The openSUSE Leap 42.1 kernel has been updated to fix a security issue :
- CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg* or /dev/bsg* to elevate their privileges (bsc#1013604).
{"nessus": [{"lastseen": "2021-08-19T12:38:44", "description": "The openSUSE 14.2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg* or /dev/bsg* to elevate their privileges (bsc#1013604).\n\nThe following non-security bugs were fixed :\n\n - 8250_pci: Fix potential use-after-free in error path (bsc#1013001).\n\n - block_dev: do not test bdev->bd_contains when it is not stable (bsc#1008557).\n\n - drm/i915/vlv: Disable HPD in valleyview_crt_detect_hotplug() (bsc#1014120).\n\n - drm/i915/vlv: Make intel_crt_reset() per-encoder (bsc#1014120).\n\n - drm/i915/vlv: Reset the ADPA in vlv_display_power_well_init() (bsc#1014120).\n\n - drm/i915: Enable polling when we do not have hpd (bsc#1014120).\n\n - i2c: designware-baytrail: Add support for cherrytrail (bsc#1011913).\n\n - i2c: designware-baytrail: Pass dw_i2c_dev into helper functions (bsc#1011913).\n\n - i2c: designware: Prevent runtime suspend during adapter registration (bsc#1011913).\n\n - i2c: designware: Use transfer timeout from ioctl I2C_TIMEOUT (bsc#1011913).\n\n - i2c: designware: retry transfer on transient failure (bsc#1011913).\n\n - powerpc/xmon: Add xmon command to dump process/task similar to ps(1) (fate#322020).\n\n - sched/fair: Fix incorrect task group ->load_avg (bsc#981825).\n\n - serial: 8250_pci: Detach low-level driver during PCI error recovery (bsc#1013001).\n\n - target: fix tcm_rbd_gen_it_nexus for emulated XCOPY state (bsc#1003606).\n\n - x86/PCI: VMD: Synchronize with RCU freeing MSI IRQ descs (bsc#1006827).", "cvss3": {}, "published": "2016-12-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2016-1438)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9576"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-docs-pdf", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2016-1438.NASL", "href": "https://www.tenable.com/plugins/nessus/95744", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1438.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95744);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-9576\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2016-1438)\");\n script_summary(english:\"Check for the openSUSE-2016-1438 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE 14.2 kernel was updated to receive various security and\nbugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2016-9576: A use-after-free vulnerability in the\n SCSI generic driver allows users with write access to\n /dev/sg* or /dev/bsg* to elevate their privileges\n (bsc#1013604).\n\nThe following non-security bugs were fixed :\n\n - 8250_pci: Fix potential use-after-free in error path\n (bsc#1013001).\n\n - block_dev: do not test bdev->bd_contains when it is not\n stable (bsc#1008557).\n\n - drm/i915/vlv: Disable HPD in\n valleyview_crt_detect_hotplug() (bsc#1014120).\n\n - drm/i915/vlv: Make intel_crt_reset() per-encoder\n (bsc#1014120).\n\n - drm/i915/vlv: Reset the ADPA in\n vlv_display_power_well_init() (bsc#1014120).\n\n - drm/i915: Enable polling when we do not have hpd\n (bsc#1014120).\n\n - i2c: designware-baytrail: Add support for cherrytrail\n (bsc#1011913).\n\n - i2c: designware-baytrail: Pass dw_i2c_dev into helper\n functions (bsc#1011913).\n\n - i2c: designware: Prevent runtime suspend during adapter\n registration (bsc#1011913).\n\n - i2c: designware: Use transfer timeout from ioctl\n I2C_TIMEOUT (bsc#1011913).\n\n - i2c: designware: retry transfer on transient failure\n (bsc#1011913).\n\n - powerpc/xmon: Add xmon command to dump process/task\n similar to ps(1) (fate#322020).\n\n - sched/fair: Fix incorrect task group ->load_avg\n (bsc#981825).\n\n - serial: 8250_pci: Detach low-level driver during PCI\n error recovery (bsc#1013001).\n\n - target: fix tcm_rbd_gen_it_nexus for emulated XCOPY\n state (bsc#1003606).\n\n - x86/PCI: VMD: Synchronize with RCU freeing MSI IRQ descs\n (bsc#1006827).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1003606\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1006827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1008557\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013001\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1014120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981825\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-base-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-base-debuginfo-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-debuginfo-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-debugsource-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-devel-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-devel-debuginfo-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-base-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-base-debuginfo-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-debuginfo-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-debugsource-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-devel-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-devel-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-docs-html-4.4.36-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-docs-pdf-4.4.36-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-macros-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-obs-build-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-obs-build-debugsource-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-obs-qa-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-source-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-source-vanilla-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-syms-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-base-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-base-debuginfo-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-debuginfo-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-debugsource-4.4.36-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-devel-4.4.36-8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-docs-html / kernel-docs-pdf / kernel-devel / kernel-macros / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-13T15:17:29", "description": "The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device. (CVE-2016-9576)\n\nImpact\n\nThis vulnerability may allow locally authenticated users to read or write to arbitrary kernel memory locations or cause a denial of service (DoS).\n\nNote : The exploit requires local shell access and can provide a user with root access to the system. On BIG-IP systems, shell access includes root privileges, making this exploit unnecessary.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-11-03T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : Linux kernel vulnerability (K05513373)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9576"], "modified": "2019-07-17T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip", "cpe:/h:f5:big-ip_protocol_security_manager"], "id": "F5_BIGIP_SOL05513373.NASL", "href": "https://www.tenable.com/plugins/nessus/104366", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K05513373.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104366);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/07/17 16:36:41\");\n\n script_cve_id(\"CVE-2016-9576\");\n\n script_name(english:\"F5 Networks BIG-IP : Linux kernel vulnerability (K05513373)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The blk_rq_map_user_iov function in block/blk-map.c in the Linux\nkernel before 4.8.14 does not properly restrict the type of iterator,\nwhich allows local users to read or write to arbitrary kernel memory\nlocations or cause a denial of service (use-after-free) by leveraging\naccess to a /dev/sg device. (CVE-2016-9576)\n\nImpact\n\nThis vulnerability may allow locally authenticated users to read or\nwrite to arbitrary kernel memory locations or cause a denial of\nservice (DoS).\n\nNote : The exploit requires local shell access and can provide a user\nwith root access to the system. On BIG-IP systems, shell access\nincludes root privileges, making this exploit unnecessary.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K05513373\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K05513373.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K05513373\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"13.0.0-13.1.0\",\"12.0.0-12.1.2\",\"11.4.0-11.6.1\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.1.0.4\",\"13.0.1\",\"12.1.3\",\"11.6.2\",\"11.5.5\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"13.0.0-13.1.0\",\"12.0.0-12.1.2\",\"11.4.0-11.6.1\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.1.0.4\",\"13.0.1\",\"12.1.3\",\"11.6.2\",\"11.5.5\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"13.0.0-13.1.0\",\"12.0.0-12.1.2\",\"11.4.0-11.6.1\",\"11.2.1\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.1.0.4\",\"13.0.1\",\"12.1.3\",\"11.6.2\",\"11.5.5\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"13.0.0-13.1.0\",\"12.0.0-12.1.2\",\"11.4.0-11.6.1\",\"11.2.1\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.1.0.4\",\"13.0.1\",\"12.1.3\",\"11.6.2\",\"11.5.5\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"13.0.0-13.1.0\",\"12.0.0-12.1.2\",\"11.4.0-11.6.1\",\"11.2.1\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.1.0.4\",\"13.0.1\",\"12.1.3\",\"11.6.2\",\"11.5.5\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.4.0-11.6.1\",\"11.2.1\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.6.2\",\"11.5.5\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"13.0.0-13.1.0\",\"12.0.0-12.1.2\",\"11.4.0-11.6.1\",\"11.2.1\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.1.0.4\",\"13.0.1\",\"12.1.3\",\"11.6.2\",\"11.5.5\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"13.0.0-13.1.0\",\"12.0.0-12.1.2\",\"11.4.0-11.6.1\",\"11.2.1\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.1.0.4\",\"13.0.1\",\"12.1.3\",\"11.6.2\",\"11.5.5\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"13.0.0-13.1.0\",\"12.0.0-12.1.2\",\"11.4.0-11.6.1\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.1.0.4\",\"13.0.1\",\"12.1.3\",\"11.6.2\",\"11.5.5\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-06T14:34:27", "description": "The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 .", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-20T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2017-786)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10088", "CVE-2016-9576"], "modified": "2018-09-04T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-doc", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2017-786.NASL", "href": "https://www.tenable.com/plugins/nessus/96632", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-786.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96632);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2018/09/04 13:20:07\");\n\n script_cve_id(\"CVE-2016-10088\");\n script_xref(name:\"ALAS\", value:\"2017-786\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2017-786)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The sg implementation in the Linux kernel did not properly restrict\nwrite operations in situations where the KERNEL_DS option is set,\nwhich allows local users to read or write to arbitrary kernel memory\nlocations or cause a denial of service (use-after-free) by leveraging\naccess to a /dev/sg device, related to block/bsg.c and\ndrivers/scsi/sg.c. NOTE: this vulnerability exists because of an\nincomplete fix for CVE-2016-9576 .\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-786.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Run 'yum update kernel' to update your system. You will need to reboot\nyour system in order for the new kernel to be running.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"kernel-4.4.41-36.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-debuginfo-4.4.41-36.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-4.4.41-36.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.4.41-36.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-devel-4.4.41-36.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-doc-4.4.41-36.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-headers-4.4.41-36.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-4.4.41-36.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-debuginfo-4.4.41-36.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-devel-4.4.41-36.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-4.4.41-36.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-debuginfo-4.4.41-36.55.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-02T17:04:48", "description": "The SUSE Linux Enterprise 12 kernel was updated to receive two security fixes. The following security bugs were fixed :\n\n - CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg* or /dev/bsg* to elevate their privileges (bsc#1013604).\n\n - CVE-2016-9794: A use-after-free vulnerability in the ALSA pcm layer allowed local users to cause a denial of service, memory corruption or possibly even to elevate their privileges (bsc#1013533).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-22T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2016:3217-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9576", "CVE-2016-9794"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debugsource", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_63-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_63-xen", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-3217-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96080", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:3217-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96080);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-9576\", \"CVE-2016-9794\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2016:3217-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 kernel was updated to receive two\nsecurity fixes. The following security bugs were fixed :\n\n - CVE-2016-9576: A use-after-free vulnerability in the\n SCSI generic driver allows users with write access to\n /dev/sg* or /dev/bsg* to elevate their privileges\n (bsc#1013604).\n\n - CVE-2016-9794: A use-after-free vulnerability in the\n ALSA pcm layer allowed local users to cause a denial of\n service, memory corruption or possibly even to elevate\n their privileges (bsc#1013533).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9576/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9794/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20163217-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dea505c5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2016-1876=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2016-1876=1\n\nSUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch\nSUSE-SLE-Module-Public-Cloud-12-2016-1876=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_63-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_63-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.60-52.63.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.12.60-52.63.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.12.60-52.63.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.60-52.63.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.60-52.63.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.60-52.63.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_60-52_63-default-1-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_60-52_63-xen-1-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-3.12.60-52.63.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-3.12.60-52.63.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-base-3.12.60-52.63.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-base-debuginfo-3.12.60-52.63.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-debuginfo-3.12.60-52.63.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-debugsource-3.12.60-52.63.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-devel-3.12.60-52.63.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-syms-3.12.60-52.63.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-02T17:04:48", "description": "The SUSE Linux Enterprise 11 SP 3 kernel was updated to fix two security issues. The following security bugs were fixed :\n\n - CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg* or /dev/bsg* to elevate their privileges (bsc#1013604).\n\n - CVE-2016-9794: A use-after-free vulnerability in the ALSA pcm layer allowed local users to cause a denial of service, memory corruption or possibly even to elevate their privileges (bsc#1013533).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-22T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : kernel (SUSE-SU-2016:3248-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9576", "CVE-2016-9794"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-bigsmp", "p-cpe:/a:novell:suse_linux:kernel-bigsmp-base", "p-cpe:/a:novell:suse_linux:kernel-bigsmp-devel", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-ec2", "p-cpe:/a:novell:suse_linux:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:kernel-ec2-devel", "p-cpe:/a:novell:suse_linux:kernel-pae", "p-cpe:/a:novell:suse_linux:kernel-pae-base", "p-cpe:/a:novell:suse_linux:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-trace", "p-cpe:/a:novell:suse_linux:kernel-trace-base", "p-cpe:/a:novell:suse_linux:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2016-3248-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96089", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:3248-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96089);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-9576\", \"CVE-2016-9794\");\n\n script_name(english:\"SUSE SLES11 Security Update : kernel (SUSE-SU-2016:3248-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 SP 3 kernel was updated to fix two\nsecurity issues. The following security bugs were fixed :\n\n - CVE-2016-9576: A use-after-free vulnerability in the\n SCSI generic driver allows users with write access to\n /dev/sg* or /dev/bsg* to elevate their privileges\n (bsc#1013604).\n\n - CVE-2016-9794: A use-after-free vulnerability in the\n ALSA pcm layer allowed local users to cause a denial of\n service, memory corruption or possibly even to elevate\n their privileges (bsc#1013533).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9576/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9794/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20163248-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3055a6c0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 5:zypper in -t patch sleclo50sp3-kernel-12909=1\n\nSUSE Manager Proxy 2.1:zypper in -t patch slemap21-kernel-12909=1\n\nSUSE Manager 2.1:zypper in -t patch sleman21-kernel-12909=1\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-kernel-12909=1\n\nSUSE Linux Enterprise Server 11-EXTRA:zypper in -t patch\nslexsp3-kernel-12909=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-kernel-12909=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch\ndbgsp3-kernel-12909=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigsmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigsmp-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigsmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-ec2-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-bigsmp-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-bigsmp-base-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-bigsmp-devel-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-pae-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-default-man-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-default-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-default-base-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-default-devel-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-source-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-syms-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-trace-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-trace-base-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-trace-devel-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-ec2-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-ec2-base-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-ec2-devel-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-xen-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-pae-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-0.47.93.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-0.47.93.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:38:28", "description": "The SUSE Linux Enterprise 12 SP 2 kernel was updated to fix two security issues. The following security bugs were fixed :\n\n - CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg* or /dev/bsg* to elevate their privileges (bsc#1013604).\n\n - CVE-2016-9794: A use-after-free vulnerability in the ALSA pcm layer allowed local users to cause a denial of service, memory corruption or possibly even to elevate their privileges (bsc#1013533).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-20T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:3188-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9576", "CVE-2016-9794"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debugsource", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-3188-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96033", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:3188-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96033);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-9576\", \"CVE-2016-9794\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:3188-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP 2 kernel was updated to fix two\nsecurity issues. The following security bugs were fixed :\n\n - CVE-2016-9576: A use-after-free vulnerability in the\n SCSI generic driver allows users with write access to\n /dev/sg* or /dev/bsg* to elevate their privileges\n (bsc#1013604).\n\n - CVE-2016-9794: A use-after-free vulnerability in the\n ALSA pcm layer allowed local users to cause a denial of\n service, memory corruption or possibly even to elevate\n their privileges (bsc#1013533).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9576/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9794/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20163188-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fbea09e6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP1:zypper in -t patch\nSUSE-SLE-WE-12-SP1-2016-1845=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t\npatch SUSE-SLE-SDK-12-SP1-2016-1845=1\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2016-1845=1\n\nSUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch\nSUSE-SLE-Module-Public-Cloud-12-2016-1845=1\n\nSUSE Linux Enterprise Live Patching 12:zypper in -t patch\nSUSE-SLE-Live-Patching-12-2016-1845=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP1-2016-1845=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-base-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-base-debuginfo-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-debuginfo-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-debugsource-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-devel-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-syms-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-devel-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-extra-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-syms-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.67-60.64.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.67-60.64.24.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-13T15:15:49", "description": "The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576. (CVE-2016-10088)\n\nImpact\n\nThis vulnerability may allowlocally authenticated users to read or write to arbitrary kernel memory locations or cause a denial of service (DoS).\n\nNote : The exploit requires local shell access and can provide a user with root access to the system. On BIG-IP systems, shell access includes root privileges, making this exploit unnecessary.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-11-01T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : Linux kernel vulnerability (K54610514)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10088", "CVE-2016-9576"], "modified": "2020-03-09T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip", "cpe:/h:f5:big-ip_protocol_security_manager"], "id": "F5_BIGIP_SOL54610514.NASL", "href": "https://www.tenable.com/plugins/nessus/104307", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K54610514.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104307);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/09\");\n\n script_cve_id(\"CVE-2016-10088\", \"CVE-2016-9576\");\n\n script_name(english:\"F5 Networks BIG-IP : Linux kernel vulnerability (K54610514)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The sg implementation in the Linux kernel through 4.9 does not\nproperly restrict write operations in situations where the KERNEL_DS\noption is set, which allows local users to read or write to arbitrary\nkernel memory locations or cause a denial of service (use-after-free)\nby leveraging access to a /dev/sg device, related to block/bsg.c and\ndrivers/scsi/sg.c. NOTE: this vulnerability exists because of an\nincomplete fix for CVE-2016-9576. (CVE-2016-10088)\n\nImpact\n\nThis vulnerability may allowlocally authenticated users to read or\nwrite to arbitrary kernel memory locations or cause a denial of\nservice (DoS).\n\nNote : The exploit requires local shell access and can provide a user\nwith root access to the system. On BIG-IP systems, shell access\nincludes root privileges, making this exploit unnecessary.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K54610514\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K54610514.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K54610514\";\nvmatrix = make_array();\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"13.0.0-13.1.0\",\"12.0.0-12.1.2\",\"11.6.0-11.6.1\",\"11.4.0-11.5.4\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"13.1.0.4\",\"13.0.1\",\"12.1.3\",\"11.6.2-11.6.3\",\"11.5.5\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"13.0.0-13.1.0\",\"12.0.0-12.1.2\",\"11.6.0-11.6.1\",\"11.4.0-11.5.4\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"13.1.0.4\",\"13.0.1\",\"12.1.3\",\"11.6.2-11.6.3\",\"11.5.5\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"13.0.0-13.1.0\",\"12.0.0-12.1.2\",\"11.6.0-11.6.1\",\"11.4.0-11.5.4\",\"11.2.1\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"13.1.0.4\",\"13.0.1\",\"12.1.3\",\"11.6.2-11.6.3\",\"11.5.5\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"13.0.0-13.1.0\",\"12.0.0-12.1.2\",\"11.6.0-11.6.1\",\"11.4.0-11.5.4\",\"11.2.1\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"13.1.0.4\",\"13.0.1\",\"12.1.3\",\"11.6.2-11.6.3\",\"11.5.5\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"13.0.0-13.1.0\",\"12.0.0-12.1.2\",\"11.6.0-11.6.1\",\"11.4.0-11.5.4\",\"11.2.1\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"13.1.0.4\",\"13.0.1\",\"12.1.3\",\"11.6.2-11.6.3\",\"11.5.5\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.6.0-11.6.1\",\"11.4.0-11.5.4\",\"11.2.1\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.6.2-11.6.3\",\"11.5.5\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"13.0.0-13.1.0\",\"12.0.0-12.1.2\",\"11.6.0-11.6.1\",\"11.4.0-11.5.4\",\"11.2.1\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"13.1.0.4\",\"13.0.1\",\"12.1.3\",\"11.6.2-11.6.3\",\"11.5.5\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"13.0.0-13.1.0\",\"12.0.0-12.1.2\",\"11.6.0-11.6.1\",\"11.4.0-11.5.4\",\"11.2.1\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"13.1.0.4\",\"13.0.1\",\"12.1.3\",\"11.6.2-11.6.3\",\"11.5.5\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"13.0.0-13.1.0\",\"12.0.0-12.1.2\",\"11.6.0-11.6.1\",\"11.4.0-11.5.4\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"13.1.0.4\",\"13.0.1\",\"12.1.3\",\"11.6.2-11.6.3\",\"11.5.5\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:38:30", "description": "The SUSE Linux Enterprise 11 SP4 kernel was updated to fix two security issues. The following security bugs were fixed :\n\n - CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg* or /dev/bsg* to elevate their privileges (bsc#1013604).\n\n - CVE-2016-9794: A use-after-free vulnerability in the ALSA pcm layer allowed local users to cause a denial of service, memory corruption or possibly even to elevate their privileges (bsc#1013533).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-21T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : kernel (SUSE-SU-2016:3203-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9576", "CVE-2016-9794"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-ec2", "p-cpe:/a:novell:suse_linux:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:kernel-ec2-devel", "p-cpe:/a:novell:suse_linux:kernel-pae", "p-cpe:/a:novell:suse_linux:kernel-pae-base", "p-cpe:/a:novell:suse_linux:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-trace", "p-cpe:/a:novell:suse_linux:kernel-trace-base", "p-cpe:/a:novell:suse_linux:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2016-3203-1.NASL", "href": "https://www.tenable.com/plugins/nessus/95991", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:3203-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95991);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-9576\", \"CVE-2016-9794\");\n\n script_name(english:\"SUSE SLES11 Security Update : kernel (SUSE-SU-2016:3203-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 SP4 kernel was updated to fix two\nsecurity issues. The following security bugs were fixed :\n\n - CVE-2016-9576: A use-after-free vulnerability in the\n SCSI generic driver allows users with write access to\n /dev/sg* or /dev/bsg* to elevate their privileges\n (bsc#1013604).\n\n - CVE-2016-9794: A use-after-free vulnerability in the\n ALSA pcm layer allowed local users to cause a denial of\n service, memory corruption or possibly even to elevate\n their privileges (bsc#1013533).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9576/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9794/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20163203-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?97fbcf94\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-linux-kernel-12901=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-linux-kernel-12901=1\n\nSUSE Linux Enterprise Server 11-EXTRA:zypper in -t patch\nslexsp3-linux-kernel-12901=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-linux-kernel-12901=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-default-man-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-base-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-devel-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-source-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-syms-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-base-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-devel-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-base-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-devel-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-91.