4569, CVE-2016-4578)\n\nKangjie Lu discovered an information leak in the X.25 Call Request handling\nin the Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4580)\n\nBaozeng Ding discovered a use-after-free issue in the generic PPP layer in\nthe Linux kernel. A local attacker could use this to cause a denial of\nservice (system crash). (CVE-2016-4805)\n\nIt was discovered that an information leak exists in the Rock Ridge\nimplementation in the Linux kernel. A local attacker who is able to mount a\nmalicious iso9660 file system image could exploit this flaw to obtain\npotentially sensitive information from kernel memory. (CVE-2016-4913)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3021-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3021-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-105-generic\", ver:\"3.2.0-105.146\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-105-generic-pae\", ver:\"3.2.0-105.146\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-105-highbank\", ver:\"3.2.0-105.146\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-105-omap\", ver:\"3.2.0-105.146\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-105-powerpc-smp\", ver:\"3.2.0-105.146\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-105-powerpc64-smp\", ver:\"3.2.0-105.146\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-105-virtual\", ver:\"3.2.0-105.146\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:31", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-28T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-raspi2 USN-3017-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4913", "CVE-2016-4951", "CVE-2016-4569", "CVE-2016-4997", "CVE-2016-4482", "CVE-2016-4578", "CVE-2016-4580", "CVE-2016-4998"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842817", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842817", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-raspi2 USN-3017-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842817\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-28 05:26:28 +0200 (Tue, 28 Jun 2016)\");\n script_cve_id(\"CVE-2016-4997\", \"CVE-2016-4482\", \"CVE-2016-4569\", \"CVE-2016-4578\",\n\t\t\"CVE-2016-4580\", \"CVE-2016-4913\", \"CVE-2016-4951\", \"CVE-2016-4998\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-raspi2 USN-3017-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-raspi2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Jesse Hertz and Tim Newsham discovered that\n the Linux netfilter implementation did not correctly perform validation when\n handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms.\n A local unprivileged attacker could use this to cause a denial of service (system\n crash) or execute arbitrary code with administrative privileges.\n (CVE-2016-4997)\n\nKangjie Lu discovered an information leak in the core USB implementation in\nthe Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4482)\n\nKangjie Lu discovered an information leak in the timer handling\nimplementation in the Advanced Linux Sound Architecture (ALSA) subsystem of\nthe Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4569, CVE-2016-4578)\n\nKangjie Lu discovered an information leak in the X.25 Call Request handling\nin the Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4580)\n\nIt was discovered that an information leak exists in the Rock Ridge\nimplementation in the Linux kernel. A local attacker who is able to mount a\nmalicious iso9660 file system image could exploit this flaw to obtain\npotentially sensitive information from kernel memory. (CVE-2016-4913)\n\nBaozeng Ding discovered that the Transparent Inter-process Communication\n(TIPC) implementation in the Linux kernel did not verify socket existence\nbefore use in some situations. A local attacker could use this to cause a\ndenial of service (system crash). (CVE-2016-4951)\n\nJesse Hertz and Tim Newsham discovered that the Linux netfilter\nimplementation did not correctly perform validation when handling\nIPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to\ncause a denial of service (system crash) or obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4998)\");\n script_tag(name:\"affected\", value:\"linux-raspi2 on Ubuntu 15.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3017-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3017-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU15\\.10\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-1033-raspi2\", ver:\"4.2.0-1033.43\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:05", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-28T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-snapdragon USN-3016-3", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4913", "CVE-2016-4951", "CVE-2016-4569", "CVE-2016-4997", "CVE-2016-4482", "CVE-2016-4578", "CVE-2016-4580", "CVE-2016-4998"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842815", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842815", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-snapdragon USN-3016-3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842815\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-28 05:26:12 +0200 (Tue, 28 Jun 2016)\");\n script_cve_id(\"CVE-2016-4997\", \"CVE-2016-4482\", \"CVE-2016-4569\", \"CVE-2016-4578\",\n\t\t\"CVE-2016-4580\", \"CVE-2016-4913\", \"CVE-2016-4951\", \"CVE-2016-4998\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-snapdragon USN-3016-3\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-snapdragon'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Jesse Hertz and Tim Newsham discovered that\n the Linux netfilter implementation did not correctly perform validation when\n handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A\n local unprivileged attacker could use this to cause a denial of service (system\n crash) or execute arbitrary code with administrative privileges.\n (CVE-2016-4997)\n\nKangjie Lu discovered an information leak in the core USB implementation in\nthe Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4482)\n\nKangjie Lu discovered an information leak in the timer handling\nimplementation in the Advanced Linux Sound Architecture (ALSA) subsystem of\nthe Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4569, CVE-2016-4578)\n\nKangjie Lu discovered an information leak in the X.25 Call Request handling\nin the Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4580)\n\nIt was discovered that an information leak exists in the Rock Ridge\nimplementation in the Linux kernel. A local attacker who is able to mount a\nmalicious iso9660 file system image could exploit this flaw to obtain\npotentially sensitive information from kernel memory. (CVE-2016-4913)\n\nBaozeng Ding discovered that the Transparent Inter-process Communication\n(TIPC) implementation in the Linux kernel did not verify socket existence\nbefore use in some situations. A local attacker could use this to cause a\ndenial of service (system crash). (CVE-2016-4951)\n\nJesse Hertz and Tim Newsham discovered that the Linux netfilter\nimplementation did not correctly perform validation when handling\nIPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to\ncause a denial of service (system crash) or obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4998)\");\n script_tag(name:\"affected\", value:\"linux-snapdragon on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3016-3\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3016-3/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1019-snapdragon\", ver:\"4.4.0-1019.22\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:35", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-28T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-wily USN-3017-3", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4913", "CVE-2016-4951", "CVE-2016-4569", "CVE-2016-4997", "CVE-2016-4482", "CVE-2016-4578", "CVE-2016-4580", "CVE-2016-4998"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842810", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842810", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-wily USN-3017-3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842810\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-28 05:25:28 +0200 (Tue, 28 Jun 2016)\");\n script_cve_id(\"CVE-2016-4997\", \"CVE-2016-4482\", \"CVE-2016-4569\", \"CVE-2016-4578\",\n\t\t\"CVE-2016-4580\", \"CVE-2016-4913\", \"CVE-2016-4951\", \"CVE-2016-4998\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-wily USN-3017-3\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-wily'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3017-1 fixed vulnerabilities in the Linux\n kernel for Ubuntu 15.10. This update provides the corresponding updates for the\n Linux Hardware Enablement (HWE) kernel from Ubuntu 15.10 for Ubuntu 14.04 LTS.\n\nJesse Hertz and Tim Newsham discovered that the Linux netfilter\nimplementation did not correctly perform validation when handling 32 bit\ncompatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local\nunprivileged attacker could use this to cause a denial of service (system\ncrash) or execute arbitrary code with administrative privileges.\n(CVE-2016-4997)\n\nKangjie Lu discovered an information leak in the core USB implementation in\nthe Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4482)\n\nKangjie Lu discovered an information leak in the timer handling\nimplementation in the Advanced Linux Sound Architecture (ALSA) subsystem of\nthe Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4569, CVE-2016-4578)\n\nKangjie Lu discovered an information leak in the X.25 Call Request handling\nin the Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4580)\n\nIt was discovered that an information leak exists in the Rock Ridge\nimplementation in the Linux kernel. A local attacker who is able to mount a\nmalicious iso9660 file system image could exploit this flaw to obtain\npotentially sensitive information from kernel memory. (CVE-2016-4913)\n\nBaozeng Ding discovered that the Transparent Inter-process Communication\n(TIPC) implementation in the Linux kernel did not verify socket existence\nbefore use in some situations. A local attacker could use this to cause a\ndenial of service (system crash). (CVE-2016-4951)\n\nJesse Hertz and Tim Newsham discovered that the Linux netfilter\nimplementation did not correctly perform validation when handling\nIPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to\ncause a denial of service (system crash) or obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4998)\");\n script_tag(name:\"affected\", value:\"linux-lts-wily on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3017-3\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3017-3/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-41-generic\", ver:\"4.2.0-41.48~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-41-generic-lpae\", ver:\"4.2.0-41.48~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-41-lowlatency\", ver:\"4.2.0-41.48~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-41-powerpc-e500mc\", ver:\"4.2.0-41.48~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-41-powerpc-smp\", ver:\"4.2.0-41.48~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-41-powerpc64-emb\", ver:\"4.2.0-41.48~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-41-powerpc64-smp\", ver:\"4.2.0-41.48~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:05", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-28T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-utopic USN-3019-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4913", "CVE-2016-4569", "CVE-2016-4997", "CVE-2016-4482", "CVE-2016-4578", "CVE-2016-4565", "CVE-2016-4580", "CVE-2016-4998"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842807", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842807", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-utopic USN-3019-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842807\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-28 05:25:02 +0200 (Tue, 28 Jun 2016)\");\n script_cve_id(\"CVE-2016-4997\", \"CVE-2016-4482\", \"CVE-2016-4565\", \"CVE-2016-4569\",\n\t\t\"CVE-2016-4578\", \"CVE-2016-4580\", \"CVE-2016-4913\", \"CVE-2016-4998\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-utopic USN-3019-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-utopic'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Jesse Hertz and Tim Newsham discovered that\n the Linux netfilter implementation did not correctly perform validation when\n handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A\n local unprivileged attacker could use this to cause a denial of service (system\n crash) or execute arbitrary code with administrative privileges.\n (CVE-2016-4997)\n\nKangjie Lu discovered an information leak in the core USB implementation in\nthe Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4482)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel\ncould be coerced into overwriting kernel memory. A local unprivileged\nattacker could use this to possibly gain administrative privileges on\nsystems where InifiniBand related kernel modules are loaded.\n(CVE-2016-4565)\n\nKangjie Lu discovered an information leak in the timer handling\nimplementation in the Advanced Linux Sound Architecture (ALSA) subsystem of\nthe Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4569, CVE-2016-4578)\n\nKangjie Lu discovered an information leak in the X.25 Call Request handling\nin the Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4580)\n\nIt was discovered that an information leak exists in the Rock Ridge\nimplementation in the Linux kernel. A local attacker who is able to mount a\nmalicious iso9660 file system image could exploit this flaw to obtain\npotentially sensitive information from kernel memory. (CVE-2016-4913)\n\nJesse Hertz and Tim Newsham discovered that the Linux netfilter\nimplementation did not correctly perform validation when handling\nIPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to\ncause a denial of service (system crash) or obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4998)\");\n script_tag(name:\"affected\", value:\"linux-lts-utopic on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3019-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3019-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-76-generic\", ver:\"3.16.0-76.98~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-76-generic-lpae\", ver:\"3.16.0-76.98~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-76-lowlatency\", ver:\"3.16.0-76.98~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-76-powerpc-e500mc\", ver:\"3.16.0-76.98~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-76-powerpc-smp\", ver:\"3.16.0-76.98~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-76-powerpc64-emb\", ver:\"3.16.0-76.98~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-76-powerpc64-smp\", ver:\"3.16.0-76.98~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:26", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-28T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-3016-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4913", "CVE-2016-4951", "CVE-2016-4569", "CVE-2016-4997", "CVE-2016-4482", "CVE-2016-4578", "CVE-2016-4580", "CVE-2016-4998"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842812", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842812", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-3016-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842812\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-28 05:25:45 +0200 (Tue, 28 Jun 2016)\");\n script_cve_id(\"CVE-2016-4997\", \"CVE-2016-4482\", \"CVE-2016-4569\", \"CVE-2016-4578\",\n\t\t\"CVE-2016-4580\", \"CVE-2016-4913\", \"CVE-2016-4951\", \"CVE-2016-4998\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3016-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Jesse Hertz and Tim Newsham discovered\n that the Linux netfilter implementation did not correctly perform validation\n when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit\n platforms. A local unprivileged attacker could use this to cause a denial of\n service (system crash) or execute arbitrary code with administrative privileges.\n (CVE-2016-4997)\n\nKangjie Lu discovered an information leak in the core USB implementation in\nthe Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4482)\n\nKangjie Lu discovered an information leak in the timer handling\nimplementation in the Advanced Linux Sound Architecture (ALSA) subsystem of\nthe Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4569, CVE-2016-4578)\n\nKangjie Lu discovered an information leak in the X.25 Call Request handling\nin the Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4580)\n\nIt was discovered that an information leak exists in the Rock Ridge\nimplementation in the Linux kernel. A local attacker who is able to mount a\nmalicious iso9660 file system image could exploit this flaw to obtain\npotentially sensitive information from kernel memory. (CVE-2016-4913)\n\nBaozeng Ding discovered that the Transparent Inter-process Communication\n(TIPC) implementation in the Linux kernel did not verify socket existence\nbefore use in some situations. A local attacker could use this to cause a\ndenial of service (system crash). (CVE-2016-4951)\n\nJesse Hertz and Tim Newsham discovered that the Linux netfilter\nimplementation did not correctly perform validation when handling\nIPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to\ncause a denial of service (system crash) or obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4998)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3016-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3016-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-28-generic\", ver:\"4.4.0-28.47\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-28-generic-lpae\", ver:\"4.4.0-28.47\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-28-lowlatency\", ver:\"4.4.0-28.47\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-28-powerpc-e500mc\", ver:\"4.4.0-28.47\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-28-powerpc-smp\", ver:\"4.4.0-28.47\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-28-powerpc64-emb\", ver:\"4.4.0-28.47\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-28-powerpc64-smp\", ver:\"4.4.0-28.47\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:16", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-28T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-trusty USN-3018-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4913", "CVE-2016-4569", "CVE-2016-4997", "CVE-2016-4482", "CVE-2016-4578", "CVE-2016-4565", "CVE-2016-4580", "CVE-2016-4998"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842805", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842805", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-trusty USN-3018-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842805\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-28 05:24:41 +0200 (Tue, 28 Jun 2016)\");\n script_cve_id(\"CVE-2016-4997\", \"CVE-2016-4482\", \"CVE-2016-4565\", \"CVE-2016-4569\",\n\t\t\"CVE-2016-4578\", \"CVE-2016-4580\", \"CVE-2016-4913\", \"CVE-2016-4998\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-trusty USN-3018-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-trusty'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3018-1 fixed vulnerabilities in the\n Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding\n updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for\n Ubuntu 12.04 LTS.\n\nJesse Hertz and Tim Newsham discovered that the Linux netfilter\nimplementation did not correctly perform validation when handling 32 bit\ncompatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local\nunprivileged attacker could use this to cause a denial of service (system\ncrash) or execute arbitrary code with administrative privileges.\n(CVE-2016-4997)\n\nKangjie Lu discovered an information leak in the core USB implementation in\nthe Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4482)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel\ncould be coerced into overwriting kernel memory. A local unprivileged\nattacker could use this to possibly gain administrative privileges on\nsystems where InifiniBand related kernel modules are loaded.\n(CVE-2016-4565)\n\nKangjie Lu discovered an information leak in the timer handling\nimplementation in the Advanced Linux Sound Architecture (ALSA) subsystem of\nthe Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4569, CVE-2016-4578)\n\nKangjie Lu discovered an information leak in the X.25 Call Request handling\nin the Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4580)\n\nIt was discovered that an information leak exists in the Rock Ridge\nimplementation in the Linux kernel. A local attacker who is able to mount a\nmalicious iso9660 file system image could exploit this flaw to obtain\npotentially sensitive information from kernel memory. (CVE-2016-4913)\n\nJesse Hertz and Tim Newsham discovered that the Linux netfilter\nimplementation did not correctly perform validation when handling\nIPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to\ncause a denial of service (system crash) or obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4998)\");\n script_tag(name:\"affected\", value:\"linux-lts-trusty on Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3018-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3018-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-91-generic\", ver:\"3.13.0-91.138~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-91-generic-lpae\", ver:\"3.13.0-91.138~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-28T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-vivid USN-3020-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4913", "CVE-2016-4951", "CVE-2016-4569", "CVE-2016-4997", "CVE-2016-4482", "CVE-2016-4578", "CVE-2016-4580", "CVE-2016-4998"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842808", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842808", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-vivid USN-3020-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842808\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-28 05:25:11 +0200 (Tue, 28 Jun 2016)\");\n script_cve_id(\"CVE-2016-4997\", \"CVE-2016-4482\", \"CVE-2016-4569\", \"CVE-2016-4578\",\n \t\t\"CVE-2016-4580\", \"CVE-2016-4913\", \"CVE-2016-4951\", \"CVE-2016-4998\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-vivid USN-3020-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-vivid'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Jesse Hertz and Tim Newsham discovered that\n the Linux netfilter implementation did not correctly perform validation when\n handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A\n local unprivileged attacker could use this to cause a denial of service (system\n crash) or execute arbitrary code with administrative privileges.\n (CVE-2016-4997)\n\nKangjie Lu discovered an information leak in the core USB implementation in\nthe Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4482)\n\nKangjie Lu discovered an information leak in the timer handling\nimplementation in the Advanced Linux Sound Architecture (ALSA) subsystem of\nthe Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4569, CVE-2016-4578)\n\nKangjie Lu discovered an information leak in the X.25 Call Request handling\nin the Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4580)\n\nIt was discovered that an information leak exists in the Rock Ridge\nimplementation in the Linux kernel. A local attacker who is able to mount a\nmalicious iso9660 file system image could exploit this flaw to obtain\npotentially sensitive information from kernel memory. (CVE-2016-4913)\n\nBaozeng Ding discovered that the Transparent Inter-process Communication\n(TIPC) implementation in the Linux kernel did not verify socket existence\nbefore use in some situations. A local attacker could use this to cause a\ndenial of service (system crash). (CVE-2016-4951)\n\nJesse Hertz and Tim Newsham discovered that the Linux netfilter\nimplementation did not correctly perform validation when handling\nIPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to\ncause a denial of service (system crash) or obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4998)\");\n script_tag(name:\"affected\", value:\"linux-lts-vivid on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3020-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3020-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-64-generic\", ver:\"3.19.0-64.72~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-64-generic-lpae\", ver:\"3.19.0-64.72~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-64-lowlatency\", ver:\"3.19.0-64.72~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-64-powerpc-e500mc\", ver:\"3.19.0-64.72~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-64-powerpc-smp\", ver:\"3.19.0-64.72~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-64-powerpc64-emb\", ver:\"3.19.0-64.72~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-64-powerpc64-smp\", ver:\"3.19.0-64.72~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:48", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-28T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-3018-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4913", "CVE-2016-4569", "CVE-2016-4997", "CVE-2016-4482", "CVE-2016-4578", "CVE-2016-4565", "CVE-2016-4580", "CVE-2016-4998"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842813", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842813", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-3018-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842813\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-28 05:25:54 +0200 (Tue, 28 Jun 2016)\");\n script_cve_id(\"CVE-2016-4997\", \"CVE-2016-4482\", \"CVE-2016-4565\", \"CVE-2016-4569\",\n\t\t\"CVE-2016-4578\", \"CVE-2016-4580\", \"CVE-2016-4913\", \"CVE-2016-4998\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3018-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Jesse Hertz and Tim Newsham discovered that\n the Linux netfilter implementation did not correctly perform validation when\n handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A\n local unprivileged attacker could use this to cause a denial of service (system\n crash) or execute arbitrary code with administrative privileges.\n (CVE-2016-4997)\n\nKangjie Lu discovered an information leak in the core USB implementation in\nthe Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4482)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel\ncould be coerced into overwriting kernel memory. A local unprivileged\nattacker could use this to possibly gain administrative privileges on\nsystems where InifiniBand related kernel modules are loaded.