Vulners
Lucene search
MiracleLinux 3 : kernel-2.6.18-274.1.AXS3 (AXSA:2011-313:06)
| Reporter | Title | Published | Views | Family All 898 |
|---|---|---|---|---|
 | Medium: kernel | 2 Dec 201100:00 | – | amazon |
 | Amazon Linux AMI : kernel (ALAS-2011-26) | 4 Sep 201300:00 | – | nessus |
| CentOS 5 : kernel (CESA-2011:0004) | 7 Jan 201100:00 | – | nessus |
| CentOS 5 : kernel (CESA-2011:0429) | 15 Apr 201100:00 | – | nessus |
| CentOS 5 : kernel (CESA-2011:0833) | 29 Jun 201300:00 | – | nessus |
| CentOS 5 : kernel (CESA-2011:0927) | 19 Jul 201100:00 | – | nessus |
| CentOS 5 : kernel (CESA-2011:1065) | 23 Sep 201100:00 | – | nessus |
| Debian DSA-2126-1 : linux-2.6 - privilege escalation/denial of service/information leak | 29 Nov 201000:00 | – | nessus |
| Debian DSA-2153-1 : linux-2.6 - privilege escalation/denial of service/information leak | 31 Jan 201100:00 | – | nessus |
| Debian DSA-2240-1 : linux-2.6 - privilege escalation/denial of service/information leak | 10 Jun 201100:00 | – | nessus |
10
10
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2011-313:06.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(284235);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/02/12");
script_cve_id(
"CVE-2010-4649",
"CVE-2011-0695",
"CVE-2011-0711",
"CVE-2011-1044",
"CVE-2011-1182",
"CVE-2011-1573",
"CVE-2011-1576",
"CVE-2011-1593",
"CVE-2011-1745",
"CVE-2011-1746",
"CVE-2011-1776",
"CVE-2011-1780",
"CVE-2011-1936",
"CVE-2011-2022",
"CVE-2011-2213",
"CVE-2011-2492",
"CVE-2011-2525",
"CVE-2011-2689"
);
script_name(english:"MiracleLinux 3 : kernel-2.6.18-274.1.AXS3 (AXSA:2011-313:06)");
script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2011-313:06 advisory.
The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The
kernel handles the basic functions of the operating system: memory allocation, process allocation, device
input and output, etc.
Security issues fixed with this release:
CVE-2010-4649
Integer overflow in the ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux
kernel before 2.6.37 allows local users to cause a denial of service (memory corruption) or possibly have
unspecified other impact via a large value of a certain structure member.
CVE-2011-0695
Race condition in the cm_work_handler function in the InfiniBand driver (drivers/infiniband/core/cma.c) in
Linux kernel 2.6.x allows remote attackers to cause a denial of service (panic) by sending an InfiniBand
request while other request handlers are still running, which triggers an invalid pointer dereference.
CVE-2011-0711
The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel before 2.6.38-rc6-git3 does not
initialize a certain structure member, which allows local users to obtain potentially sensitive
information from kernel stack memory via an FSGEOMETRY_V1 ioctl call.
CVE-2011-1044
The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37
does not initialize a certain response buffer, which allows local users to obtain potentially sensitive
information from kernel memory via vectors that cause this buffer to be only partially filled, a different
vulnerability than CVE-2010-4649.
CVE-2011-1576
Red Hat Enterprise Virtualization (RHEV) Hypervisor allows remote attackers to cause a denial of service
via unspecified vectors that cause the napi_reuse_skb function to be used on VLAN packets, which triggers
(1) a memory leak or (2) memory corruption, a different vulnerability than CVE-2011-1478.
CVE-2011-1593
Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel before 2.6.38.4
allow local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir
system call.
CVE-2011-1745
Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux
kernel before 2.6.38.5 allows local users to gain privileges or cause a denial of service (system crash)
via a crafted AGPIOC_BIND agp_ioctl ioctl call.
CVE-2011-1746
Multiple integer overflows in the (1) agp_allocate_memory and (2) agp_create_user_memory functions in
drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allow local users to trigger buffer
overflows, and consequently cause a denial of service (system crash) or possibly have unspecified other
impact, via vectors related to calls that specify a large number of memory pages.
CVE-2011-1776
The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size
of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically
proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive
information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability
than CVE-2011-1577.
CVE-2011-2022
The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5
does not validate a certain start parameter, which allows local users to gain privileges or cause a denial
of service (system crash) via a crafted AGPIOC_UNBIND agp_ioctl ioctl call, a different vulnerability than
CVE-2011-1745.
CVE-2011-2213
The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not
properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite
loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an
INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880.
CVE-2011-2492
The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data
structures, which allows local users to obtain potentially sensitive information from kernel memory via a
crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in
net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c.
CVE-2011-2689
The gfs2_fallocate function in fs/gfs2/file.c in the Linux kernel before 3.0-rc1 does not ensure that the
size of a chunk allocation is a multiple of the block size, which allows local users to cause a denial of
service (BUG and system crash) by arranging for all resource groups to have too little free space.
CVE-2011-1780
CVE-2011-2525
CVE-2011-1936
CVE-2011-1182
CVE-2011-1573
No descriptions available at the time of writing, please refer to the CVE links below.
Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/2023");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2011-2525");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"vendor_severity", value:"High");
script_set_attribute(attribute:"vuln_publication_date", value:"2010/05/10");
script_set_attribute(attribute:"patch_publication_date", value:"2011/10/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/14");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-PAE");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-PAE-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-xen");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-xen-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:3");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Miracle Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");
exit(0);
}
include('rpm2.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^3([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 3.x', 'MIRACLE LINUX ' + os_version);
if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);
var constraints = [
{
'release': '3',
'pkgs': [
{'reference':'kernel-2.6.18-274.1.AXS3', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'kernel-2.6.18-274.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'kernel-devel-2.6.18-274.1.AXS3', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'kernel-devel-2.6.18-274.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'kernel-headers-2.6.18-274.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'kernel-PAE-2.6.18-274.1.AXS3', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'kernel-PAE-devel-2.6.18-274.1.AXS3', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'kernel-xen-2.6.18-274.1.AXS3', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'kernel-xen-2.6.18-274.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'kernel-xen-devel-2.6.18-274.1.AXS3', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'kernel-xen-devel-2.6.18-274.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
]
}
];
var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');
var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
# Check that the target release is equal to the affected release
if (!empty_or_null(constraint['release'])){
if (constraint['release'] != os_release) continue;
}
if (!empty_or_null(constraint['sp'])){
if (constraint['sp'] != os_sp) continue;
}
foreach var pkg ( constraint['pkgs'] ) {
reference = NULL;
sp = NULL;
_cpu = NULL;
el_string = NULL;
rpm_spec_vers_cmp = NULL;
epoch = NULL;
allowmaj = NULL;
exists_check = NULL;
cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
## (no known rpm to check OR known rpm_exists)
(!exists_check || rpm_exists(rpm:exists_check)) &&
rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-PAE / kernel-PAE-devel / kernel-devel / etc');
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
12 Feb 2026 00:00Current
6.8Medium risk
Vulners AI Score6.8
CVSS 27.2
CVSS 3.17.8
EPSS0.00911