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-91.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:38:18", "description": "The SUSE Linux Enterprise 11 SP 2 kernel was updated to fix two security issues. The following security bugs were fixed :\n\n - CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg* or /dev/bsg* to elevate their privileges (bsc#1013604).\n\n - CVE-2016-9794: A use-after-free vulnerability in the ALSA pcm layer allowed local users to cause a denial of service, memory corruption or possibly even to elevate their privileges (bsc#1013533).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-27T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : kernel (SUSE-SU-2016:3252-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9576", "CVE-2016-9794"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-ec2", "p-cpe:/a:novell:suse_linux:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:kernel-ec2-devel", "p-cpe:/a:novell:suse_linux:kernel-pae", "p-cpe:/a:novell:suse_linux:kernel-pae-base", "p-cpe:/a:novell:suse_linux:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-trace", "p-cpe:/a:novell:suse_linux:kernel-trace-base", "p-cpe:/a:novell:suse_linux:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2016-3252-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96137", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:3252-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96137);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-9576\", \"CVE-2016-9794\");\n\n script_name(english:\"SUSE SLES11 Security Update : kernel (SUSE-SU-2016:3252-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 SP 2 kernel was updated to fix two\nsecurity issues. The following security bugs were fixed :\n\n - CVE-2016-9576: A use-after-free vulnerability in the\n SCSI generic driver allows users with write access to\n /dev/sg* or /dev/bsg* to elevate their privileges\n (bsc#1013604).\n\n - CVE-2016-9794: A use-after-free vulnerability in the\n ALSA pcm layer allowed local users to cause a denial of\n service, memory corruption or possibly even to elevate\n their privileges (bsc#1013533).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9576/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9794/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20163252-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4b5650a9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP2-LTSS:zypper in -t patch\nslessp2-kernel-12915=1\n\nSUSE Linux Enterprise Debuginfo 11-SP2:zypper in -t patch\ndbgsp2-kernel-12915=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-ec2-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-pae-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"s390x\", reference:\"kernel-default-man-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"kernel-default-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"kernel-default-base-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"kernel-default-devel-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"kernel-source-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"kernel-syms-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"kernel-trace-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"kernel-trace-base-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"kernel-trace-devel-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"i586\", reference:\"kernel-ec2-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"i586\", reference:\"kernel-ec2-base-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"i586\", reference:\"kernel-ec2-devel-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"i586\", reference:\"kernel-xen-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"i586\", reference:\"kernel-pae-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-0.7.47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-0.7.47.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:39:02", "description": "The SUSE Linux Enterprise 12 SP 2 kernel was updated to fix two security issues. The following security bugs were fixed :\n\n - CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg* or /dev/bsg* to elevate their privileges (bsc#1013604).\n\n - CVE-2016-9794: A use-after-free vulnerability in the ALSA pcm layer allowed local users to cause a denial of service, memory corruption or possibly even to elevate their privileges (bsc#1013533).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-14T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:3146-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9576", "CVE-2016-9794"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-3146-1.NASL", "href": "https://www.tenable.com/plugins/nessus/95806", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:3146-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95806);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-9576\", \"CVE-2016-9794\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:3146-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP 2 kernel was updated to fix two\nsecurity issues. The following security bugs were fixed :\n\n - CVE-2016-9576: A use-after-free vulnerability in the\n SCSI generic driver allows users with write access to\n /dev/sg* or /dev/bsg* to elevate their privileges\n (bsc#1013604).\n\n - CVE-2016-9794: A use-after-free vulnerability in the\n ALSA pcm layer allowed local users to cause a denial of\n service, memory corruption or possibly even to elevate\n their privileges (bsc#1013533).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9576/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9794/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20163146-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d2f4f7e7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch\nSUSE-SLE-WE-12-SP2-2016-1815=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2016-1815=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2016-1815=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2016-1815=1\n\nSUSE Linux Enterprise Live Patching 12:zypper in -t patch\nSUSE-SLE-Live-Patching-12-2016-1815=1\n\nSUSE Linux Enterprise High Availability 12-SP2:zypper in -t patch\nSUSE-SLE-HA-12-SP2-2016-1815=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2016-1815=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-4.4.21-90.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-base-4.4.21-90.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-base-debuginfo-4.4.21-90.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-4.4.21-90.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-4.4.21-90.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-devel-4.4.21-90.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-syms-4.4.21-90.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-4.4.21-90.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-4.4.21-90.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-4.4.21-90.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-devel-4.4.21-90.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-extra-4.4.21-90.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-4.4.21-90.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-syms-4.4.21-90.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:39:02", "description": "The openSUSE 13.1 kernel was updated to fix two security issues.\n\nThe following security bugs were fixed :\n\n - CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg* or /dev/bsg* to elevate their privileges (bsc#1013604).\n\n - CVE-2016-9794: A use-after-free vulnerability in the ALSA pcm layer allowed local users to cause a denial of service, memory corruption or possibly even to elevate their privileges (bsc#1013533).", "cvss3": {}, "published": "2016-12-14T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2016-1454)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9576", "CVE-2016-9794"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:cloop", "p-cpe:/a:novell:opensuse:cloop-debuginfo", "p-cpe:/a:novell:opensuse:cloop-debugsource", "p-cpe:/a:novell:opensuse:cloop-kmp-default", "p-cpe:/a:novell:opensuse:cloop-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:cloop-kmp-desktop", "p-cpe:/a:novell:opensuse:cloop-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:cloop-kmp-pae", "p-cpe:/a:novell:opensuse:cloop-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:cloop-kmp-xen", "p-cpe:/a:novell:opensuse:cloop-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:crash", "p-cpe:/a:novell:opensuse:crash-debuginfo", "p-cpe:/a:novell:opensuse:crash-debugsource", "p-cpe:/a:novell:opensuse:crash-devel", "p-cpe:/a:novell:opensuse:crash-eppic", "p-cpe:/a:novell:opensuse:crash-eppic-debuginfo", "p-cpe:/a:novell:opensuse:crash-gcore", "p-cpe:/a:novell:opensuse:crash-gcore-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-default", "p-cpe:/a:novell:opensuse:crash-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-desktop", "p-cpe:/a:novell:opensuse:crash-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-pae", "p-cpe:/a:novell:opensuse:crash-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-xen", "p-cpe:/a:novell:opensuse:crash-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-debugsource", "p-cpe:/a:novell:opensuse:hdjmod-kmp-default", "p-cpe:/a:novell:opensuse:hdjmod-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop", "p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-kmp-pae", "p-cpe:/a:novell:opensuse:hdjmod-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-kmp-xen", "p-cpe:/a:novell:opensuse:hdjmod-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:ipset", "p-cpe:/a:novell:opensuse:ipset-debuginfo", "p-cpe:/a:novell:opensuse:ipset-debugsource", "p-cpe:/a:novell:opensuse:ipset-devel", "p-cpe:/a:novell:opensuse:ipset-kmp-default", "p-cpe:/a:novell:opensuse:ipset-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-desktop", "p-cpe:/a:novell:opensuse:ipset-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-pae", "p-cpe:/a:novell:opensuse:ipset-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-xen", "p-cpe:/a:novell:opensuse:ipset-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:iscsitarget", "p-cpe:/a:novell:opensuse:iscsitarget-debuginfo", "p-cpe:/a:novell:opensuse:iscsitarget-debugsource", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-default", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-desktop", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-pae", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-xen", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-desktop", "p-cpe:/a:novell:opensuse:kernel-desktop-base", "p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-debugsource", "p-cpe:/a:novell:opensuse:kernel-desktop-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-ec2", "p-cpe:/a:novell:opensuse:kernel-ec2-base", "p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debugsource", "p-cpe:/a:novell:opensuse:kernel-ec2-devel", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:kernel-pae-base", "p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debugsource", "p-cpe:/a:novell:opensuse:kernel-pae-devel", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-trace", "p-cpe:/a:novell:opensuse:kernel-trace-base", "p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-trace-debuginfo", "p-cpe:/a:novell:opensuse:kernel-trace-debugsource", "p-cpe:/a:novell:opensuse:kernel-trace-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-xen-base", "p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debugsource", "p-cpe:/a:novell:opensuse:kernel-xen-devel", "p-cpe:/a:novell:opensuse:libipset3", "p-cpe:/a:novell:opensuse:libipset3-debuginfo", "p-cpe:/a:novell:opensuse:ndiswrapper", "p-cpe:/a:novell:opensuse:ndiswrapper-debuginfo", "p-cpe:/a:novell:opensuse:ndiswrapper-debugsource", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-default", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-desktop", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-pae", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch", "p-cpe:/a:novell:opensuse:openvswitch-controller", "p-cpe:/a:novell:opensuse:openvswitch-controller-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch-debugsource", "p-cpe:/a:novell:opensuse:openvswitch-kmp-default", "p-cpe:/a:novell:opensuse:openvswitch-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch-kmp-desktop", "p-cpe:/a:novell:opensuse:openvswitch-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch-kmp-pae", "p-cpe:/a:novell:opensuse:openvswitch-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch-kmp-xen", "p-cpe:/a:novell:opensuse:openvswitch-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch-pki", "p-cpe:/a:novell:opensuse:openvswitch-switch", "p-cpe:/a:novell:opensuse:openvswitch-switch-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch-test", "p-cpe:/a:novell:opensuse:pcfclock", "p-cpe:/a:novell:opensuse:pcfclock-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock-debugsource", "p-cpe:/a:novell:opensuse:pcfclock-kmp-default", "p-cpe:/a:novell:opensuse:pcfclock-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop", "p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock-kmp-pae", "p-cpe:/a:novell:opensuse:pcfclock-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:python-openvswitch", "p-cpe:/a:novell:opensuse:python-openvswitch-test", "p-cpe:/a:novell:opensuse:python-virtualbox", "p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-debugsource", "p-cpe:/a:novell:opensuse:vhba-kmp-default", "p-cpe:/a:novell:opensuse:vhba-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-desktop", "p-cpe:/a:novell:opensuse:vhba-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-pae", "p-cpe:/a:novell:opensuse:vhba-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-xen", "p-cpe:/a:novell:opensuse:vhba-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox", "p-cpe:/a:novell:opensuse:virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-debugsource", "p-cpe:/a:novell:opensuse:virtualbox-devel", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-tools", "p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-x11", "p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-host-source", "p-cpe:/a:novell:opensuse:virtualbox-qt", "p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-websrv", "p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo", "p-cpe:/a:novell:opensuse:xen", "p-cpe:/a:novell:opensuse:xen-debugsource", "p-cpe:/a:novell:opensuse:xen-devel", "p-cpe:/a:novell:opensuse:xen-doc-html", "p-cpe:/a:novell:opensuse:xen-kmp-default", "p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:xen-kmp-desktop", "p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:xen-kmp-pae", "p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs", "p-cpe:/a:novell:opensuse:xen-libs-32bit", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:xen-tools", "p-cpe:/a:novell:opensuse:xen-tools-debuginfo", "p-cpe:/a:novell:opensuse:xen-tools-domU", "p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo", "p-cpe:/a:novell:opensuse:xen-xend-tools", "p-cpe:/a:novell:opensuse:xen-xend-tools-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons", "p-cpe:/a:novell:opensuse:xtables-addons-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-debugsource", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-default", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen-debuginfo", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2016-1454.NASL", "href": "https://www.tenable.com/plugins/nessus/95789", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1454.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95789);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-9576\", \"CVE-2016-9794\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2016-1454)\");\n script_summary(english:\"Check for the openSUSE-2016-1454 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE 13.1 kernel was updated to fix two security issues.\n\nThe following security bugs were fixed :\n\n - CVE-2016-9576: A use-after-free vulnerability in the\n SCSI generic driver allows users with write access to\n /dev/sg* or /dev/bsg* to elevate their privileges\n (bsc#1013604).\n\n - CVE-2016-9794: A use-after-free vulnerability in the\n ALSA pcm layer allowed local users to cause a denial of\n service, memory corruption or possibly even to elevate\n their privileges (bsc#1013533).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013604\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-eppic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-eppic-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-gcore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-gcore-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libipset3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libipset3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-controller\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-controller-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-pki\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-switch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-switch-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-openvswitch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-openvswitch-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-websrv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-xend-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-xend-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-2.639-11.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-debuginfo-2.639-11.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-debugsource-2.639-11.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-default-2.639_k3.12.67_64-11.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-default-debuginfo-2.639_k3.12.67_64-11.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-desktop-2.639_k3.12.67_64-11.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-desktop-debuginfo-2.639_k3.12.67_64-11.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-pae-2.639_k3.12.67_64-11.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-pae-debuginfo-2.639_k3.12.67_64-11.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-xen-2.639_k3.12.67_64-11.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-xen-debuginfo-2.639_k3.12.67_64-11.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-7.0.2-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-debuginfo-7.0.2-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-debugsource-7.0.2-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-devel-7.0.2-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-eppic-7.0.2-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-eppic-debuginfo-7.0.2-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-gcore-7.0.2-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-gcore-debuginfo-7.0.2-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-default-7.0.2_k3.12.67_64-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-default-debuginfo-7.0.2_k3.12.67_64-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-desktop-7.0.2_k3.12.67_64-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-desktop-debuginfo-7.0.2_k3.12.67_64-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-pae-7.0.2_k3.12.67_64-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-pae-debuginfo-7.0.2_k3.12.67_64-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-xen-7.0.2_k3.12.67_64-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-xen-debuginfo-7.0.2_k3.12.67_64-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-debugsource-1.28-16.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-default-1.28_k3.12.67_64-16.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-default-debuginfo-1.28_k3.12.67_64-16.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-desktop-1.28_k3.12.67_64-16.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-desktop-debuginfo-1.28_k3.12.67_64-16.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-pae-1.28_k3.12.67_64-16.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-pae-debuginfo-1.28_k3.12.67_64-16.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-xen-1.28_k3.12.67_64-16.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-xen-debuginfo-1.28_k3.12.67_64-16.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-6.21.1-2.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-debuginfo-6.21.1-2.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-debugsource-6.21.1-2.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-devel-6.21.1-2.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-default-6.21.1_k3.12.67_64-2.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-default-debuginfo-6.21.1_k3.12.67_64-2.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-desktop-6.21.1_k3.12.67_64-2.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-desktop-debuginfo-6.21.1_k3.12.67_64-2.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-pae-6.21.1_k3.12.67_64-2.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-pae-debuginfo-6.21.1_k3.12.67_64-2.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-xen-6.21.1_k3.12.67_64-2.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-xen-debuginfo-6.21.1_k3.12.67_64-2.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-1.4.20.3-13.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-debuginfo-1.4.20.3-13.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-debugsource-1.4.20.3-13.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-default-1.4.20.3_k3.12.67_64-13.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-default-debuginfo-1.4.20.3_k3.12.67_64-13.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-desktop-1.4.20.3_k3.12.67_64-13.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-desktop-debuginfo-1.4.20.3_k3.12.67_64-13.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-pae-1.4.20.3_k3.12.67_64-13.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-pae-debuginfo-1.4.20.3_k3.12.67_64-13.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-xen-1.4.20.3_k3.12.67_64-13.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-xen-debuginfo-1.4.20.3_k3.12.67_64-13.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-base-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-base-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-debugsource-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-devel-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-devel-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-macros-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-source-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-source-vanilla-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-syms-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libipset3-6.21.1-2.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libipset3-debuginfo-6.21.1-2.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-1.58-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-debuginfo-1.58-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-debugsource-1.58-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-default-1.58_k3.12.67_64-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-default-debuginfo-1.58_k3.12.67_64-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-desktop-1.58_k3.12.67_64-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-desktop-debuginfo-1.58_k3.12.67_64-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-pae-1.58_k3.12.67_64-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-pae-debuginfo-1.58_k3.12.67_64-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-1.11.0-0.47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-controller-1.11.0-0.47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-controller-debuginfo-1.11.0-0.47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-debuginfo-1.11.0-0.47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-debugsource-1.11.0-0.47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-default-1.11.0_k3.12.67_64-0.47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-default-debuginfo-1.11.0_k3.12.67_64-0.47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-desktop-1.11.0_k3.12.67_64-0.47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-desktop-debuginfo-1.11.0_k3.12.67_64-0.47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-pae-1.11.0_k3.12.67_64-0.47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-pae-debuginfo-1.11.0_k3.12.67_64-0.47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-xen-1.11.0_k3.12.67_64-0.47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-xen-debuginfo-1.11.0_k3.12.67_64-0.47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-pki-1.11.0-0.47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-switch-1.11.0-0.47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-switch-debuginfo-1.11.0-0.47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-test-1.11.0-0.47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-0.44-258.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-debuginfo-0.44-258.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-debugsource-0.44-258.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-default-0.44_k3.12.67_64-258.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-default-debuginfo-0.44_k3.12.67_64-258.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-desktop-0.44_k3.12.67_64-258.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-desktop-debuginfo-0.44_k3.12.67_64-258.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-pae-0.44_k3.12.67_64-258.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-pae-debuginfo-0.44_k3.12.67_64-258.41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-openvswitch-1.11.0-0.47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-openvswitch-test-1.11.0-0.47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-virtualbox-4.2.36-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-virtualbox-debuginfo-4.2.36-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-debugsource-20130607-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-default-20130607_k3.12.67_64-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-default-debuginfo-20130607_k3.12.67_64-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-desktop-20130607_k3.12.67_64-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-desktop-debuginfo-20130607_k3.12.67_64-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-pae-20130607_k3.12.67_64-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-pae-debuginfo-20130607_k3.12.67_64-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-xen-20130607_k3.12.67_64-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-xen-debuginfo-20130607_k3.12.67_64-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-4.2.36-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-debuginfo-4.2.36-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-debugsource-4.2.36-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-devel-4.2.36-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-default-4.2.36_k3.12.67_64-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-default-debuginfo-4.2.36_k3.12.67_64-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-desktop-4.2.36_k3.12.67_64-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-desktop-debuginfo-4.2.36_k3.12.67_64-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-pae-4.2.36_k3.12.67_64-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-pae-debuginfo-4.2.36_k3.12.67_64-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-tools-4.2.36-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-tools-debuginfo-4.2.36-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-x11-4.2.36-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-x11-debuginfo-4.2.36-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-default-4.2.36_k3.12.67_64-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-default-debuginfo-4.2.36_k3.12.67_64-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-desktop-4.2.36_k3.12.67_64-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-desktop-debuginfo-4.2.36_k3.12.67_64-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-pae-4.2.36_k3.12.67_64-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-pae-debuginfo-4.2.36_k3.12.67_64-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-source-4.2.36-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-qt-4.2.36-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-qt-debuginfo-4.2.36-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-websrv-4.2.36-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-websrv-debuginfo-4.2.36-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-debugsource-4.3.4_10-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-devel-4.3.4_10-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-default-4.3.4_10_k3.12.67_64-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-default-debuginfo-4.3.4_10_k3.12.67_64-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-desktop-4.3.4_10_k3.12.67_64-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-desktop-debuginfo-4.3.4_10_k3.12.67_64-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-pae-4.3.4_10_k3.12.67_64-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-pae-debuginfo-4.3.4_10_k3.12.67_64-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-libs-4.3.4_10-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-libs-debuginfo-4.3.4_10-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-tools-domU-4.3.4_10-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-tools-domU-debuginfo-4.3.4_10-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-2.3-2.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-debuginfo-2.3-2.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-debugsource-2.3-2.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-default-2.3_k3.12.67_64-2.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-default-debuginfo-2.3_k3.12.67_64-2.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-desktop-2.3_k3.12.67_64-2.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-desktop-debuginfo-2.3_k3.12.67_64-2.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-pae-2.3_k3.12.67_64-2.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-pae-debuginfo-2.3_k3.12.67_64-2.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-xen-2.3_k3.12.67_64-2.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-xen-debuginfo-2.3_k3.12.67_64-2.