\n(CVE-2016-4565)\n\nKangjie Lu discovered an information leak in the timer handling\nimplementation in the Advanced Linux Sound Architecture (ALSA) subsystem of\nthe Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4569, CVE-2016-4578)\n\nKangjie Lu discovered an information leak in the X.25 Call Request handling\nin the Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4580)\n\nIt was discovered that an information leak exists in the Rock Ridge\nimplementation in the Linux kernel. A local attacker who is able to mount a\nmalicious iso9660 file system image could exploit this flaw to obtain\npotentially sensitive information from kernel memory. (CVE-2016-4913)\n\nJesse Hertz and Tim Newsham discovered that the Linux netfilter\nimplementation did not correctly perform validation when handling\nIPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to\ncause a denial of service (system crash) or obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4998)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3018-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3018-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-91-generic\", ver:\"3.13.0-91.138\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-91-generic-lpae\", ver:\"3.13.0-91.138\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-91-lowlatency\", ver:\"3.13.0-91.138\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-91-powerpc-e500\", ver:\"3.13.0-91.138\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-91-powerpc-e500mc\", ver:\"3.13.0-91.138\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-91-powerpc-smp\", ver:\"3.13.0-91.138\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-91-powerpc64-emb\", ver:\"3.13.0-91.138\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-91-powerpc64-smp\", ver:\"3.13.0-91.138\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-05T16:39:00", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1520)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7825", "CVE-2018-20784", "CVE-2015-2922", "CVE-2015-7550", "CVE-2014-3647", "CVE-2018-10881", "CVE-2017-18261", "CVE-2018-13099", "CVE-2017-7294", "CVE-2016-8630", "CVE-2018-1120", "CVE-2014-2309", "CVE-2016-4485", "CVE-2016-4482", "CVE-2016-3136", "CVE-2016-8646", "CVE-2013-7269", "CVE-2018-14612", "CVE-2014-7826", "CVE-2017-18221", "CVE-2015-4036"], "modified": "2020-02-05T00:00:00", "id": "OPENVAS:1361412562311220191520", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191520", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1520\");\n script_version(\"2020-02-05T08:56:28+0000\");\n script_cve_id(\"CVE-2013-7269\", \"CVE-2014-2309\", \"CVE-2014-3647\", \"CVE-2014-7826\", \"CVE-2015-2922\", \"CVE-2015-4036\", \"CVE-2015-7550\", \"CVE-2016-3136\", \"CVE-2016-4482\", \"CVE-2016-4485\", \"CVE-2016-8630\", \"CVE-2016-8646\", \"CVE-2017-18221\", \"CVE-2017-18261\", \"CVE-2017-7294\", \"CVE-2018-10881\", \"CVE-2018-1120\", \"CVE-2018-13099\", \"CVE-2018-14612\", \"CVE-2018-20784\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-02-05 08:56:28 +0000 (Wed, 05 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:02:59 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1520)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1520\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1520\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1520 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Array index error in the tcm_vhost_make_tpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted VHOST_SCSI_SET_ENDPOINT ioctl call. NOTE: the affected function was renamed to vhost_scsi_make_tpg before the vulnerability was announced.(CVE-2015-4036)\n\nThe llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message.(CVE-2016-4485)\n\nThe nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.(CVE-2013-7269)\n\nThe mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors.(CVE-2016-3136)\n\nAn out-of-bounds memory access flaw, CVE-2014-7825, was found in the syscall tracing functionality of the Linux kernel's perf subsystem. A local, unprivileged user could use this flaw to crash the system. Additionally, an out-of-bounds memory access flaw, CVE-2014-7826, was found in the syscall tracing functionality of the Linux kernel's ftrace subsystem. On a system with ftrace syscall tracing enabled, a local, unprivileged user could use this flaw to crash the system, or escalate their privileges.(CVE-2014-7826)\n\nLinux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support is vulnerable to a null pointer dereference flaw. It could occur on x86 platform, when emulating an undefined instruction. An attacker could use this flaw to crash the host kernel resulting in DoS.(CVE-2016-8630)\n\nA flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.(CVE-2018-10881)\n\nThe arch_timer_reg_read_stable macro in arch/arm64/include/asm/arch_timer.h in the Linux kernel before 4.13 allows local users to cause a denial of service (infinite recursion) by writing to a file under /sys/kernel/debug in certain circumstances, as demonstrated by a sc ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-14T18:57:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-08-30T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2016:2184-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5244", "CVE-2015-8551", "CVE-2016-2053", "CVE-2016-5828", "CVE-2016-4486", "CVE-2014-9904", "CVE-2016-1583", "CVE-2016-0758", "CVE-2016-4569", "CVE-2016-5829", "CVE-2016-4997", "CVE-2016-4482", "CVE-2015-7833", "CVE-2016-4578", "CVE-2016-4805", "CVE-2015-8552", "CVE-2016-4470", "CVE-2016-4565", "CVE-2015-8845", "CVE-2016-3672", "CVE-2016-4998"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851388", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851388", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851388\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-08-30 05:44:46 +0200 (Tue, 30 Aug 2016)\");\n script_cve_id(\"CVE-2014-9904\", \"CVE-2015-7833\", \"CVE-2015-8551\", \"CVE-2015-8552\",\n \"CVE-2015-8845\", \"CVE-2016-0758\", \"CVE-2016-1583\", \"CVE-2016-2053\",\n \"CVE-2016-3672\", \"CVE-2016-4470\", \"CVE-2016-4482\", \"CVE-2016-4486\",\n \"CVE-2016-4565\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4805\",\n \"CVE-2016-4997\", \"CVE-2016-4998\", \"CVE-2016-5244\", \"CVE-2016-5828\",\n \"CVE-2016-5829\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2016:2184-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The openSUSE 13.1 kernel was updated to 3.12.62 to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2014-9904: The snd_compress_check_input function in\n sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel\n did not properly check for an integer overflow, which allowed local\n users to cause a denial of service (insufficient memory allocation) or\n possibly have unspecified other impact via a crafted\n SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811).\n\n - CVE-2015-7833: The usbvision driver in the Linux kernel allowed\n physically proximate attackers to cause a denial of service (panic) via\n a nonzero bInterfaceNumber value in a USB device descriptor (bnc#950998).\n\n - CVE-2015-8551: The PCI backend driver in Xen, when running on an x86\n system and using Linux 3.1.x through 4.3.x as the driver domain, allowed\n local guest administrators to hit BUG conditions and cause a denial of\n service (NULL pointer dereference and host OS crash) by leveraging a\n system with access to a passed-through MSI or MSI-X capable physical PCI\n device and a crafted sequence of XEN_PCI_OP_* operations, aka 'Linux\n pciback missing sanity checks (bnc#957990).\n\n - CVE-2015-8552: The PCI backend driver in Xen, when running on an x86\n system and using Linux 3.1.x through 4.3.x as the driver domain, allowed\n local guest administrators to generate a continuous stream of WARN\n messages and cause a denial of service (disk consumption) by leveraging\n a system with access to a passed-through MSI or MSI-X capable physical\n PCI device and XEN_PCI_OP_enable_msi operations, aka 'Linux pciback\n missing sanity checks (bnc#957990).\n\n - CVE-2015-8845: The tm_reclaim_thread function in\n arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms\n did not ensure that TM suspend mode exists before proceeding with a\n tm_reclaim call, which allowed local users to cause a denial of service\n (TM Bad Thing exception and panic) via a crafted application (bnc#975531\n bsc#975533).\n\n - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux\n kernel allowed local users to gain privileges via crafted ASN.1 data\n (bnc#979867).\n\n - CVE-2016-1583: The ecryptfs_privileged_open function in\n fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain\n privileges or cause a denial of service (stack memory consumption) via\n vectors involving crafted mmap calls for /proc pathnames, leading to\n recursive pagefault handling. (bsc#983143)\n\n - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in\n the Linux kernel allowed attac ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"kernel on openSUSE 13.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:2184-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.1\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop\", rpm:\"cloop~2.639~11.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-debuginfo\", rpm:\"cloop-debuginfo~2.639~11.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-debugsource\", rpm:\"cloop-debugsource~2.639~11.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-default\", rpm:\"cloop-kmp-default~2.639_k3.12.62_52~11.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-default-debuginfo\", rpm:\"cloop-kmp-default-debuginfo~2.639_k3.12.62_52~11.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-desktop\", rpm:\"cloop-kmp-desktop~2.639_k3.12.62_52~11.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-desktop-debuginfo\", rpm:\"cloop-kmp-desktop-debuginfo~2.639_k3.12.62_52~11.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-xen\", rpm:\"cloop-kmp-xen~2.639_k3.12.62_52~11.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-xen-debuginfo\", rpm:\"cloop-kmp-xen-debuginfo~2.639_k3.12.62_52~11.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash\", rpm:\"crash~7.0.2~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-debuginfo\", rpm:\"crash-debuginfo~7.0.2~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-debugsource\", rpm:\"crash-debugsource~7.0.2~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-devel\", rpm:\"crash-devel~7.0.2~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-doc\", rpm:\"crash-doc~7.0.2~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-eppic\", rpm:\"crash-eppic~7.0.2~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-eppic-debuginfo\", rpm:\"crash-eppic-debuginfo~7.0.2~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-gcore\", rpm:\"crash-gcore~7.0.2~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-gcore-debuginfo\", rpm:\"crash-gcore-debuginfo~7.0.2~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-default\", rpm:\"crash-kmp-default~7.0.2_k3.12.62_52~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-default-debuginfo\", rpm:\"crash-kmp-default-debuginfo~7.0.2_k3.12.62_52~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-desktop\", rpm:\"crash-kmp-desktop~7.0.2_k3.12.62_52~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-desktop-debuginfo\", rpm:\"crash-kmp-desktop-debuginfo~7.0.2_k3.12.62_52~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-xen\", rpm:\"crash-kmp-xen~7.0.2_k3.12.62_52~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-xen-debuginfo\", rpm:\"crash-kmp-xen-debuginfo~7.0.2_k3.12.62_52~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-debugsource\", rpm:\"hdjmod-debugsource~1.28~16.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-default\", rpm:\"hdjmod-kmp-default~1.28_k3.12.62_52~16.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-default-debuginfo\", rpm:\"hdjmod-kmp-default-debuginfo~1.28_k3.12.62_52~16.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-desktop\", rpm:\"hdjmod-kmp-desktop~1.28_k3.12.62_52~16.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-desktop-debuginfo\", rpm:\"hdjmod-kmp-desktop-debuginfo~1.28_k3.12.62_52~16.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-xen\", rpm:\"hdjmod-kmp-xen~1.28_k3.12.62_52~16.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-xen-debuginfo\", rpm:\"hdjmod-kmp-xen-debuginfo~1.28_k3.12.62_52~16.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset\", rpm:\"ipset~6.21.1~2.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-debuginfo\", rpm:\"ipset-debuginfo~6.21.1~2.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-debugsource\", rpm:\"ipset-debugsource~6.21.1~2.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-devel\", rpm:\"ipset-devel~6.21.1~2.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-default\", rpm:\"ipset-kmp-default~6.21.1_k3.12.62_52~2.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-default-debuginfo\", rpm:\"ipset-kmp-default-debuginfo~6.21.1_k3.12.62_52~2.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-desktop\", rpm:\"ipset-kmp-desktop~6.21.1_k3.12.62_52~2.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-desktop-debuginfo\", rpm:\"ipset-kmp-desktop-debuginfo~6.21.1_k3.12.62_52~2.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-xen\", rpm:\"ipset-kmp-xen~6.21.1_k3.12.62_52~2.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-xen-debuginfo\", rpm:\"ipset-kmp-xen-debuginfo~6.21.1_k3.12.62_52~2.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget\", rpm:\"iscsitarget~1.4.20.3~13.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-debuginfo\", rpm:\"iscsitarget-debuginfo~1.4.20.3~13.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-debugsource\", rpm:\"iscsitarget-debugsource~1.4.20.3~13.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-default\", rpm:\"iscsitarget-kmp-default~1.4.20.3_k3.12.62_52~13.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-default-debuginfo\", rpm:\"iscsitarget-kmp-default-debuginfo~1.4.20.3_k3.12.62_52~13.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-desktop\", rpm:\"iscsitarget-kmp-desktop~1.4.20.3_k3.12.62_52~13.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-desktop-debuginfo\", rpm:\"iscsitarget-kmp-desktop-debuginfo~1.4.20.3_k3.12.62_52~13.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-xen\", rpm:\"iscsitarget-kmp-xen~1.4.20.3_k3.12.62_52~13.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-xen-debuginfo\", rpm:\"iscsitarget-kmp-xen-debuginfo~1.4.20.3_k3.12.62_52~13.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libipset3\", rpm:\"libipset3~6.21.1~2.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libipset3-debuginfo\", rpm:\"libipset3-debuginfo~6.21.1~2.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper\", rpm:\"ndiswrapper~1.58~33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-debuginfo\", rpm:\"ndiswrapper-debuginfo~1.58~33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-debugsource\", rpm:\"ndiswrapper-debugsource~1.58~33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-kmp-default\", rpm:\"ndiswrapper-kmp-default~1.58_k3.12.62_52~33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-kmp-default-debuginfo\", rpm:\"ndiswrapper-kmp-default-debuginfo~1.58_k3.12.62_52~33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-kmp-desktop\", rpm:\"ndiswrapper-kmp-desktop~1.58_k3.12.62_52~33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-kmp-desktop-debuginfo\", rpm:\"ndiswrapper-kmp-desktop-debuginfo~1.58_k3.12.62_52~33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch\", rpm:\"openvswitch~1.11.0~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-controller\", rpm:\"openvswitch-controller~1.11.0~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-controller-debuginfo\", rpm:\"openvswitch-controller-debuginfo~1.11.0~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-debuginfo\", rpm:\"openvswitch-debuginfo~1.11.0~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-debugsource\", rpm:\"openvswitch-debugsource~1.11.0~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-kmp-default\", rpm:\"openvswitch-kmp-default~1.11.0_k3.12.62_52~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-kmp-default-debuginfo\", rpm:\"openvswitch-kmp-default-debuginfo~1.11.0_k3.12.62_52~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-kmp-desktop\", rpm:\"openvswitch-kmp-desktop~1.11.0_k3.12.62_52~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-kmp-desktop-debuginfo\", rpm:\"openvswitch-kmp-desktop-debuginfo~1.11.0_k3.12.62_52~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-kmp-xen\", rpm:\"openvswitch-kmp-xen~1.11.0_k3.12.62_52~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-kmp-xen-debuginfo\", rpm:\"openvswitch-kmp-xen-debuginfo~1.11.0_k3.12.62_52~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-pki\", rpm:\"openvswitch-pki~1.11.0~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-switch\", rpm:\"openvswitch-switch~1.11.0~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-switch-debuginfo\", rpm:\"openvswitch-switch-debuginfo~1.11.0~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-test\", rpm:\"openvswitch-test~1.11.0~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock\", rpm:\"pcfclock~0.44~258.33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-debuginfo\", rpm:\"pcfclock-debuginfo~0.44~258.33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-debugsource\", rpm:\"pcfclock-debugsource~0.44~258.33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-default\", rpm:\"pcfclock-kmp-default~0.44_k3.12.62_52~258.33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-default-debuginfo\", rpm:\"pcfclock-kmp-default-debuginfo~0.44_k3.12.62_52~258.33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-desktop\", rpm:\"pcfclock-kmp-desktop~0.44_k3.12.62_52~258.33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-desktop-debuginfo\", rpm:\"pcfclock-kmp-desktop-debuginfo~0.44_k3.12.62_52~258.33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-openvswitch\", rpm:\"python-openvswitch~1.11.0~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-openvswitch-test\", rpm:\"python-openvswitch-test~1.11.0~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-virtualbox\", rpm:\"python-virtualbox~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-virtualbox-debuginfo\", rpm:\"python-virtualbox-debuginfo~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-debugsource\", rpm:\"vhba-kmp-debugsource~20130607~2.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-default-\", rpm:\"vhba-kmp-default~20130607_k3.12.62_52~2.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-default-debuginfo-\", rpm:\"vhba-kmp-default-debuginfo~20130607_k3.12.62_52~2.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-desktop-\", rpm:\"vhba-kmp-desktop~20130607_k3.12.62_52~2.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-desktop-debuginfo-\", rpm:\"vhba-kmp-desktop-debuginfo~20130607_k3.12.62_52~2.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-xen-\", rpm:\"vhba-kmp-xen~20130607_k3.12.62_52~2.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-xen-debuginfo-\", rpm:\"vhba-kmp-xen-debuginfo~20130607_k3.12.62_52~2.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox\", rpm:\"virtualbox~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-debuginfo\", rpm:\"virtualbox-debuginfo~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-debugsource\", rpm:\"virtualbox-debugsource~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-devel\", rpm:\"virtualbox-devel~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-default\", rpm:\"virtualbox-guest-kmp-default~4.2.36_k3.12.62_52~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-default-debuginfo\", rpm:\"virtualbox-guest-kmp-default-debuginfo~4.2.36_k3.12.62_52~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-desktop\", rpm:\"virtualbox-guest-kmp-desktop~4.2.36_k3.12.62_52~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-desktop-debuginfo\", rpm:\"virtualbox-guest-kmp-desktop-debuginfo~4.2.36_k3.12.62_52~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-tools\", rpm:\"virtualbox-guest-tools~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-tools-debuginfo\", rpm:\"virtualbox-guest-tools-debuginfo~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-x11\", rpm:\"virtualbox-guest-x11~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-x11-debuginfo\", rpm:\"virtualbox-guest-x11-debuginfo~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-default\", rpm:\"virtualbox-host-kmp-default~4.2.36_k3.12.62_52~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-default-debuginfo\", rpm:\"virtualbox-host-kmp-default-debuginfo~4.2.36_k3.12.62_52~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-desktop\", rpm:\"virtualbox-host-kmp-desktop~4.2.36_k3.12.62_52~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-desktop-debuginfo\", rpm:\"virtualbox-host-kmp-desktop-debuginfo~4.2.36_k3.12.62_52~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-qt\", rpm:\"virtualbox-qt~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-qt-debuginfo\", rpm:\"virtualbox-qt-debuginfo~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-websrv\", rpm:\"virtualbox-websrv~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-websrv-debuginfo\", rpm:\"virtualbox-websrv-debuginfo~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-debugsource\", rpm:\"xen-debugsource~4.3.4_10~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~4.3.4_10~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-default\", rpm:\"xen-kmp-default~4.3.4_10_k3.12.62_52~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-default-debuginfo\", rpm:\"xen-kmp-default-debuginfo~4.3.4_10_k3.12.62_52~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-desktop\", rpm:\"xen-kmp-desktop~4.3.4_10_k3.12.62_52~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-desktop-debuginfo\", rpm:\"xen-kmp-desktop-debuginfo~4.3.4_10_k3.12.62_52~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~4.3.4_10~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo\", rpm:\"xen-libs-debuginfo~4.3.4_10~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~4.3.4_10~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU-debuginfo\", rpm:\"xen-tools-domU-debuginfo~4.3.4_10~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons\", rpm:\"xtables-addons~2.3~2.31.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-debuginfo\", rpm:\"xtables-addons-debuginfo~2.3~2.31.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-debugsource\", rpm:\"xtables-addons-debugsource~2.3~2.31.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-default\", rpm:\"xtables-addons-kmp-default~2.3_k3.12.62_52~2.31.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-default-debuginfo\", rpm:\"xtables-addons-kmp-default-debuginfo~2.3_k3.12.62_52~2.31.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-desktop\", rpm:\"xtables-addons-kmp-desktop~2.3_k3.12.62_52~2.31.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-desktop-debuginfo\", rpm:\"xtables-addons-kmp-desktop-debuginfo~2.3_k3.12.62_52~2.31.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-xen\", rpm:\"xtables-addons-kmp-xen~2.3_k3.12.62_52~2.31.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-xen-debuginfo\", rpm:\"xtables-addons-kmp-xen-debuginfo~2.3_k3.12.62_52~2.31.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop\", rpm:\"kernel-desktop~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-base\", rpm:\"kernel-desktop-base~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-base-debuginfo\", rpm:\"kernel-desktop-base-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-debuginfo\", rpm:\"kernel-desktop-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-debugsource\", rpm:\"kernel-desktop-debugsource~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-devel\", rpm:\"kernel-desktop-devel~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base-debuginfo\", rpm:\"kernel-ec2-base-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debuginfo\", rpm:\"kernel-ec2-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debugsource\", rpm:\"kernel-ec2-debugsource~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-base-debuginfo\", rpm:\"kernel-trace-base-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-debuginfo\", rpm:\"kernel-trace-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-debugsource\", rpm:\"kernel-trace-debugsource~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-devel\", rpm:\"kernel-trace-devel~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base-debuginfo\", rpm:\"kernel-xen-base-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~3.12.62~52.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-source\", rpm:\"virtualbox-host-source~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.3.4_10~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~4.3.4_10~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-32bit\", rpm:\"xen-libs-32bit~4.3.4_10~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo-32bit\", rpm:\"xen-libs-debuginfo-32bit~4.3.4_10~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~4.3.4_10~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-debuginfo\", rpm:\"xen-tools-debuginfo~4.3.4_10~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-xend-tools\", rpm:\"xen-xend-tools~4.3.4_10~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-xend-tools-debuginfo\", rpm:\"xen-xend-tools-debuginfo~4.3.4_10~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-pae\", rpm:\"cloop-kmp-pae~2.639_k3.12.62_52~11.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-pae-debuginfo\", rpm:\"cloop-kmp-pae-debuginfo~2.639_k3.12.62_52~11.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-pae\", rpm:\"crash-kmp-pae~7.0.2_k3.12.62_52~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-pae-debuginfo\", rpm:\"crash-kmp-pae-debuginfo~7.0.2_k3.12.62_52~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-pae\", rpm:\"hdjmod-kmp-pae~1.28_k3.12.62_52~16.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-pae-debuginfo\", rpm:\"hdjmod-kmp-pae-debuginfo~1.28_k3.12.62_52~16.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-pae\", rpm:\"ipset-kmp-pae~6.21.1_k3.12.62_52~2.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-pae-debuginfo\", rpm:\"ipset-kmp-pae-debuginfo~6.21.1_k3.12.62_52~2.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-pae\", rpm:\"iscsitarget-kmp-pae~1.4.20.3_k3.12.62_52~13.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-pae-debuginfo\", rpm:\"iscsitarget-kmp-pae-debuginfo~1.4.20.3_k3.12.62_52~13.