MiracleLinux 3 : kernel-2.6.18-274.6.AXS3 (AXSA:2012-251:02)

🗓️ 14 Jan 2026 00:00:00Reported by TenableType

MiracleLinux 3 kernel package affected by several CVEs per AXSA 2012-251:02.

Reporter	Title	Published	Views	Family All 751
0day.today	Linux IGMP Remote Denial Of Service (Introduced in linux-2.6.36)	17 Jan 201200:00	–	zdt
Amazon	Medium: kernel	19 Nov 201100:00	–	amazon
Amazon	Medium: kernel	2 Dec 201100:00	–	amazon
Amazon	Medium: kernel	6 Jan 201200:00	–	amazon
Amazon	Medium: kernel	15 Feb 201200:00	–	amazon
Amazon	Medium: kernel	16 Mar 201200:00	–	amazon
Tenable Nessus	Amazon Linux AMI : kernel (ALAS-2011-22)	4 Sep 201300:00	–	nessus
Tenable Nessus	Amazon Linux AMI : kernel (ALAS-2011-26)	4 Sep 201300:00	–	nessus
Tenable Nessus	Amazon Linux AMI : kernel (ALAS-2012-34)	4 Sep 201300:00	–	nessus
Tenable Nessus	Amazon Linux AMI : kernel (ALAS-2012-45)	4 Sep 201300:00	–	nessus

Source	Link
tsn	www.tsn.miraclelinux.com/en/node/2743
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2012-251:02.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(284288);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/19");

  script_cve_id(
    "CVE-2011-1020",
    "CVE-2011-3637",
    "CVE-2011-3638",
    "CVE-2011-4077",
    "CVE-2011-4086",
    "CVE-2011-4127",
    "CVE-2011-4132",
    "CVE-2011-4324",
    "CVE-2011-4325",
    "CVE-2011-4330",
    "CVE-2011-4348",
    "CVE-2012-0028",
    "CVE-2012-0207"
  );

  script_name(english:"MiracleLinux 3 : kernel-2.6.18-274.6.AXS3 (AXSA:2012-251:02)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2012-251:02 advisory.

    The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel
    handles the basic functions of the operating system: memory allocation, process allocation, device input
    and output, etc.
    Security issues fixes with this release:
    CVE-2011-1020
    The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the
    /proc directory tree of a process after this process performs an exec of a setuid program, which allows
    local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write
    system calls.
    CVE-2011-4077
    Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel 2.6, when
    CONFIG_XFS_DEBUG is disabled, allows local users to cause a denial of service (memory corruption and
    crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long
    pathname.
    CVE-2011-4132
    The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel
    2.6 allows local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4
    image with an invalid log first block value.
    CVE-2011-4325
    The NFS implementation in Linux kernel before 2.6.31-rc6 calls certain functions without properly
    initializing certain data, which allows local users to cause a denial of service (NULL pointer dereference
    and O_DIRECT oops), as demonstrated using diotest4 from LTP.
    CVE-2011-4330
    Stack-based buffer overflow in the hfs_mac2asc function in fs/hfs/trans.c in the Linux kernel 2.6 allows
    local users to cause a denial of service (crash) and possibly execute arbitrary code via an HFS image with
    a crafted len field.
    CVE-2011-3637
    CVE-2011-4324
    CVE-2011-4348
    CVE-2011-3638
    CVE-2011-4086
    CVE-2011-4127
    CVE-2012-0028
    CVE-2012-0207
    No description available at the time of writing, please refer to the CVE links below.
    Fixed bugs:
    - If an SCSI scan was initiated on a host in recovery mode, the scan failed without any error output; this
    has been fixed and the SCSI layer now waits for the host to recover before starting scan operations.
    - Because SG_IO ioctls were not previously implemented correctly, sending an SG_IO ioctl request to a
    virtio-blk disk caused the sending thread to enter an uninterruptible sleep state. SG_IO ioctls are now
    rejected by the virtio-blk driver: the ioctl system call will simply return an ENOTTY (Inappropriate ioctl
    for device) error and the thread will continue normally.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/2743");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-0028");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2012-0207");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"vendor_severity", value:"High");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/02/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/03/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-PAE");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-PAE-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-xen-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:3");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^3([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 3.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '3',
    'pkgs': [
      {'reference':'kernel-2.6.18-274.6.AXS3', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-2.6.18-274.6.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-devel-2.6.18-274.6.AXS3', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-devel-2.6.18-274.6.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-headers-2.6.18-274.6.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-PAE-2.6.18-274.6.AXS3', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-PAE-devel-2.6.18-274.6.AXS3', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-xen-2.6.18-274.6.AXS3', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-xen-2.6.18-274.6.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-xen-devel-2.6.18-274.6.AXS3', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-xen-devel-2.6.18-274.6.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-PAE / kernel-PAE-devel / kernel-devel / etc');
}

19 Jan 2026 00:00Current

7.5High risk

Vulners AI Score7.5

CVSS 27.8

CVSS 3.17.5

EPSS0.11746