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-base-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-base-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-debugsource-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-devel-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-devel-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-base-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-base-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-debugsource-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-devel-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-base-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-base-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-debugsource-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-devel-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-base-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-base-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-debugsource-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-devel-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-base-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-base-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-debugsource-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-devel-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-vanilla-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-vanilla-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-vanilla-debugsource-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-vanilla-devel-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-base-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-base-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-debugsource-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-devel-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-base-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-base-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-debugsource-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-devel-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debugsource-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-debugsource-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-base-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-base-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-debugsource-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-devel-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debugsource-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-devel-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.67-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-4.3.4_10-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-doc-html-4.3.4_10-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.3.4_10-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.3.4_10-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-tools-4.3.4_10-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.3.4_10-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-xend-tools-4.3.4_10-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-xend-tools-debuginfo-4.3.4_10-73.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cloop / cloop-debuginfo / cloop-debugsource / cloop-kmp-default / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-01T14:23:18", "description": "This update for the Linux Kernel 3.12.60-52_60 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bsc#1017589).\n\n - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543).\n\n - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-25T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0267-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9576", "CVE-2016-9794", "CVE-2016-9806"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_60-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_60-xen", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-0267-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96761", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0267-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96761);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-9576\", \"CVE-2016-9794\", \"CVE-2016-9806\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0267-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 3.12.60-52_60 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-9806: Race condition in the netlink_dump\n function in net/netlink/af_netlink.c in the Linux kernel\n allowed local users to cause a denial of service (double\n free) or possibly have unspecified other impact via a\n crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump\n that started earlier than anticipated (bsc#1017589).\n\n - CVE-2016-9794: Race condition in the\n snd_pcm_period_elapsed function in sound/core/pcm_lib.c\n in the ALSA subsystem in the Linux kernel allowed local\n users to cause a denial of service (use-after-free) or\n possibly have unspecified other impact via a crafted\n SNDRV_PCM_TRIGGER_START command (bsc#1013543).\n\n - CVE-2016-9576: The blk_rq_map_user_iov function in\n block/blk-map.c in the Linux kernel did not properly\n restrict the type of iterator, which allowed local users\n to read or write to arbitrary kernel memory locations or\n cause a denial of service (use-after-free) by leveraging\n access to a /dev/sg device (bsc#1014271).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9576/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9794/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9806/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170267-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e1ede93f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2017-142=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2017-142=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_60-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_60-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_60-52_60-default-2-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_60-52_60-xen-2-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-25T13:34:19", "description": "The 4.8.13 stable kernel update contains a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-13T00:00:00", "type": "nessus", "title": "Fedora 25 : kernel (2016-107f03cc00)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8655", "CVE-2016-9576", "CVE-2016-9793"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2016-107F03CC00.NASL", "href": "https://www.tenable.com/plugins/nessus/95726", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-107f03cc00.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95726);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-8655\", \"CVE-2016-9576\", \"CVE-2016-9793\");\n script_xref(name:\"FEDORA\", value:\"2016-107f03cc00\");\n\n script_name(english:\"Fedora 25 : kernel (2016-107f03cc00)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.8.13 stable kernel update contains a number of important fixes\nacross the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-107f03cc00\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET chocobo_root Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-8655\", \"CVE-2016-9576\", \"CVE-2016-9793\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2016-107f03cc00\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"kernel-4.8.13-300.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-25T13:34:18", "description": "The 4.8.13 stable kernel update contains a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-13T00:00:00", "type": "nessus", "title": "Fedora 24 : kernel (2016-5cb5b4082d)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8655", "CVE-2016-9576", "CVE-2016-9793"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-5CB5B4082D.NASL", "href": "https://www.tenable.com/plugins/nessus/95727", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-5cb5b4082d.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95727);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-8655\", \"CVE-2016-9576\", \"CVE-2016-9793\");\n script_xref(name:\"FEDORA\", value:\"2016-5cb5b4082d\");\n\n script_name(english:\"Fedora 24 : kernel (2016-5cb5b4082d)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.8.13 stable kernel update contains a number of important fixes\nacross the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-5cb5b4082d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET chocobo_root Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-8655\", \"CVE-2016-9576\", \"CVE-2016-9793\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2016-5cb5b4082d\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"kernel-4.8.13-200.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-25T13:34:47", "description": "The 4.8.13 stable kernel update contains a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-14T00:00:00", "type": "nessus", "title": "Fedora 23 : kernel (2016-5aff4a6bbc)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8655", "CVE-2016-9576", "CVE-2016-9793"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-5AFF4A6BBC.NASL", "href": "https://www.tenable.com/plugins/nessus/95778", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-5aff4a6bbc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95778);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-8655\", \"CVE-2016-9576\", \"CVE-2016-9793\");\n script_xref(name:\"FEDORA\", value:\"2016-5aff4a6bbc\");\n\n script_name(english:\"Fedora 23 : kernel (2016-5aff4a6bbc)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.8.13 stable kernel update contains a number of important fixes\nacross the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-5aff4a6bbc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET chocobo_root Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-8655\", \"CVE-2016-9576\", \"CVE-2016-9793\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2016-5aff4a6bbc\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"kernel-4.8.13-100.fc23\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-01T14:22:42", "description": "This update for the Linux Kernel 3.12.60-52_54 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bsc#1017589).\n\n - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543).\n\n - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852).\n\n - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-23T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0246-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8632", "CVE-2016-9576", "CVE-2016-9794", "CVE-2016-9806"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_54-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_54-xen", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-0246-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96699", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0246-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96699);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-8632\", \"CVE-2016-9576\", \"CVE-2016-9794\", \"CVE-2016-9806\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0246-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 3.12.60-52_54 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-9806: Race condition in the netlink_dump\n function in net/netlink/af_netlink.c in the Linux kernel\n allowed local users to cause a denial of service (double\n free) or possibly have unspecified other impact via a\n crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump\n that started earlier than anticipated (bsc#1017589).\n\n - CVE-2016-9794: Race condition in the\n snd_pcm_period_elapsed function in sound/core/pcm_lib.c\n in the ALSA subsystem in the Linux kernel allowed local\n users to cause a denial of service (use-after-free) or\n possibly have unspecified other impact via a crafted\n SNDRV_PCM_TRIGGER_START command (bsc#1013543).\n\n - CVE-2016-8632: The tipc_msg_build function in\n net/tipc/msg.c in the Linux kernel did not validate the\n relationship between the minimum fragment length and the\n maximum packet size, which allowed local users to gain\n privileges or cause a denial of service (heap-based\n buffer overflow) by leveraging the CAP_NET_ADMIN\n capability (bsc#1012852).\n\n - CVE-2016-9576: The blk_rq_map_user_iov function in\n block/blk-map.c in the Linux kernel did not properly\n restrict the type of iterator, which allowed local users\n to read or write to arbitrary kernel memory locations or\n cause a denial of service (use-after-free) by leveraging\n access to a /dev/sg device (bsc#1014271).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012852\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8632/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9576/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9794/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9806/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170246-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f82e4209\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2017-127=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2017-127=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_54-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_54-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_60-52_54-default-5-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_60-52_54-xen-5-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-01T14:23:41", "description": "This update for the Linux Kernel 3.12.55-52_42 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bsc#1017589).\n\n - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543).\n\n - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852).\n\n - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-23T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0244-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8632", "CVE-2016-9576", "CVE-2016-9794", "CVE-2016-9806"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_55-52_42-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_55-52_42-xen", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-0244-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96697", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0244-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96697);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-8632\", \"CVE-2016-9576\", \"CVE-2016-9794\", \"CVE-2016-9806\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0244-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 3.12.55-52_42 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-9806: Race condition in the netlink_dump\n function in net/netlink/af_netlink.c in the Linux kernel\n allowed local users to cause a denial of service (double\n free) or possibly have unspecified other impact via a\n crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump\n that started earlier than anticipated (bsc#1017589).\n\n - CVE-2016-9794: Race condition in the\n snd_pcm_period_elapsed function in sound/core/pcm_lib.c\n in the ALSA subsystem in the Linux kernel allowed local\n users to cause a denial of service (use-after-free) or\n possibly have unspecified other impact via a crafted\n SNDRV_PCM_TRIGGER_START command (bsc#1013543).\n\n - CVE-2016-8632: The tipc_msg_build function in\n net/tipc/msg.c in the Linux kernel did not validate the\n relationship between the minimum fragment length and the\n maximum packet size, which allowed local users to gain\n privileges or cause a denial of service (heap-based\n buffer overflow) by leveraging the CAP_NET_ADMIN\n capability (bsc#1012852).\n\n - CVE-2016-9576: The blk_rq_map_user_iov function in\n block/blk-map.c in the Linux kernel did not properly\n restrict the type of iterator, which allowed local users\n to read or write to arbitrary kernel memory locations or\n cause a denial of service (use-after-free) by leveraging\n access to a /dev/sg device (bsc#1014271).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012852\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8632/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9576/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9794/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9806/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170244-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c053c165\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2017-130=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2017-130=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_55-52_42-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_55-52_42-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_55-52_42-default-5-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_55-52_42-xen-5-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-01T14:22:59", "description": "This update for the Linux Kernel 3.12.51-52_39 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bsc#1017589).\n\n - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543).\n\n - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852).\n\n - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-25T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0268-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8632", "CVE-2016-9576", "CVE-2016-9794", "CVE-2016-9806"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_51-52_39-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_51-52_39-xen", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-0268-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96762", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0268-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96762);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-8632\", \"CVE-2016-9576\", \"CVE-2016-9794\", \"CVE-2016-9806\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0268-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 3.12.51-52_39 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-9806: Race condition in the netlink_dump\n function in net/netlink/af_netlink.c in the Linux kernel\n allowed local users to cause a denial of service (double\n free) or possibly have unspecified other impact via a\n crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump\n that started earlier than anticipated (bsc#1017589).\n\n - CVE-2016-9794: Race condition in the\n snd_pcm_period_elapsed function in sound/core/pcm_lib.c\n in the ALSA subsystem in the Linux kernel allowed local\n users to cause a denial of service (use-after-free) or\n possibly have unspecified other impact via a crafted\n SNDRV_PCM_TRIGGER_START command (bsc#1013543).\n\n - CVE-2016-8632: The tipc_msg_build function in\n net/tipc/msg.c in the Linux kernel did not validate the\n relationship between the minimum fragment length and the\n maximum packet size, which allowed local users to gain\n privileges or cause a denial of service (heap-based\n buffer overflow) by leveraging the CAP_NET_ADMIN\n capability (bsc#1012852).\n\n - CVE-2016-9576: The blk_rq_map_user_iov function in\n block/blk-map.c in the Linux kernel did not properly\n restrict the type of iterator, which allowed local users\n to read or write to arbitrary kernel memory locations or\n cause a denial of service (use-after-free) by leveraging\n access to a /dev/sg device (bsc#1014271).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012852\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8632/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9576/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9794/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9806/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170268-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8d7d4dc6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2017-141=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2017-141=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_51-52_39-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_51-52_39-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_51-52_39-default-7-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_51-52_39-xen-7-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-01T14:22:43", "description": "This update for the Linux Kernel 3.12.60-52_49 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bsc#1017589).\n\n - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543).\n\n - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852).\n\n - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-23T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0248-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8632", "CVE-2016-9576", "CVE-2016-9794", "CVE-2016-9806"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_49-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_49-xen", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-0248-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96701", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0248-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96701);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-8632\", \"CVE-2016-9576\", \"CVE-2016-9794\", \"CVE-2016-9806\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0248-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 3.12.60-52_49 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-9806: Race condition in the netlink_dump\n function in net/netlink/af_netlink.c in the Linux kernel\n allowed local users to cause a denial of service (double\n free) or possibly have unspecified other impact via a\n crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump\n that started earlier than anticipated (bsc#1017589).\n\n - CVE-2016-9794: Race condition in the\n snd_pcm_period_elapsed function in sound/core/pcm_lib.c\n in the ALSA subsystem in the Linux kernel allowed local\n users to cause a denial of service (use-after-free) or\n possibly have unspecified other impact via a crafted\n SNDRV_PCM_TRIGGER_START command (bsc#1013543).\n\n - CVE-2016-8632: The tipc_msg_build function in\n net/tipc/msg.c in the Linux kernel did not validate the\n relationship between the minimum fragment length and the\n maximum packet size, which allowed local users to gain\n privileges or cause a denial of service (heap-based\n buffer overflow) by leveraging the CAP_NET_ADMIN\n capability (bsc#1012852).\n\n - CVE-2016-9576: The blk_rq_map_user_iov function in\n block/blk-map.c in the Linux kernel did not properly\n restrict the type of iterator, which allowed local users\n to read or write to arbitrary kernel memory locations or\n cause a denial of service (use-after-free) by leveraging\n access to a /dev/sg device (bsc#1014271).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012852\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8632/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9576/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9794/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9806/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170248-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?34381861\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2017-128=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2017-128=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_49-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_49-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_60-52_49-default-5-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_60-52_49-xen-5-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-01T14:23:19", "description": "This update for the Linux Kernel 3.12.55-52_45 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bsc#1017589).\n\n - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543).\n\n - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852).\n\n - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-23T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0249-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8632", "CVE-2016-9576", "CVE-2016-9794", "CVE-2016-9806"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_55-52_45-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_55-52_45-xen", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-0249-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96702", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0249-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96702);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-8632\", \"CVE-2016-9576\", \"CVE-2016-9794\", \"CVE-2016-9806\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0249-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 3.12.55-52_45 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-9806: Race condition in the netlink_dump\n function in net/netlink/af_netlink.c in the Linux kernel\n allowed local users to cause a denial of service (double\n free) or possibly have unspecified other impact via a\n crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump\n that started earlier than anticipated (bsc#1017589).\n\n - CVE-2016-9794: Race condition in the\n snd_pcm_period_elapsed function in sound/core/pcm_lib.c\n in the ALSA subsystem in the Linux kernel allowed local\n users to cause a denial of service (use-after-free) or\n possibly have unspecified other impact via a crafted\n SNDRV_PCM_TRIGGER_START command (bsc#1013543).\n\n - CVE-2016-8632: The tipc_msg_build function in\n net/tipc/msg.c in the Linux kernel did not validate the\n relationship between the minimum fragment length and the\n maximum packet size, which allowed local users to gain\n privileges or cause a denial of service (heap-based\n buffer overflow) by leveraging the CAP_NET_ADMIN\n capability (bsc#1012852).\n\n - CVE-2016-9576: The blk_rq_map_user_iov function in\n block/blk-map.c in the Linux kernel did not properly\n restrict the type of iterator, which allowed local users\n to read or write to arbitrary kernel memory locations or\n cause a denial of service (use-after-free) by leveraging\n access to a /dev/sg device (bsc#1014271).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012852\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8632/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9576/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9794/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9806/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170249-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e160d2a6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2017-129=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2017-129=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_55-52_45-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_55-52_45-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_55-52_45-default-5-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_55-52_45-xen-5-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-01T14:22:25", "description": "This update for the Linux Kernel 3.12.60-52_57 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bsc#1017589).\n\n - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543).\n\n - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852).\n\n - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-23T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0245-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8632", "CVE-2016-9576", "CVE-2016-9794", "CVE-2016-9806"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_57-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_57-xen", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-0245-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96698", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0245-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96698);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-8632\", \"CVE-2016-9576\", \"CVE-2016-9794\", \"CVE-2016-9806\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0245-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 3.12.60-52_57 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-9806: Race condition in the netlink_dump\n function in net/netlink/af_netlink.c in the Linux kernel\n allowed local users to cause a denial of service (double\n free) or possibly have unspecified other impact via a\n crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump\n that started earlier than anticipated (bsc#1017589).\n\n - CVE-2016-9794: Race condition in the\n snd_pcm_period_elapsed function in sound/core/pcm_lib.c\n in the ALSA subsystem in the Linux kernel allowed local\n users to cause a denial of service (use-after-free) or\n possibly have unspecified other impact via a crafted\n SNDRV_PCM_TRIGGER_START command (bsc#1013543).\n\n - CVE-2016-8632: The tipc_msg_build function in\n net/tipc/msg.c in the Linux kernel did not validate the\n relationship between the minimum fragment length and the\n maximum packet size, which allowed local users to gain\n privileges or cause a denial of service (heap-based\n buffer overflow) by leveraging the CAP_NET_ADMIN\n capability (bsc#1012852).\n\n - CVE-2016-9576: The blk_rq_map_user_iov function in\n block/blk-map.c in the Linux kernel did not properly\n restrict the type of iterator, which allowed local users\n to read or write to arbitrary kernel memory locations or\n cause a denial of service (use-after-free) by leveraging\n access to a /dev/sg device (bsc#1014271).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012852\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8632/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9576/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9794/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9806/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170245-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cf61bef4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2017-126=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2017-126=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_57-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_57-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_60-52_57-default-3-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_60-52_57-xen-3-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-01T14:23:40", "description": "This update for the Linux Kernel 3.12.51-52_34 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bsc#1017589).\n\n - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543).\n\n - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852).\n\n - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-23T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0247-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8632", "CVE-2016-9576", "CVE-2016-9794", "CVE-2016-9806"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_51-52_34-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_51-52_34-xen", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-0247-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96700", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0247-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96700);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-8632\", \"CVE-2016-9576\", \"CVE-2016-9794\", \"CVE-2016-9806\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0247-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 3.12.51-52_34 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-9806: Race condition in the netlink_dump\n function in net/netlink/af_netlink.c in the Linux kernel\n allowed local users to cause a denial of service (double\n free) or possibly have unspecified other impact via a\n crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump\n that started earlier than anticipated (bsc#1017589).\n\n - CVE-2016-9794: Race condition in the\n snd_pcm_period_elapsed function in sound/core/pcm_lib.c\n in the ALSA subsystem in the Linux kernel allowed local\n users to cause a denial of service (use-after-free) or\n possibly have unspecified other impact via a crafted\n SNDRV_PCM_TRIGGER_START command (bsc#1013543).