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-kmp-pae\", rpm:\"ndiswrapper-kmp-pae~1.58_k3.12.62_52~33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-kmp-pae-debuginfo\", rpm:\"ndiswrapper-kmp-pae-debuginfo~1.58_k3.12.62_52~33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-kmp-pae\", rpm:\"openvswitch-kmp-pae~1.11.0_k3.12.62_52~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-kmp-pae-debuginfo\", rpm:\"openvswitch-kmp-pae-debuginfo~1.11.0_k3.12.62_52~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-pae\", rpm:\"pcfclock-kmp-pae~0.44_k3.12.62_52~258.33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-pae-debuginfo\", rpm:\"pcfclock-kmp-pae-debuginfo~0.44_k3.12.62_52~258.33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-pae-\", rpm:\"vhba-kmp-pae~20130607_k3.12.62_52~2.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-pae-debuginfo-\", rpm:\"vhba-kmp-pae-debuginfo~20130607_k3.12.62_52~2.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-pae\", rpm:\"virtualbox-guest-kmp-pae~4.2.36_k3.12.62_52~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-pae-debuginfo\", rpm:\"virtualbox-guest-kmp-pae-debuginfo~4.2.36_k3.12.62_52~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-pae\", rpm:\"virtualbox-host-kmp-pae~4.2.36_k3.12.62_52~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-pae-debuginfo\", rpm:\"virtualbox-host-kmp-pae-debuginfo~4.2.36_k3.12.62_52~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-pae\", rpm:\"xen-kmp-pae~4.3.4_10_k3.12.62_52~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-pae-debuginfo\", rpm:\"xen-kmp-pae-debuginfo~4.3.4_10_k3.12.62_52~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-pae\", rpm:\"xtables-addons-kmp-pae~2.3_k3.12.62_52~2.31.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-pae-debuginfo\", rpm:\"xtables-addons-kmp-pae-debuginfo~2.3_k3.12.62_52~2.31.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base-debuginfo\", rpm:\"kernel-pae-base-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debuginfo\", rpm:\"kernel-pae-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debugsource\", rpm:\"kernel-pae-debugsource~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-14T18:56:44", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-08-25T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2016:2144-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2384", "CVE-2016-2782", "CVE-2016-5244", "CVE-2016-2543", "CVE-2015-3288", "CVE-2016-4913", "CVE-2016-4581", "CVE-2016-2053", "CVE-2016-3689", "CVE-2016-2847", "CVE-2016-2548", "CVE-2016-3139", "CVE-2016-4486", "CVE-2016-2186", "CVE-2014-9904", "CVE-2016-2187", "CVE-2015-6526", "CVE-2016-2547", "CVE-2016-3156", "CVE-2016-1583", "CVE-2016-0758", "CVE-2015-8812", "CVE-2016-2544", "CVE-2016-4569", "CVE-2016-2184", "CVE-2015-8830", "CVE-2012-6701", "CVE-2016-3951", "CVE-2016-3137", "CVE-2016-5829", "CVE-2016-4485", "CVE-2016-4997", "CVE-2016-2545", "CVE-2016-4482", "CVE-2016-3136", "CVE-2016-3138", "CVE-2016-3140", "CVE-2016-2546", "CVE-2015-7566", "CVE-2016-2549", "CVE-2016-4578", "CVE-2015-8816", "CVE-2016-2185", "CVE-2016-4805", "CVE-2013-7446", "CVE-2016-4470", "CVE-2015-8709", "CVE-2016-4565", "CVE-2016-4580", "CVE-2016-3672", "CVE-2015-8785", "CVE-2016-3134", "CVE-2016-2188"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851386", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851386", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851386\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-08-25 05:40:38 +0200 (Thu, 25 Aug 2016)\");\n script_cve_id(\"CVE-2012-6701\", \"CVE-2013-7446\", \"CVE-2014-9904\", \"CVE-2015-3288\",\n \"CVE-2015-6526\", \"CVE-2015-7566\", \"CVE-2015-8709\", \"CVE-2015-8785\",\n \"CVE-2015-8812\", \"CVE-2015-8816\", \"CVE-2015-8830\", \"CVE-2016-0758\",\n \"CVE-2016-1583\", \"CVE-2016-2053\", \"CVE-2016-2184\", \"CVE-2016-2185\",\n \"CVE-2016-2186\", \"CVE-2016-2187\", \"CVE-2016-2188\", \"CVE-2016-2384\",\n \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\",\n \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-2782\",\n \"CVE-2016-2847\", \"CVE-2016-3134\", \"CVE-2016-3136\", \"CVE-2016-3137\",\n \"CVE-2016-3138\", \"CVE-2016-3139\", \"CVE-2016-3140\", \"CVE-2016-3156\",\n \"CVE-2016-3672\", \"CVE-2016-3689\", \"CVE-2016-3951\", \"CVE-2016-4470\",\n \"CVE-2016-4482\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\",\n \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4580\", \"CVE-2016-4581\",\n \"CVE-2016-4805\", \"CVE-2016-4913\", \"CVE-2016-4997\", \"CVE-2016-5244\",\n \"CVE-2016-5829\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2016:2144-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The openSUSE 13.2 kernel was updated to fix various bugs and security\n issues.\n\n The following security bugs were fixed:\n\n - CVE-2016-1583: Prevent the usage of mmap when the lower file system does\n not allow it. This could have lead to local privilege escalation when\n ecryptfs-utils was installed and /sbin/mount.ecryptfs_private was setuid\n (bsc#983143).\n\n - CVE-2016-4913: The get_rock_ridge_filename function in fs/isofs/rock.c\n in the Linux kernel mishandles NM (aka alternate name) entries\n containing \\0 characters, which allowed local users to obtain sensitive\n information from kernel memory or possibly have unspecified other impact\n via a crafted isofs filesystem (bnc#980725).\n\n - CVE-2016-4580: The x25_negotiate_facilities function in\n net/x25/x25_facilities.c in the Linux kernel did not properly initialize\n a certain data structure, which allowed attackers to obtain sensitive\n information from kernel stack memory via an X.25 Call Request\n (bnc#981267).\n\n - CVE-2016-0758: Tags with indefinite length could have corrupted pointers\n in asn1_find_indefinite_length (bsc#979867).\n\n - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in\n the Linux kernel allowed attackers to cause a denial of service (panic)\n via an ASN.1 BER file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bnc#963762).\n\n - CVE-2016-2187: The gtco_probe function in drivers/input/tablet/gtco.c in\n the Linux kernel allowed physically proximate attackers to cause a\n denial of service (NULL pointer dereference and system crash) via a\n crafted endpoints value in a USB device descriptor (bnc#971919 971944).\n\n - CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c\n in the Linux kernel did not initialize a certain data structure, which\n allowed local users to obtain sensitive information from kernel stack\n memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bnc#978401\n bsc#978445).\n\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel\n incorrectly relies on the write system call, which allowed local users\n to cause a denial of service (kernel memory write operation) or possibly\n have unspecified other impact via a uAPI interface (bnc#979548\n bsc#980363).\n\n - CVE-2016-3672: The arch_pick_mmap_layout function in arch/x86/mm/mmap.c\n in the Linux kernel did not properly randomize the legacy base address,\n which made it easier for local users to defeat the intended restrictions\n on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism\n for a setuid or ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"kernel on openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:2144-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"bbswitch\", rpm:\"bbswitch~0.8~3.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bbswitch-debugsource\", rpm:\"bbswitch-debugsource~0.8~3.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bbswitch-kmp-default\", rpm:\"bbswitch-kmp-default~0.8_k3.16.7_42~3.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bbswitch-kmp-default-debuginfo\", rpm:\"bbswitch-kmp-default-debuginfo~0.8_k3.16.7_42~3.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bbswitch-kmp-desktop\", rpm:\"bbswitch-kmp-desktop~0.8_k3.16.7_42~3.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bbswitch-kmp-desktop-debuginfo\", rpm:\"bbswitch-kmp-desktop-debuginfo~0.8_k3.16.7_42~3.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bbswitch-kmp-xen\", rpm:\"bbswitch-kmp-xen~0.8_k3.16.7_42~3.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bbswitch-kmp-xen-debuginfo\", rpm:\"bbswitch-kmp-xen-debuginfo~0.8_k3.16.7_42~3.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop\", rpm:\"cloop~2.639~14.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-debuginfo\", rpm:\"cloop-debuginfo~2.639~14.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-debugsource\", rpm:\"cloop-debugsource~2.639~14.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-default\", rpm:\"cloop-kmp-default~2.639_k3.16.7_42~14.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-default-debuginfo\", rpm:\"cloop-kmp-default-debuginfo~2.639_k3.16.7_42~14.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-desktop\", rpm:\"cloop-kmp-desktop~2.639_k3.16.7_42~14.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-desktop-debuginfo\", rpm:\"cloop-kmp-desktop-debuginfo~2.639_k3.16.7_42~14.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-xen\", rpm:\"cloop-kmp-xen~2.639_k3.16.7_42~14.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-xen-debuginfo\", rpm:\"cloop-kmp-xen-debuginfo~2.639_k3.16.7_42~14.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash\", rpm:\"crash~7.0.8~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-debuginfo\", rpm:\"crash-debuginfo~7.0.8~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-debugsource\", rpm:\"crash-debugsource~7.0.8~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-devel\", rpm:\"crash-devel~7.0.8~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-doc\", rpm:\"crash-doc~7.0.8~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-eppic\", rpm:\"crash-eppic~7.0.8~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-eppic-debuginfo\", rpm:\"crash-eppic-debuginfo~7.0.8~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-gcore\", rpm:\"crash-gcore~7.0.8~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-gcore-debuginfo\", rpm:\"crash-gcore-debuginfo~7.0.8~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-default\", rpm:\"crash-kmp-default~7.0.8_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-default-debuginfo\", rpm:\"crash-kmp-default-debuginfo~7.0.8_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-desktop\", rpm:\"crash-kmp-desktop~7.0.8_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-desktop-debuginfo\", rpm:\"crash-kmp-desktop-debuginfo~7.0.8_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-xen\", rpm:\"crash-kmp-xen~7.0.8_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-xen-debuginfo\", rpm:\"crash-kmp-xen-debuginfo~7.0.8_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-debugsource\", rpm:\"hdjmod-debugsource~1.28~18.21.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-default\", rpm:\"hdjmod-kmp-default~1.28_k3.16.7_42~18.21.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-default-debuginfo\", rpm:\"hdjmod-kmp-default-debuginfo~1.28_k3.16.7_42~18.21.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-desktop\", rpm:\"hdjmod-kmp-desktop~1.28_k3.16.7_42~18.21.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-desktop-debuginfo\", rpm:\"hdjmod-kmp-desktop-debuginfo~1.28_k3.16.7_42~18.21.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-xen\", rpm:\"hdjmod-kmp-xen~1.28_k3.16.7_42~18.21.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-xen-debuginfo\", rpm:\"hdjmod-kmp-xen-debuginfo~1.28_k3.16.7_42~18.21.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset\", rpm:\"ipset~6.23~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-debuginfo\", rpm:\"ipset-debuginfo~6.23~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-debugsource\", rpm:\"ipset-debugsource~6.23~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-devel\", rpm:\"ipset-devel~6.23~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-default\", rpm:\"ipset-kmp-default~6.23_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-default-debuginfo\", rpm:\"ipset-kmp-default-debuginfo~6.23_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-desktop\", rpm:\"ipset-kmp-desktop~6.23_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-desktop-debuginfo\", rpm:\"ipset-kmp-desktop-debuginfo~6.23_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-xen\", rpm:\"ipset-kmp-xen~6.23_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-xen-debuginfo\", rpm:\"ipset-kmp-xen-debuginfo~6.23_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build\", rpm:\"kernel-obs-build~3.16.7~42.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build-debugsource\", rpm:\"kernel-obs-build-debugsource~3.16.7~42.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa\", rpm:\"kernel-obs-qa~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa-xen\", rpm:\"kernel-obs-qa-xen~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libipset3\", rpm:\"libipset3~6.23~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libipset3-debuginfo\", rpm:\"libipset3-debuginfo~6.23~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock\", rpm:\"pcfclock~0.44~260.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-debuginfo\", rpm:\"pcfclock-debuginfo~0.44~260.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-debugsource\", rpm:\"pcfclock-debugsource~0.44~260.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-default\", rpm:\"pcfclock-kmp-default~0.44_k3.16.7_42~260.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-default-debuginfo\", rpm:\"pcfclock-kmp-default-debuginfo~0.44_k3.16.7_42~260.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-desktop\", rpm:\"pcfclock-kmp-desktop~0.44_k3.16.7_42~260.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-desktop-debuginfo\", rpm:\"pcfclock-kmp-desktop-debuginfo~0.44_k3.16.7_42~260.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-virtualbox\", rpm:\"python-virtualbox~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-virtualbox-debuginfo\", rpm:\"python-virtualbox-debuginfo~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-debugsource\", rpm:\"vhba-kmp-debugsource~20140629~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-default-\", rpm:\"vhba-kmp-default~20140629_k3.16.7_42~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-default-debuginfo-\", rpm:\"vhba-kmp-default-debuginfo~20140629_k3.16.7_42~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-desktop-\", rpm:\"vhba-kmp-desktop~20140629_k3.16.7_42~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-desktop-debuginfo-\", rpm:\"vhba-kmp-desktop-debuginfo~20140629_k3.16.7_42~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-xen-\", rpm:\"vhba-kmp-xen~20140629_k3.16.7_42~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-xen-debuginfo-\", rpm:\"vhba-kmp-xen-debuginfo~20140629_k3.16.7_42~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox\", rpm:\"virtualbox~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-debuginfo\", rpm:\"virtualbox-debuginfo~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-debugsource\", rpm:\"virtualbox-debugsource~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-devel\", rpm:\"virtualbox-devel~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-default\", rpm:\"virtualbox-guest-kmp-default~5.0.20_k3.16.7_42~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-default-debuginfo\", rpm:\"virtualbox-guest-kmp-default-debuginfo~5.0.20_k3.16.7_42~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-desktop\", rpm:\"virtualbox-guest-kmp-desktop~5.0.20_k3.16.7_42~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-desktop-debuginfo\", rpm:\"virtualbox-guest-kmp-desktop-debuginfo~5.0.20_k3.16.7_42~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-tools\", rpm:\"virtualbox-guest-tools~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-tools-debuginfo\", rpm:\"virtualbox-guest-tools-debuginfo~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-x11\", rpm:\"virtualbox-guest-x11~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-x11-debuginfo\", rpm:\"virtualbox-guest-x11-debuginfo~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-default\", rpm:\"virtualbox-host-kmp-default~5.0.20_k3.16.7_42~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-default-debuginfo\", rpm:\"virtualbox-host-kmp-default-debuginfo~5.0.20_k3.16.7_42~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-desktop\", rpm:\"virtualbox-host-kmp-desktop~5.0.20_k3.16.7_42~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-desktop-debuginfo\", rpm:\"virtualbox-host-kmp-desktop-debuginfo~5.0.20_k3.16.7_42~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-qt\", rpm:\"virtualbox-qt~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-qt-debuginfo\", rpm:\"virtualbox-qt-debuginfo~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-websrv\", rpm:\"virtualbox-websrv~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-websrv-debuginfo\", rpm:\"virtualbox-websrv-debuginfo~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-debugsource\", rpm:\"xen-debugsource~4.4.4_02~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~4.4.4_02~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~4.4.4_02~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo\", rpm:\"xen-libs-debuginfo~4.4.4_02~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~4.4.4_02~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU-debuginfo\", rpm:\"xen-tools-domU-debuginfo~4.4.4_02~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons\", rpm:\"xtables-addons~2.6~22.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-debuginfo\", rpm:\"xtables-addons-debuginfo~2.6~22.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-debugsource\", rpm:\"xtables-addons-debugsource~2.6~22.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-default\", rpm:\"xtables-addons-kmp-default~2.6_k3.16.7_42~22.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-default-debuginfo\", rpm:\"xtables-addons-kmp-default-debuginfo~2.6_k3.16.7_42~22.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-desktop\", rpm:\"xtables-addons-kmp-desktop~2.6_k3.16.7_42~22.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-desktop-debuginfo\", rpm:\"xtables-addons-kmp-desktop-debuginfo~2.6_k3.16.7_42~22.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-xen\", rpm:\"xtables-addons-kmp-xen~2.6_k3.16.7_42~22.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-xen-debuginfo\", rpm:\"xtables-addons-kmp-xen-debuginfo~2.6_k3.16.7_42~22.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop\", rpm:\"kernel-desktop~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-base\", rpm:\"kernel-desktop-base~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-base-debuginfo\", rpm:\"kernel-desktop-base-debuginfo~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-debuginfo\", rpm:\"kernel-desktop-debuginfo~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-debugsource\", rpm:\"kernel-desktop-debugsource~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-devel\", rpm:\"kernel-desktop-devel~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base-debuginfo\", rpm:\"kernel-ec2-base-debuginfo~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debuginfo\", rpm:\"kernel-ec2-debuginfo~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debugsource\", rpm:\"kernel-ec2-debugsource~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base-debuginfo\", rpm:\"kernel-xen-base-debuginfo~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.4.4_02~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~4.4.4_02~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-default\", rpm:\"xen-kmp-default~4.4.4_02_k3.16.7_42~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-default-debuginfo\", rpm:\"xen-kmp-default-debuginfo~4.4.4_02_k3.16.7_42~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-desktop\", rpm:\"xen-kmp-desktop~4.4.4_02_k3.16.7_42~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-desktop-debuginfo\", rpm:\"xen-kmp-desktop-debuginfo~4.4.4_02_k3.16.7_42~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-32bit\", rpm:\"xen-libs-32bit~4.4.4_02~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo-32bit\", rpm:\"xen-libs-debuginfo-32bit~4.4.4_02~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~4.4.4_02~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-debuginfo\", rpm:\"xen-tools-debuginfo~4.4.4_02~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~3.16.7~42.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-desktop-icons\", rpm:\"virtualbox-guest-desktop-icons~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-source\", rpm:\"virtualbox-host-source~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bbswitch-kmp-pae\", rpm:\"bbswitch-kmp-pae~0.8_k3.16.7_42~3.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bbswitch-kmp-pae-debuginfo\", rpm:\"bbswitch-kmp-pae-debuginfo~0.8_k3.16.7_42~3.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-pae\", rpm:\"cloop-kmp-pae~2.639_k3.16.7_42~14.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-pae-debuginfo\", rpm:\"cloop-kmp-pae-debuginfo~2.639_k3.16.7_42~14.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-pae\", rpm:\"crash-kmp-pae~7.0.8_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-pae-debuginfo\", rpm:\"crash-kmp-pae-debuginfo~7.0.8_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-pae\", rpm:\"hdjmod-kmp-pae~1.28_k3.16.7_42~18.21.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-pae-debuginfo\", rpm:\"hdjmod-kmp-pae-debuginfo~1.28_k3.16.7_42~18.21.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-pae\", rpm:\"ipset-kmp-pae~6.23_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-pae-debuginfo\", rpm:\"ipset-kmp-pae-debuginfo~6.23_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-pae\", rpm:\"pcfclock-kmp-pae~0.44_k3.16.7_42~260.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-pae-debuginfo\", rpm:\"pcfclock-kmp-pae-debuginfo~0.44_k3.16.7_42~260.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-pae-\", rpm:\"vhba-kmp-pae~20140629_k3.16.7_42~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-pae-debuginfo-\", rpm:\"vhba-kmp-pae-debuginfo~20140629_k3.16.7_42~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-pae\", rpm:\"virtualbox-guest-kmp-pae~5.0.20_k3.16.7_42~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-pae-debuginfo\", rpm:\"virtualbox-guest-kmp-pae-debuginfo~5.0.20_k3.16.7_42~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-pae\", rpm:\"virtualbox-host-kmp-pae~5.0.20_k3.16.7_42~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-pae-debuginfo\", rpm:\"virtualbox-host-kmp-pae-debuginfo~5.0.20_k3.16.7_42~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-pae\", rpm:\"xtables-addons-kmp-pae~2.6_k3.16.7_42~22.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-pae-debuginfo\", rpm:\"xtables-addons-kmp-pae-debuginfo~2.6_k3.16.7_42~22.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base-debuginfo\", rpm:\"kernel-pae-base-debuginfo~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debuginfo\", rpm:\"kernel-pae-debuginfo~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debugsource\", rpm:\"kernel-pae-debugsource~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:35:21", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-28T00:00:00", "type": "openvas", "title": "SUSE: Security Advisory for kernel (SUSE-SU-2016:1690-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2782", "CVE-2016-5244", "CVE-2016-2053", "CVE-2016-3689", "CVE-2016-2847", "CVE-2016-3139", "CVE-2016-4486", "CVE-2016-2186", "CVE-2016-3156", "CVE-2016-0758", "CVE-2016-4569", "CVE-2016-2184", "CVE-2016-3951", "CVE-2016-3137", "CVE-2014-9717", "CVE-2016-4482", "CVE-2016-3136", "CVE-2016-3138", "CVE-2016-3140", "CVE-2016-2143", "CVE-2016-4578", "CVE-2015-8816", "CVE-2016-2185", "CVE-2016-4805", "CVE-2016-4565", "CVE-2015-8845", "CVE-2016-3672", "CVE-2016-3134", "CVE-2016-2188"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851358", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851358", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851358\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-06-28 05:27:13 +0200 (Tue, 28 Jun 2016)\");\n script_cve_id(\"CVE-2014-9717\", \"CVE-2015-8816\", \"CVE-2015-8845\", \"CVE-2016-0758\",\n \"CVE-2016-2053\", \"CVE-2016-2143\", \"CVE-2016-2184\", \"CVE-2016-2185\",\n \"CVE-2016-2186\", \"CVE-2016-2188\", \"CVE-2016-2782\", \"CVE-2016-2847\",\n \"CVE-2016-3134\", \"CVE-2016-3136\", \"CVE-2016-3137\", \"CVE-2016-3138\",\n \"CVE-2016-3139\", \"CVE-2016-3140\", \"CVE-2016-3156\", \"CVE-2016-3672\",\n \"CVE-2016-3689\", \"CVE-2016-3951\", \"CVE-2016-4482\", \"CVE-2016-4486\",\n \"CVE-2016-4565\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4805\",\n \"CVE-2016-5244\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for kernel (SUSE-SU-2016:1690-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The SUSE Linux Enterprise 12 kernel was updated to 3.12.60 to receive\n various security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2014-9717: fs/namespace.c in the Linux kernel processes MNT_DETACH\n umount2 system called without verifying that the MNT_LOCKED flag is\n unset, which allowed local users to bypass intended access restrictions\n and navigate to filesystem locations beneath a mount by calling umount2\n within a user namespace (bnc#928547).\n\n - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in\n the Linux kernel did not properly maintain a hub-interface data\n structure, which allowed physically proximate attackers to cause a\n denial of service (invalid memory access and system crash) or possibly\n have unspecified other impact by unplugging a USB hub device\n (bnc#968010).\n\n - CVE-2015-8845: The tm_reclaim_thread function in\n arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms\n did not ensure that TM suspend mode exists before proceeding with a\n tm_reclaim call, which allowed local users to cause a denial of service\n (TM Bad Thing exception and panic) via a crafted application\n (bnc#975533).\n\n - CVE-2016-0758: Fix ASN.1 indefinite length object parsing (bsc#979867).\n\n - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in\n the Linux kernel allowed attackers to cause a denial of service (panic)\n via an ASN.1 BER file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bnc#963762).\n\n - CVE-2016-2143: The fork implementation in the Linux kernel on s390\n platforms mishandled the case of four page-table levels, which allowed\n local users to cause a denial of service (system crash) or possibly have\n unspecified other impact via a crafted application, related to\n arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h.\n (bnc#970504)\n\n - CVE-2016-2184: The create_fixed_stream_quirk function in\n sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel\n allowed physically proximate attackers to cause a denial of service\n (NULL pointer dereference or double free, and system crash) via a\n crafted endpoints value in a USB device descriptor (bnc#971125).