\n\n - CVE-2016-8632: The tipc_msg_build function in\n net/tipc/msg.c in the Linux kernel did not validate the\n relationship between the minimum fragment length and the\n maximum packet size, which allowed local users to gain\n privileges or cause a denial of service (heap-based\n buffer overflow) by leveraging the CAP_NET_ADMIN\n capability (bsc#1012852).\n\n - CVE-2016-9576: The blk_rq_map_user_iov function in\n block/blk-map.c in the Linux kernel did not properly\n restrict the type of iterator, which allowed local users\n to read or write to arbitrary kernel memory locations or\n cause a denial of service (use-after-free) by leveraging\n access to a /dev/sg device (bsc#1014271).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012852\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8632/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9576/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9794/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9806/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170247-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3f5a1a33\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2017-131=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2017-131=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_51-52_34-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_51-52_34-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_51-52_34-default-8-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_51-52_34-xen-8-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-18T14:10:06", "description": "A flaw was found in the Linux kernel key management subsystem in which a local attacker could crash the kernel or corrupt the stack and additional memory (denial of service) by supplying a specially crafted RSA key. This flaw panics the machine during the verification of the RSA key. (CVE-2016-8650)\n\nThe blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device. (CVE-2016-9576)\n\nThe sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option.\n(CVE-2016-9793)\n\nA flaw was found in the Linux networking subsystem where a local attacker with CAP_NET_ADMIN capabilities could cause an out of bounds read by creating a smaller-than-expected ICMP header and sending to its destination via sendto(). (CVE-2016-8399)\n\nAlgorithms not compatible with mcryptd could be spawned by mcryptd with a direct crypto_alloc_tfm invocation using a 'mcryptd(alg)' name construct. This causes mcryptd to crash the kernel if an arbitrary 'alg' is incompatible and not intended to be used with mcryptd.\n(CVE-2016-10147)\n\n(Updated on 2017-01-19: CVE-2016-8399 was fixed in this release but was previously not part of this errata.)\n\n(Updated on 2017-02-22: CVE-2016-10147 was fixed in this release but was previously not part of this errata.)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-05T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2017-782)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10147", "CVE-2016-8399", "CVE-2016-8650", "CVE-2016-9576", "CVE-2016-9793"], "modified": "2019-04-10T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-doc", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2017-782.NASL", "href": "https://www.tenable.com/plugins/nessus/96284", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-782.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96284);\n script_version(\"3.6\");\n script_cvs_date(\"Date: 2019/04/10 16:10:16\");\n\n script_cve_id(\"CVE-2016-10147\", \"CVE-2016-8399\", \"CVE-2016-8650\", \"CVE-2016-9576\", \"CVE-2016-9793\");\n script_xref(name:\"ALAS\", value:\"2017-782\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2017-782)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the Linux kernel key management subsystem in which\na local attacker could crash the kernel or corrupt the stack and\nadditional memory (denial of service) by supplying a specially crafted\nRSA key. This flaw panics the machine during the verification of the\nRSA key. (CVE-2016-8650)\n\nThe blk_rq_map_user_iov function in block/blk-map.c in the Linux\nkernel before 4.8.14 does not properly restrict the type of iterator,\nwhich allows local users to read or write to arbitrary kernel memory\nlocations or cause a denial of service (use-after-free) by leveraging\naccess to a /dev/sg device. (CVE-2016-9576)\n\nThe sock_setsockopt function in net/core/sock.c in the Linux kernel\nbefore 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf,\nwhich allows local users to cause a denial of service (memory\ncorruption and system crash) or possibly have unspecified other impact\nby leveraging the CAP_NET_ADMIN capability for a crafted setsockopt\nsystem call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option.\n(CVE-2016-9793)\n\nA flaw was found in the Linux networking subsystem where a local\nattacker with CAP_NET_ADMIN capabilities could cause an out of bounds\nread by creating a smaller-than-expected ICMP header and sending to\nits destination via sendto(). (CVE-2016-8399)\n\nAlgorithms not compatible with mcryptd could be spawned by mcryptd\nwith a direct crypto_alloc_tfm invocation using a 'mcryptd(alg)' name\nconstruct. This causes mcryptd to crash the kernel if an arbitrary\n'alg' is incompatible and not intended to be used with mcryptd.\n(CVE-2016-10147)\n\n(Updated on 2017-01-19: CVE-2016-8399 was fixed in this release but\nwas previously not part of this errata.)\n\n(Updated on 2017-02-22: CVE-2016-10147 was fixed in this release but\nwas previously not part of this errata.)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-782.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Run 'yum update kernel' to update your system. You will need to reboot\nyour system in order for the new kernel to be running.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"kernel-4.4.39-34.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-debuginfo-4.4.39-34.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-4.4.39-34.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.4.39-34.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-devel-4.4.39-34.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-doc-4.4.39-34.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-headers-4.4.39-34.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-4.4.39-34.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-debuginfo-4.4.39-34.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-devel-4.4.39-34.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-4.4.39-34.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-debuginfo-4.4.39-34.54.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T14:22:53", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - vfio/pci: Fix integer overflows, bitmask check (Vlad Tsyrklevich) [Orabug: 25164094] (CVE-2016-9083) (CVE-2016-9084)\n\n - Don't feed anything but regular iovec's to blk_rq_map_user_iov (Linus Torvalds) [Orabug: 25231931] (CVE-2016-9576)\n\n - kvm: x86: Check memopp before dereference (CVE-2016-8630) (Owen Hofmann) [Orabug: 25417387] (CVE-2016-8630)\n\n - crypto: algif_hash - Only export and import on sockets with data (Herbert Xu) [Orabug: 25417799] (CVE-2016-8646)\n\n - USB: usbfs: fix potential infoleak in devio (Kangjie Lu) [Orabug: 25462755] (CVE-2016-4482)\n\n - net: fix infoleak in llc (Kangjie Lu) [Orabug: 25462799] (CVE-2016-4485)\n\n - xen-netback: fix extra_info handling in xenvif_tx_err (Paul Durrant) [Orabug: 25445336]\n\n - net: Documentation: Fix default value tcp_limit_output_bytes (Niklas Cassel) [Orabug:\n 25458076]\n\n - tcp: double default TSQ output bytes limit (Wei Liu) [Orabug: 25458076]\n\n - xenbus: fix deadlock on writes to /proc/xen/xenbus (David Vrabel)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-02-09T00:00:00", "type": "nessus", "title": "OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0039)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4482", "CVE-2016-4485", "CVE-2016-8630", "CVE-2016-8646", "CVE-2016-9083", "CVE-2016-9084", "CVE-2016-9576"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2017-0039.NASL", "href": "https://www.tenable.com/plugins/nessus/97079", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2017-0039.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97079);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-4482\", \"CVE-2016-4485\", \"CVE-2016-8630\", \"CVE-2016-8646\", \"CVE-2016-9083\", \"CVE-2016-9084\", \"CVE-2016-9576\");\n\n script_name(english:\"OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0039)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - vfio/pci: Fix integer overflows, bitmask check (Vlad\n Tsyrklevich) [Orabug: 25164094] (CVE-2016-9083)\n (CVE-2016-9084)\n\n - Don't feed anything but regular iovec's to\n blk_rq_map_user_iov (Linus Torvalds) [Orabug: 25231931]\n (CVE-2016-9576)\n\n - kvm: x86: Check memopp before dereference\n (CVE-2016-8630) (Owen Hofmann) [Orabug: 25417387]\n (CVE-2016-8630)\n\n - crypto: algif_hash - Only export and import on sockets\n with data (Herbert Xu) [Orabug: 25417799]\n (CVE-2016-8646)\n\n - USB: usbfs: fix potential infoleak in devio (Kangjie Lu)\n [Orabug: 25462755] (CVE-2016-4482)\n\n - net: fix infoleak in llc (Kangjie Lu) [Orabug: 25462799]\n (CVE-2016-4485)\n\n - xen-netback: fix extra_info handling in xenvif_tx_err\n (Paul Durrant) [Orabug: 25445336]\n\n - net: Documentation: Fix default value\n tcp_limit_output_bytes (Niklas Cassel) [Orabug:\n 25458076]\n\n - tcp: double default TSQ output bytes limit (Wei Liu)\n [Orabug: 25458076]\n\n - xenbus: fix deadlock on writes to /proc/xen/xenbus\n (David Vrabel)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2017-February/000647.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?23a1489f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-4.1.12-61.1.27.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-firmware-4.1.12-61.1.27.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-04T14:35:52", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3514 advisory.\n\n - The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a ModR/M byte in an undefined instruction. (CVE-2016-8630)\n\n - The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message. (CVE-2016-4485)\n\n - drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a state machine confusion bug. (CVE-2016-9083)\n\n - drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which allows local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file. (CVE-2016-9084)\n\n - The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device.\n (CVE-2016-9576)\n\n - The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data. (CVE-2016-8646)\n\n - The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call. (CVE-2016-4482)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-02-08T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3514)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4482", "CVE-2016-4485", "CVE-2016-8630", "CVE-2016-8646", "CVE-2016-9083", "CVE-2016-9084", "CVE-2016-9576"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-61.1.27.el6uek", "p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-61.1.27.el7uek", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2017-3514.NASL", "href": "https://www.tenable.com/plugins/nessus/97057", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2017-3514.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97057);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2016-4482\",\n \"CVE-2016-4485\",\n \"CVE-2016-8630\",\n \"CVE-2016-8646\",\n \"CVE-2016-9083\",\n \"CVE-2016-9084\",\n \"CVE-2016-9576\"\n );\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3514)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2017-3514 advisory.\n\n - The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is\n enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a ModR/M\n byte in an undefined instruction. (CVE-2016-8630)\n\n - The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a\n certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by\n reading a message. (CVE-2016-4485)\n\n - drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer\n overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by\n leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a state machine\n confusion bug. (CVE-2016-9083)\n\n - drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which\n allows local users to cause a denial of service (integer overflow) or have unspecified other impact by\n leveraging access to a vfio PCI device file. (CVE-2016-9084)\n\n - The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly\n restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory\n locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device.\n (CVE-2016-9576)\n\n - The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to\n cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket\n that has received zero bytes of data. (CVE-2016-8646)\n\n - The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not\n initialize a certain data structure, which allows local users to obtain sensitive information from kernel\n stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call. (CVE-2016-4482)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2017-3514.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-9576\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-61.1.27.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-61.1.27.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-61.1.27.el6uek', '4.1.12-61.1.27.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2017-3514');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'dtrace-modules-4.1.12-61.1.27.el6uek-0.5.3-2.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-4.1.12-61.1.27.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-61.1.27.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-61.1.27.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-61.1.27.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-61.1.27.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-61.1.27.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'dtrace-modules-4.1.12-61.1.27.el7uek-0.5.3-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-4.1.12-61.1.27.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-61.1.27.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-61.1.27.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-61.1.27.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-61.1.27.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-61.1.27.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dtrace-modules-4.1.12-61.1.27.el6uek / dtrace-modules-4.1.12-61.1.27.el7uek / kernel-uek / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-15T15:19:14", "description": "The remote NewStart CGSL host, running version MAIN 4.05, has kernel packages installed that are affected by multiple vulnerabilities:\n\n - It was found that the fix for CVE-2016-9576 was incomplete: the Linux kernel's sg implementation did not properly restrict write operations in situations where the KERNEL_DS option is set. A local attacker to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging write access to a /dev/sg device. (CVE-2016-10088)\n\n - When creating audit records for parameters to executed children processes, an attacker can convince the Linux kernel audit subsystem can create corrupt records which may allow an attacker to misrepresent or evade logging of executing commands. (CVE-2016-6136)\n\n - A flaw was found in the Linux kernel's implementation of seq_file where a local attacker could manipulate memory in the put() function pointer. This could lead to memory corruption and possible privileged escalation.\n (CVE-2016-7910)\n\n - It was found that the blk_rq_map_user_iov() function in the Linux kernel's block device implementation did not properly restrict the type of iterator, which could allow a local attacker to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging write access to a /dev/sg device. (CVE-2016-9576)\n\n - A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64[le]), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. On systems without the stack protection feature (ppc64[le]; the Bluetooth modules are not built on s390x), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 (kernel) privileges. (CVE-2017-1000251)\n\n - A flaw was found in the way the Linux kernel loaded ELF executables. Provided that an application was built as Position Independent Executable (PIE), the loader could allow part of that application's data segment to map over the memory area reserved for its stack, potentially resulting in memory corruption. An unprivileged local user with access to SUID (or otherwise privileged) PIE binary could use this flaw to escalate their privileges on the system. (CVE-2017-1000253)\n\n - A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system.\n (CVE-2017-6074)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.0, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0113)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10088", "CVE-2016-6136", "CVE-2016-7910", "CVE-2016-9576", "CVE-2017-1000251", "CVE-2017-1000253", "CVE-2017-6074"], "modified": "2022-05-19T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0113_KERNEL.NASL", "href": "https://www.tenable.com/plugins/nessus/127351", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0113. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127351);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2016-6136\",\n \"CVE-2016-7910\",\n \"CVE-2016-9576\",\n \"CVE-2016-10088\",\n \"CVE-2017-6074\",\n \"CVE-2017-1000251\",\n \"CVE-2017-1000253\"\n );\n\n script_name(english:\"NewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0113)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 4.05, has kernel packages installed that are affected by multiple\nvulnerabilities:\n\n - It was found that the fix for CVE-2016-9576 was\n incomplete: the Linux kernel's sg implementation did not\n properly restrict write operations in situations where\n the KERNEL_DS option is set. A local attacker to read or\n write to arbitrary kernel memory locations or cause a\n denial of service (use-after-free) by leveraging write\n access to a /dev/sg device. (CVE-2016-10088)\n\n - When creating audit records for parameters to executed\n children processes, an attacker can convince the Linux\n kernel audit subsystem can create corrupt records which\n may allow an attacker to misrepresent or evade logging\n of executing commands. (CVE-2016-6136)\n\n - A flaw was found in the Linux kernel's implementation of\n seq_file where a local attacker could manipulate memory\n in the put() function pointer. This could lead to memory\n corruption and possible privileged escalation.\n (CVE-2016-7910)\n\n - It was found that the blk_rq_map_user_iov() function in\n the Linux kernel's block device implementation did not\n properly restrict the type of iterator, which could\n allow a local attacker to read or write to arbitrary\n kernel memory locations or cause a denial of service\n (use-after-free) by leveraging write access to a /dev/sg\n device. (CVE-2016-9576)\n\n - A stack buffer overflow flaw was found in the way the\n Bluetooth subsystem of the Linux kernel processed\n pending L2CAP configuration responses from a client. On\n systems with the stack protection feature enabled in the\n kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on\n all architectures other than s390x and ppc64[le]), an\n unauthenticated attacker able to initiate a connection\n to a system via Bluetooth could use this flaw to crash\n the system. Due to the nature of the stack protection\n feature, code execution cannot be fully ruled out,\n although we believe it is unlikely. On systems without\n the stack protection feature (ppc64[le]; the Bluetooth\n modules are not built on s390x), an unauthenticated\n attacker able to initiate a connection to a system via\n Bluetooth could use this flaw to remotely execute\n arbitrary code on the system with ring 0 (kernel)\n privileges. (CVE-2017-1000251)\n\n - A flaw was found in the way the Linux kernel loaded ELF\n executables. Provided that an application was built as\n Position Independent Executable (PIE), the loader could\n allow part of that application's data segment to map\n over the memory area reserved for its stack, potentially\n resulting in memory corruption. An unprivileged local\n user with access to SUID (or otherwise privileged) PIE\n binary could use this flaw to escalate their privileges\n on the system. (CVE-2017-1000253)\n\n - A use-after-free flaw was found in the way the Linux\n kernel's Datagram Congestion Control Protocol (DCCP)\n implementation freed SKB (socket buffer) resources for a\n DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option\n is set on the socket. A local, unprivileged user could\n use this flaw to alter the kernel memory, allowing them\n to escalate their privileges on the system.\n (CVE-2017-6074)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0113\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-7910\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2017-1000251\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL MAIN 4.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL MAIN 4.05\": [\n \"kernel-2.6.32-642.13.1.el6.cgsl7546\",\n \"kernel-abi-whitelists-2.6.32-642.13.1.el6.cgsl7442\",\n \"kernel-debug-2.6.32-642.13.1.el6.cgsl7442\",\n \"kernel-debug-devel-2.6.32-642.13.1.el6.cgsl7442\",\n \"kernel-devel-2.6.32-642.13.1.el6.cgsl7546\",\n \"kernel-doc-2.6.32-642.13.1.el6.cgsl7442\",\n \"kernel-firmware-2.6.32-642.13.1.el6.cgsl7546\",\n \"kernel-headers-2.6.32-642.13.1.el6.cgsl7546\",\n \"perf-2.6.32-642.13.1.el6.cgsl7546\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-02T14:44:52", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest.(CVE-2016-9588)\n\n - The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039.(CVE-2016-8666)\n\n - The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device.(CVE-2016-9576)\n\n - Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated.(CVE-2016-9806)\n\n - The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c.\n NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576.(CVE-2016-10088)\n\n - A flaw was found in the Linux kernel's implementation of the SCTP protocol. A remote attacker could trigger an out-of-bounds read with an offset of up to 64kB potentially causing the system to crash.\n (CVE-2016-9555)\n\n - The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits.(CVE-2016-3672)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1001)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10088", "CVE-2016-3672", "CVE-2016-7039", "CVE-2016-8666", "CVE-2016-9555", "CVE-2016-9576", "CVE-2016-9588", "CVE-2016-9806"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debug", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1001.NASL", "href": "https://www.tenable.com/plugins/nessus/99848", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99848);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-10088\",\n \"CVE-2016-3672\",\n \"CVE-2016-8666\",\n \"CVE-2016-9555\",\n \"CVE-2016-9576\",\n \"CVE-2016-9588\",\n \"CVE-2016-9806\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1001)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - arch/x86/kvm/vmx.c in the Linux kernel through 4.9\n mismanages the #BP and #OF exceptions, which allows\n guest OS users to cause a denial of service (guest OS\n crash) by declining to handle an exception thrown by an\n L2 guest.(CVE-2016-9588)\n\n - The IP stack in the Linux kernel before 4.6 allows\n remote attackers to cause a denial of service (stack\n consumption and panic) or possibly have unspecified\n other impact by triggering use of the GRO path for\n packets with tunnel stacking, as demonstrated by\n interleaved IPv4 headers and GRE headers, a related\n issue to CVE-2016-7039.(CVE-2016-8666)\n\n - The blk_rq_map_user_iov function in block/blk-map.c in\n the Linux kernel before 4.8.14 does not properly\n restrict the type of iterator, which allows local users\n to read or write to arbitrary kernel memory locations\n or cause a denial of service (use-after-free) by\n leveraging access to a /dev/sg device.(CVE-2016-9576)\n\n - Race condition in the netlink_dump function in\n net/netlink/af_netlink.c in the Linux kernel before\n 4.6.3 allows local users to cause a denial of service\n (double free) or possibly have unspecified other impact\n via a crafted application that makes sendmsg system\n calls, leading to a free operation associated with a\n new dump that started earlier than\n anticipated.(CVE-2016-9806)\n\n - The sg implementation in the Linux kernel through 4.9\n does not properly restrict write operations in\n situations where the KERNEL_DS option is set, which\n allows local users to read or write to arbitrary kernel\n memory locations or cause a denial of service\n (use-after-free) by leveraging access to a /dev/sg\n device, related to block/bsg.c and drivers/scsi/sg.c.\n NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2016-9576.(CVE-2016-10088)\n\n - A flaw was found in the Linux kernel's implementation\n of the SCTP protocol. A remote attacker could trigger\n an out-of-bounds read with an offset of up to 64kB\n potentially causing the system to crash.\n (CVE-2016-9555)\n\n - The arch_pick_mmap_layout function in\n arch/x86/mm/mmap.c in the Linux kernel through 4.5.2\n does not properly randomize the legacy base address,\n which makes it easier for local users to defeat the\n intended restrictions on the ADDR_NO_RANDOMIZE flag,\n and bypass the ASLR protection mechanism for a setuid\n or setgid program, by disabling stack-consumption\n resource limits.(CVE-2016-3672)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1001\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8ad98c9d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-229.46.1.111\",\n \"kernel-debug-3.10.0-229.46.1.111\",\n \"kernel-debuginfo-3.10.0-229.46.1.111\",\n \"kernel-debuginfo-common-x86_64-3.10.0-229.46.1.111\",\n \"kernel-devel-3.10.0-229.46.1.111\",\n \"kernel-headers-3.10.0-229.46.1.111\",\n \"kernel-tools-3.10.0-229.46.1.111\",\n \"kernel-tools-libs-3.10.0-229.46.1.111\",\n \"perf-3.10.0-229.46.1.111\",\n \"python-perf-3.10.0-229.46.1.111\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-20T15:03:23", "description": "The openSUSE Leap 42.1 kernel to 4.1.38 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2016-7117: Use-after-free vulnerability in the\n __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bnc#1003077).\n\n - CVE-2017-5551: tmpfs: Fixed a bug that could have allowed users to set setgid bits on files they don't down (bsc#1021258).\n\n - CVE-2016-10147: crypto/mcryptd.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) by using an AF_ALG socket with an incompatible algorithm, as demonstrated by mcryptd(md5) (bnc#1020381).\n\n - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c.\n NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 (bnc#1017710).\n\n - CVE-2016-7917: The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel did not check whether a batch message's length field is large enough, which allowed local users to obtain sensitive information from kernel memory or cause a denial of service (infinite loop or out-of-bounds read) by leveraging the CAP_NET_ADMIN capability (bnc#1010444).\n\n - CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb truncation, which allowed local users to cause a denial of service (system crash) via a crafted application that made sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c (bnc#1009969).\n\n - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bnc#1013540 1017589).\n\n - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531 1013542).\n\nThe following non-security bugs were fixed :\n\n - PCI: generic: Fix pci_remap_iospace() failure path (bsc#1019658).\n\n - bcache: partition support: add 16 minors per bcacheN device (bsc#1019784).\n\n - bnx2x: Correct ringparam estimate when DOWN (bsc#1020214).\n\n - clk: xgene: Do not call __pa on ioremaped address (bsc#1019660).\n\n - kABI workaround for 4.1.37 mount changes (stable-4.1.37).\n\n - kABI: reintroduce sk_filter (bsc#1009969).\n\n - kabi/severities: Ignore inode_change_ok change It's renamed in 4.1.37 to setattr_prepare()\n\n - mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] (bsc#1011820).\n\n - net: introduce __sock_queue_rcv_skb() function (bsc#1009969).\n\n - netback: correct array index (bsc#983348).\n\n - netfront: do not truncate grant references.\n\n - netfront: use correct linear area after linearizing an skb (bsc#1007886).\n\n - reiserfs: fix race in prealloc discard (bsc#987576).\n\n - rose: limit sk_filter trim to payload (bsc#1009969).\n\n - scsi: bfa: Increase requested firmware version to 3.2.5.1 (bsc#1013273).\n\n - xenbus: correctly signal errors from xenstored_local_init() (luckily none so far).\n\n - xenbus: do not invoke ->is_ready() for most device states (bsc#987333).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-02-14T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2017-246)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10088", "CVE-2016-10147", "CVE-2016-7117", "CVE-2016-7917", "CVE-2016-8645", "CVE-2016-9576", "CVE-2016-9793", "CVE-2016-9806", "CVE-2017-5551"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-docs-pdf", "p-cpe:/a:novell:opensuse:kernel-ec2", "p-cpe:/a:novell:opensuse:kernel-ec2-base", "p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debugsource", "p-cpe:/a:novell:opensuse:kernel-ec2-devel", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:kernel-pae-base", "p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debugsource", "p-cpe:/a:novell:opensuse:kernel-pae-devel", "p-cpe:/a:novell:opensuse:kernel-pv", "p-cpe:/a:novell:opensuse:kernel-pv-base", "p-cpe:/a:novell:opensuse:kernel-pv-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pv-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pv-debugsource", "p-cpe:/a:novell:opensuse:kernel-pv-devel", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-xen-base", "p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debugsource", "p-cpe:/a:novell:opensuse:kernel-xen-devel", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2017-246.NASL", "href": "https://www.tenable.com/plugins/nessus/97138", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-246.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97138);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-10088\", \"CVE-2016-10147\", \"CVE-2016-7117\", \"CVE-2016-7917\", \"CVE-2016-8645\", \"CVE-2016-9576\", \"CVE-2016-9793\", \"CVE-2016-9806\", \"CVE-2017-5551\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2017-246)\");\n script_summary(english:\"Check for the openSUSE-2017-246 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 42.1 kernel to 4.1.38 to receive various security\nand bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2016-7117: Use-after-free vulnerability in the\n __sys_recvmmsg function in net/socket.c in the Linux\n kernel allowed remote attackers to execute arbitrary\n code via vectors involving a recvmmsg system call that\n is mishandled during error processing (bnc#1003077).\n\n - CVE-2017-5551: tmpfs: Fixed a bug that could have\n allowed users to set setgid bits on files they don't\n down (bsc#1021258).