\n\n - CVE-2016-2185: The ati_remote2_probe function in\n drivers/input/misc/ati_remote2.c in the Linux kernel allowed physically\n proximate attackers to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted endpoints value in a USB\n device descriptor (bnc#9711 ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"kernel on SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Desktop 12\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"SUSE-SU\", value:\"2016:1690-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(SLED12\\.0SP0|SLES12\\.0SP0)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLED12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~3.12.60~52.49.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~3.12.60~52.49.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~3.12.60~52.49.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~3.12.60~52.49.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-extra\", rpm:\"kernel-default-extra~3.12.60~52.49.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-extra-debuginfo\", rpm:\"kernel-default-extra-debuginfo~3.12.60~52.49.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~3.12.60~52.49.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~3.12.60~52.49.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~3.12.60~52.49.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~3.12.60~52.49.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~3.12.60~52.49.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.12.60~52.49.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~3.12.60~52.49.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~3.12.60~52.49.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"SLES12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~3.12.60~52.49.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~3.12.60~52.49.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~3.12.60~52.49.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~3.12.60~52.49.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~3.12.60~52.49.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~3.12.60~52.49.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~3.12.60~52.49.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.12.60~52.49.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~3.12.60~52.49.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~3.12.60~52.49.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~3.12.60~52.49.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~3.12.60~52.49.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base-debuginfo\", rpm:\"kernel-xen-base-debuginfo~3.12.60~52.49.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~3.12.60~52.49.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~3.12.60~52.49.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~3.12.60~52.49.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-man\", rpm:\"kernel-default-man~3.12.60~52.49.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-05T16:39:38", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1516)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2065", "CVE-2013-7265", "CVE-2016-6213", "CVE-2016-6480", "CVE-2017-17862", "CVE-2016-9555", "CVE-2016-4486", "CVE-2016-9685", "CVE-2014-4027", "CVE-2017-13715", "CVE-2017-15102", "CVE-2017-7308", "CVE-2017-8925", "CVE-2016-5344", "CVE-2016-2549", "CVE-2015-5283", "CVE-2017-1000363", "CVE-2016-3672", "CVE-2014-0069", "CVE-2018-10074"], "modified": "2020-02-05T00:00:00", "id": "OPENVAS:1361412562311220191516", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191516", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1516\");\n script_version(\"2020-02-05T08:56:28+0000\");\n script_cve_id(\"CVE-2013-7265\", \"CVE-2014-0069\", \"CVE-2014-4027\", \"CVE-2015-5283\", \"CVE-2016-2065\", \"CVE-2016-2549\", \"CVE-2016-3672\", \"CVE-2016-4486\", \"CVE-2016-5344\", \"CVE-2016-6213\", \"CVE-2016-6480\", \"CVE-2016-9555\", \"CVE-2016-9685\", \"CVE-2017-1000363\", \"CVE-2017-13715\", \"CVE-2017-15102\", \"CVE-2017-17862\", \"CVE-2017-7308\", \"CVE-2017-8925\", \"CVE-2018-10074\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-05 08:56:28 +0000 (Wed, 05 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:01:34 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1516)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1516\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1516\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1516 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The hi3660_stub_clk_probe function in drivers/clk/hisilicon/clk-hi3660-stub.c in the Linux kernel before 4.16 allows local users to cause a denial of service (NULL pointer dereference) by triggering a failure of resource retrieval.(CVE-2018-10074)\n\nAn information leak flaw was found in the RAM Disks Memory Copy (rd_mcp) backend driver of the iSCSI Target subsystem of the Linux kernel. A privileged user could use this flaw to leak the contents of kernel memory to an iSCSI initiator remote client.(CVE-2014-4027)\n\nIt was found that in the Linux kernel version 4.2-rc1 to 4.3-rc1, a use of uninitialized 'n_proto', 'ip_proto', and 'thoff' variables in __skb_flow_dissect() function can lead to a remote denial-of-service via malformed MPLS packet.(CVE-2017-13715)\n\nIt was found that the packet_set_ring() function of the Linux kernel's networking implementation did not properly validate certain block-size data. A local attacker with CAP_NET_RAW capability could use this flaw to trigger a buffer overflow, resulting in the crash of the system. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.(CVE-2017-7308)\n\nA weakness was found in the Linux ASLR implementation. Any user able to running 32-bit applications in a x86 machine can disable ASLR by setting the RLIMIT_STACK resource to unlimited.(CVE-2016-3672)\n\nsound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (out-of-bounds write and memory corruption) or possibly have unspecified other impact via a crafted application that makes an ioctl call triggering incorrect use of a parameters pointer.(CVE-2016-2065)\n\nA race condition flaw was found in the ioctl_send_fib() function in the Linux kernel's aacraid implementation. A local attacker could use this flaw to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value.(CVE-2016-6480)\n\nThe omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling.(CVE-2017-8925)\n\nThe tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference.(CVE-2017-15102)\n\nThe rtnl_fill_ ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-05T16:36:44", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1534)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4581", "CVE-2016-5870", "CVE-2016-10723", "CVE-2016-10088", "CVE-2014-3688", "CVE-2017-1000252", "CVE-2013-7267", "CVE-2015-1421", "CVE-2016-0758", "CVE-2014-2851", "CVE-2017-18241", "CVE-2016-9576", "CVE-2017-9211", "CVE-2018-14619", "CVE-2015-1333", "CVE-2016-6786", "CVE-2017-16534", "CVE-2017-17807", "CVE-2017-14954", "CVE-2014-0077", "CVE-2018-11508"], "modified": "2020-02-05T00:00:00", "id": "OPENVAS:1361412562311220191534", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191534", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1534\");\n script_version(\"2020-02-05T08:56:28+0000\");\n script_cve_id(\"CVE-2013-7267\", \"CVE-2014-0077\", \"CVE-2014-2851\", \"CVE-2014-3688\", \"CVE-2015-1333\", \"CVE-2015-1421\", \"CVE-2016-0758\", \"CVE-2016-10088\", \"CVE-2016-10723\", \"CVE-2016-4581\", \"CVE-2016-5870\", \"CVE-2016-6786\", \"CVE-2017-1000252\", \"CVE-2017-14954\", \"CVE-2017-16534\", \"CVE-2017-17807\", \"CVE-2017-18241\", \"CVE-2017-9211\", \"CVE-2018-11508\", \"CVE-2018-14619\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-05 08:56:28 +0000 (Wed, 05 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:07:32 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1534)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1534\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1534\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1534 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The atalk_recvmsg function in net/appletalk/ddp.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.(CVE-2013-7267)\n\nfs/f2fs/segment.c in the Linux kernel allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure.(CVE-2017-18241)\n\nfs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls.(CVE-2016-4581)\n\ndrivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions.(CVE-2014-0077)\n\nIt was found that the fix for CVE-2016-9576 was incomplete: the Linux kernel's sg implementation did not properly restrict write operations in situations where the KERNEL_DS option is set. A local attacker to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging write access to a /dev/sg device.(CVE-2016-10088)\n\n** DISPUTED ** An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via concurrent page fault events) when the global OOM killer is invoked. NOTE: the software maintainer has not accepted certain proposed patches, in part because of a viewpoint that 'the underlying problem is non-trivial to handle.'(CVE-2016-10723)\n\nA flaw was found in the way the Linux kernel's ASN.1 DER decoder processed certain certificate files with tags of indefinite length. A local, unprivileged user could use a specially crafted X.509 certificate DER file to crash the system or, potentially, escalate their privileges on the system.(CVE-2016-0758)\n\nA flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled the association's output queue. A remote attacker c ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:36:29", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1492)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3070", "CVE-2016-3689", "CVE-2016-2847", "CVE-2016-2548", "CVE-2016-3139", "CVE-2016-2547", "CVE-2016-3156", "CVE-2016-3955", "CVE-2016-3137", "CVE-2016-2550", "CVE-2016-2545", "CVE-2016-4482", "CVE-2016-3136", "CVE-2016-3138", "CVE-2016-3140", "CVE-2016-2546", "CVE-2016-2549", "CVE-2016-3841", "CVE-2016-4470", "CVE-2016-3135", "CVE-2016-4565", "CVE-2016-3672", "CVE-2016-3134"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191492", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191492", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1492\");\n script_version(\"2020-01-23T11:55:47+0000\");\n script_cve_id(\"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-2550\", \"CVE-2016-2847\", \"CVE-2016-3070\", \"CVE-2016-3134\", \"CVE-2016-3135\", \"CVE-2016-3136\", \"CVE-2016-3137\", \"CVE-2016-3138\", \"CVE-2016-3139\", \"CVE-2016-3140\", \"CVE-2016-3156\", \"CVE-2016-3672\", \"CVE-2016-3689\", \"CVE-2016-3841\", \"CVE-2016-3955\", \"CVE-2016-4470\", \"CVE-2016-4482\", \"CVE-2016-4565\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:55:47 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:55:47 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1492)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1492\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1492\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1492 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel before 4.4.1 does not properly maintain a certain linked list, which allows local users to cause a denial of service (race condition and system crash) via a crafted ioctl call.(CVE-2016-2545)\n\nsound/core/timer.c in the Linux kernel before 4.4.1 uses an incorrect type of mutex, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call.(CVE-2016-2546)\n\nsound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider slave timer instances, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call.(CVE-2016-2547)\n\nsound/core/timer.c in the Linux kernel before 4.4.1 retains certain linked lists after a close or stop action, which allows local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions.(CVE-2016-2548)\n\nsound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service (deadlock) via a crafted ioctl call.(CVE-2016-2549)\n\nA resource-exhaustion vulnerability was found in the kernel, where an unprivileged process could allocate and accumulate far more file descriptors than the process' limit. A local, unauthenticated user could exploit this flaw by sending file descriptors over a Unix socket and then closing them to keep the process' fd count low, thereby creating kernel-memory or file-descriptors exhaustion (denial of service).(CVE-2016-2550)\n\nIt is possible for a single process to cause an OOM condition by filling large pipes with data that are never read. A typical process filling 4096 pipes with 1 MB of data will use 4 GB of memory and there can be multiple such processes, up to a per-user-limit.(CVE-2016-2847)\n\nA security flaw was found in the Linux kernel that an attempt to move page mapped by AIO ring buffer to the other node triggers NULL pointer dereference at trace_writeback_dirty_page(), because aio_fs_backing_dev_info.dev is 0.(CVE-2016-3070)\n\nA security flaw was found in the Linux kernel in the mark_source_chains() function in 'net/ipv4/netfilter/ip_tables.c'. It is possible for a user-supplied 'ipt_entry' structure to have a large 'next_offset' field. This field is not bounds checked prior to writing to a counter value at the supplied offset.(CVE-2016-3134)\n\nAn integer overflow vulnerability was found in the Linux kernel in xt_alloc_tabl ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-11T15:45:07", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1494)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6787", "CVE-2016-7097", "CVE-2016-4794", "CVE-2016-6480", "CVE-2016-4913", "CVE-2016-4581", "CVE-2016-5696", "CVE-2016-6136", "CVE-2016-4569", "CVE-2016-6828", "CVE-2016-5829", "CVE-2016-6198", "CVE-2016-4997", "CVE-2016-6197", "CVE-2016-7039", "CVE-2016-5195", "CVE-2016-6786", "CVE-2016-4578", "CVE-2016-6327", "CVE-2016-4805", "CVE-2016-4580", "CVE-2016-4998", "CVE-2016-7042"], "modified": "2020-06-09T00:00:00", "id": "OPENVAS:1361412562311220191494", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191494", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1494\");\n script_version(\"2020-06-09T14:44:58+0000\");\n script_cve_id(\"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4580\", \"CVE-2016-4581\", \"CVE-2016-4794\", \"CVE-2016-4805\", \"CVE-2016-4913\", \"CVE-2016-4997\", \"CVE-2016-4998\", \"CVE-2016-5195\", \"CVE-2016-5696\", \"CVE-2016-5829\", \"CVE-2016-6136\", \"CVE-2016-6197\", \"CVE-2016-6198\", \"CVE-2016-6327\", \"CVE-2016-6480\", \"CVE-2016-6786\", \"CVE-2016-6787\", \"CVE-2016-6828\", \"CVE-2016-7039\", \"CVE-2016-7042\", \"CVE-2016-7097\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 14:44:58 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:56:13 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1494)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1494\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1494\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1494 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A vulnerability was found in Linux kernel. There is an information leak in file 'sound/core/timer.c' of the latest mainline Linux kernel, the stack object thread has a total size of 32 bytes. It contains a 8-bytes padding, which is not initialized but sent to user via copy_to_user(), resulting a kernel leak.(CVE-2016-4569)\n\nA vulnerability was found in Linux kernel. There is an information leak in file sound/core/timer.c of the latest mainline Linux kernel. The stack object r1 has a total size of 32 bytes. Its field event and val both contain 4 bytes padding. These 8 bytes padding bytes are sent to user without being initialized.(CVE-2016-4578)\n\nThe x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request.(CVE-2016-4580)\n\nfs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls.(CVE-2016-4581)\n\nUse after free vulnerability was found in percpu using previously allocated memory in bpf. First __alloc_percpu_gfp() is called, then the memory is freed with free_percpu() which triggers async pcpu_balance_work and then pcpu_extend_area_map could use a chunk after it has been freed.(CVE-2016-4794)\n\nUse-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions.(CVE-2016-4805)\n\nA vulnerability was found in the Linux kernel. Payloads of NM entries are not supposed to contain NUL. When such entry is processed, only the part prior to the first NUL goes into the concatenation (i.e. the directory entry name being encoded by a bunch of NM entries). The process stops when the amount collected so far + the claimed amount in the current NM entry exceed 254. However, the value returned as the total length is the sum of *claimed* sizes, not the actual amount collected. And that's what will be passed to readdir() callback as the name length - 8Kb __copy_to_user() from a buffer allocated by __get_free_page().(CVE-2016-4913)\n\nA flaw was discovered in processing setsockopt for 32 bit processes on 64 bit systems. This fl ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-11-04T00:00:00", "type": "openvas", "title": "RedHat Update for kernel RHSA-2016:2574-02", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2384", "CVE-2016-4794", "CVE-2016-6480", "CVE-2016-3070", "CVE-2016-2069", "CVE-2016-4581", "CVE-2016-2053", "CVE-2016-5828", "CVE-2016-2847", "CVE-2016-3156", "CVE-2015-8746", "CVE-2016-6136", "CVE-2015-8812", "CVE-2016-4569", "CVE-2015-8543", "CVE-2015-8374", "CVE-2016-3699", "CVE-2016-5829", "CVE-2016-6198", "CVE-2015-8956", "CVE-2013-4312", "CVE-2016-4578", "CVE-2016-5412", "CVE-2016-6327", "CVE-2016-3841", "CVE-2015-8844", "CVE-2016-2117", "CVE-2015-8845"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871708", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871708", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2016:2574-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871708\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-04 05:42:52 +0100 (Fri, 04 Nov 2016)\");\n script_cve_id(\"CVE-2013-4312\", \"CVE-2015-8374\", \"CVE-2015-8543\", \"CVE-2015-8746\",\n \"CVE-2015-8812\", \"CVE-2015-8844\", \"CVE-2015-8845\", \"CVE-2015-8956\",\n \"CVE-2016-2053\", \"CVE-2016-2069\", \"CVE-2016-2117\", \"CVE-2016-2384\",\n \"CVE-2016-2847\", \"CVE-2016-3070\", \"CVE-2016-3156\", \"CVE-2016-3699\",\n \"CVE-2016-3841\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4581\",\n \"CVE-2016-4794\", \"CVE-2016-5412\", \"CVE-2016-5828\", \"CVE-2016-5829\",\n \"CVE-2016-6136\", \"CVE-2016-6198\", \"CVE-2016-6327\", \"CVE-2016-6480\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for kernel RHSA-2016:2574-02\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel,\n the core of any Linux operating system.\n\nSecurity Fix(es):\n\n * It was found that the Linux kernel's IPv6 implementation mishandled\nsocket options. A local attacker could abuse concurrent access to the\nsocket options to escalate their privileges, or cause a denial of service\n(use-after-free and system crash) via a crafted sendmsg system call.\n(CVE-2016-3841, Important)\n\n * Several Moderate and Low impact security issues were found in the Linux\nkernel. Space precludes documenting each of these issues in this advisory.\nRefer to the CVE links in the References section for a description of each\nof these vulnerabilities. (CVE-2013-4312, CVE-2015-8374, CVE-2015-8543,\nCVE-2015-8812, CVE-2015-8844, CVE-2015-8845, CVE-2016-2053, CVE-2016-2069,\nCVE-2016-2847, CVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5412,\nCVE-2016-5828, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327,\nCVE-2016-6480, CVE-2015-8746, CVE-2015-8956, CVE-2016-2117, CVE-2016-2384,\nCVE-2016-3070, CVE-2016-3699, CVE-2016-4569, CVE-2016-4578)\n\nRed Hat would like to thank Philip Pettersson (Samsung) for reporting\nCVE-2016-2053 Tetsuo Handa for reporting CVE-2016-2847 the Virtuozzo\nkernel team and Solar Designer (Openwall) for reporting CVE-2016-3156\nJustin Yackoski (Cryptonite) for reporting CVE-2016-2117 and Linn Crosetto\n(HP) for reporting CVE-2016-3699. The CVE-2015-8812 issue was discovered by\nVenkatesh Pottem (Red Hat Engineering) the CVE-2015-8844 and CVE-2015-8845\nissues were discovered by Miroslav Vadkerti (Red Hat Engineering) the\nCVE-2016-4581 issue was discovered by Eric W. Biederman (Red Hat) the\nCVE-2016-6198 issue was discovered by CAI Qian (Red Hat) and the\nCVE-2016-3070 issue was discovered by Jan Stancek (Red Hat).\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.\");\n script_tag(name:\"affected\", value:\"kernel on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:2574-02\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-November/msg00010.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-debuginfo\", rpm:\"kernel-tools-debuginfo~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf-debuginfo\", rpm:\"python-perf-debuginfo~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:38:25", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-2531)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19054", "CVE-2015-3332", "CVE-2017-13216", "CVE-2015-4003", "CVE-2019-0136", "CVE-2019-17666", "CVE-2014-4157", "CVE-2018-7755", "CVE-2015-4002", "CVE-2018-20510", "CVE-2014-4508", "CVE-2015-9289", "CVE-2016-4486", "CVE-2017-8831", "CVE-2019-19062", "CVE-2017-18551", "CVE-2016-2186", "CVE-2016-3857", "CVE-2015-4004", "CVE-2019-18806", "CVE-2019-9506", "CVE-2018-14625", "CVE-2017-15537", "CVE-2019-17075", "CVE-2015-4001", "CVE-2014-7843", "CVE-2019-16746", "CVE-2014-9870", "CVE-2019-18808", "CVE-2017-7482", "CVE-2017-16647", "CVE-2018-9363", "CVE-2014-9888", "CVE-2019-19066", "CVE-2015-7833", "CVE-2015-8955", "CVE-2018-7995", "CVE-2019-16231", "CVE-2019-16232", "CVE-2016-6130", "CVE-2019-3846", "CVE-2014-8133", "CVE-2015-8967", "CVE-2019-19060", "CVE-2012-2372", "CVE-2019-10126", "CVE-2014-9892", "CVE-2017-5897", "CVE-2019-16234", "CVE-2019-17133", "CVE-2019-19061"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192531", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192531", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2531\");\n script_version(\"2020-01-23T13:03:47+0000\");\n script_cve_id(\"CVE-2012-2372\", \"CVE-2014-4157\", \"CVE-2014-4508\", \"CVE-2014-7843\", \"CVE-2014-8133\", \"CVE-2014-9870\", \"CVE-2014-9888\", \"CVE-2014-9892\", \"CVE-2015-3332\", \"CVE-2015-4001\", \"CVE-2015-4002\", \"CVE-2015-4003\", \"CVE-2015-4004\", \"CVE-2015-7833\", \"CVE-2015-8955\", \"CVE-2015-8967\", \"CVE-2015-9289\", \"CVE-2016-2186\", \"CVE-2016-3857\", \"CVE-2016-4486\", \"CVE-2016-6130\", \"CVE-2017-13216\", \"CVE-2017-15537\", \"CVE-2017-16647\", \"CVE-2017-18551\", \"CVE-2017-5897\", \"CVE-2017-7482\", \"CVE-2017-8831\", \"CVE-2018-14625\", \"CVE-2018-20510\", \"CVE-2018-7755\", \"CVE-2018-7995\", \"CVE-2018-9363\", \"CVE-2019-0136\", \"CVE-2019-10126\", \"CVE-2019-16231\", \"CVE-2019-16232\", \"CVE-2019-16234\", \"CVE-2019-16746\", \"CVE-2019-17075\", \"CVE-2019-17133\", \"CVE-2019-17666\", \"CVE-2019-18806\", \"CVE-2019-18808\", \"CVE-2019-19054\", \"CVE-2019-19060\", \"CVE-2019-19061\", \"CVE-2019-19062\", \"CVE-2019-19066\", \"CVE-2019-3846\", \"CVE-2019-9506\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:03:47 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:03:47 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-2531)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2531\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2531\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-2531 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2186)\n\nThe snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28770164 and Qualcomm internal bug CR568717.(CVE-2014-9892)\n\nA memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b.(CVE-2019-19054)\n\nA memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41.(CVE-2019-19060)\n\nA memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3.(CVE-2019-19061)\n\nA memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042.(CVE-2019-19062)\n\nA memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.(CVE-2019-18808)\n\nIn ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-66954097.(CVE-2017-13216)\n\nA certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x through 3.16.x kernel builds, including ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~862.14.1.5.h328.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~862.14.1.5.h328.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~862.14.1.5.h328.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~862.14.1.5.h328.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~862.14.1.5.h328.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~862.14.1.5.h328.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~862.14.1.5.h328.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-05-18T14:26:00", "description": "The 4.5.4 stable update contains a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-07-14T00:00:00", "type": "nessus", "title": "Fedora 24 : kernel (2016-ef973efab7)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4557", "CVE-2016-4558", "CVE-2016-4569", "CVE-2016-4581"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-EF973EFAB7.NASL", "href": "https://www.tenable.com/plugins/nessus/92195", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-ef973efab7.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92195);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4557\", \"CVE-2016-4558\", \"CVE-2016-4569\", \"CVE-2016-4581\");\n script_xref(name:\"FEDORA\", value:\"2016-ef973efab7\");\n\n script_name(english:\"Fedora 24 : kernel (2016-ef973efab7)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.5.4 stable update contains a number of important fixes across\nthe tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-ef973efab7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux BPF doubleput UAF Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4557\", \"CVE-2016-4558\", \"CVE-2016-4569\", \"CVE-2016-4581\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2016-ef973efab7\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"kernel-4.5.4-300.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:18:22", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - vfs: read file_handle only once in handle_to_path (Sasha Levin) [Orabug: 25388709] (CVE-2015-1420)\n\n - crypto: algif_hash - Only export and import on sockets with data (Herbert Xu) [Orabug: 25417807]\n\n - USB: usbfs: fix potential infoleak in devio (Kangjie Lu) [Orabug: 25462763] (CVE-2016-4482)\n\n - net: fix infoleak in llc (Kangjie Lu) [Orabug: 25462811] (CVE-2016-4485)\n\n - af_unix: Guard against other == sk in unix_dgram_sendmsg (Rainer Weikusat) [Orabug: 25464000] (CVE-2013-7446)\n\n - unix: avoid use-after-free in ep_remove_wait_queue (Rainer Weikusat) [Orabug: 25464000] (CVE-2013-7446)", "cvss3": {}, "published": "2017-02-13T00:00:00", "type": "nessus", "title": "OracleVM 3.2 : Unbreakable / etc (OVMSA-2017-0041)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7446", "CVE-2015-1420", "CVE-2016-4482", "CVE-2016-4485"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.2"], "id": "ORACLEVM_OVMSA-2017-0041.NASL", "href": "https://www.tenable.com/plugins/nessus/97120", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2017-0041.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97120);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2013-7446\", \"CVE-2015-1420\", \"CVE-2016-4482\", \"CVE-2016-4485\");\n script_bugtraq_id(72357);\n\n script_name(english:\"OracleVM 3.2 : Unbreakable / etc (OVMSA-2017-0041)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - vfs: read file_handle only once in handle_to_path (Sasha\n Levin) [Orabug: 25388709] (CVE-2015-1420)\n\n - crypto: algif_hash - Only export and import on sockets\n with data (Herbert Xu) [Orabug: 25417807]\n\n - USB: usbfs: fix potential infoleak in devio (Kangjie Lu)\n [Orabug: 25462763] (CVE-2016-4482)\n\n - net: fix infoleak in llc (Kangjie Lu) [Orabug: 25462811]\n (CVE-2016-4485)\n\n - af_unix: Guard against other == sk in unix_dgram_sendmsg\n (Rainer Weikusat) [Orabug: 25464000] (CVE-2013-7446)\n\n - unix: avoid use-after-free in ep_remove_wait_queue\n (Rainer Weikusat) [Orabug: 25464000] (CVE-2013-7446)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2017-February/000649.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b560f546\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.2\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.2\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.2\", reference:\"kernel-uek-2.6.39-400.294.2.el5uek\")) flag++;\nif (rpm_check(release:\"OVS3.2\", reference:\"kernel-uek-firmware-2.6.39-400.294.2.el5uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:18:22", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3515 advisory.\n\n - The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message. (CVE-2016-4485)\n\n - The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data. (CVE-2016-8646)\n\n - The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call. (CVE-2016-4482)\n\n - Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls. (CVE-2013-7446)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2017-02-13T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3515)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7446", "CVE-2016-4482", "CVE-2016-4485", "CVE-2016-8646"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.16.3.el6uek", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.16.3.el7uek", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2017-3515.NASL", "href": "https://www.tenable.com/plugins/nessus/97117", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2017-3515.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97117);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2013-7446\",\n \"CVE-2016-4482\",\n \"CVE-2016-4485\",\n \"CVE-2016-8646\"\n );\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3515)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2017-3515 advisory.\n\n - The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a\n certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by\n reading a message. (CVE-2016-4485)\n\n - The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to\n cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket\n that has received zero bytes of data. (CVE-2016-8646)\n\n - The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not\n initialize a certain data structure, which allows local users to obtain sensitive information from kernel\n stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call. (CVE-2016-4482)\n\n - Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to\n bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl\n calls. (CVE-2013-7446)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2017-3515.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-7446\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/09/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.16.3.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.16.3.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.8.13-118.16.3.el6uek', '3.8.13-118.16.3.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2017-3515');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.8';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'dtrace-modules-3.8.13-118.16.3.el6uek-0.4.5-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-118.16.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-118.16.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-118.16.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-118.16.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-118.16.3.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-118.16.3.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'},\n {'reference':'dtrace-modules-3.8.13-118.16.3.el7uek-0.4.5-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-118.16.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-118.16.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-118.16.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-118.16.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-118.16.3.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-118.16.3.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dtrace-modules-3.8.13-118.16.3.el6uek / dtrace-modules-3.8.13-118.16.3.el7uek / kernel-uek / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:09:14", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - crypto: algif_hash - Only export and import on sockets with data (Herbert Xu) [Orabug: 25417805] (CVE-2016-8646)\n\n - USB: usbfs: fix potential infoleak in devio (Kangjie Lu) [Orabug: 25462760] (CVE-2016-4482)\n\n - net: fix infoleak in llc (Kangjie Lu) [Orabug: 25462807] (CVE-2016-4485)\n\n - af_unix: Guard against other == sk in unix_dgram_sendmsg (Rainer Weikusat) [Orabug: 25463996] (CVE-2013-7446)\n\n - unix: avoid use-after-free in ep_remove_wait_queue (Rainer Weikusat) [Orabug: 25463996] (CVE-2013-7446)", "cvss3": {}, "published": "2017-02-13T00:00:00", "type": "nessus", "title": "OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0040)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7446", "CVE-2016-4482", "CVE-2016-4485", "CVE-2016-8646"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.3"], "id": "ORACLEVM_OVMSA-2017-0040.NASL", "href": "https://www.tenable.com/plugins/nessus/97119", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2017-0040.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97119);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2013-7446\", \"CVE-2016-4482\", \"CVE-2016-4485\", \"CVE-2016-8646\");\n\n script_name(english:\"OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0040)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - crypto: algif_hash - Only export and import on sockets\n with data (Herbert Xu) [Orabug: 25417805]\n (CVE-2016-8646)\n\n - USB: usbfs: fix potential infoleak in devio (Kangjie Lu)\n [Orabug: 25462760] (CVE-2016-4482)\n\n - net: fix infoleak in llc (Kangjie Lu) [Orabug: 25462807]\n (CVE-2016-4485)\n\n - af_unix: Guard against other == sk in unix_dgram_sendmsg\n (Rainer Weikusat) [Orabug: 25463996] (CVE-2013-7446)\n\n - unix: avoid use-after-free in ep_remove_wait_queue\n (Rainer Weikusat) [Orabug: 25463996] (CVE-2013-7446)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2017-February/000648.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?995a591b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"kernel-uek-3.8.13-118.16.3.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"kernel-uek-firmware-3.8.13-118.16.3.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:10", "description": "The Linux kernel did not properly suppress hugetlbfs support in x86 PV guests, which could allow local PV guest users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area. (CVE-2016-3961 / XSA-174)\n\nA flaw was found in the way the Linux kernel's ASN.1 DER decoder processed certain certificate files with tags of indefinite length. A local, unprivileged user could use a specially crafted X.509 certificate DER file to crash the system or, potentially, escalate their privileges on the system. (CVE-2016-0758)\n\nMultiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user's file after unsynchronized hole punching and page-fault handling. (CVE-2015-8839)\n\nThe following flaws were also fixed in this version :\n\nCVE-2016-4557 : Use after free vulnerability via double fdput\n\nCVE-2016-4581 : Slave being first propagated copy causes oops in propagate_mnt\n\nCVE-2016-4486 : Information leak in rtnetlink\n\nCVE-2016-4485 : Information leak in llc module\n\nCVE-2016-4558 : bpf: refcnt overflow\n\nCVE-2016-4565 : infiniband: Unprivileged process can overwrite kernel memory using rdma_ucm.ko\n\nCVE-2016-0758 : tags with indefinite length can corrupt pointers in asn1_find_indefinite_length()\n\nCVE-2015-8839 : ext4 filesystem page fault race condition with fallocate call.", "cvss3": {}, "published": "2016-05-19T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2016-703)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8839", "CVE-2016-0758", "CVE-2016-3961", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4557", "CVE-2016-4558", "CVE-2016-4565", "CVE-2016-4581"], "modified": "2019-04-11T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-doc", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-703.NASL", "href": "https://www.tenable.com/plugins/nessus/91241", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-703.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91241);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2019/04/11 17:23:06\");\n\n script_cve_id(\"CVE-2015-8839\", \"CVE-2016-0758\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4557\", \"CVE-2016-4558\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_xref(name:\"ALAS\", value:\"2016-703\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2016-703)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Linux kernel did not properly suppress hugetlbfs support in x86 PV\nguests, which could allow local PV guest users to cause a denial of\nservice (guest OS crash) by attempting to access a hugetlbfs mapped\narea. (CVE-2016-3961 / XSA-174)\n\nA flaw was found in the way the Linux kernel's ASN.1 DER decoder\nprocessed certain certificate files with tags of indefinite length. A\nlocal, unprivileged user could use a specially crafted X.509\ncertificate DER file to crash the system or, potentially, escalate\ntheir privileges on the system. (CVE-2016-0758)\n\nMultiple race conditions in the ext4 filesystem implementation in the\nLinux kernel before 4.5 allow local users to cause a denial of service\n(disk corruption) by writing to a page that is associated with a\ndifferent user's file after unsynchronized hole punching and\npage-fault handling. (CVE-2015-8839)\n\nThe following flaws were also fixed in this version :\n\nCVE-2016-4557 : Use after free vulnerability via double fdput\n\nCVE-2016-4581 : Slave being first propagated copy causes oops in\npropagate_mnt\n\nCVE-2016-4486 : Information leak in rtnetlink\n\nCVE-2016-4485 : Information leak in llc module\n\nCVE-2016-4558 : bpf: refcnt overflow\n\nCVE-2016-4565 : infiniband: Unprivileged process can overwrite kernel\nmemory using rdma_ucm.ko\n\nCVE-2016-0758 : tags with indefinite length can corrupt pointers in\nasn1_find_indefinite_length()\n\nCVE-2015-8839 : ext4 filesystem page fault race condition with\nfallocate call.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-703.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update kernel' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux BPF doubleput UAF Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"kernel-4.4.10-22.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-debuginfo-4.4.10-22.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-4.4.10-22.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.4.10-22.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-devel-4.4.10-22.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-doc-4.4.10-22.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-headers-4.4.10-22.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-4.4.10-22.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-debuginfo-4.4.10-22.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-devel-4.4.10-22.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-4.4.10-22.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-debuginfo-4.4.10-22.54.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:09:13", "description": "The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3516 advisory.\n\n - The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message. (CVE-2016-4485)\n\n - The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data. (CVE-2016-8646)\n\n - The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call. (CVE-2016-4482)\n\n - Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls. (CVE-2013-7446)\n\n - Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function.\n (CVE-2015-1420)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2017-02-13T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3516)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7446", "CVE-2015-1420", "CVE-2016-4482", "CVE-2016-4485", "CVE-2016-8646"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2017-3516.NASL", "href": "https://www.tenable.com/plugins/nessus/97118", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2017-3516.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97118);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2013-7446\",\n \"CVE-2015-1420\",\n \"CVE-2016-4482\",\n \"CVE-2016-4485\"\n );\n\n script_name(english:\"Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3516)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2017-3516 advisory.\n\n - The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a\n certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by\n reading a message. (CVE-2016-4485)\n\n - The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to\n cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket\n that has received zero bytes of data. (CVE-2016-8646)\n\n - The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not\n initialize a certain data structure, which allows local users to obtain sensitive information from kernel\n stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call. (CVE-2016-4482)\n\n - Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to\n bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl\n calls. (CVE-2013-7446)\n\n - Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows\n local users to bypass intended size restrictions and trigger read operations on additional memory\n locations by changing the handle_bytes value of a file handle during the execution of this function.\n (CVE-2015-1420)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2017-3516.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-7446\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.39-400.294.2.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2017-3516');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-2.6.39-400.294.2.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-2.6.39-400.294.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.294.2.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.294.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.294.2.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.294.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.294.2.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.294.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-doc-2.6.39-400.294.2.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.39'},\n {'reference':'kernel-uek-firmware-2.6.39-400.294.2.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.39'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:17", "description": "The 4.5.3 stable update contains a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-05-09T00:00:00", "type": "nessus", "title": "Fedora 24 : kernel-4.5.3-300.fc24 (2016-4ce97823af)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4482"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-4CE97823AF.NASL", "href": "https://www.tenable.com/plugins/nessus/90955", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-4ce97823af.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90955);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-4482\");\n script_xref(name:\"FEDORA\", value:\"2016-4ce97823af\");\n\n script_name(english:\"Fedora 24 : kernel-4.5.3-300.fc24 (2016-4ce97823af)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.5.3 stable update contains a number of important fixes across\nthe tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1332931\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-May/184414.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1d6bbd88\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"kernel-4.5.3-300.fc24\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:41", "description": "The 4.4.9 update contains a number of important fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-07-14T00:00:00", "type": "nessus", "title": "Fedora 23 : kernel (2016-7d900003e6)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4482"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-7D900003E6.NASL", "href": "https://www.tenable.com/plugins/nessus/92119", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-7d900003e6.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92119);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-4482\");\n script_xref(name:\"FEDORA\", value:\"2016-7d900003e6\");\n\n script_name(english:\"Fedora 23 : kernel (2016-7d900003e6)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.4.9 update contains a number of important fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-7d900003e6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-4482\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2016-7d900003e6\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"kernel-4.4.9-300.fc23\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:54", "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nMultiple race conditions where discovered in the Linux kernel's ext4 file system. A local user could exploit this flaw to cause a denial of service (disk corruption) by writing to a page that is associated with a different users file after unsynchronized hole punching and page-fault handling. (CVE-2015-8839)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB device driver did not properly validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2187)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress hugetlbfs support in X86 paravirtualized guests. An attacker in the guest OS could cause a denial of service (guest system crash).\n(CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 Support implementations in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket interface (rtnetlink) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4486)\n\nJann Horn discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel could overflow reference counters on systems with more than 32GB of physical ram and with RLIMIT_MEMLOCK set to infinite. A local unprivileged attacker could use to create a use-after- free situation, causing a denial of service (system crash) or possibly gain administrative privileges. (CVE-2016-4558)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel could be coerced into overwriting kernel memory. A local unprivileged attacker could use this to possibly gain administrative privileges on systems where InifiniBand related kernel modules are loaded. (CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local unprivileged attacker could use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-06-10T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux-raspi2 vulnerabilities (USN-3007-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8839", "CVE-2016-1583", "CVE-2016-2117", "CVE-2016-2187", "CVE-2016-3961", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4558", "CVE-2016-4565", "CVE-2016-4581"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3007-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91569", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3007-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91569);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2015-8839\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4558\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_xref(name:\"USN\", value:\"3007-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux-raspi2 vulnerabilities (USN-3007-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the\nLinux kernel incorrectly enables scatter/gather I/O. A remote attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the\nmmap() handler of a lower filesystem that did not implement one,\ncausing a recursive page fault to occur. A local unprivileged attacker\ncould use to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nMultiple race conditions where discovered in the Linux kernel's ext4\nfile system. A local user could exploit this flaw to cause a denial of\nservice (disk corruption) by writing to a page that is associated with\na different users file after unsynchronized hole punching and\npage-fault handling. (CVE-2015-8839)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An\nattacker with physical access could use this to cause a denial of\nservice (system crash). (CVE-2016-2187)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly\nsuppress hugetlbfs support in X86 paravirtualized guests. An attacker\nin the guest OS could cause a denial of service (guest system crash).\n(CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC\ntype 2 Support implementations in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink\nsocket interface (rtnetlink) implementation in the Linux kernel. A\nlocal attacker could use this to obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4486)\n\nJann Horn discovered that the extended Berkeley Packet Filter (eBPF)\nimplementation in the Linux kernel could overflow reference counters\non systems with more than 32GB of physical ram and with RLIMIT_MEMLOCK\nset to infinite. A local unprivileged attacker could use to create a\nuse-after- free situation, causing a denial of service (system crash)\nor possibly gain administrative privileges. (CVE-2016-4558)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux\nkernel could be coerced into overwriting kernel memory. A local\nunprivileged attacker could use this to possibly gain administrative\nprivileges on systems where InifiniBand related kernel modules are\nloaded. (CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not\nhandle propagated mounts correctly. A local unprivileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3007-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected linux-image-4.4-raspi2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-8839\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4558\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3007-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1012-raspi2\", pkgver:\"4.4.0-1012.16\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-raspi2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:07:55", "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nMultiple race conditions where discovered in the Linux kernel's ext4 file system. A local user could exploit this flaw to cause a denial of service (disk corruption) by writing to a page that is associated with a different users file after unsynchronized hole punching and page-fault handling. (CVE-2015-8839)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB device driver did not properly validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2187)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress hugetlbfs support in X86 paravirtualized guests. An attacker in the guest OS could cause a denial of service (guest system crash).\n(CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 Support implementations in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket interface (rtnetlink) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4486)\n\nJann Horn discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel could overflow reference counters on systems with more than 32GB of physical ram and with RLIMIT_MEMLOCK set to infinite. A local unprivileged attacker could use to create a use-after- free situation, causing a denial of service (system crash) or possibly gain administrative privileges. (CVE-2016-4558)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel could be coerced into overwriting kernel memory. A local unprivileged attacker could use this to possibly gain administrative privileges on systems where InifiniBand related kernel modules are loaded. (CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local unprivileged attacker could use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-06-10T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux vulnerabilities (USN-3006-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8839", "CVE-2016-1583", "CVE-2016-2117", "CVE-2016-2187", "CVE-2016-3961", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4558", "CVE-2016-4565", "CVE-2016-4581"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3006-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91568", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3006-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91568);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2015-8839\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4558\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_xref(name:\"USN\", value:\"3006-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux vulnerabilities (USN-3006-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the\nLinux kernel incorrectly enables scatter/gather I/O. A remote attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the\nmmap() handler of a lower filesystem that did not implement one,\ncausing a recursive page fault to occur. A local unprivileged attacker\ncould use to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nMultiple race conditions where discovered in the Linux kernel's ext4\nfile system. A local user could exploit this flaw to cause a denial of\nservice (disk corruption) by writing to a page that is associated with\na different users file after unsynchronized hole punching and\npage-fault handling. (CVE-2015-8839)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An\nattacker with physical access could use this to cause a denial of\nservice (system crash). (CVE-2016-2187)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly\nsuppress hugetlbfs support in X86 paravirtualized guests. An attacker\nin the guest OS could cause a denial of service (guest system crash).