\n\n - CVE-2016-10147: crypto/mcryptd.c in the Linux kernel\n allowed local users to cause a denial of service (NULL\n pointer dereference and system crash) by using an AF_ALG\n socket with an incompatible algorithm, as demonstrated\n by mcryptd(md5) (bnc#1020381).\n\n - CVE-2016-10088: The sg implementation in the Linux\n kernel did not properly restrict write operations in\n situations where the KERNEL_DS option is set, which\n allowed local users to read or write to arbitrary kernel\n memory locations or cause a denial of service\n (use-after-free) by leveraging access to a /dev/sg\n device, related to block/bsg.c and drivers/scsi/sg.c.\n NOTE: this vulnerability exists because of an incomplete\n fix for CVE-2016-9576 (bnc#1017710).\n\n - CVE-2016-7917: The nfnetlink_rcv_batch function in\n net/netfilter/nfnetlink.c in the Linux kernel did not\n check whether a batch message's length field is large\n enough, which allowed local users to obtain sensitive\n information from kernel memory or cause a denial of\n service (infinite loop or out-of-bounds read) by\n leveraging the CAP_NET_ADMIN capability (bnc#1010444).\n\n - CVE-2016-8645: The TCP stack in the Linux kernel\n mishandled skb truncation, which allowed local users to\n cause a denial of service (system crash) via a crafted\n application that made sendto system calls, related to\n net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c\n (bnc#1009969).\n\n - CVE-2016-9806: Race condition in the netlink_dump\n function in net/netlink/af_netlink.c in the Linux kernel\n allowed local users to cause a denial of service (double\n free) or possibly have unspecified other impact via a\n crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump\n that started earlier than anticipated (bnc#1013540\n 1017589).\n\n - CVE-2016-9793: The sock_setsockopt function in\n net/core/sock.c in the Linux kernel mishandled negative\n values of sk_sndbuf and sk_rcvbuf, which allowed local\n users to cause a denial of service (memory corruption\n and system crash) or possibly have unspecified other\n impact by leveraging the CAP_NET_ADMIN capability for a\n crafted setsockopt system call with the (1)\n SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531\n 1013542).\n\nThe following non-security bugs were fixed :\n\n - PCI: generic: Fix pci_remap_iospace() failure path\n (bsc#1019658).\n\n - bcache: partition support: add 16 minors per bcacheN\n device (bsc#1019784).\n\n - bnx2x: Correct ringparam estimate when DOWN\n (bsc#1020214).\n\n - clk: xgene: Do not call __pa on ioremaped address\n (bsc#1019660).\n\n - kABI workaround for 4.1.37 mount changes\n (stable-4.1.37).\n\n - kABI: reintroduce sk_filter (bsc#1009969).\n\n - kabi/severities: Ignore inode_change_ok change It's\n renamed in 4.1.37 to setattr_prepare()\n\n - mpi: Fix NULL ptr dereference in mpi_powm() [ver #3]\n (bsc#1011820).\n\n - net: introduce __sock_queue_rcv_skb() function\n (bsc#1009969).\n\n - netback: correct array index (bsc#983348).\n\n - netfront: do not truncate grant references.\n\n - netfront: use correct linear area after linearizing an\n skb (bsc#1007886).\n\n - reiserfs: fix race in prealloc discard (bsc#987576).\n\n - rose: limit sk_filter trim to payload (bsc#1009969).\n\n - scsi: bfa: Increase requested firmware version to\n 3.2.5.1 (bsc#1013273).\n\n - xenbus: correctly signal errors from\n xenstored_local_init() (luckily none so far).\n\n - xenbus: do not invoke ->is_ready() for most device\n states (bsc#987333).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1003077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1009969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010444\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013273\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013531\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1017589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1017710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1019658\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1019660\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1019784\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1021258\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=987333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=987576\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-base-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-base-debuginfo-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-debuginfo-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-debugsource-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-devel-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-devel-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-docs-html-4.1.38-47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-docs-pdf-4.1.38-47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-macros-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-build-4.1.38-47.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-build-debugsource-4.1.38-47.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-qa-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-source-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-source-vanilla-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-syms-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-base-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-base-debuginfo-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-debugsource-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-devel-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-devel-debuginfo-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-base-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-base-debuginfo-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-debuginfo-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-debugsource-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-devel-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-base-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-base-debuginfo-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-debuginfo-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-debugsource-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-devel-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-base-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-base-debuginfo-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-debuginfo-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-debugsource-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-devel-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-debuginfo-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-debugsource-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-devel-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-base-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-base-debuginfo-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-debuginfo-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-debugsource-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-devel-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-debuginfo-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debuginfo-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debugsource-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-debuginfo-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-debuginfo-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-debugsource-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-devel-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-base-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-base-debuginfo-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-debuginfo-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-debugsource-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-devel-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debuginfo-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debugsource-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-devel-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-4.1.38-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-4.1.38-47.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-07T14:48:30", "description": "Security Fix(es) :\n\n - It was discovered that a remote attacker could leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow (in scenarios in which actual fragmentation of packets is not needed) and could subsequently perform any type of a fragmentation- based attack against legacy IPv6 nodes that do not implement RFC6946. (CVE-2016-10142, Moderate)\n\n - A flaw was discovered in the way the Linux kernel dealt with paging structures. When the kernel invalidated a paging structure that was not in use locally, it could, in principle, race against another CPU that is switching to a process that uses the paging structure in question.\n A local user could use a thread running with a stale cached virtual->physical translation to potentially escalate their privileges if the translation in question were writable and the physical page got reused for something critical (for example, a page table).\n (CVE-2016-2069, Moderate)\n\n - A race condition flaw was found in the ioctl_send_fib() function in the Linux kernel's aacraid implementation. A local attacker could use this flaw to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value. (CVE-2016-6480, Moderate)\n\n - It was found that when the gcc stack protector was enabled, reading the /proc/keys file could cause a panic in the Linux kernel due to stack corruption. This happened because an incorrect buffer size was used to hold a 64-bit timeout value rendered as weeks.\n (CVE-2016-7042, Moderate)\n\n - It was found that when file permissions were modified via chmod and the user modifying them was not in the owning group or capable of CAP_FSETID, the setgid bit would be cleared. Setting a POSIX ACL via setxattr sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in a similar way. This could allow a local user to gain group privileges via certain setgid applications. (CVE-2016-7097, Moderate)\n\n - A flaw was found in the Linux networking subsystem where a local attacker with CAP_NET_ADMIN capabilities could cause an out-of-bounds memory access by creating a smaller-than-expected ICMP header and sending to its destination via sendto(). (CVE-2016-8399, Moderate)\n\n - It was found that the blk_rq_map_user_iov() function in the Linux kernel's block device implementation did not properly restrict the type of iterator, which could allow a local attacker to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging write access to a /dev/sg device. (CVE-2016-9576, CVE-2016-10088, Moderate)\n\n - A flaw was found in the USB-MIDI Linux kernel driver: a double-free error could be triggered for the 'umidi' object. An attacker with physical access to the system could use this flaw to escalate their privileges.\n (CVE-2016-2384, Low)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.6, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2017-04-06T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20170321)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10088", "CVE-2016-10142", "CVE-2016-2069", "CVE-2016-2384", "CVE-2016-6480", "CVE-2016-7042", "CVE-2016-7097", "CVE-2016-8399", "CVE-2016-9576"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-doc", "p-cpe:/a:fermilab:scientific_linux:kernel-firmware", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:perf", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20170321_KERNEL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/99218", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99218);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-10088\", \"CVE-2016-10142\", \"CVE-2016-2069\", \"CVE-2016-2384\", \"CVE-2016-6480\", \"CVE-2016-7042\", \"CVE-2016-7097\", \"CVE-2016-8399\", \"CVE-2016-9576\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20170321)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - It was discovered that a remote attacker could leverage\n the generation of IPv6 atomic fragments to trigger the\n use of fragmentation in an arbitrary IPv6 flow (in\n scenarios in which actual fragmentation of packets is\n not needed) and could subsequently perform any type of a\n fragmentation- based attack against legacy IPv6 nodes\n that do not implement RFC6946. (CVE-2016-10142,\n Moderate)\n\n - A flaw was discovered in the way the Linux kernel dealt\n with paging structures. When the kernel invalidated a\n paging structure that was not in use locally, it could,\n in principle, race against another CPU that is switching\n to a process that uses the paging structure in question.\n A local user could use a thread running with a stale\n cached virtual->physical translation to potentially\n escalate their privileges if the translation in question\n were writable and the physical page got reused for\n something critical (for example, a page table).\n (CVE-2016-2069, Moderate)\n\n - A race condition flaw was found in the ioctl_send_fib()\n function in the Linux kernel's aacraid implementation. A\n local attacker could use this flaw to cause a denial of\n service (out-of-bounds access or system crash) by\n changing a certain size value. (CVE-2016-6480, Moderate)\n\n - It was found that when the gcc stack protector was\n enabled, reading the /proc/keys file could cause a panic\n in the Linux kernel due to stack corruption. This\n happened because an incorrect buffer size was used to\n hold a 64-bit timeout value rendered as weeks.\n (CVE-2016-7042, Moderate)\n\n - It was found that when file permissions were modified\n via chmod and the user modifying them was not in the\n owning group or capable of CAP_FSETID, the setgid bit\n would be cleared. Setting a POSIX ACL via setxattr sets\n the file permissions as well as the new ACL, but doesn't\n clear the setgid bit in a similar way. This could allow\n a local user to gain group privileges via certain setgid\n applications. (CVE-2016-7097, Moderate)\n\n - A flaw was found in the Linux networking subsystem where\n a local attacker with CAP_NET_ADMIN capabilities could\n cause an out-of-bounds memory access by creating a\n smaller-than-expected ICMP header and sending to its\n destination via sendto(). (CVE-2016-8399, Moderate)\n\n - It was found that the blk_rq_map_user_iov() function in\n the Linux kernel's block device implementation did not\n properly restrict the type of iterator, which could\n allow a local attacker to read or write to arbitrary\n kernel memory locations or cause a denial of service\n (use-after-free) by leveraging write access to a /dev/sg\n device. (CVE-2016-9576, CVE-2016-10088, Moderate)\n\n - A flaw was found in the USB-MIDI Linux kernel driver: a\n double-free error could be triggered for the 'umidi'\n object. An attacker with physical access to the system\n could use this flaw to escalate their privileges.\n (CVE-2016-2384, Low)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1704&L=scientific-linux-errata&F=&S=&P=2945\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a733115e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"kernel-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-abi-whitelists-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-debuginfo-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-devel-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debuginfo-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debuginfo-common-i686-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-devel-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-doc-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-firmware-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-headers-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-debuginfo-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-debuginfo-2.6.32-696.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-06T14:38:05", "description": "An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* It was discovered that a remote attacker could leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow (in scenarios in which actual fragmentation of packets is not needed) and could subsequently perform any type of a fragmentation-based attack against legacy IPv6 nodes that do not implement RFC6946. (CVE-2016-10142, Moderate)\n\n* A flaw was discovered in the way the Linux kernel dealt with paging structures. When the kernel invalidated a paging structure that was not in use locally, it could, in principle, race against another CPU that is switching to a process that uses the paging structure in question. A local user could use a thread running with a stale cached virtual->physical translation to potentially escalate their privileges if the translation in question were writable and the physical page got reused for something critical (for example, a page table).\n(CVE-2016-2069, Moderate)\n\n* A race condition flaw was found in the ioctl_send_fib() function in the Linux kernel's aacraid implementation. A local attacker could use this flaw to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value. (CVE-2016-6480, Moderate)\n\n* It was found that when the gcc stack protector was enabled, reading the /proc/keys file could cause a panic in the Linux kernel due to stack corruption. This happened because an incorrect buffer size was used to hold a 64-bit timeout value rendered as weeks. (CVE-2016-7042, Moderate)\n\n* It was found that when file permissions were modified via chmod and the user modifying them was not in the owning group or capable of CAP_FSETID, the setgid bit would be cleared. Setting a POSIX ACL via setxattr sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in a similar way. This could allow a local user to gain group privileges via certain setgid applications.\n(CVE-2016-7097, Moderate)\n\n* A flaw was found in the Linux networking subsystem where a local attacker with CAP_NET_ADMIN capabilities could cause an out-of-bounds memory access by creating a smaller-than-expected ICMP header and sending to its destination via sendto(). (CVE-2016-8399, Moderate)\n\n* It was found that the blk_rq_map_user_iov() function in the Linux kernel's block device implementation did not properly restrict the type of iterator, which could allow a local attacker to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging write access to a /dev/sg device.\n(CVE-2016-9576, CVE-2016-10088, Moderate)\n\n* A flaw was found in the USB-MIDI Linux kernel driver: a double-free error could be triggered for the 'umidi' object. An attacker with physical access to the system could use this flaw to escalate their privileges. (CVE-2016-2384, Low)\n\nThe CVE-2016-7042 issue was discovered by Ondrej Kozina (Red Hat) and the CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red Hat) and Jan Kara (SUSE).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.6, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2017-03-27T00:00:00", "type": "nessus", "title": "CentOS 6 : kernel (CESA-2017:0817)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10088", "CVE-2016-10142", "CVE-2016-2069", "CVE-2016-2384", "CVE-2016-6480", "CVE-2016-7042", "CVE-2016-7097", "CVE-2016-8399", "CVE-2016-9576"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-firmware", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2017-0817.NASL", "href": "https://www.tenable.com/plugins/nessus/97962", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0817 and \n# CentOS Errata and Security Advisory 2017:0817 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97962);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-10088\", \"CVE-2016-10142\", \"CVE-2016-2069\", \"CVE-2016-2384\", \"CVE-2016-6480\", \"CVE-2016-7042\", \"CVE-2016-7097\", \"CVE-2016-8399\", \"CVE-2016-9576\");\n script_xref(name:\"RHSA\", value:\"2017:0817\");\n\n script_name(english:\"CentOS 6 : kernel (CESA-2017:0817)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* It was discovered that a remote attacker could leverage the\ngeneration of IPv6 atomic fragments to trigger the use of\nfragmentation in an arbitrary IPv6 flow (in scenarios in which actual\nfragmentation of packets is not needed) and could subsequently perform\nany type of a fragmentation-based attack against legacy IPv6 nodes\nthat do not implement RFC6946. (CVE-2016-10142, Moderate)\n\n* A flaw was discovered in the way the Linux kernel dealt with paging\nstructures. When the kernel invalidated a paging structure that was\nnot in use locally, it could, in principle, race against another CPU\nthat is switching to a process that uses the paging structure in\nquestion. A local user could use a thread running with a stale cached\nvirtual->physical translation to potentially escalate their privileges\nif the translation in question were writable and the physical page got\nreused for something critical (for example, a page table).\n(CVE-2016-2069, Moderate)\n\n* A race condition flaw was found in the ioctl_send_fib() function in\nthe Linux kernel's aacraid implementation. A local attacker could use\nthis flaw to cause a denial of service (out-of-bounds access or system\ncrash) by changing a certain size value. (CVE-2016-6480, Moderate)\n\n* It was found that when the gcc stack protector was enabled, reading\nthe /proc/keys file could cause a panic in the Linux kernel due to\nstack corruption. This happened because an incorrect buffer size was\nused to hold a 64-bit timeout value rendered as weeks. (CVE-2016-7042,\nModerate)\n\n* It was found that when file permissions were modified via chmod and\nthe user modifying them was not in the owning group or capable of\nCAP_FSETID, the setgid bit would be cleared. Setting a POSIX ACL via\nsetxattr sets the file permissions as well as the new ACL, but doesn't\nclear the setgid bit in a similar way. This could allow a local user\nto gain group privileges via certain setgid applications.\n(CVE-2016-7097, Moderate)\n\n* A flaw was found in the Linux networking subsystem where a local\nattacker with CAP_NET_ADMIN capabilities could cause an out-of-bounds\nmemory access by creating a smaller-than-expected ICMP header and\nsending to its destination via sendto(). (CVE-2016-8399, Moderate)\n\n* It was found that the blk_rq_map_user_iov() function in the Linux\nkernel's block device implementation did not properly restrict the\ntype of iterator, which could allow a local attacker to read or write\nto arbitrary kernel memory locations or cause a denial of service\n(use-after-free) by leveraging write access to a /dev/sg device.\n(CVE-2016-9576, CVE-2016-10088, Moderate)\n\n* A flaw was found in the USB-MIDI Linux kernel driver: a double-free\nerror could be triggered for the 'umidi' object. An attacker with\nphysical access to the system could use this flaw to escalate their\nprivileges. (CVE-2016-2384, Low)\n\nThe CVE-2016-7042 issue was discovered by Ondrej Kozina (Red Hat) and\nthe CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red\nHat) and Jan Kara (SUSE).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9\nTechnical Notes linked from the References section.\"\n );\n # http://lists.centos.org/pipermail/centos-cr-announce/2017-March/003811.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?57420c8b\"\n );\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages. Note that the updated packages\nmay not be immediately available from the package repository and its\nmirrors.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-abi-whitelists-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-debug-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-debug-devel-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-devel-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-doc-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-firmware-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-headers-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perf-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"python-perf-2.6.32-696.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-06T14:38:05", "description": "The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-0817 advisory.\n\n - Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU. (CVE-2016-2069)\n\n - Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor. (CVE-2016-2384)\n\n - Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a double fetch vulnerability. (CVE-2016-6480)\n\n - The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file. (CVE-2016-7042)\n\n - The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device.\n (CVE-2016-9576)\n\n - The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576. (CVE-2016-10088)\n\n - The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. (CVE-2016-7097)\n\n - An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID:\n A-31349935. (CVE-2016-8399)\n\n - An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) messages.\n (The scope of this CVE is all affected IPv6 implementations from all vendors.) The security implications of IP fragmentation have been discussed at length in [RFC6274] and [RFC7739]. An attacker can leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow (in scenarios in which actual fragmentation of packets is not needed) and can subsequently perform any type of fragmentation-based attack against legacy IPv6 nodes that do not implement [RFC6946]. That is, employing fragmentation where not actually needed allows for fragmentation-based attack vectors to be employed, unnecessarily. We note that, unfortunately, even nodes that already implement [RFC6946] can be subject to DoS attacks as a result of the generation of IPv6 atomic fragments. Let us assume that Host A is communicating with Host B and that, as a result of the widespread dropping of IPv6 packets that contain extension headers (including fragmentation) [RFC7872], some intermediate node filters fragments between Host B and Host A. If an attacker sends a forged ICMPv6 PTB error message to Host B, reporting an MTU smaller than 1280, this will trigger the generation of IPv6 atomic fragments from that moment on (as required by [RFC2460]). When Host B starts sending IPv6 atomic fragments (in response to the received ICMPv6 PTB error message), these packets will be dropped, since we previously noted that IPv6 packets with extension headers were being dropped between Host B and Host A. Thus, this situation will result in a DoS scenario. Another possible scenario is that in which two BGP peers are employing IPv6 transport and they implement Access Control Lists (ACLs) to drop IPv6 fragments (to avoid control-plane attacks). If the aforementioned BGP peers drop IPv6 fragments but still honor received ICMPv6 PTB error messages, an attacker could easily attack the corresponding peering session by simply sending an ICMPv6 PTB message with a reported MTU smaller than 1280 bytes. Once the attack packet has been sent, the aforementioned routers will themselves be the ones dropping their own traffic. (CVE-2016-10142)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.6, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2017-03-30T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : kernel (ELSA-2017-0817)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10088", "CVE-2016-10142", "CVE-2016-2069", "CVE-2016-2384", "CVE-2016-6480", "CVE-2016-7042", "CVE-2016-7097", "CVE-2016-8399", "CVE-2016-9576", "CVE-2017-5551"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-firmware", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2017-0817.NASL", "href": "https://www.tenable.com/plugins/nessus/99074", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2017-0817.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99074);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2016-2069\",\n \"CVE-2016-2384\",\n \"CVE-2016-6480\",\n \"CVE-2016-7042\",\n \"CVE-2016-7097\",\n \"CVE-2016-8399\",\n \"CVE-2016-9576\",\n \"CVE-2016-10088\",\n \"CVE-2016-10142\",\n \"CVE-2017-5551\"\n );\n script_xref(name:\"RHSA\", value:\"2017:0817\");\n\n script_name(english:\"Oracle Linux 6 : kernel (ELSA-2017-0817)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2017-0817 advisory.\n\n - Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges\n by triggering access to a paging structure by a different CPU. (CVE-2016-2069)\n\n - Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel\n before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have\n unspecified other impact via vectors involving an invalid USB descriptor. (CVE-2016-2384)\n\n - Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel\n through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by\n changing a certain size value, aka a double fetch vulnerability. (CVE-2016-6480)\n\n - The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU\n Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout\n data, which allows local users to cause a denial of service (stack memory corruption and panic) by reading\n the /proc/keys file. (CVE-2016-7042)\n\n - The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly\n restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory\n locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device.\n (CVE-2016-9576)\n\n - The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in\n situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary\n kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg\n device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2016-9576. (CVE-2016-10088)\n\n - The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr\n call, which allows local users to gain group privileges by leveraging the existence of a setgid program\n with restrictions on execute permissions. (CVE-2016-7097)\n\n - An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious\n application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate\n because it first requires compromising a privileged process and current compiler optimizations restrict\n access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID:\n A-31349935. (CVE-2016-8399)\n\n - An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) messages.\n (The scope of this CVE is all affected IPv6 implementations from all vendors.) The security implications\n of IP fragmentation have been discussed at length in [RFC6274] and [RFC7739]. An attacker can leverage the\n generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow (in\n scenarios in which actual fragmentation of packets is not needed) and can subsequently perform any type of\n fragmentation-based attack against legacy IPv6 nodes that do not implement [RFC6946]. That is, employing\n fragmentation where not actually needed allows for fragmentation-based attack vectors to be employed,\n unnecessarily. We note that, unfortunately, even nodes that already implement [RFC6946] can be subject to\n DoS attacks as a result of the generation of IPv6 atomic fragments. Let us assume that Host A is\n communicating with Host B and that, as a result of the widespread dropping of IPv6 packets that contain\n extension headers (including fragmentation) [RFC7872], some intermediate node filters fragments between\n Host B and Host A. If an attacker sends a forged ICMPv6 PTB error message to Host B, reporting an MTU\n smaller than 1280, this will trigger the generation of IPv6 atomic fragments from that moment on (as\n required by [RFC2460]). When Host B starts sending IPv6 atomic fragments (in response to the received\n ICMPv6 PTB error message), these packets will be dropped, since we previously noted that IPv6 packets with\n extension headers were being dropped between Host B and Host A. Thus, this situation will result in a DoS\n scenario. Another possible scenario is that in which two BGP peers are employing IPv6 transport and they\n implement Access Control Lists (ACLs) to drop IPv6 fragments (to avoid control-plane attacks). If the\n aforementioned BGP peers drop IPv6 fragments but still honor received ICMPv6 PTB error messages, an\n attacker could easily attack the corresponding peering session by simply sending an ICMPv6 PTB message\n with a reported MTU smaller than 1280 bytes. Once the attack packet has been sent, the aforementioned\n routers will themselves be the ones dropping their own traffic. (CVE-2016-10142)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2017-0817.