\n(CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC\ntype 2 Support implementations in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink\nsocket interface (rtnetlink) implementation in the Linux kernel. A\nlocal attacker could use this to obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4486)\n\nJann Horn discovered that the extended Berkeley Packet Filter (eBPF)\nimplementation in the Linux kernel could overflow reference counters\non systems with more than 32GB of physical ram and with RLIMIT_MEMLOCK\nset to infinite. A local unprivileged attacker could use to create a\nuse-after- free situation, causing a denial of service (system crash)\nor possibly gain administrative privileges. (CVE-2016-4558)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux\nkernel could be coerced into overwriting kernel memory. A local\nunprivileged attacker could use this to possibly gain administrative\nprivileges on systems where InifiniBand related kernel modules are\nloaded. (CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not\nhandle propagated mounts correctly. A local unprivileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3006-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-4.4-generic,\nlinux-image-4.4-generic-lpae and / or linux-image-4.4-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-8839\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4558\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3006-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-24-generic\", pkgver:\"4.4.0-24.43\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-24-generic-lpae\", pkgver:\"4.4.0-24.43\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-24-lowlatency\", pkgver:\"4.4.0-24.43\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-generic / linux-image-4.4-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:56", "description": "The 4.5.5 stable update contains a number of important fixes across the tree.\n\n----\n\nThe 4.5.4 stable update contains a number of important fixes across the tree.\n\n----\n\nThe 4.5.3 stable rebase contains enhanced hardware support, additional features, and a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-07-14T00:00:00", "type": "nessus", "title": "Fedora 23 : kernel (2016-06f1572324)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0758", "CVE-2016-3713", "CVE-2016-4440", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4557", "CVE-2016-4558", "CVE-2016-4569", "CVE-2016-4581", "CVE-2016-4913"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-06F1572324.NASL", "href": "https://www.tenable.com/plugins/nessus/92055", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-06f1572324.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92055);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-0758\", \"CVE-2016-3713\", \"CVE-2016-4440\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4557\", \"CVE-2016-4558\", \"CVE-2016-4569\", \"CVE-2016-4581\", \"CVE-2016-4913\");\n script_xref(name:\"FEDORA\", value:\"2016-06f1572324\");\n\n script_name(english:\"Fedora 23 : kernel (2016-06f1572324)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.5.5 stable update contains a number of important fixes across\nthe tree.\n\n----\n\nThe 4.5.4 stable update contains a number of important fixes across\nthe tree.\n\n----\n\nThe 4.5.3 stable rebase contains enhanced hardware support, additional\nfeatures, and a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-06f1572324\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux BPF doubleput UAF Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-0758\", \"CVE-2016-3713\", \"CVE-2016-4440\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4557\", \"CVE-2016-4558\", \"CVE-2016-4569\", \"CVE-2016-4581\", \"CVE-2016-4913\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2016-06f1572324\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"kernel-4.5.5-201.fc23\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-16T14:56:54", "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB over wifi device drivers in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2015-4004)\n\nAndy Lutomirski discovered a race condition in the Linux kernel's translation lookaside buffer (TLB) handling of flush events. A local attacker could use this to cause a denial of service or possibly leak sensitive information. (CVE-2016-2069)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB device driver did not properly validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would improperly disable Address Space Layout Randomization (ASLR) for x86 processes running in 32 bit mode if stack-consumption resource limits were disabled. A local attacker could use this to make it easier to exploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling incoming packets in the USB/IP implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 Support implementations in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket interface (rtnetlink) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4486)\n\nIt was discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local unprivileged attacker could use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-06-01T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux vulnerabilities (USN-2989-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-4004", "CVE-2016-2069", "CVE-2016-2117", "CVE-2016-2187", "CVE-2016-3672", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4581"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2989-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91425", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2989-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91425);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2015-4004\", \"CVE-2016-2069\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4581\");\n script_xref(name:\"USN\", value:\"2989-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux vulnerabilities (USN-2989-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the\nLinux kernel incorrectly enables scatter/gather I/O. A remote attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-2117)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO\nUSB over wifi device drivers in the Linux kernel. A remote attacker\ncould use this to cause a denial of service (system crash) or obtain\npotentially sensitive information from kernel memory. (CVE-2015-4004)\n\nAndy Lutomirski discovered a race condition in the Linux kernel's\ntranslation lookaside buffer (TLB) handling of flush events. A local\nattacker could use this to cause a denial of service or possibly leak\nsensitive information. (CVE-2016-2069)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An\nattacker with physical access could use this to cause a denial of\nservice (system crash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits\nwere disabled. A local attacker could use this to make it easier to\nexploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB\ndriver in the Linux kernel did not cancel work events queued if a\nlater error occurred, resulting in a use-after-free. An attacker with\nphysical access could use this to cause a denial of service (system\ncrash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when\nhandling incoming packets in the USB/IP implementation in the Linux\nkernel. A remote attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC\ntype 2 Support implementations in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink\nsocket interface (rtnetlink) implementation in the Linux kernel. A\nlocal attacker could use this to obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4486)\n\nIt was discovered that in some situations the Linux kernel did not\nhandle propagated mounts correctly. A local unprivileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2989-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-3.13-generic,\nlinux-image-3.13-generic-lpae and / or linux-image-3.13-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-4004\", \"CVE-2016-2069\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4581\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2989-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-87-generic\", pkgver:\"3.13.0-87.133\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-87-generic-lpae\", pkgver:\"3.13.0-87.133\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-87-lowlatency\", pkgver:\"3.13.0-87.133\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:38", "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nMultiple race conditions where discovered in the Linux kernel's ext4 file system. A local user could exploit this flaw to cause a denial of service (disk corruption) by writing to a page that is associated with a different users file after unsynchronized hole punching and page-fault handling. (CVE-2015-8839)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB device driver did not properly validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2187)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress hugetlbfs support in X86 paravirtualized guests. An attacker in the guest OS could cause a denial of service (guest system crash).\n(CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 Support implementations in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket interface (rtnetlink) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4486)\n\nJann Horn discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel could overflow reference counters on systems with more than 32GB of physical ram and with RLIMIT_MEMLOCK set to infinite. A local unprivileged attacker could use to create a use-after- free situation, causing a denial of service (system crash) or possibly gain administrative privileges. (CVE-2016-4558)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel could be coerced into overwriting kernel memory. A local unprivileged attacker could use this to possibly gain administrative privileges on systems where InifiniBand related kernel modules are loaded. (CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local unprivileged attacker could use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-06-10T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3005-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8839", "CVE-2016-1583", "CVE-2016-2117", "CVE-2016-2187", "CVE-2016-3961", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4558", "CVE-2016-4565", "CVE-2016-4581"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3005-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91567", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3005-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91567);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2015-8839\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4558\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_xref(name:\"USN\", value:\"3005-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3005-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the\nLinux kernel incorrectly enables scatter/gather I/O. A remote attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the\nmmap() handler of a lower filesystem that did not implement one,\ncausing a recursive page fault to occur. A local unprivileged attacker\ncould use to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nMultiple race conditions where discovered in the Linux kernel's ext4\nfile system. A local user could exploit this flaw to cause a denial of\nservice (disk corruption) by writing to a page that is associated with\na different users file after unsynchronized hole punching and\npage-fault handling. (CVE-2015-8839)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An\nattacker with physical access could use this to cause a denial of\nservice (system crash). (CVE-2016-2187)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly\nsuppress hugetlbfs support in X86 paravirtualized guests. An attacker\nin the guest OS could cause a denial of service (guest system crash).\n(CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC\ntype 2 Support implementations in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink\nsocket interface (rtnetlink) implementation in the Linux kernel. A\nlocal attacker could use this to obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4486)\n\nJann Horn discovered that the extended Berkeley Packet Filter (eBPF)\nimplementation in the Linux kernel could overflow reference counters\non systems with more than 32GB of physical ram and with RLIMIT_MEMLOCK\nset to infinite. A local unprivileged attacker could use to create a\nuse-after- free situation, causing a denial of service (system crash)\nor possibly gain administrative privileges. (CVE-2016-4558)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux\nkernel could be coerced into overwriting kernel memory. A local\nunprivileged attacker could use this to possibly gain administrative\nprivileges on systems where InifiniBand related kernel modules are\nloaded. (CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not\nhandle propagated mounts correctly. A local unprivileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3005-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-4.4-generic,\nlinux-image-4.4-generic-lpae and / or linux-image-4.4-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-8839\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4558\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3005-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-24-generic\", pkgver:\"4.4.0-24.43~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-24-generic-lpae\", pkgver:\"4.4.0-24.43~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-24-lowlatency\", pkgver:\"4.4.0-24.43~14.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-generic / linux-image-4.4-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-16T14:59:53", "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB over wifi device drivers in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2015-4004)\n\nAndy Lutomirski discovered a race condition in the Linux kernel's translation lookaside buffer (TLB) handling of flush events. A local attacker could use this to cause a denial of service or possibly leak sensitive information. (CVE-2016-2069)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB device driver did not properly validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would improperly disable Address Space Layout Randomization (ASLR) for x86 processes running in 32 bit mode if stack-consumption resource limits were disabled. A local attacker could use this to make it easier to exploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling incoming packets in the USB/IP implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 Support implementations in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket interface (rtnetlink) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4486)\n\nIt was discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local unprivileged attacker could use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-06-10T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2998-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-4004", "CVE-2016-1583", "CVE-2016-2069", "CVE-2016-2117", "CVE-2016-2187", "CVE-2016-3672", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4581"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-2998-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91560", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2998-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91560);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2015-4004\", \"CVE-2016-1583\", \"CVE-2016-2069\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4581\");\n script_xref(name:\"USN\", value:\"2998-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2998-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the\nLinux kernel incorrectly enables scatter/gather I/O. A remote attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the\nmmap() handler of a lower filesystem that did not implement one,\ncausing a recursive page fault to occur. A local unprivileged attacker\ncould use to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO\nUSB over wifi device drivers in the Linux kernel. A remote attacker\ncould use this to cause a denial of service (system crash) or obtain\npotentially sensitive information from kernel memory. (CVE-2015-4004)\n\nAndy Lutomirski discovered a race condition in the Linux kernel's\ntranslation lookaside buffer (TLB) handling of flush events. A local\nattacker could use this to cause a denial of service or possibly leak\nsensitive information. (CVE-2016-2069)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An\nattacker with physical access could use this to cause a denial of\nservice (system crash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits\nwere disabled. A local attacker could use this to make it easier to\nexploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB\ndriver in the Linux kernel did not cancel work events queued if a\nlater error occurred, resulting in a use-after-free. An attacker with\nphysical access could use this to cause a denial of service (system\ncrash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when\nhandling incoming packets in the USB/IP implementation in the Linux\nkernel. A remote attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC\ntype 2 Support implementations in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink\nsocket interface (rtnetlink) implementation in the Linux kernel. A\nlocal attacker could use this to obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4486)\n\nIt was discovered that in some situations the Linux kernel did not\nhandle propagated mounts correctly. A local unprivileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2998-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-3.13-generic and / or\nlinux-image-3.13-generic-lpae packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-4004\", \"CVE-2016-1583\", \"CVE-2016-2069\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4581\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2998-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.13.0-88-generic\", pkgver:\"3.13.0-88.135~precise1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.13.0-88-generic-lpae\", pkgver:\"3.13.0-88.135~precise1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-16T14:59:54", "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB over wifi device drivers in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB device driver did not properly validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would improperly disable Address Space Layout Randomization (ASLR) for x86 processes running in 32 bit mode if stack-consumption resource limits were disabled. A local attacker could use this to make it easier to exploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling incoming packets in the USB/IP implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress hugetlbfs support in X86 paravirtualized guests. An attacker in the guest OS could cause a denial of service (guest system crash).\n(CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 Support implementations in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket interface (rtnetlink) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4486)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel could be coerced into overwriting kernel memory. A local unprivileged attacker could use this to possibly gain administrative privileges on systems where InifiniBand related kernel modules are loaded. (CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local unprivileged attacker could use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-06-10T00:00:00", "type": "nessus", "title": "Ubuntu 15.10 : linux-raspi2 vulnerabilities (USN-3004-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-4004", "CVE-2016-1583", "CVE-2016-2117", "CVE-2016-2187", "CVE-2016-3672", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-3961", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4565", "CVE-2016-4581"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-raspi2", "cpe:/o:canonical:ubuntu_linux:15.10"], "id": "UBUNTU_USN-3004-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91566", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3004-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91566);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2015-4004\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_xref(name:\"USN\", value:\"3004-1\");\n\n script_name(english:\"Ubuntu 15.10 : linux-raspi2 vulnerabilities (USN-3004-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the\nLinux kernel incorrectly enables scatter/gather I/O. A remote attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the\nmmap() handler of a lower filesystem that did not implement one,\ncausing a recursive page fault to occur. A local unprivileged attacker\ncould use to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO\nUSB over wifi device drivers in the Linux kernel. A remote attacker\ncould use this to cause a denial of service (system crash) or obtain\npotentially sensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An\nattacker with physical access could use this to cause a denial of\nservice (system crash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits\nwere disabled. A local attacker could use this to make it easier to\nexploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB\ndriver in the Linux kernel did not cancel work events queued if a\nlater error occurred, resulting in a use-after-free. An attacker with\nphysical access could use this to cause a denial of service (system\ncrash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when\nhandling incoming packets in the USB/IP implementation in the Linux\nkernel. A remote attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly\nsuppress hugetlbfs support in X86 paravirtualized guests. An attacker\nin the guest OS could cause a denial of service (guest system crash).\n(CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC\ntype 2 Support implementations in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink\nsocket interface (rtnetlink) implementation in the Linux kernel. A\nlocal attacker could use this to obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4486)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux\nkernel could be coerced into overwriting kernel memory. A local\nunprivileged attacker could use this to possibly gain administrative\nprivileges on systems where InifiniBand related kernel modules are\nloaded. (CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not\nhandle propagated mounts correctly. A local unprivileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3004-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected linux-image-4.2-raspi2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(15\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 15.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-4004\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3004-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"15.10\", pkgname:\"linux-image-4.2.0-1031-raspi2\", pkgver:\"4.2.0-1031.41\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.2-raspi2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-16T14:59:53", "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB over wifi device drivers in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB device driver did not properly validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would improperly disable Address Space Layout Randomization (ASLR) for x86 processes running in 32 bit mode if stack-consumption resource limits were disabled. A local attacker could use this to make it easier to exploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling incoming packets in the USB/IP implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress hugetlbfs support in X86 paravirtualized guests. An attacker in the guest OS could cause a denial of service (guest system crash).\n(CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 Support implementations in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket interface (rtnetlink) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4486)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel could be coerced into overwriting kernel memory. A local unprivileged attacker could use this to possibly gain administrative privileges on systems where InifiniBand related kernel modules are loaded. (CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local unprivileged attacker could use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-06-10T00:00:00", "type": "nessus", "title": "Ubuntu 15.10 : linux vulnerabilities (USN-3003-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-4004", "CVE-2016-1583", "CVE-2016-2117", "CVE-2016-2187", "CVE-2016-3672", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-3961", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4565", "CVE-2016-4581"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-lowlatency", "cpe:/o:canonical:ubuntu_linux:15.10"], "id": "UBUNTU_USN-3003-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91565", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3003-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91565);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2015-4004\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_xref(name:\"USN\", value:\"3003-1\");\n\n script_name(english:\"Ubuntu 15.10 : linux vulnerabilities (USN-3003-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the\nLinux kernel incorrectly enables scatter/gather I/O. A remote attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the\nmmap() handler of a lower filesystem that did not implement one,\ncausing a recursive page fault to occur. A local unprivileged attacker\ncould use to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO\nUSB over wifi device drivers in the Linux kernel. A remote attacker\ncould use this to cause a denial of service (system crash) or obtain\npotentially sensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An\nattacker with physical access could use this to cause a denial of\nservice (system crash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits\nwere disabled. A local attacker could use this to make it easier to\nexploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB\ndriver in the Linux kernel did not cancel work events queued if a\nlater error occurred, resulting in a use-after-free. An attacker with\nphysical access could use this to cause a denial of service (system\ncrash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when\nhandling incoming packets in the USB/IP implementation in the Linux\nkernel. A remote attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly\nsuppress hugetlbfs support in X86 paravirtualized guests. An attacker\nin the guest OS could cause a denial of service (guest system crash).\n(CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC\ntype 2 Support implementations in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink\nsocket interface (rtnetlink) implementation in the Linux kernel. A\nlocal attacker could use this to obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4486)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux\nkernel could be coerced into overwriting kernel memory. A local\nunprivileged attacker could use this to possibly gain administrative\nprivileges on systems where InifiniBand related kernel modules are\nloaded. (CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not\nhandle propagated mounts correctly. A local unprivileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3003-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-4.2-generic,\nlinux-image-4.2-generic-lpae and / or linux-image-4.2-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(15\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 15.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-4004\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3003-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"15.10\", pkgname:\"linux-image-4.2.0-38-generic\", pkgver:\"4.2.0-38.45\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"linux-image-4.2.0-38-generic-lpae\", pkgver:\"4.2.0-38.45\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"linux-image-4.2.0-38-lowlatency\", pkgver:\"4.2.0-38.45\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.2-generic / linux-image-4.2-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:09:14", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - vfio/pci: Fix integer overflows, bitmask check (Vlad Tsyrklevich) [Orabug: 25164094] (CVE-2016-9083) (CVE-2016-9084)\n\n - Don't feed anything but regular iovec's to blk_rq_map_user_iov (Linus Torvalds) [Orabug: 25231931] (CVE-2016-9576)\n\n - kvm: x86: Check memopp before dereference (CVE-2016-8630) (Owen Hofmann) [Orabug: 25417387] (CVE-2016-8630)\n\n - crypto: algif_hash - Only export and import on sockets with data (Herbert Xu) [Orabug: 25417799] (CVE-2016-8646)\n\n - USB: usbfs: fix potential infoleak in devio (Kangjie Lu) [Orabug: 25462755] (CVE-2016-4482)\n\n - net: fix infoleak in llc (Kangjie Lu) [Orabug: 25462799] (CVE-2016-4485)\n\n - xen-netback: fix extra_info handling in xenvif_tx_err (Paul Durrant) [Orabug: 25445336]\n\n - net: Documentation: Fix default value tcp_limit_output_bytes (Niklas Cassel) [Orabug:\n 25458076]\n\n - tcp: double default TSQ output bytes limit (Wei Liu) [Orabug: 25458076]\n\n - xenbus: fix deadlock on writes to /proc/xen/xenbus (David Vrabel)", "cvss3": {}, "published": "2017-02-09T00:00:00", "type": "nessus", "title": "OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0039)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4482", "CVE-2016-4485", "CVE-2016-8630", "CVE-2016-8646", "CVE-2016-9083", "CVE-2016-9084", "CVE-2016-9576"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2017-0039.NASL", "href": "https://www.tenable.com/plugins/nessus/97079", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2017-0039.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97079);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-4482\", \"CVE-2016-4485\", \"CVE-2016-8630\", \"CVE-2016-8646\", \"CVE-2016-9083\", \"CVE-2016-9084\", \"CVE-2016-9576\");\n\n script_name(english:\"OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0039)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - vfio/pci: Fix integer overflows, bitmask check (Vlad\n Tsyrklevich) [Orabug: 25164094] (CVE-2016-9083)\n (CVE-2016-9084)\n\n - Don't feed anything but regular iovec's to\n blk_rq_map_user_iov (Linus Torvalds) [Orabug: 25231931]\n (CVE-2016-9576)\n\n - kvm: x86: Check memopp before dereference\n (CVE-2016-8630) (Owen Hofmann) [Orabug: 25417387]\n (CVE-2016-8630)\n\n - crypto: algif_hash - Only export and import on sockets\n with data (Herbert Xu) [Orabug: 25417799]\n (CVE-2016-8646)\n\n - USB: usbfs: fix potential infoleak in devio (Kangjie Lu)\n [Orabug: 25462755] (CVE-2016-4482)\n\n - net: fix infoleak in llc (Kangjie Lu) [Orabug: 25462799]\n (CVE-2016-4485)\n\n - xen-netback: fix extra_info handling in xenvif_tx_err\n (Paul Durrant) [Orabug: 25445336]\n\n - net: Documentation: Fix default value\n tcp_limit_output_bytes (Niklas Cassel) [Orabug:\n 25458076]\n\n - tcp: double default TSQ output bytes limit (Wei Liu)\n [Orabug: 25458076]\n\n - xenbus: fix deadlock on writes to /proc/xen/xenbus\n (David Vrabel)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2017-February/000647.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?23a1489f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-4.1.12-61.1.27.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-firmware-4.1.12-61.1.27.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-16T14:58:48", "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB over wifi device drivers in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB device driver did not properly validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would improperly disable Address Space Layout Randomization (ASLR) for x86 processes running in 32 bit mode if stack-consumption resource limits were disabled. A local attacker could use this to make it easier to exploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling incoming packets in the USB/IP implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress hugetlbfs support in X86 paravirtualized guests. An attacker in the guest OS could cause a denial of service (guest system crash).\n(CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 Support implementations in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket interface (rtnetlink) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4486)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel could be coerced into overwriting kernel memory. A local unprivileged attacker could use this to possibly gain administrative privileges on systems where InifiniBand related kernel modules are loaded. (CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local unprivileged attacker could use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-06-10T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-wily vulnerabilities (USN-3002-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-4004", "CVE-2016-1583", "CVE-2016-2117", "CVE-2016-2187", "CVE-2016-3672", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-3961", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4565", "CVE-2016-4581"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3002-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91564", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3002-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91564);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2015-4004\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_xref(name:\"USN\", value:\"3002-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-wily vulnerabilities (USN-3002-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the\nLinux kernel incorrectly enables scatter/gather I/O. A remote attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the\nmmap() handler of a lower filesystem that did not implement one,\ncausing a recursive page fault to occur. A local unprivileged attacker\ncould use to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO\nUSB over wifi device drivers in the Linux kernel. A remote attacker\ncould use this to cause a denial of service (system crash) or obtain\npotentially sensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An\nattacker with physical access could use this to cause a denial of\nservice (system crash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits\nwere disabled. A local attacker could use this to make it easier to\nexploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB\ndriver in the Linux kernel did not cancel work events queued if a\nlater error occurred, resulting in a use-after-free. An attacker with\nphysical access could use this to cause a denial of service (system\ncrash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when\nhandling incoming packets in the USB/IP implementation in the Linux\nkernel. A remote attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly\nsuppress hugetlbfs support in X86 paravirtualized guests. An attacker\nin the guest OS could cause a denial of service (guest system crash).\n(CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC\ntype 2 Support implementations in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink\nsocket interface (rtnetlink) implementation in the Linux kernel. A\nlocal attacker could use this to obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4486)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux\nkernel could be coerced into overwriting kernel memory. A local\nunprivileged attacker could use this to possibly gain administrative\nprivileges on systems where InifiniBand related kernel modules are\nloaded. (CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not\nhandle propagated mounts correctly. A local unprivileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3002-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-4.2-generic,\nlinux-image-4.2-generic-lpae and / or linux-image-4.2-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-4004\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3002-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.2.0-38-generic\", pkgver:\"4.2.0-38.45~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.2.0-38-generic-lpae\", pkgver:\"4.2.0-38.45~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.2.0-38-lowlatency\", pkgver:\"4.2.0-38.45~14.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.2-generic / linux-image-4.2-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-16T14:59:53", "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB over wifi device drivers in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB device driver did not properly validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would improperly disable Address Space Layout Randomization (ASLR) for x86 processes running in 32 bit mode if stack-consumption resource limits were disabled. A local attacker could use this to make it easier to exploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling incoming packets in the USB/IP implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress hugetlbfs support in X86 paravirtualized guests. An attacker in the guest OS could cause a denial of service (guest system crash).\n(CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 Support implementations in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket interface (rtnetlink) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4486)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel could be coerced into overwriting kernel memory. A local unprivileged attacker could use this to possibly gain administrative privileges on systems where InifiniBand related kernel modules are loaded. (CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local unprivileged attacker could use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-06-10T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-vivid vulnerabilities (USN-3001-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-4004", "CVE-2016-1583", "CVE-2016-2117", "CVE-2016-2187", "CVE-2016-3672", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-3961", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4565", "CVE-2016-4581"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3001-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91563", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3001-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91563);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2015-4004\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_xref(name:\"USN\", value:\"3001-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-vivid vulnerabilities (USN-3001-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the\nLinux kernel incorrectly enables scatter/gather I/O. A remote attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the\nmmap() handler of a lower filesystem that did not implement one,\ncausing a recursive page fault to occur. A local unprivileged attacker\ncould use to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO\nUSB over wifi device drivers in the Linux kernel. A remote attacker\ncould use this to cause a denial of service (system crash) or obtain\npotentially sensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An\nattacker with physical access could use this to cause a denial of\nservice (system crash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits\nwere disabled. A local attacker could use this to make it easier to\nexploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB\ndriver in the Linux kernel did not cancel work events queued if a\nlater error occurred, resulting in a use-after-free. An attacker with\nphysical access could use this to cause a denial of service (system\ncrash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when\nhandling incoming packets in the USB/IP implementation in the Linux\nkernel. A remote attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly\nsuppress hugetlbfs support in X86 paravirtualized guests. An attacker\nin the guest OS could cause a denial of service (guest system crash).\n(CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC\ntype 2 Support implementations in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink\nsocket interface (rtnetlink) implementation in the Linux kernel. A\nlocal attacker could use this to obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4486)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux\nkernel could be coerced into overwriting kernel memory. A local\nunprivileged attacker could use this to possibly gain administrative\nprivileges on systems where InifiniBand related kernel modules are\nloaded. (CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not\nhandle propagated mounts correctly. A local unprivileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3001-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-3.19-generic,\nlinux-image-3.19-generic-lpae and / or linux-image-3.19-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-4004\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3001-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.19.0-61-generic\", pkgver:\"3.19.0-61.69~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.19.0-61-generic-lpae\", pkgver:\"3.19.0-61.69~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.19.0-61-lowlatency\", pkgver:\"3.19.0-61.69~14.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.19-generic / linux-image-3.19-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:09:00", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3514 advisory.\n\n - The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a ModR/M byte in an undefined instruction. (CVE-2016-8630)\n\n - The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message. (CVE-2016-4485)\n\n - drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a state machine confusion bug. (CVE-2016-9083)\n\n - drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which allows local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file. (CVE-2016-9084)\n\n - The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device.\n (CVE-2016-9576)\n\n - The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data. (CVE-2016-8646)\n\n - The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call. (CVE-2016-4482)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2017-02-08T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3514)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4482", "CVE-2016-4485", "CVE-2016-8630", "CVE-2016-8646", "CVE-2016-9083", "CVE-2016-9084", "CVE-2016-9576"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-61.1.27.el6uek", "p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-61.1.27.el7uek", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2017-3514.NASL", "href": "https://www.tenable.com/plugins/nessus/97057", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2017-3514.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97057);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2016-4482\",\n \"CVE-2016-4485\",\n \"CVE-2016-8630\",\n \"CVE-2016-8646\",\n \"CVE-2016-9083\",\n \"CVE-2016-9084\",\n \"CVE-2016-9576\"\n );\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3514)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2017-3514 advisory.\n\n - The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is\n enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a ModR/M\n byte in an undefined instruction. (CVE-2016-8630)\n\n - The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a\n certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by\n reading a message. (CVE-2016-4485)\n\n - drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer\n overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by\n leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a state machine\n confusion bug. (CVE-2016-9083)\n\n - drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which\n allows local users to cause a denial of service (integer overflow) or have unspecified other impact by\n leveraging access to a vfio PCI device file. (CVE-2016-9084)\n\n - The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly\n restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory\n locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device.\n (CVE-2016-9576)\n\n - The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to\n cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket\n that has received zero bytes of data. (CVE-2016-8646)\n\n - The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not\n initialize a certain data structure, which allows local users to obtain sensitive information from kernel\n stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call. (CVE-2016-4482)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2017-3514.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-9576\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-61.1.27.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-61.1.27.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-61.1.27.el6uek', '4.1.12-61.1.27.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2017-3514');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'dtrace-modules-4.1.12-61.1.27.el6uek-0.5.3-2.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-4.1.12-61.1.27.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-61.1.27.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-61.1.27.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-61.1.27.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-61.1.27.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-61.1.27.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'dtrace-modules-4.1.12-61.1.27.el7uek-0.5.3-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-4.1.12-61.1.27.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-61.1.27.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-61.1.27.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-61.1.27.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-61.1.27.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-61.1.27.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dtrace-modules-4.1.12-61.1.27.el6uek / dtrace-modules-4.1.12-61.1.27.el7uek / kernel-uek / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:48", "description": "The openSUSE Leap 42.1 kernel was updated to 4.1.26 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2016-1583: Prevent the usage of mmap when the lower file system does not allow it. This could have lead to local privilege escalation when ecryptfs-utils was installed and /sbin/mount.ecryptfs_private was setuid (bsc#983143).\n\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface.\n (bsc#979548)\n\n - CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions. (bsc#980371).\n\n - CVE-2016-4951: The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel did not verify socket existence, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a dumpit operation. (bsc#981058).\n\n - CVE-2016-5244: An information leak vulnerability in function rds_inc_info_copy of file net/rds/recv.c was fixed that might have leaked kernel stack data.\n (bsc#983213).\n\n - CVE-2016-4580: The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel did not properly initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request.\n (bsc#981267).\n\n - CVE-2016-0758: Tags with indefinite length could have corrupted pointers in asn1_find_indefinite_length (bsc#979867).\n\n - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bnc#963762).\n\n - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654).\n\n - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bnc#971126).\n\n - CVE-2016-3672: The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel did not properly randomize the legacy base address, which made it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits (bnc#974308).\n\n - CVE-2016-4482: A kernel information leak in the usbfs devio connectinfo was fixed, which could expose kernel stack memory to userspace. (bnc#978401).\n\n - CVE-2016-4485: A kernel information leak in llc was fixed (bsc#978821).\n\n - CVE-2016-4486: A kernel information leak in rtnetlink was fixed, where 4 uninitialized bytes could leak to userspace (bsc#978822).\n\n - CVE-2016-4557: A use-after-free via double-fdput in replace_map_fd_with_map_ptr() was fixed, which could allow privilege escalation (bsc#979018).\n\n - CVE-2016-4565: When the 'rdma_ucm' infiniband module is loaded, local attackers could escalate their privileges (bsc#979548).\n\n - CVE-2016-4569: A kernel information leak in the ALSA timer via events via snd_timer_user_tinterrupt that could leak information to userspace was fixed (bsc#979213).\n\n - CVE-2016-4578: A kernel information leak in the ALSA timer via events that could leak information to userspace was fixed (bsc#979879).\n\n - CVE-2016-4581: If the first propogated mount copy was being a slave it could oops the kernel (bsc#979913)\n\nThe following non-security bugs were fixed :\n\n - ALSA: hda - Add dock support for ThinkPad X260 (boo#979278).\n\n - ALSA: hda - Apply fix for white noise on Asus N550JV, too (boo#979278).\n\n - ALSA: hda - Asus N750JV external subwoofer fixup (boo#979278).\n\n - ALSA: hda - Fix broken reconfig (boo#979278).\n\n - ALSA: hda - Fix headphone mic input on a few Dell ALC293 machines (boo#979278).\n\n - ALSA: hda - Fix subwoofer pin on ASUS N751 and N551 (boo#979278).\n\n - ALSA: hda - Fix white noise on Asus N750JV headphone (boo#979278).\n\n - ALSA: hda - Fix white noise on Asus UX501VW headset (boo#979278).\n\n - ALSA: hda/realtek - Add ALC3234 headset mode for Optiplex 9020m (boo#979278).\n\n - ALSA: hda/realtek - New codecs support for ALC234/ALC274/ALC294 (boo#979278).\n\n - ALSA: hda/realtek - New codec support of ALC225 (boo#979278).\n\n - ALSA: hda/realtek - Support headset mode for ALC225 (boo#979278).\n\n - ALSA: pcxhr: Fix missing mutex unlock (boo#979278).\n\n - ALSA: usb-audio: Quirk for yet another Phoenix Audio devices (v2) (boo#979278).\n\n - bluetooth: fix power_on vs close race (bsc#966849).\n\n - bluetooth: vhci: fix open_timeout vs. hdev race (bsc#971799,bsc#966849).\n\n - bluetooth: vhci: Fix race at creating hci device (bsc#971799,bsc#966849).\n\n - bluetooth: vhci: purge unhandled skbs (bsc#971799,bsc#966849).\n\n - btrfs: do not use src fd for printk (bsc#980348).\n\n - btrfs: fix crash/invalid memory access on fsync when using overlayfs (bsc#977198)\n\n - drm: qxl: Workaround for buggy user-space (bsc#981344).\n\n - enic: set netdev->vlan_features (bsc#966245).\n\n - fs: add file_dentry() (bsc#977198).\n\n - IB/IPoIB: Do not set skb truesize since using one linearskb (bsc#980657).\n\n - input: i8042 - lower log level for 'no controller' message (bsc#945345).\n\n - kabi: Add kabi/severities entries to ignore sound/hda/*, x509_*, efivar_validate, file_open_root and dax_fault\n\n - kabi: Add some fixups (module, pci_dev, drm, fuse and thermal)\n\n - kabi: file_dentry changes (bsc#977198).\n\n - kABI fixes for 4.1.22\n\n - mm/page_alloc.c: calculate 'available' memory in a separate function (bsc#982239).\n\n - net: disable fragment reassembly if high_thresh is zero (bsc#970506).\n\n - of: iommu: Silence misleading warning.\n\n - pstore_register() error handling was wrong -- it tried to release lock before it's acquired, causing spinlock / preemption imbalance. - usb: quirk to stop runtime PM for Intel 7260 (bnc#984460).\n\n - Revert 'usb: hub: do not clear BOS field during reset device' (boo#979728).\n\n - usb: core: hub: hub_port_init lock controller instead of bus (bnc#978073).\n\n - usb: preserve kABI in address0 locking (bnc#978073).\n\n - usb: usbip: fix potential out-of-bounds write (bnc#975945).\n\n - USB: xhci: Add broken streams quirk for Frescologic device id 1009 (bnc#982712).\n\n - virtio_balloon: do not change memory amount visible via /proc/meminfo (bsc#982238).\n\n - virtio_balloon: export 'available' memory to balloon statistics (bsc#982239).", "cvss3": {}, "published": "2016-06-22T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2016-753)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7446", "CVE-2016-0758", "CVE-2016-1583", "CVE-2016-2053", "CVE-2016-3134", "CVE-2016-3672", "CVE-2016-3955", "CVE-2016-4482", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4557", "CVE-2016-4565", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4580", "CVE-2016-4581", "CVE-2016-4805", "CVE-2016-4951", "CVE-2016-5244"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-docs-pdf", "p-cpe:/a:novell:opensuse:kernel-ec2", "p-cpe:/a:novell:opensuse:kernel-ec2-base", "p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debugsource", "p-cpe:/a:novell:opensuse:kernel-ec2-devel", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-obs-qa-xen", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:kernel-pae-base", "p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debugsource", "p-cpe:/a:novell:opensuse:kernel-pae-devel", "p-cpe:/a:novell:opensuse:kernel-pv", "p-cpe:/a:novell:opensuse:kernel-pv-base", "p-cpe:/a:novell:opensuse:kernel-pv-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pv-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pv-debugsource", "p-cpe:/a:novell:opensuse:kernel-pv-devel", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-xen-base", "p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debugsource", "p-cpe:/a:novell:opensuse:kernel-xen-devel", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2016-753.NASL", "href": "https://www.tenable.com/plugins/nessus/91736", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-753.