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-8399\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/01/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.32-696.el6'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2017-0817');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-2.6.32-696.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.32'},\n {'reference':'kernel-2.6.32-696.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.32'},\n {'reference':'kernel-abi-whitelists-2.6.32-696.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-2.6.32'},\n {'reference':'kernel-debug-2.6.32-696.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.32'},\n {'reference':'kernel-debug-2.6.32-696.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.32'},\n {'reference':'kernel-debug-devel-2.6.32-696.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.32'},\n {'reference':'kernel-debug-devel-2.6.32-696.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.32'},\n {'reference':'kernel-devel-2.6.32-696.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.32'},\n {'reference':'kernel-devel-2.6.32-696.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.32'},\n {'reference':'kernel-firmware-2.6.32-696.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-firmware-2.6.32'},\n {'reference':'kernel-headers-2.6.32-696.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.32'},\n {'reference':'kernel-headers-2.6.32-696.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.32'},\n {'reference':'perf-2.6.32-696.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-2.6.32-696.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-2.6.32-696.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-2.6.32-696.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-debug / etc');\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-06T14:37:41", "description": "An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* It was discovered that a remote attacker could leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow (in scenarios in which actual fragmentation of packets is not needed) and could subsequently perform any type of a fragmentation-based attack against legacy IPv6 nodes that do not implement RFC6946. (CVE-2016-10142, Moderate)\n\n* A flaw was discovered in the way the Linux kernel dealt with paging structures. When the kernel invalidated a paging structure that was not in use locally, it could, in principle, race against another CPU that is switching to a process that uses the paging structure in question. A local user could use a thread running with a stale cached virtual->physical translation to potentially escalate their privileges if the translation in question were writable and the physical page got reused for something critical (for example, a page table).\n(CVE-2016-2069, Moderate)\n\n* A race condition flaw was found in the ioctl_send_fib() function in the Linux kernel's aacraid implementation. A local attacker could use this flaw to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value. (CVE-2016-6480, Moderate)\n\n* It was found that when the gcc stack protector was enabled, reading the / proc/keys file could cause a panic in the Linux kernel due to stack corruption. This happened because an incorrect buffer size was used to hold a 64-bit timeout value rendered as weeks. (CVE-2016-7042, Moderate)\n\n* It was found that when file permissions were modified via chmod and the user modifying them was not in the owning group or capable of CAP_FSETID, the setgid bit would be cleared. Setting a POSIX ACL via setxattr sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in a similar way. This could allow a local user to gain group privileges via certain setgid applications.\n(CVE-2016-7097, Moderate)\n\n* A flaw was found in the Linux networking subsystem where a local attacker with CAP_NET_ADMIN capabilities could cause an out-of-bounds memory access by creating a smaller-than-expected ICMP header and sending to its destination via sendto(). (CVE-2016-8399, Moderate)\n\n* It was found that the blk_rq_map_user_iov() function in the Linux kernel's block device implementation did not properly restrict the type of iterator, which could allow a local attacker to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging write access to a /dev/sg device.\n(CVE-2016-9576, CVE-2016-10088, Moderate)\n\n* A flaw was found in the USB-MIDI Linux kernel driver: a double-free error could be triggered for the 'umidi' object. An attacker with physical access to the system could use this flaw to escalate their privileges. (CVE-2016-2384, Low)\n\nThe CVE-2016-7042 issue was discovered by Ondrej Kozina (Red Hat) and the CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red Hat) and Jan Kara (SUSE).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.6, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2017-03-22T00:00:00", "type": "nessus", "title": "RHEL 6 : kernel (RHSA-2017:0817)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10088", "CVE-2016-10142", "CVE-2016-2069", "CVE-2016-2384", "CVE-2016-6480", "CVE-2016-7042", "CVE-2016-7097", "CVE-2016-8399", "CVE-2016-9576", "CVE-2017-5551"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2017-0817.NASL", "href": "https://www.tenable.com/plugins/nessus/97886", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0817. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97886);\n script_version(\"3.14\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2016-10088\", \"CVE-2016-10142\", \"CVE-2016-2069\", \"CVE-2016-2384\", \"CVE-2016-6480\", \"CVE-2016-7042\", \"CVE-2016-7097\", \"CVE-2016-8399\", \"CVE-2016-9576\", \"CVE-2017-5551\");\n script_xref(name:\"RHSA\", value:\"2017:0817\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2017:0817)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* It was discovered that a remote attacker could leverage the\ngeneration of IPv6 atomic fragments to trigger the use of\nfragmentation in an arbitrary IPv6 flow (in scenarios in which actual\nfragmentation of packets is not needed) and could subsequently perform\nany type of a fragmentation-based attack against legacy IPv6 nodes\nthat do not implement RFC6946. (CVE-2016-10142, Moderate)\n\n* A flaw was discovered in the way the Linux kernel dealt with paging\nstructures. When the kernel invalidated a paging structure that was\nnot in use locally, it could, in principle, race against another CPU\nthat is switching to a process that uses the paging structure in\nquestion. A local user could use a thread running with a stale cached\nvirtual->physical translation to potentially escalate their privileges\nif the translation in question were writable and the physical page got\nreused for something critical (for example, a page table).\n(CVE-2016-2069, Moderate)\n\n* A race condition flaw was found in the ioctl_send_fib() function in\nthe Linux kernel's aacraid implementation. A local attacker could use\nthis flaw to cause a denial of service (out-of-bounds access or system\ncrash) by changing a certain size value. (CVE-2016-6480, Moderate)\n\n* It was found that when the gcc stack protector was enabled, reading\nthe / proc/keys file could cause a panic in the Linux kernel due to\nstack corruption. This happened because an incorrect buffer size was\nused to hold a 64-bit timeout value rendered as weeks. (CVE-2016-7042,\nModerate)\n\n* It was found that when file permissions were modified via chmod and\nthe user modifying them was not in the owning group or capable of\nCAP_FSETID, the setgid bit would be cleared. Setting a POSIX ACL via\nsetxattr sets the file permissions as well as the new ACL, but doesn't\nclear the setgid bit in a similar way. This could allow a local user\nto gain group privileges via certain setgid applications.\n(CVE-2016-7097, Moderate)\n\n* A flaw was found in the Linux networking subsystem where a local\nattacker with CAP_NET_ADMIN capabilities could cause an out-of-bounds\nmemory access by creating a smaller-than-expected ICMP header and\nsending to its destination via sendto(). (CVE-2016-8399, Moderate)\n\n* It was found that the blk_rq_map_user_iov() function in the Linux\nkernel's block device implementation did not properly restrict the\ntype of iterator, which could allow a local attacker to read or write\nto arbitrary kernel memory locations or cause a denial of service\n(use-after-free) by leveraging write access to a /dev/sg device.\n(CVE-2016-9576, CVE-2016-10088, Moderate)\n\n* A flaw was found in the USB-MIDI Linux kernel driver: a double-free\nerror could be triggered for the 'umidi' object. An attacker with\nphysical access to the system could use this flaw to escalate their\nprivileges. (CVE-2016-2384, Low)\n\nThe CVE-2016-7042 issue was discovered by Ondrej Kozina (Red Hat) and\nthe CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red\nHat) and Jan Kara (SUSE).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9\nTechnical Notes linked from the References section.\"\n );\n # https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b5caa05f\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:0817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-7042\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-7097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-8399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-10088\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-10142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5551\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-10088\", \"CVE-2016-10142\", \"CVE-2016-2069\", \"CVE-2016-2384\", \"CVE-2016-6480\", \"CVE-2016-7042\", \"CVE-2016-7097\", \"CVE-2016-8399\", \"CVE-2016-9576\", \"CVE-2017-5551\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2017:0817\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:0817\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-abi-whitelists-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-devel-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-devel-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-doc-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-firmware-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-headers-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-headers-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-debuginfo-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-debuginfo-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-perf-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-perf-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-perf-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-perf-debuginfo-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-perf-debuginfo-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-2.6.32-696.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-01T14:25:46", "description": "According to the versions of the parallels-server-bm-release / vzkernel / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in the Linux kernel's handling of packets with the URG flag. Applications using the splice() and tcp_splice_read() functionality can allow a remote attacker to force the kernel to enter a condition in which it can loop indefinitely.\n\n - It was discovered that a remote attacker could leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow (in scenarios in which actual fragmentation of packets is not needed) and could subsequently perform any type of a fragmentation-based attack against legacy IPv6 nodes that do not implement RFC6946.\n\n - It was found that the blk_rq_map_user_iov() function in the Linux kernel's block device implementation did not properly restrict the type of iterator, which could allow a local attacker to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging write access to a /dev/sg device.\n\n - A flaw was found in the Linux kernel's implementation of the SCTP protocol. A remote attacker could trigger an out-of-bounds read with an offset of up to 64kB potentially causing the system to crash.\n\n - A flaw was found in the Linux networking subsystem where a local attacker with CAP_NET_ADMIN capabilities could cause an out-of-bounds memory access by creating a smaller-than-expected ICMP header and sending to its destination via sendto().\n\n - It was found that when file permissions were modified via chmod and the user modifying them was not in the owning group or capable of CAP_FSETID, the setgid bit would be cleared. Setting a POSIX ACL via setxattr sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in a similar way. This could allow a local user to gain group privileges via certain setgid applications.\n\n - It was found that when the gcc stack protector was enabled, reading the /proc/keys file could cause a panic in the Linux kernel due to stack corruption. This happened because an incorrect buffer size was used to hold a 64-bit timeout value rendered as weeks.\n\n - A race condition flaw was found in the ioctl_send_fib() function in the Linux kernel's aacraid implementation.\n A local attacker could use this flaw to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value.\n\n - When creating audit records for parameters to executed children processes, an attacker can convince the Linux kernel audit subsystem can create corrupt records which may allow an attacker to misrepresent or evade logging of executing commands.\n\n - A flaw was discovered in the way the Linux kernel dealt with paging structures. When the kernel invalidated a paging structure that was not in use locally, it could, in principle, race against another CPU that is switching to a process that uses the paging structure in question. A local user could use a thread running with a stale cached virtual->physical translation to potentially escalate their privileges if the translation in question were writable and the physical page got reused for something critical (for example, a page table).\n\n - A flaw was found in the USB-MIDI Linux kernel driver: a double-free error could be triggered for the 'umidi' object. An attacker with physical access to the system could use this flaw to escalate their privileges.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-03-31T00:00:00", "type": "nessus", "title": "Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2017-025)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10088", "CVE-2016-10142", "CVE-2016-2069", "CVE-2016-2384", "CVE-2016-6136", "CVE-2016-6480", "CVE-2016-6828", "CVE-2016-7042", "CVE-2016-7097", "CVE-2016-8399", "CVE-2016-9555", "CVE-2016-9576", "CVE-2017-6214"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:parallels-server-bm-release", "p-cpe:/a:virtuozzo:virtuozzo:vzkernel", "p-cpe:/a:virtuozzo:virtuozzo:vzkernel-devel", "p-cpe:/a:virtuozzo:virtuozzo:vzkernel-firmware", "p-cpe:/a:virtuozzo:virtuozzo:vzmodules", "p-cpe:/a:virtuozzo:virtuozzo:vzmodules-devel", "cpe:/o:virtuozzo:virtuozzo:6"], "id": "VIRTUOZZO_VZA-2017-025.NASL", "href": "https://www.tenable.com/plugins/nessus/99106", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99106);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2016-10088\",\n \"CVE-2016-10142\",\n \"CVE-2016-2069\",\n \"CVE-2016-2384\",\n \"CVE-2016-6136\",\n \"CVE-2016-6480\",\n \"CVE-2016-6828\",\n \"CVE-2016-7042\",\n \"CVE-2016-7097\",\n \"CVE-2016-8399\",\n \"CVE-2016-9555\",\n \"CVE-2016-9576\",\n \"CVE-2017-6214\"\n );\n\n script_name(english:\"Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2017-025)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the parallels-server-bm-release /\nvzkernel / etc packages installed, the Virtuozzo installation on the\nremote host is affected by the following vulnerabilities :\n\n - A flaw was found in the Linux kernel's handling of\n packets with the URG flag. Applications using the\n splice() and tcp_splice_read() functionality can allow\n a remote attacker to force the kernel to enter a\n condition in which it can loop indefinitely.\n\n - It was discovered that a remote attacker could leverage\n the generation of IPv6 atomic fragments to trigger the\n use of fragmentation in an arbitrary IPv6 flow (in\n scenarios in which actual fragmentation of packets is\n not needed) and could subsequently perform any type of\n a fragmentation-based attack against legacy IPv6 nodes\n that do not implement RFC6946.\n\n - It was found that the blk_rq_map_user_iov() function in\n the Linux kernel's block device implementation did not\n properly restrict the type of iterator, which could\n allow a local attacker to read or write to arbitrary\n kernel memory locations or cause a denial of service\n (use-after-free) by leveraging write access to a\n /dev/sg device.\n\n - A flaw was found in the Linux kernel's implementation\n of the SCTP protocol. A remote attacker could trigger\n an out-of-bounds read with an offset of up to 64kB\n potentially causing the system to crash.\n\n - A flaw was found in the Linux networking subsystem\n where a local attacker with CAP_NET_ADMIN capabilities\n could cause an out-of-bounds memory access by creating\n a smaller-than-expected ICMP header and sending to its\n destination via sendto().\n\n - It was found that when file permissions were modified\n via chmod and the user modifying them was not in the\n owning group or capable of CAP_FSETID, the setgid bit\n would be cleared. Setting a POSIX ACL via setxattr sets\n the file permissions as well as the new ACL, but\n doesn't clear the setgid bit in a similar way. This\n could allow a local user to gain group privileges via\n certain setgid applications.\n\n - It was found that when the gcc stack protector was\n enabled, reading the /proc/keys file could cause a\n panic in the Linux kernel due to stack corruption. This\n happened because an incorrect buffer size was used to\n hold a 64-bit timeout value rendered as weeks.\n\n - A race condition flaw was found in the ioctl_send_fib()\n function in the Linux kernel's aacraid implementation.\n A local attacker could use this flaw to cause a denial\n of service (out-of-bounds access or system crash) by\n changing a certain size value.\n\n - When creating audit records for parameters to executed\n children processes, an attacker can convince the Linux\n kernel audit subsystem can create corrupt records which\n may allow an attacker to misrepresent or evade logging\n of executing commands.\n\n - A flaw was discovered in the way the Linux kernel dealt\n with paging structures. When the kernel invalidated a\n paging structure that was not in use locally, it could,\n in principle, race against another CPU that is\n switching to a process that uses the paging structure\n in question. A local user could use a thread running\n with a stale cached virtual->physical translation to\n potentially escalate their privileges if the\n translation in question were writable and the physical\n page got reused for something critical (for example, a\n page table).\n\n - A flaw was found in the USB-MIDI Linux kernel driver: a\n double-free error could be triggered for the 'umidi'\n object. An attacker with physical access to the system\n could use this flaw to escalate their privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://help.virtuozzo.com/customer/portal/articles/2777857\");\n script_set_attribute(attribute:\"see_also\", value:\"https://rhn.redhat.com/errata/RHSA-2016-2766.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://rhn.redhat.com/errata/RHSA-2017-0036.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://rhn.redhat.com/errata/RHSA-2017-0293.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://rhn.redhat.com/errata/RHSA-2017-0307.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://rhn.redhat.com/errata/RHSA-2017-0817.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected parallels-server-bm-release / vzkernel / etc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:parallels-server-bm-release\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzkernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzkernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzkernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzmodules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzmodules-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 6.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"parallels-server-bm-release-6.0.12-3674\",\n \"vzkernel-2.6.32-042stab123.1\",\n \"vzkernel-devel-2.6.32-042stab123.1\",\n \"vzkernel-firmware-2.6.32-042stab123.1\",\n \"vzmodules-2.6.32-042stab123.1\",\n \"vzmodules-devel-2.6.32-042stab123.1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-6\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"parallels-server-bm-release / vzkernel / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-17T15:23:48", "description": "The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3535 advisory.\n\n - The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler. (CVE-2015-4700)\n\n - The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576. (CVE-2016-10088)\n\n - An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID:\n A-31349935. (CVE-2016-8399)\n\n - An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) messages.\n (The scope of this CVE is all affected IPv6 implementations from all vendors.) The security implications of IP fragmentation have been discussed at length in [RFC6274] and [RFC7739]. An attacker can leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow (in scenarios in which actual fragmentation of packets is not needed) and can subsequently perform any type of fragmentation-based attack against legacy IPv6 nodes that do not implement [RFC6946]. That is, employing fragmentation where not actually needed allows for fragmentation-based attack vectors to be employed, unnecessarily. We note that, unfortunately, even nodes that already implement [RFC6946] can be subject to DoS attacks as a result of the generation of IPv6 atomic fragments. Let us assume that Host A is communicating with Host B and that, as a result of the widespread dropping of IPv6 packets that contain extension headers (including fragmentation) [RFC7872], some intermediate node filters fragments between Host B and Host A. If an attacker sends a forged ICMPv6 PTB error message to Host B, reporting an MTU smaller than 1280, this will trigger the generation of IPv6 atomic fragments from that moment on (as required by [RFC2460]). When Host B starts sending IPv6 atomic fragments (in response to the received ICMPv6 PTB error message), these packets will be dropped, since we previously noted that IPv6 packets with extension headers were being dropped between Host B and Host A. Thus, this situation will result in a DoS scenario. Another possible scenario is that in which two BGP peers are employing IPv6 transport and they implement Access Control Lists (ACLs) to drop IPv6 fragments (to avoid control-plane attacks). If the aforementioned BGP peers drop IPv6 fragments but still honor received ICMPv6 PTB error messages, an attacker could easily attack the corresponding peering session by simply sending an ICMPv6 PTB message with a reported MTU smaller than 1280 bytes. Once the attack packet has been sent, the aforementioned routers will themselves be the ones dropping their own traffic. (CVE-2016-10142)\n\n - The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function. (CVE-2017-7187)\n\n - Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline. (CVE-2017-2636)\n\n - The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code. (CVE-2016-7425)\n\n - The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request. (CVE-2016-4580)\n\n - drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets. (CVE-2016-8633)\n\n - The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits. (CVE-2016-3672)\n\n - The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c. (CVE-2016-8645)\n\n - The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. (CVE-2016-3140)\n\n - The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in required circumstances, which allows local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls. (CVE-2017-6345)\n\n - Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request. (CVE-2015-5707)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.6, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2017-04-03T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3535)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4700", "CVE-2015-5707", "CVE-2016-10088", "CVE-2016-10142", "CVE-2016-3140", "CVE-2016-3672", "CVE-2016-4580", "CVE-2016-7425", "CVE-2016-8399", "CVE-2016-8633", "CVE-2016-8645", "CVE-2016-9576", "CVE-2017-2636", "CVE-2017-6345", "CVE-2017-7187"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2017-3535.NASL", "href": "https://www.tenable.com/plugins/nessus/99161", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2017-3535.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99161);\n script_version(\"3.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2015-4700\",\n \"CVE-2015-5707\",\n \"CVE-2016-3140\",\n \"CVE-2016-3672\",\n \"CVE-2016-4580\",\n \"CVE-2016-7425\",\n \"CVE-2016-8399\",\n \"CVE-2016-8633\",\n \"CVE-2016-8645\",\n \"CVE-2016-10088\",\n \"CVE-2016-10142\",\n \"CVE-2017-2636\",\n \"CVE-2017-6345\",\n \"CVE-2017-7187\"\n );\n\n script_name(english:\"Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3535)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2017-3535 advisory.\n\n - The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows\n local users to cause a denial of service (system crash) by creating a packet filter and then loading\n crafted BPF instructions that trigger late convergence by the JIT compiler. (CVE-2015-4700)\n\n - The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in\n situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary\n kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg\n device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2016-9576. (CVE-2016-10088)\n\n - An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious\n application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate\n because it first requires compromising a privileged process and current compiler optimizations restrict\n access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID:\n A-31349935. (CVE-2016-8399)\n\n - An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) messages.\n (The scope of this CVE is all affected IPv6 implementations from all vendors.) The security implications\n of IP fragmentation have been discussed at length in [RFC6274] and [RFC7739]. An attacker can leverage the\n generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow (in\n scenarios in which actual fragmentation of packets is not needed) and can subsequently perform any type of\n fragmentation-based attack against legacy IPv6 nodes that do not implement [RFC6946]. That is, employing\n fragmentation where not actually needed allows for fragmentation-based attack vectors to be employed,\n unnecessarily. We note that, unfortunately, even nodes that already implement [RFC6946] can be subject to\n DoS attacks as a result of the generation of IPv6 atomic fragments. Let us assume that Host A is\n communicating with Host B and that, as a result of the widespread dropping of IPv6 packets that contain\n extension headers (including fragmentation) [RFC7872], some intermediate node filters fragments between\n Host B and Host A. If an attacker sends a forged ICMPv6 PTB error message to Host B, reporting an MTU\n smaller than 1280, this will trigger the generation of IPv6 atomic fragments from that moment on (as\n required by [RFC2460]). When Host B starts sending IPv6 atomic fragments (in response to the received\n ICMPv6 PTB error message), these packets will be dropped, since we previously noted that IPv6 packets with\n extension headers were being dropped between Host B and Host A. Thus, this situation will result in a DoS\n scenario. Another possible scenario is that in which two BGP peers are employing IPv6 transport and they\n implement Access Control Lists (ACLs) to drop IPv6 fragments (to avoid control-plane attacks). If the\n aforementioned BGP peers drop IPv6 fragments but still honor received ICMPv6 PTB error messages, an\n attacker could easily attack the corresponding peering session by simply sending an ICMPv6 PTB message\n with a reported MTU smaller than 1280 bytes. Once the attack packet has been sent, the aforementioned\n routers will themselves be the ones dropping their own traffic. (CVE-2016-10142)\n\n - The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause\n a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large\n command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write\n function. (CVE-2017-7187)\n\n - Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain\n privileges or cause a denial of service (double free) by setting the HDLC line discipline. (CVE-2017-2636)\n\n - The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2\n does not restrict a certain length field, which allows local users to gain privileges or cause a denial of\n service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code. (CVE-2016-7425)\n\n - The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does\n not properly initialize a certain data structure, which allows attackers to obtain sensitive information\n from kernel stack memory via an X.25 Call Request. (CVE-2016-4580)\n\n - drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations,\n allows remote attackers to execute arbitrary code via crafted fragmented packets. (CVE-2016-8633)\n\n - The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not\n properly randomize the legacy base address, which makes it easier for local users to defeat the intended\n restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or\n setgid program, by disabling stack-consumption resource limits. (CVE-2016-3672)\n\n - The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to\n cause a denial of service (system crash) via a crafted application that makes sendto system calls, related\n to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c. (CVE-2016-8645)\n\n - The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1\n allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system\n crash) via a crafted endpoints value in a USB device descriptor. (CVE-2016-3140)\n\n - The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in\n required circumstances, which allows local users to cause a denial of service (BUG_ON) or possibly have\n unspecified other impact via crafted system calls. (CVE-2017-6345)\n\n - Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x\n before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a\n large iov_count value in a write request. (CVE-2015-5707)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2017-3535.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-8399\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.39-400.294.6.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2017-3535');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-2.6.39-400.294.6.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-2.6.39-400.294.6.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.294.6.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.294.6.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.294.6.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.294.6.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.294.6.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.294.6.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-doc-2.6.39-400.294.6.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.39'},\n {'reference':'kernel-uek-firmware-2.6.39-400.294.6.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.39'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-20T15:02:33", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.\n\nCVE-2012-6704, CVE-2016-9793\n\nEric Dumazet found that a local user with CAP_NET_ADMIN capability could set a socket's buffer size to be negative, leading to a denial of service or other security impact. Additionally, in kernel versions prior to 3.5, any user could do this if sysctl net.core.rmem_max was changed to a very large value.\n\nCVE-2015-1350 / #770492\n\nBen Harris reported that local users could remove set-capability attributes from any file visible to them, allowing a denial of service.\n\nCVE-2015-8962\n\nCalvin Owens fouund that removing a SCSI device while it was being accessed through the SCSI generic (sg) driver led to a double- free, possibly causing a denial of service (crash or memory corruption) or privilege escalation. This could be exploited by local users with permision to access a SCSI device node.\n\nCVE-2015-8963\n\nSasha Levin reported that hot-unplugging a CPU resulted in a use-after-free by the performance events (perf) subsystem, possibly causing a denial of service (crash or memory corruption) or privilege escalation. This could by exploited by any local user.\n\nCVE-2015-8964\n\nIt was found that the terminal/serial (tty) subsystem did not reliably reset the terminal buffer state when the terminal line discipline was changed. This could allow a local user with access to a terminal device to read sensitive information from kernel memory.\n\nCVE-2016-7097\n\nJan Kara found that changing the POSIX ACL of a file never cleared its set-group-ID flag, which should be done if the user changing it is not a member of the group-owner. In some cases, this would allow the user-owner of an executable to gain the privileges of the group-owner.\n\nCVE-2016-7910\n\nVegard Nossum discovered that a memory allocation failure while handling a read of /proc/diskstats or /proc/partitions could lead to a use-after-free, possibly causing a denial of service (crash or memory corruption) or privilege escalation.\n\nCVE-2016-7911\n\nDmitry Vyukov reported that a race between ioprio_get() and ioprio_set() system calls could result in a use-after-free, possibly causing a denial of service (crash) or leaking sensitive information.\n\nCVE-2016-7915\n\nBenjamin Tissoires found that HID devices could trigger an out-of- bounds memory access in the HID core. A physically present user could possibly use this for denial of service (crash) or to leak sensitive information.\n\nCVE-2016-8399\n\nQidan He reported that the IPv4 ping socket implementation did not validate the length of packets to be sent. A user with permisson to use ping sockets could cause an out-of-bounds read, possibly resulting in a denial of service or information leak. However, on Debian systems no users have permission to create ping sockets by default.\n\nCVE-2016-8633\n\nEyal Itkin reported that the IP-over-Firewire driver (firewire-net) did not validate the offset or length in link-layer fragmentation headers. This allowed a remote system connected by Firewire to write to memory after a packet buffer, leading to a denial of service (crash) or remote code execution.\n\nCVE-2016-8645\n\nMarco Grassi reported that if a socket filter (BPF program) attached to a TCP socket truncates or removes the TCP header, this could cause a denial of service (crash). This was exploitable by any local user.\n\nCVE-2016-8655\n\nPhilip Pettersson found that the implementation of packet sockets (AF_PACKET family) had a race condition between enabling a transmit ring buffer and changing the version of buffers used, which could result in a use-after-free. A local user with the CAP_NET_ADMIN capability could exploit this for privilege escalation.\n\nCVE-2016-9178\n\nAl Viro found that a failure to read data from user memory might lead to a information leak on the x86 architecture (amd64 or i386).\n\nCVE-2016-9555\n\nAndrey Konovalov reported that the SCTP implementation does not validate 'out of the blue' packet chunk lengths early enough. A remote system able could use this to cause a denial of service (crash) or other security impact for systems using SCTP.\n\nCVE-2016-9576, CVE-2016-10088\n\nDmitry Vyukov reported that using splice() with the SCSI generic driver led to kernel memory corruption. Local users with permision to access a SCSI device node could exploit this for privilege escalation.\n\nCVE-2016-9756\n\nDmitry Vyukov reported that KVM for the x86 architecture (amd64 or i386) did not correctly handle the failure of certain instructions that require software emulation on older processors. This could be exploited by guest systems to leak sensitive information or for denial of service (log spam).\n\nCVE-2016-9794\n\nBaozeng Ding reported a race condition in the ALSA (sound) subsystem that could result in a use-after-free. Local users with access to a PCM sound device could exploit this for denial of service (crash or memory corruption) or other security impact.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 3.2.84-1. This version also includes bug fixes from upstream version 3.2.84 and updates the PREEMPT_RT featureset to version 3.2.84-rt122.\nFinally, this version adds the option to mitigate security issues in the performance events (perf) subsystem by disabling use by unprivileged users. This can be done by setting sysctl kernel.perf_event_paranoid=3.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 3.16.39-1 which will be included in the next point release (8.6).\n\nWe recommend that you upgrade your linux packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-03T00:00:00", "type": "nessus", "title": "Debian DLA-772-1 : linux security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6704", "CVE-2015-1350", "CVE-2015-8962", "CVE-2015-8963", "CVE-2015-8964", "CVE-2016-10088", "CVE-2016-7097", "CVE-2016-7910", "CVE-2016-7911", "CVE-2016-7915", "CVE-2016-8399", "CVE-2016-8633", "CVE-2016-8645", "CVE-2016-8655", "CVE-2016-9178", "CVE-2016-9555", "CVE-2016-9576", "CVE-2016-9756", "CVE-2016-9793", "CVE-2016-9794"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-772.NASL", "href": "https://www.tenable.com/plugins/nessus/96188", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-772-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96188);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-6704\", \"CVE-2015-1350\", \"CVE-2015-8962\", \"CVE-2015-8963\", \"CVE-2015-8964\", \"CVE-2016-10088\", \"CVE-2016-7097\", \"CVE-2016-7910\", \"CVE-2016-7911\", \"CVE-2016-7915\", \"CVE-2016-8399\", \"CVE-2016-8633\", \"CVE-2016-8645\", \"CVE-2016-8655\", \"CVE-2016-9178\", \"CVE-2016-9555\", \"CVE-2016-9576\", \"CVE-2016-9756\", \"CVE-2016-9793\", \"CVE-2016-9794\");\n\n script_name(english:\"Debian DLA-772-1 : linux security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2012-6704, CVE-2016-9793\n\nEric Dumazet found that a local user with CAP_NET_ADMIN capability\ncould set a socket's buffer size to be negative, leading to a denial\nof service or other security impact. Additionally, in kernel versions\nprior to 3.5, any user could do this if sysctl net.core.rmem_max was\nchanged to a very large value.\n\nCVE-2015-1350 / #770492\n\nBen Harris reported that local users could remove set-capability\nattributes from any file visible to them, allowing a denial of\nservice.\n\nCVE-2015-8962\n\nCalvin Owens fouund that removing a SCSI device while it was being\naccessed through the SCSI generic (sg) driver led to a double- free,\npossibly causing a denial of service (crash or memory corruption) or\nprivilege escalation. This could be exploited by local users with\npermision to access a SCSI device node.\n\nCVE-2015-8963\n\nSasha Levin reported that hot-unplugging a CPU resulted in a\nuse-after-free by the performance events (perf) subsystem, possibly\ncausing a denial of service (crash or memory corruption) or privilege\nescalation. This could by exploited by any local user.\n\nCVE-2015-8964\n\nIt was found that the terminal/serial (tty) subsystem did not reliably\nreset the terminal buffer state when the terminal line discipline was\nchanged. This could allow a local user with access to a terminal\ndevice to read sensitive information from kernel memory.\n\nCVE-2016-7097\n\nJan Kara found that changing the POSIX ACL of a file never cleared its\nset-group-ID flag, which should be done if the user changing it is not\na member of the group-owner. In some cases, this would allow the\nuser-owner of an executable to gain the privileges of the group-owner.\n\nCVE-2016-7910\n\nVegard Nossum discovered that a memory allocation failure while\nhandling a read of /proc/diskstats or /proc/partitions could lead to a\nuse-after-free, possibly causing a denial of service (crash or memory\ncorruption) or privilege escalation.\n\nCVE-2016-7911\n\nDmitry Vyukov reported that a race between ioprio_get() and\nioprio_set() system calls could result in a use-after-free, possibly\ncausing a denial of service (crash) or leaking sensitive information.\n\nCVE-2016-7915\n\nBenjamin Tissoires found that HID devices could trigger an out-of-\nbounds memory access in the HID core. A physically present user could\npossibly use this for denial of service (crash) or to leak sensitive\ninformation.\n\nCVE-2016-8399\n\nQidan He reported that the IPv4 ping socket implementation did not\nvalidate the length of packets to be sent. A user with permisson to\nuse ping sockets could cause an out-of-bounds read, possibly resulting\nin a denial of service or information leak. However, on Debian systems\nno users have permission to create ping sockets by default.\n\nCVE-2016-8633\n\nEyal Itkin reported that the IP-over-Firewire driver (firewire-net)\ndid not validate the offset or length in link-layer fragmentation\nheaders. This allowed a remote system connected by Firewire to write\nto memory after a packet buffer, leading to a denial of service\n(crash) or remote code execution.\n\nCVE-2016-8645\n\nMarco Grassi reported that if a socket filter (BPF program) attached\nto a TCP socket truncates or removes the TCP header, this could cause\na denial of service (crash). This was exploitable by any local user.\n\nCVE-2016-8655\n\nPhilip Pettersson found that the implementation of packet sockets\n(AF_PACKET family) had a race condition between enabling a transmit\nring buffer and changing the version of buffers used, which could\nresult in a use-after-free. A local user with the CAP_NET_ADMIN\ncapability could exploit this for privilege escalation.\n\nCVE-2016-9178\n\nAl Viro found that a failure to read data from user memory might lead\nto a information leak on the x86 architecture (amd64 or i386).\n\nCVE-2016-9555\n\nAndrey Konovalov reported that the SCTP implementation does not\nvalidate 'out of the blue' packet chunk lengths early enough. A remote\nsystem able could use this to cause a denial of service (crash) or\nother security impact for systems using SCTP.\n\nCVE-2016-9576, CVE-2016-10088\n\nDmitry Vyukov reported that using splice() with the SCSI generic\ndriver led to kernel memory corruption. Local users with permision to\naccess a SCSI device node could exploit this for privilege escalation.\n\nCVE-2016-9756\n\nDmitry Vyukov reported that KVM for the x86 architecture (amd64 or\ni386) did not correctly handle the failure of certain instructions\nthat require software emulation on older processors. This could be\nexploited by guest systems to leak sensitive information or for denial\nof service (log spam).\n\nCVE-2016-9794\n\nBaozeng Ding reported a race condition in the ALSA (sound) subsystem\nthat could result in a use-after-free. Local users with access to a\nPCM sound device could exploit this for denial of service (crash or\nmemory corruption) or other security impact.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n3.2.84-1. This version also includes bug fixes from upstream version\n3.2.84 and updates the PREEMPT_RT featureset to version 3.2.84-rt122.\nFinally, this version adds the option to mitigate security issues in\nthe performance events (perf) subsystem by disabling use by\nunprivileged users. This can be done by setting sysctl\nkernel.perf_event_paranoid=3.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n3.16.39-1 which will be included in the next point release (8.6).\n\nWe recommend that you upgrade your linux packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/01/msg00001.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected linux package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET chocobo_root Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"linux\", reference:\"3.2.84-1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:22:55", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - drivers/gpu/msm/kgsl.c in the MSM graphics driver (aka GPU driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, mishandles the KGSL_MEMFLAGS_GPUREADONLY flag, which allows attackers to gain privileges by leveraging accidental read-write mappings, aka Qualcomm internal bug CR988993.(CVE-2016-2067i1/4%0\n\n - Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c in the Linux kernel before 4.9.10 allows local users to cause a denial of service (memory corruption), obtain sensitive information from kernel memory, or possibly have unspecified other impact via a write or read request involving the 'RDMA protocol over infiniband' (aka Soft RoCE) technology.(CVE-2016-8636i1/4%0\n\n - Heap-based buffer overflow in the logi_dj_ll_raw_request function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that specifies a large report size for an LED report.(CVE-2014-3183i1/4%0\n\n - The futex_requeue function in kernel/futex.c in the Linux kernel, before 4.14.15, might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impacts by triggering a negative wake or requeue value. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2018-6927i1/4%0\n\n - The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.(CVE-2015-8816i1/4%0\n\n - It was found that the blk_rq_map_user_iov() function in the Linux kernel's block device implementation did not properly restrict the type of iterator, which could allow a local attacker to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging write access to a /dev/sg device.(CVE-2016-9576i1/4%0\n\n - A security flaw was found in the Linux kernel's networking subsystem that destroying the network interface with huge number of ipv4 addresses assigned keeps 'rtnl_lock' spinlock for a very long time (up to hour). This blocks many network-related operations, including creation of new incoming ssh connections.The problem is especially important for containers, as the container owner has enough permissions to trigger this and block a network access on a whole host, outside the container.(CVE-2016-3156i1/4%0\n\n - The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow.(CVE-2017-8924i1/4%0\n\n - The IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allows remote attackers to cause a denial of service (memory consumption or system crash) via a flood of packets.(CVE-2015-1465i1/4%0\n\n - A symlink size validation was missing in Linux kernels built with UDF file system (CONFIG_UDF_FS) support, allowing the corruption of kernel memory. An attacker able to mount a corrupted/malicious UDF file system image could cause the kernel to crash.(CVE-2014-9728i1/4%0\n\n - net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not properly determine the need for UDP Fragmentation Offload (UFO) processing of small packets after the UFO queueing of a large packet, which allows remote attackers to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via network traffic that triggers a large response packet.(CVE-2013-4387i1/4%0\n\n - It was found that nfsd is missing permissions check when setting ACL on files, this may allow a local users to gain access to any file by setting a crafted ACL.(CVE-2016-1237i1/4%0\n\n - In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service.(CVE-2017-18270i1/4%0\n\n - An issue was discovered in the Linux kernel where an integer overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically makes the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random.(CVE-2018-12896i1/4%0\n\n - Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19.(CVE-2018-18281i1/4%0\n\n - The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability, related to arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in net/ipv6/netfilter/ip6_tables.c.(CVE-2018-1065i1/4%0\n\n - The use of a kzalloc with an integer multiplication allowed an integer overflow condition to be reached in vfio_pci_intrs.c. This combined with CVE-2016-9083 may allow an attacker to craft an attack and use unallocated memory, potentially crashing the machine.(CVE-2016-9084i1/4%0\n\n - The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.(CVE-2016-3138i1/4%0\n\n - It was discovered that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring.(CVE-2016-9604i1/4%0\n\n - An information leak flaw was found in the Linux kernel's IEEE 802.11 wireless networking implementation. When software encryption was used, a remote attacker could use this flaw to leak up to 8 bytes of plaintext.(CVE-2014-8709i1/4%0\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-14T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1522)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4387", "CVE-2014-3183", "CVE-2014-8709", "CVE-2014-9728", "CVE-2015-1465", "CVE-2015-8816", "CVE-2016-1237", "CVE-2016-2067", "CVE-2016-3138", "CVE-2016-3156", "CVE-2016-8636", "CVE-2016-9084", "CVE-2016-9576", "CVE-2016-9604", "CVE-2017-18270", "CVE-2017-8924", "CVE-2018-1065", "CVE-2018-12896", "CVE-2018-18281", "CVE-2018-6927"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1522.NASL", "href": "https://www.tenable.com/plugins/nessus/124975", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124975);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2013-4387\",\n \"CVE-2014-3183\",\n \"CVE-2014-8709\",\n \"CVE-2014-9728\",\n \"CVE-2015-1465\",\n \"CVE-2015-8816\",\n \"CVE-2016-1237\",\n \"CVE-2016-2067\",\n \"CVE-2016-3138\",\n \"CVE-2016-3156\",\n \"CVE-2016-8636\",\n \"CVE-2016-9084\",\n \"CVE-2016-9576\",\n \"CVE-2016-9604\",\n \"CVE-2017-18270\",\n \"CVE-2017-8924\",\n \"CVE-2018-1065\",\n \"CVE-2018-12896\",\n \"CVE-2018-18281\",\n \"CVE-2018-6927\"\n );\n script_bugtraq_id(\n 62696,\n 69766,\n 70965,\n 72435,\n 74964\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1522)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - drivers/gpu/msm/kgsl.c in the MSM graphics driver (aka\n GPU driver) for the Linux kernel 3.x, as used in\n Qualcomm Innovation Center (QuIC) Android contributions\n for MSM devices and other products, mishandles the\n KGSL_MEMFLAGS_GPUREADONLY flag, which allows attackers\n to gain privileges by leveraging accidental read-write\n mappings, aka Qualcomm internal bug\n CR988993.(CVE-2016-2067i1/4%0\n\n - Integer overflow in the mem_check_range function in\n drivers/infiniband/sw/rxe/rxe_mr.c in the Linux kernel\n before 4.9.10 allows local users to cause a denial of\n service (memory corruption), obtain sensitive\n information from kernel memory, or possibly have\n unspecified other impact via a write or read request\n involving the 'RDMA protocol over infiniband' (aka Soft\n RoCE) technology.(CVE-2016-8636i1/4%0\n\n - Heap-based buffer overflow in the\n logi_dj_ll_raw_request function in\n drivers/hid/hid-logitech-dj.c in the Linux kernel\n before 3.16.2 allows physically proximate attackers to\n cause a denial of service (system crash) or possibly\n execute arbitrary code via a crafted device that\n specifies a large report size for an LED\n report.(CVE-2014-3183i1/4%0\n\n - The futex_requeue function in kernel/futex.c in the\n Linux kernel, before 4.14.15, might allow attackers to\n cause a denial of service (integer overflow) or\n possibly have unspecified other impacts by triggering a\n negative wake or requeue value. Due to the nature of\n the flaw, privilege escalation cannot be fully ruled\n out, although we believe it is\n unlikely.(CVE-2018-6927i1/4%0\n\n - The hub_activate function in drivers/usb/core/hub.c in\n the Linux kernel before 4.3.5 does not properly\n maintain a hub-interface data structure, which allows\n physically proximate attackers to cause a denial of\n service (invalid memory access and system crash) or\n possibly have unspecified other impact by unplugging a\n USB hub device.(CVE-2015-8816i1/4%0\n\n - It was found that the blk_rq_map_user_iov() function in\n the Linux kernel's block device implementation did not\n properly restrict the type of iterator, which could\n allow a local attacker to read or write to arbitrary\n kernel memory locations or cause a denial of service\n (use-after-free) by leveraging write access to a\n /dev/sg device.(CVE-2016-9576i1/4%0\n\n - A security flaw was found in the Linux kernel's\n networking subsystem that destroying the network\n interface with huge number of ipv4 addresses assigned\n keeps 'rtnl_lock' spinlock for a very long time (up to\n hour). This blocks many network-related operations,\n including creation of new incoming ssh connections.The\n problem is especially important for containers, as the\n container owner has enough permissions to trigger this\n and block a network access on a whole host, outside the\n container.(CVE-2016-3156i1/4%0\n\n - The edge_bulk_in_callback function in\n drivers/usb/serial/io_ti.c in the Linux kernel allows\n local users to obtain sensitive information (in the\n dmesg ringbuffer and syslog) from uninitialized kernel\n memory by using a crafted USB device (posing as an\n io_ti USB serial device) to trigger an integer\n underflow.(CVE-2017-8924i1/4%0\n\n - The IPv4 implementation in the Linux kernel before\n 3.18.8 does not properly consider the length of the\n Read-Copy Update (RCU) grace period for redirecting\n lookups in the absence of caching, which allows remote\n attackers to cause a denial of service (memory\n consumption or system crash) via a flood of\n packets.(CVE-2015-1465i1/4%0\n\n - A symlink size validation was missing in Linux kernels\n built with UDF file system (CONFIG_UDF_FS) support,\n allowing the corruption of kernel memory. An attacker\n able to mount a corrupted/malicious UDF file system\n image could cause the kernel to crash.(CVE-2014-9728i1/4%0\n\n - net/ipv6/ip6_output.c in the Linux kernel through\n 3.11.4 does not properly determine the need for UDP\n Fragmentation Offload (UFO) processing of small packets\n after the UFO queueing of a large packet, which allows\n remote attackers to cause a denial of service (memory\n corruption and system crash) or possibly have\n unspecified other impact via network traffic that\n triggers a large response packet.(CVE-2013-4387i1/4%0\n\n - It was found that nfsd is missing permissions check\n when setting ACL on files, this may allow a local users\n to gain access to any file by setting a crafted\n ACL.(CVE-2016-1237i1/4%0\n\n - In the Linux kernel before 4.13.5, a local user could\n create keyrings for other users via keyctl commands,\n setting unwanted defaults or causing a denial of\n service.(CVE-2017-18270i1/4%0\n\n - An issue was discovered in the Linux kernel where an\n integer overflow in kernel/time/posix-timers.c in the\n POSIX timer code is caused by the way the overrun\n accounting works. Depending on interval and expiry time\n values, the overrun can be larger than INT_MAX, but the\n accounting is int based. This basically makes the\n accounting values, which are visible to user space via\n timer_getoverrun(2) and siginfo::si_overrun,\n random.(CVE-2018-12896i1/4%0\n\n - Since Linux kernel version 3.2, the mremap() syscall\n performs TLB flushes after dropping pagetable locks. If\n a syscall such as ftruncate() removes entries from the\n pagetables of a task that is in the middle of mremap(),\n a stale TLB entry can remain for a short time that\n permits access to a physical page after it has been\n released back to the page allocator and reused. This is\n fixed in the following kernel versions: 4.9.135,\n 4.14.78, 4.18.16, 4.19.(CVE-2018-18281i1/4%0\n\n - The netfilter subsystem in the Linux kernel through\n 4.15.7 mishandles the case of a rule blob that contains\n a jump but lacks a user-defined chain, which allows\n local users to cause a denial of service (NULL pointer\n dereference) by leveraging the CAP_NET_RAW or\n CAP_NET_ADMIN capability, related to arpt_do_table in\n net/ipv4/netfilter/arp_tables.c, ipt_do_table in\n net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in\n net/ipv6/netfilter/ip6_tables.c.(CVE-2018-1065i1/4%0\n\n - The use of a kzalloc with an integer multiplication\n allowed an integer overflow condition to be reached in\n vfio_pci_intrs.c. This combined with CVE-2016-9083 may\n allow an attacker to craft an attack and use\n unallocated memory, potentially crashing the\n machine.(CVE-2016-9084i1/4%0\n\n - The acm_probe function in drivers/usb/class/cdc-acm.c\n in the Linux kernel before 4.5.1 allows physically\n proximate attackers to cause a denial of service (NULL\n pointer dereference and system crash) via a USB device\n without both a control and a data endpoint\n descriptor.(CVE-2016-3138i1/4%0\n\n - It was discovered that root can gain direct access to\n an internal keyring, such as '.dns_resolver' in RHEL-7\n or '.builtin_trusted_keys' upstream, by joining it as\n its session keyring. This allows root to bypass module\n signature verification by adding a new public key of\n its own devising to the keyring.(CVE-2016-9604i1/4%0\n\n - An information leak flaw was found in the Linux\n kernel's IEEE 802.11 wireless networking\n implementation. When software encryption was used, a\n remote attacker could use this flaw to leak up to 8\n bytes of plaintext.(CVE-2014-8709i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1522\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0d7a6c1c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.28-1.2.117\",\n \"kernel-devel-4.19.28-1.2.117\",\n \"kernel-headers-4.19.28-1.2.117\",\n \"kernel-tools-4.19.28-1.2.117\",\n \"kernel-tools-libs-4.19.28-1.2.117\",\n \"kernel-tools-libs-devel-4.19.28-1.2.117\",\n \"perf-4.19.28-1.2.117\",\n \"python-perf-4.19.28-1.2.117\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:19:06", "description": "The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.69 to receive various security and bugfixes. The following security bugs were fixed :\n\n - CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501).\n\n - CVE-2015-8963: Race condition in kernel/events/core.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation (bnc#1010502).\n\n - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507).\n\n - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c.\n NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 (bnc#1017710).\n\n - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed (bnc#1010716).\n\n - CVE-2016-7911: Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call (bnc#1010711).\n\n - CVE-2016-7913: The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure (bnc#1010478).\n\n - CVE-2016-7914: The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel did not check whether a slot is a leaf, which allowed local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures, as demonstrated by the keyutils test suite (bnc#1010475).\n\n - CVE-2016-8399: An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product:\n Android. Versions: Kernel-3.10, Kernel-3.18. Android ID:\n A-31349935 (bnc#1014746).\n\n - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel, in certain unusual hardware configurations, allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833).\n\n - CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb truncation, which allowed local users to cause a denial of service (system crash) via a crafted application that made sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c (bnc#1009969).\n\n - CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux kernel allowed local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a 'state machine confusion bug' (bnc#1007197).\n\n - CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel misuses the kzalloc function, which allowed local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file (bnc#1007197).\n\n - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application (bnc#1013038).\n\n - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531 1013542).\n\n - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bnc#1013540 1017589).\n\n - CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt (bsc#1019851).\n\n - CVE-2017-2583: Fixed broken emulation of 'MOV SS, null selector' (bsc#1020602).\n\n - CVE-2017-5551: Clear SGID bit when setting file permissions on tmpfs (bsc#1021258).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.4, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-02-15T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:0464-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8962", "CVE-2015-8963", "CVE-2015-8964", "CVE-2016-10088", "CVE-2016-7910", "CVE-2016-7911", "CVE-2016-7913", "CVE-2016-7914", "CVE-2016-8399", "CVE-2016-8633", "CVE-2016-8645", "CVE-2016-9083", "CVE-2016-9084", "CVE-2016-9576", "CVE-2016-9756", "CVE-2016-9793", "CVE-2016-9806", "CVE-2017-2583", "CVE-2017-2584", "CVE-2017-5551"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debugsource", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-0464-1.NASL", "href": "https://www.tenable.com/plugins/nessus/97189", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0464-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97189);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-8962\", \"CVE-2015-8963\", \"CVE-2015-8964\", \"CVE-2016-10088\", \"CVE-2016-7910\", \"CVE-2016-7911\", \"CVE-2016-7913\", \"CVE-2016-7914\", \"CVE-2016-8399\", \"CVE-2016-8633\", \"CVE-2016-8645\", \"CVE-2016-9083\", \"CVE-2016-9084\", \"CVE-2016-9576\", \"CVE-2016-9756\", \"CVE-2016-9793\", \"CVE-2016-9806\", \"CVE-2017-2583\", \"CVE-2017-2584\", \"CVE-2017-5551\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:0464-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.69 to\nreceive various security and bugfixes. The following security bugs\nwere fixed :\n\n - CVE-2015-8962: Double free vulnerability in the\n sg_common_write function in drivers/scsi/sg.c in the\n Linux kernel allowed local users to gain privileges or\n cause a denial of service (memory corruption and system\n crash) by detaching a device during an SG_IO ioctl call\n (bnc#1010501).