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91736);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-7446\", \"CVE-2016-0758\", \"CVE-2016-1583\", \"CVE-2016-2053\", \"CVE-2016-3134\", \"CVE-2016-3672\", \"CVE-2016-3955\", \"CVE-2016-4482\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4557\", \"CVE-2016-4565\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4580\", \"CVE-2016-4581\", \"CVE-2016-4805\", \"CVE-2016-4951\", \"CVE-2016-5244\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2016-753)\");\n script_summary(english:\"Check for the openSUSE-2016-753 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 42.1 kernel was updated to 4.1.26 to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2016-1583: Prevent the usage of mmap when the lower\n file system does not allow it. This could have lead to\n local privilege escalation when ecryptfs-utils was\n installed and /sbin/mount.ecryptfs_private was setuid\n (bsc#983143).\n\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the\n Linux kernel incorrectly relies on the write system\n call, which allows local users to cause a denial of\n service (kernel memory write operation) or possibly have\n unspecified other impact via a uAPI interface.\n (bsc#979548)\n\n - CVE-2016-4805: Use-after-free vulnerability in\n drivers/net/ppp/ppp_generic.c in the Linux kernel\n allowed local users to cause a denial of service (memory\n corruption and system crash, or spinlock) or possibly\n have unspecified other impact by removing a network\n namespace, related to the ppp_register_net_channel and\n ppp_unregister_channel functions. (bsc#980371).\n\n - CVE-2016-4951: The tipc_nl_publ_dump function in\n net/tipc/socket.c in the Linux kernel did not verify\n socket existence, which allowed local users to cause a\n denial of service (NULL pointer dereference and system\n crash) or possibly have unspecified other impact via a\n dumpit operation. (bsc#981058).\n\n - CVE-2016-5244: An information leak vulnerability in\n function rds_inc_info_copy of file net/rds/recv.c was\n fixed that might have leaked kernel stack data.\n (bsc#983213).\n\n - CVE-2016-4580: The x25_negotiate_facilities function in\n net/x25/x25_facilities.c in the Linux kernel did not\n properly initialize a certain data structure, which\n allowed attackers to obtain sensitive information from\n kernel stack memory via an X.25 Call Request.\n (bsc#981267).\n\n - CVE-2016-0758: Tags with indefinite length could have\n corrupted pointers in asn1_find_indefinite_length\n (bsc#979867).\n\n - CVE-2016-2053: The asn1_ber_decoder function in\n lib/asn1_decoder.c in the Linux kernel allowed attackers\n to cause a denial of service (panic) via an ASN.1 BER\n file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bnc#963762).\n\n - CVE-2013-7446: Use-after-free vulnerability in\n net/unix/af_unix.c in the Linux kernel allowed local\n users to bypass intended AF_UNIX socket permissions or\n cause a denial of service (panic) via crafted epoll_ctl\n calls (bnc#955654).\n\n - CVE-2016-3134: The netfilter subsystem in the Linux\n kernel did not validate certain offset fields, which\n allowed local users to gain privileges or cause a denial\n of service (heap memory corruption) via an\n IPT_SO_SET_REPLACE setsockopt call (bnc#971126).\n\n - CVE-2016-3672: The arch_pick_mmap_layout function in\n arch/x86/mm/mmap.c in the Linux kernel did not properly\n randomize the legacy base address, which made it easier\n for local users to defeat the intended restrictions on\n the ADDR_NO_RANDOMIZE flag, and bypass the ASLR\n protection mechanism for a setuid or setgid program, by\n disabling stack-consumption resource limits\n (bnc#974308).\n\n - CVE-2016-4482: A kernel information leak in the usbfs\n devio connectinfo was fixed, which could expose kernel\n stack memory to userspace. (bnc#978401).\n\n - CVE-2016-4485: A kernel information leak in llc was\n fixed (bsc#978821).\n\n - CVE-2016-4486: A kernel information leak in rtnetlink\n was fixed, where 4 uninitialized bytes could leak to\n userspace (bsc#978822).\n\n - CVE-2016-4557: A use-after-free via double-fdput in\n replace_map_fd_with_map_ptr() was fixed, which could\n allow privilege escalation (bsc#979018).\n\n - CVE-2016-4565: When the 'rdma_ucm' infiniband module is\n loaded, local attackers could escalate their privileges\n (bsc#979548).\n\n - CVE-2016-4569: A kernel information leak in the ALSA\n timer via events via snd_timer_user_tinterrupt that\n could leak information to userspace was fixed\n (bsc#979213).\n\n - CVE-2016-4578: A kernel information leak in the ALSA\n timer via events that could leak information to\n userspace was fixed (bsc#979879).\n\n - CVE-2016-4581: If the first propogated mount copy was\n being a slave it could oops the kernel (bsc#979913)\n\nThe following non-security bugs were fixed :\n\n - ALSA: hda - Add dock support for ThinkPad X260\n (boo#979278).\n\n - ALSA: hda - Apply fix for white noise on Asus N550JV,\n too (boo#979278).\n\n - ALSA: hda - Asus N750JV external subwoofer fixup\n (boo#979278).\n\n - ALSA: hda - Fix broken reconfig (boo#979278).\n\n - ALSA: hda - Fix headphone mic input on a few Dell ALC293\n machines (boo#979278).\n\n - ALSA: hda - Fix subwoofer pin on ASUS N751 and N551\n (boo#979278).\n\n - ALSA: hda - Fix white noise on Asus N750JV headphone\n (boo#979278).\n\n - ALSA: hda - Fix white noise on Asus UX501VW headset\n (boo#979278).\n\n - ALSA: hda/realtek - Add ALC3234 headset mode for\n Optiplex 9020m (boo#979278).\n\n - ALSA: hda/realtek - New codecs support for\n ALC234/ALC274/ALC294 (boo#979278).\n\n - ALSA: hda/realtek - New codec support of ALC225\n (boo#979278).\n\n - ALSA: hda/realtek - Support headset mode for ALC225\n (boo#979278).\n\n - ALSA: pcxhr: Fix missing mutex unlock (boo#979278).\n\n - ALSA: usb-audio: Quirk for yet another Phoenix Audio\n devices (v2) (boo#979278).\n\n - bluetooth: fix power_on vs close race (bsc#966849).\n\n - bluetooth: vhci: fix open_timeout vs. hdev race\n (bsc#971799,bsc#966849).\n\n - bluetooth: vhci: Fix race at creating hci device\n (bsc#971799,bsc#966849).\n\n - bluetooth: vhci: purge unhandled skbs\n (bsc#971799,bsc#966849).\n\n - btrfs: do not use src fd for printk (bsc#980348).\n\n - btrfs: fix crash/invalid memory access on fsync when\n using overlayfs (bsc#977198)\n\n - drm: qxl: Workaround for buggy user-space (bsc#981344).\n\n - enic: set netdev->vlan_features (bsc#966245).\n\n - fs: add file_dentry() (bsc#977198).\n\n - IB/IPoIB: Do not set skb truesize since using one\n linearskb (bsc#980657).\n\n - input: i8042 - lower log level for 'no controller'\n message (bsc#945345).\n\n - kabi: Add kabi/severities entries to ignore sound/hda/*,\n x509_*, efivar_validate, file_open_root and dax_fault\n\n - kabi: Add some fixups (module, pci_dev, drm, fuse and\n thermal)\n\n - kabi: file_dentry changes (bsc#977198).\n\n - kABI fixes for 4.1.22\n\n - mm/page_alloc.c: calculate 'available' memory in a\n separate function (bsc#982239).\n\n - net: disable fragment reassembly if high_thresh is zero\n (bsc#970506).\n\n - of: iommu: Silence misleading warning.\n\n - pstore_register() error handling was wrong -- it tried\n to release lock before it's acquired, causing spinlock /\n preemption imbalance. - usb: quirk to stop runtime PM\n for Intel 7260 (bnc#984460).\n\n - Revert 'usb: hub: do not clear BOS field during reset\n device' (boo#979728).\n\n - usb: core: hub: hub_port_init lock controller instead of\n bus (bnc#978073).\n\n - usb: preserve kABI in address0 locking (bnc#978073).\n\n - usb: usbip: fix potential out-of-bounds write\n (bnc#975945).\n\n - USB: xhci: Add broken streams quirk for Frescologic\n device id 1009 (bnc#982712).\n\n - virtio_balloon: do not change memory amount visible via\n /proc/meminfo (bsc#982238).\n\n - virtio_balloon: export 'available' memory to balloon\n statistics (bsc#982239).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=945345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=955654\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=966245\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=966849\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=970506\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=971126\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=971799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=973570\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=974308\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=975945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=977198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=978073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=978401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=978821\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=978822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979867\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=980348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=980371\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=980657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981058\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981267\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981344\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=982238\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=982239\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=982712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984460\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux BPF doubleput UAF Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-base-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-base-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-debugsource-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-devel-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-devel-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-docs-html-4.1.26-21.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-docs-pdf-4.1.26-21.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-macros-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-build-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-build-debugsource-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-qa-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-qa-xen-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-source-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-source-vanilla-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-syms-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-base-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-base-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-debugsource-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-devel-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-devel-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-base-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-base-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-debugsource-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-devel-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-base-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-base-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-debugsource-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-devel-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-base-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-base-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-debugsource-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-devel-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-debugsource-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-devel-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-base-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-base-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-debugsource-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-devel-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debugsource-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-debugsource-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-devel-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-base-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-base-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-debugsource-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-devel-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debugsource-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-devel-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-4.1.26-21.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-16T15:00:19", "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB over wifi device drivers in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB device driver did not properly validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2187)\n\nSergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the MCT USB RS232 Converter device driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3136)\n\nSergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the Cypress M8 USB device driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash).\n(CVE-2016-3137)\n\nSergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the Linux kernel's USB driver for Digi AccelePort serial converters did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3140)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would improperly disable Address Space Layout Randomization (ASLR) for x86 processes running in 32 bit mode if stack-consumption resource limits were disabled. A local attacker could use this to make it easier to exploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nIt was discovered that the Linux kernel's USB driver for IMS Passenger Control Unit devices did not properly validate the device's interfaces. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3689)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling incoming packets in the USB/IP implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 Support implementations in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket interface (rtnetlink) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4486)\n\nIt was discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local unprivileged attacker could use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-06-10T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-3000-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-4004", "CVE-2016-1583", "CVE-2016-2117", "CVE-2016-2187", "CVE-2016-3136", "CVE-2016-3137", "CVE-2016-3140", "CVE-2016-3672", "CVE-2016-3689", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4581"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3000-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91562", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3000-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91562);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2015-4004\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3136\", \"CVE-2016-3137\", \"CVE-2016-3140\", \"CVE-2016-3672\", \"CVE-2016-3689\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4581\");\n script_xref(name:\"USN\", value:\"3000-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-3000-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the\nLinux kernel incorrectly enables scatter/gather I/O. A remote attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the\nmmap() handler of a lower filesystem that did not implement one,\ncausing a recursive page fault to occur. A local unprivileged attacker\ncould use to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO\nUSB over wifi device drivers in the Linux kernel. A remote attacker\ncould use this to cause a denial of service (system crash) or obtain\npotentially sensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An\nattacker with physical access could use this to cause a denial of\nservice (system crash). (CVE-2016-2187)\n\nSergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered\nthat the MCT USB RS232 Converter device driver in the Linux kernel did\nnot properly validate USB device descriptors. An attacker with\nphysical access could use this to cause a denial of service (system\ncrash). (CVE-2016-3136)\n\nSergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered\nthat the Cypress M8 USB device driver in the Linux kernel did not\nproperly validate USB device descriptors. An attacker with physical\naccess could use this to cause a denial of service (system crash).\n(CVE-2016-3137)\n\nSergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered\nthat the Linux kernel's USB driver for Digi AccelePort serial\nconverters did not properly validate USB device descriptors. An\nattacker with physical access could use this to cause a denial of\nservice (system crash). (CVE-2016-3140)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits\nwere disabled. A local attacker could use this to make it easier to\nexploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nIt was discovered that the Linux kernel's USB driver for IMS Passenger\nControl Unit devices did not properly validate the device's\ninterfaces. An attacker with physical access could use this to cause a\ndenial of service (system crash). (CVE-2016-3689)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB\ndriver in the Linux kernel did not cancel work events queued if a\nlater error occurred, resulting in a use-after-free. An attacker with\nphysical access could use this to cause a denial of service (system\ncrash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when\nhandling incoming packets in the USB/IP implementation in the Linux\nkernel. A remote attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC\ntype 2 Support implementations in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink\nsocket interface (rtnetlink) implementation in the Linux kernel. A\nlocal attacker could use this to obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4486)\n\nIt was discovered that in some situations the Linux kernel did not\nhandle propagated mounts correctly. A local unprivileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3000-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-3.16-generic,\nlinux-image-3.16-generic-lpae and / or linux-image-3.16-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-4004\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3136\", \"CVE-2016-3137\", \"CVE-2016-3140\", \"CVE-2016-3672\", \"CVE-2016-3689\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4581\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3000-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-73-generic\", pkgver:\"3.16.0-73.95~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-73-generic-lpae\", pkgver:\"3.16.0-73.95~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-73-lowlatency\", pkgver:\"3.16.0-73.95~14.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.16-generic / linux-image-3.16-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:34", "description": "The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed :\n\n - CVE-2016-3955: The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel allowed remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted length value in a USB/IP packet (bnc#975945).\n\n - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary (bnc#986365).\n\n - CVE-2015-7513: arch/x86/kvm/x86.c in the Linux kernel did not reset the PIT counter values during state restoration, which allowed guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions (bnc#960689).\n\n - CVE-2013-4312: The Linux kernel allowed local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c (bnc#839104).\n\n - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bnc#986362).\n\n - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bnc#986572).\n\n - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure was initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bnc#984755).\n\n - CVE-2016-5244: The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel did not initialize a certain structure member, which allowed remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message (bnc#983213).\n\n - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bnc#983143).\n\n - CVE-2016-4913: The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel mishandled NM (aka alternate name) entries containing \\0 characters, which allowed local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem (bnc#980725).\n\n - CVE-2016-4580: The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel did not properly initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request (bnc#981267).\n\n - CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions (bnc#980371).\n\n - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bnc#979867).\n\n - CVE-2015-7833: The usbvision driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor (bnc#950998).\n\n - CVE-2016-2187: The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971944).\n\n - CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bnc#978401).\n\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relies on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bnc#979548).\n\n - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bnc#963762).\n\n - CVE-2016-4485: The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel did not initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory by reading a message (bnc#978821).\n\n - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize certain r1 data structures, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions (bnc#979879).\n\n - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface (bnc#979213).\n\n - CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#978822).\n\n - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bnc#971126).\n\n - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly determine the rate of challenge ACK segments, which made it easier for man-in-the-middle attackers to hijack TCP sessions via a blind in-window attack. (bsc#989152)\n\n - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a 'double fetch' vulnerability.\n (bsc#991608)\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-09-08T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : kernel (SUSE-SU-2016:2245-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4312", "CVE-2015-7513", "CVE-2015-7833", "CVE-2016-0758", "CVE-2016-1583", "CVE-2016-2053", "CVE-2016-2187", "CVE-2016-3134", "CVE-2016-3955", "CVE-2016-4470", "CVE-2016-4482", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4565", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4580", "CVE-2016-4805", "CVE-2016-4913", "CVE-2016-4997", "CVE-2016-4998", "CVE-2016-5244", "CVE-2016-5696", "CVE-2016-5829", "CVE-2016-6480"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-bigsmp", "p-cpe:/a:novell:suse_linux:kernel-bigsmp-base", "p-cpe:/a:novell:suse_linux:kernel-bigsmp-devel", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-ec2", "p-cpe:/a:novell:suse_linux:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:kernel-ec2-devel", "p-cpe:/a:novell:suse_linux:kernel-pae", "p-cpe:/a:novell:suse_linux:kernel-pae-base", "p-cpe:/a:novell:suse_linux:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-trace", "p-cpe:/a:novell:suse_linux:kernel-trace-base", "p-cpe:/a:novell:suse_linux:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2016-2245-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93370", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2245-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93370);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-4312\", \"CVE-2015-7513\", \"CVE-2015-7833\", \"CVE-2016-0758\", \"CVE-2016-1583\", \"CVE-2016-2053\", \"CVE-2016-2187\", \"CVE-2016-3134\", \"CVE-2016-3955\", \"CVE-2016-4470\", \"CVE-2016-4482\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4580\", \"CVE-2016-4805\", \"CVE-2016-4913\", \"CVE-2016-4997\", \"CVE-2016-4998\", \"CVE-2016-5244\", \"CVE-2016-5696\", \"CVE-2016-5829\", \"CVE-2016-6480\");\n\n script_name(english:\"SUSE SLES11 Security Update : kernel (SUSE-SU-2016:2245-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive\nvarious security and bugfixes. The following security bugs were \nfixed :\n\n - CVE-2016-3955: The usbip_recv_xbuff function in\n drivers/usb/usbip/usbip_common.c in the Linux kernel\n allowed remote attackers to cause a denial of service\n (out-of-bounds write) or possibly have unspecified other\n impact via a crafted length value in a USB/IP packet\n (bnc#975945).\n\n - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt\n implementation in the netfilter subsystem in the Linux\n kernel allowed local users to cause a denial of service\n (out-of-bounds read) or possibly obtain sensitive\n information from kernel heap memory by leveraging\n in-container root access to provide a crafted offset\n value that leads to crossing a ruleset blob boundary\n (bnc#986365).\n\n - CVE-2015-7513: arch/x86/kvm/x86.c in the Linux kernel\n did not reset the PIT counter values during state\n restoration, which allowed guest OS users to cause a\n denial of service (divide-by-zero error and host OS\n crash) via a zero value, related to the\n kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions\n (bnc#960689).\n\n - CVE-2013-4312: The Linux kernel allowed local users to\n bypass file-descriptor limits and cause a denial of\n service (memory consumption) by sending each descriptor\n over a UNIX socket before closing it, related to\n net/unix/af_unix.c and net/unix/garbage.c (bnc#839104).\n\n - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt\n implementation in the netfilter subsystem in the Linux\n kernel allowed local users to gain privileges or cause a\n denial of service (memory corruption) by leveraging\n in-container root access to provide a crafted offset\n value that triggers an unintended decrement\n (bnc#986362).\n\n - CVE-2016-5829: Multiple heap-based buffer overflows in\n the hiddev_ioctl_usage function in\n drivers/hid/usbhid/hiddev.c in the Linux kernel allow\n local users to cause a denial of service or possibly\n have unspecified other impact via a crafted (1)\n HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call\n (bnc#986572).\n\n - CVE-2016-4470: The key_reject_and_link function in\n security/keys/key.c in the Linux kernel did not ensure\n that a certain data structure was initialized, which\n allowed local users to cause a denial of service (system\n crash) via vectors involving a crafted keyctl request2\n command (bnc#984755).\n\n - CVE-2016-5244: The rds_inc_info_copy function in\n net/rds/recv.c in the Linux kernel did not initialize a\n certain structure member, which allowed remote attackers\n to obtain sensitive information from kernel stack memory\n by reading an RDS message (bnc#983213).\n\n - CVE-2016-1583: The ecryptfs_privileged_open function in\n fs/ecryptfs/kthread.c in the Linux kernel allowed local\n users to gain privileges or cause a denial of service\n (stack memory consumption) via vectors involving crafted\n mmap calls for /proc pathnames, leading to recursive\n pagefault handling (bnc#983143).\n\n - CVE-2016-4913: The get_rock_ridge_filename function in\n fs/isofs/rock.c in the Linux kernel mishandled NM (aka\n alternate name) entries contain