\n\n - CVE-2015-8963: Race condition in kernel/events/core.c in\n the Linux kernel allowed local users to gain privileges\n or cause a denial of service (use-after-free) by\n leveraging incorrect handling of an swevent data\n structure during a CPU unplug operation (bnc#1010502).\n\n - CVE-2015-8964: The tty_set_termios_ldisc function in\n drivers/tty/tty_ldisc.c in the Linux kernel allowed\n local users to obtain sensitive information from kernel\n memory by reading a tty data structure (bnc#1010507).\n\n - CVE-2016-10088: The sg implementation in the Linux\n kernel did not properly restrict write operations in\n situations where the KERNEL_DS option is set, which\n allowed local users to read or write to arbitrary kernel\n memory locations or cause a denial of service\n (use-after-free) by leveraging access to a /dev/sg\n device, related to block/bsg.c and drivers/scsi/sg.c.\n NOTE: this vulnerability exists because of an incomplete\n fix for CVE-2016-9576 (bnc#1017710).\n\n - CVE-2016-7910: Use-after-free vulnerability in the\n disk_seqf_stop function in block/genhd.c in the Linux\n kernel allowed local users to gain privileges by\n leveraging the execution of a certain stop operation\n even if the corresponding start operation had failed\n (bnc#1010716).\n\n - CVE-2016-7911: Race condition in the get_task_ioprio\n function in block/ioprio.c in the Linux kernel allowed\n local users to gain privileges or cause a denial of\n service (use-after-free) via a crafted ioprio_get system\n call (bnc#1010711).\n\n - CVE-2016-7913: The xc2028_set_config function in\n drivers/media/tuners/tuner-xc2028.c in the Linux kernel\n allowed local users to gain privileges or cause a denial\n of service (use-after-free) via vectors involving\n omission of the firmware name from a certain data\n structure (bnc#1010478).\n\n - CVE-2016-7914: The assoc_array_insert_into_terminal_node\n function in lib/assoc_array.c in the Linux kernel did\n not check whether a slot is a leaf, which allowed local\n users to obtain sensitive information from kernel memory\n or cause a denial of service (invalid pointer\n dereference and out-of-bounds read) via an application\n that uses associative-array data structures, as\n demonstrated by the keyutils test suite (bnc#1010475).\n\n - CVE-2016-8399: An elevation of privilege vulnerability\n in the kernel networking subsystem could enable a local\n malicious application to execute arbitrary code within\n the context of the kernel. This issue is rated as\n Moderate because it first requires compromising a\n privileged process and current compiler optimizations\n restrict access to the vulnerable code. Product:\n Android. Versions: Kernel-3.10, Kernel-3.18. Android ID:\n A-31349935 (bnc#1014746).\n\n - CVE-2016-8633: drivers/firewire/net.c in the Linux\n kernel, in certain unusual hardware configurations,\n allowed remote attackers to execute arbitrary code via\n crafted fragmented packets (bnc#1008833).\n\n - CVE-2016-8645: The TCP stack in the Linux kernel\n mishandled skb truncation, which allowed local users to\n cause a denial of service (system crash) via a crafted\n application that made sendto system calls, related to\n net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c\n (bnc#1009969).\n\n - CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux\n kernel allowed local users to bypass integer overflow\n checks, and cause a denial of service (memory\n corruption) or have unspecified other impact, by\n leveraging access to a vfio PCI device file for a\n VFIO_DEVICE_SET_IRQS ioctl call, aka a 'state machine\n confusion bug' (bnc#1007197).\n\n - CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the\n Linux kernel misuses the kzalloc function, which allowed\n local users to cause a denial of service (integer\n overflow) or have unspecified other impact by leveraging\n access to a vfio PCI device file (bnc#1007197).\n\n - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux\n kernel did not properly initialize Code Segment (CS) in\n certain error cases, which allowed local users to obtain\n sensitive information from kernel stack memory via a\n crafted application (bnc#1013038).\n\n - CVE-2016-9793: The sock_setsockopt function in\n net/core/sock.c in the Linux kernel mishandled negative\n values of sk_sndbuf and sk_rcvbuf, which allowed local\n users to cause a denial of service (memory corruption\n and system crash) or possibly have unspecified other\n impact by leveraging the CAP_NET_ADMIN capability for a\n crafted setsockopt system call with the (1)\n SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531\n 1013542).\n\n - CVE-2016-9806: Race condition in the netlink_dump\n function in net/netlink/af_netlink.c in the Linux kernel\n allowed local users to cause a denial of service (double\n free) or possibly have unspecified other impact via a\n crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump\n that started earlier than anticipated (bnc#1013540\n 1017589).\n\n - CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux\n kernel allowed local users to obtain sensitive\n information from kernel memory or cause a denial of\n service (use-after-free) via a crafted application that\n leverages instruction emulation for fxrstor, fxsave,\n sgdt, and sidt (bsc#1019851).\n\n - CVE-2017-2583: Fixed broken emulation of 'MOV SS, null\n selector' (bsc#1020602).\n\n - CVE-2017-5551: Clear SGID bit when setting file\n permissions on tmpfs (bsc#1021258).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003813\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1007197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008557\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008567\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008833\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008979\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1009062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1009969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010294\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010475\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010501\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010502\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010612\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012917\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012985\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013001\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013479\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013531\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016725\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016961\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017164\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1018100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019260\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019300\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019783\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019851\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020602\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021258\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=856380\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=857394\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=858727\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=921338\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=921778\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=922052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=922056\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=923036\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=923037\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=924381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=938963\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=972993\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980560\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=985850\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=987192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=987576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=990384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991273\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=993739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997807\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8962/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8963/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8964/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10088/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7910/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7911/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7913/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7914/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8399/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8633/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8645/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9083/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9084/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9756/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9793/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9806/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2583/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2584/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5551/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170464-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a768a9e4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP1:zypper in -t patch\nSUSE-SLE-WE-12-SP1-2017-238=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t\npatch SUSE-SLE-SDK-12-SP1-2017-238=1\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2017-238=1\n\nSUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch\nSUSE-SLE-Module-Public-Cloud-12-2017-238=1\n\nSUSE Linux Enterprise Live Patching 12:zypper in -t patch\nSUSE-SLE-Live-Patching-12-2017-238=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP1-2017-238=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-base-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-base-debuginfo-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-debuginfo-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-debugsource-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-devel-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-syms-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-devel-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-extra-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-syms-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.69-60.64.29.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-20T15:03:03", "description": "The SUSE Linux Enterprise 11 SP4 kernel was updated to 3.0.101-94 to receive various security and bugfixes. The following security bugs were fixed :\n\n - CVE-2017-5551: tmpfs: clear S_ISGID when setting posix ACLs (bsc#1021258).\n\n - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device NOTE: this vulnerability existed because of an incomplete fix for CVE-2016-9576 (bnc#1017710).\n\n - CVE-2016-5696: TCP, when using a large Window Size, made it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP (bnc#989152).\n\n - CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x provided an incomplete set of requirements for setattr operations that underspecified removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939).\n\n - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831).\n\n - CVE-2016-8399: An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. (bnc#1014746).\n\n - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531).\n\n - CVE-2012-6704: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option (bnc#1013542).\n\n - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application (bnc#1013038).\n\n - CVE-2016-9685: Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations (bnc#1012832).\n\n - CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501).\n\n - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacked chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685).\n\n - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed (bnc#1010716).\n\n - CVE-2016-7911: Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call (bnc#1010711).\n\n - CVE-2013-6368: The KVM subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address (bnc#853052).\n\n - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507).\n\n - CVE-2016-7916: Race condition in the environ_read function in fs/proc/base.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete (bnc#1010467).\n\n - CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the Linux kernel allowed local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data (bnc#1010150).\n\n - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel, in certain unusual hardware configurations, allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-02-10T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : kernel (SUSE-SU-2017:0437-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0230", "CVE-2012-6704", "CVE-2013-6368", "CVE-2015-1350", "CVE-2015-8962", "CVE-2015-8964", "CVE-2016-10088", "CVE-2016-5696", "CVE-2016-7910", "CVE-2016-7911", "CVE-2016-7916", "CVE-2016-8399", "CVE-2016-8632", "CVE-2016-8633", "CVE-2016-8646", "CVE-2016-9555", "CVE-2016-9576", "CVE-2016-9685", "CVE-2016-9756", "CVE-2016-9793", "CVE-2017-5551"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-ec2", "p-cpe:/a:novell:suse_linux:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:kernel-ec2-devel", "p-cpe:/a:novell:suse_linux:kernel-pae", "p-cpe:/a:novell:suse_linux:kernel-pae-base", "p-cpe:/a:novell:suse_linux:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-trace", "p-cpe:/a:novell:suse_linux:kernel-trace-base", "p-cpe:/a:novell:suse_linux:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2017-0437-1.NASL", "href": "https://www.tenable.com/plugins/nessus/97097", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0437-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97097);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2004-0230\", \"CVE-2012-6704\", \"CVE-2013-6368\", \"CVE-2015-1350\", \"CVE-2015-8962\", \"CVE-2015-8964\", \"CVE-2016-10088\", \"CVE-2016-5696\", \"CVE-2016-7910\", \"CVE-2016-7911\", \"CVE-2016-7916\", \"CVE-2016-8399\", \"CVE-2016-8632\", \"CVE-2016-8633\", \"CVE-2016-8646\", \"CVE-2016-9555\", \"CVE-2016-9576\", \"CVE-2016-9685\", \"CVE-2016-9756\", \"CVE-2016-9793\", \"CVE-2017-5551\");\n script_bugtraq_id(10183, 64291);\n\n script_name(english:\"SUSE SLES11 Security Update : kernel (SUSE-SU-2017:0437-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 SP4 kernel was updated to 3.0.101-94 to\nreceive various security and bugfixes. The following security bugs\nwere fixed :\n\n - CVE-2017-5551: tmpfs: clear S_ISGID when setting posix\n ACLs (bsc#1021258).\n\n - CVE-2016-10088: The sg implementation in the Linux\n kernel did not properly restrict write operations in\n situations where the KERNEL_DS option is set, which\n allowed local users to read or write to arbitrary kernel\n memory locations or cause a denial of service\n (use-after-free) by leveraging access to a /dev/sg\n device NOTE: this vulnerability existed because of an\n incomplete fix for CVE-2016-9576 (bnc#1017710).\n\n - CVE-2016-5696: TCP, when using a large Window Size, made\n it easier for remote attackers to guess sequence numbers\n and cause a denial of service (connection loss) to\n persistent TCP connections by repeatedly injecting a TCP\n RST packet, especially in protocols that use long-lived\n connections, such as BGP (bnc#989152).\n\n - CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x\n provided an incomplete set of requirements for setattr\n operations that underspecified removing extended\n privilege attributes, which allowed local users to cause\n a denial of service (capability stripping) via a failed\n invocation of a system call, as demonstrated by using\n chown to remove a capability from the ping or Wireshark\n dumpcap program (bnc#914939).\n\n - CVE-2016-8632: The tipc_msg_build function in\n net/tipc/msg.c in the Linux kernel did not validate the\n relationship between the minimum fragment length and the\n maximum packet size, which allowed local users to gain\n privileges or cause a denial of service (heap-based\n buffer overflow) by leveraging the CAP_NET_ADMIN\n capability (bnc#1008831).\n\n - CVE-2016-8399: An elevation of privilege vulnerability\n in the kernel networking subsystem could enable a local\n malicious application to execute arbitrary code within\n the context of the kernel. This issue is rated as\n Moderate because it first requires compromising a\n privileged process and current compiler optimizations\n restrict access to the vulnerable code. (bnc#1014746).\n\n - CVE-2016-9793: The sock_setsockopt function in\n net/core/sock.c in the Linux kernel mishandled negative\n values of sk_sndbuf and sk_rcvbuf, which allowed local\n users to cause a denial of service (memory corruption\n and system crash) or possibly have unspecified other\n impact by leveraging the CAP_NET_ADMIN capability for a\n crafted setsockopt system call with the (1)\n SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option\n (bnc#1013531).\n\n - CVE-2012-6704: The sock_setsockopt function in\n net/core/sock.c in the Linux kernel mishandled negative\n values of sk_sndbuf and sk_rcvbuf, which allowed local\n users to cause a denial of service (memory corruption\n and system crash) or possibly have unspecified other\n impact by leveraging the CAP_NET_ADMIN capability for a\n crafted setsockopt system call with the (1) SO_SNDBUF or\n (2) SO_RCVBUF option (bnc#1013542).\n\n - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux\n kernel did not properly initialize Code Segment (CS) in\n certain error cases, which allowed local users to obtain\n sensitive information from kernel stack memory via a\n crafted application (bnc#1013038).\n\n - CVE-2016-9685: Multiple memory leaks in error paths in\n fs/xfs/xfs_attr_list.c in the Linux kernel allowed local\n users to cause a denial of service (memory consumption)\n via crafted XFS filesystem operations (bnc#1012832).\n\n - CVE-2015-8962: Double free vulnerability in the\n sg_common_write function in drivers/scsi/sg.c in the\n Linux kernel allowed local users to gain privileges or\n cause a denial of service (memory corruption and system\n crash) by detaching a device during an SG_IO ioctl call\n (bnc#1010501).\n\n - CVE-2016-9555: The sctp_sf_ootb function in\n net/sctp/sm_statefuns.c in the Linux kernel lacked\n chunk-length checking for the first chunk, which allowed\n remote attackers to cause a denial of service\n (out-of-bounds slab access) or possibly have unspecified\n other impact via crafted SCTP data (bnc#1011685).\n\n - CVE-2016-7910: Use-after-free vulnerability in the\n disk_seqf_stop function in block/genhd.c in the Linux\n kernel allowed local users to gain privileges by\n leveraging the execution of a certain stop operation\n even if the corresponding start operation had failed\n (bnc#1010716).\n\n - CVE-2016-7911: Race condition in the get_task_ioprio\n function in block/ioprio.c in the Linux kernel allowed\n local users to gain privileges or cause a denial of\n service (use-after-free) via a crafted ioprio_get system\n call (bnc#1010711).\n\n - CVE-2013-6368: The KVM subsystem in the Linux kernel\n allowed local users to gain privileges or cause a denial\n of service (system crash) via a VAPIC synchronization\n operation involving a page-end address (bnc#853052).\n\n - CVE-2015-8964: The tty_set_termios_ldisc function in\n drivers/tty/tty_ldisc.c in the Linux kernel allowed\n local users to obtain sensitive information from kernel\n memory by reading a tty data structure (bnc#1010507).\n\n - CVE-2016-7916: Race condition in the environ_read\n function in fs/proc/base.c in the Linux kernel allowed\n local users to obtain sensitive information from kernel\n memory by reading a /proc/*/environ file during a\n process-setup time interval in which\n environment-variable copying is incomplete\n (bnc#1010467).\n\n - CVE-2016-8646: The hash_accept function in\n crypto/algif_hash.c in the Linux kernel allowed local\n users to cause a denial of service (OOPS) by attempting\n to trigger use of in-kernel hash algorithms for a socket\n that has received zero bytes of data (bnc#1010150).\n\n - CVE-2016-8633: drivers/firewire/net.c in the Linux\n kernel, in certain unusual hardware configurations,\n allowed remote attackers to execute arbitrary code via\n crafted fragmented packets (bnc#1008833).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003813\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1007615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008557\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008833\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1009875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010150\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010201\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010467\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010501\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012411\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012832\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012851\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012852\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012917\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013042\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013531\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015760\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015828\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015848\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015878\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015932\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016320\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016505\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016520\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016668\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016688\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019165\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019783\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021258\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=748806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=786036\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=790588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=795297\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=800999\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=821612\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=824171\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=851603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=853052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=871728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=901809\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=909350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=909491\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=913387\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=914939\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=919382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=924708\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=925065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=953233\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=962846\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=969340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973691\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=987333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=987576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989680\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=990245\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=992991\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=993739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=993832\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=996541\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=996557\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2004-0230/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2012-6704/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-6368/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1350/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8962/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8964/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10088/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5696/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7910/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7911/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7916/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8399/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8632/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8633/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8646/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9555/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9685/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9756/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9793/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5551/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170437-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?900c1584\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-kernel-12977=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-kernel-12977=1\n\nSUSE Linux Enterprise Server 11-EXTRA:zypper in -t patch\nslexsp3-kernel-12977=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-kernel-12977=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/08/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-default-man-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-base-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-devel-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-source-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-syms-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-base-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-devel-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-base-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-devel-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-94.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-24T12:31:35", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within\n __sys_recvmmsg() function.(CVE-2016-7117)\n\n - A heap-buffer overflow vulnerability was found in the arcmsr_iop_message_xfer() function in 'drivers/scsi/arcmsr/arcmsr_hba.c' file in the Linux kernel through 4.8.2. The function does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code. This can potentially cause kernel heap corruption and arbitrary kernel code execution.(CVE-2016-7425)\n\n - A flaw was found in the Linux kernel's implementation of seq_file where a local attacker could manipulate memory in the put() function pointer. This could lead to memory corruption and possible privileged escalation.(CVE-2016-7910)\n\n - A use-after-free vulnerability in sys_ioprio_get() was found due to get_task_ioprio() accessing the task-i1/4zio_context without holding the task lock and could potentially race with exit_io_context(), leading to a use-after-free.(CVE-2016-7911)\n\n - The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2016-7913)\n\n - The assoc_array_insert_into_terminal_node() function in 'lib/assoc_array.c' in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures.(CVE-2016-7914)\n\n - The hid_input_field() function in 'drivers/hid/hid-core.c' in the Linux kernel before 4.6 allows physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device.(CVE-2016-7915)\n\n - Race condition in the environ_read() function in 'fs/proc/base.c' in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a '/proc/*/environ' file during a process-setup time interval in which environment-variable copying is incomplete.(CVE-2016-7916)\n\n - A flaw was found in the Linux networking subsystem where a local attacker with CAP_NET_ADMIN capabilities could cause an out-of-bounds memory access by creating a smaller-than-expected ICMP header and sending to its destination via sendto().(CVE-2016-8399)\n\n - Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support is vulnerable to a null pointer dereference flaw. It could occur on x86 platform, when emulating an undefined instruction. An attacker could use this flaw to crash the host kernel resulting in DoS.(CVE-2016-8630)\n\n - A buffer overflow vulnerability due to a lack of input filtering of incoming fragmented datagrams was found in the IP-over-1394 driver firewire-net in a fragment handling code in the Linux kernel. The vulnerability exists since firewire supported IPv4, i.e. since version 2.6.31 (year 2009) till version v4.9-rc4. A maliciously formed fragment with a respectively large datagram offset would cause a memcpy() past the datagram buffer, which would cause a system panic or possible arbitrary code execution.The flaw requires firewire-net module to be loaded and is remotely exploitable from connected firewire devices, but not over a local network.(CVE-2016-8633)\n\n - It was discovered that the Linux kernel since 3.6-rc1 with 'net.ipv4.tcp_fastopen' set to 1 can hit BUG() statement in tcp_collapse() function after making a number of certain syscalls leading to a possible system crash.(CVE-2016-8645)\n\n - A vulnerability was found in the Linux kernel. An unprivileged local user could trigger oops in shash_async_export() by attempting to force the in-kernel hashing algorithms into decrypting an empty data set.(CVE-2016-8646)\n\n - A flaw was found in the Linux kernel key management subsystem in which a local attacker could crash the kernel or corrupt the stack and additional memory (denial of service) by supplying a specially crafted RSA key. This flaw panics the machine during the verification of the RSA key.(CVE-2016-8650)\n\n - A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system.(CVE-2016-8655)\n\n - A flaw was found in the way the Linux kernel's networking subsystem handled offloaded packets with multiple layers of encapsulation in the GRO (Generic Receive Offload) code path. A remote attacker could use this flaw to trigger unbounded recursion in the kernel that could lead to stack corruption, resulting in a system crash.(CVE-2016-8666)\n\n - A flaw was discovered in the Linux kernel's implementation of VFIO. An attacker issuing an ioctl can create a situation where memory is corrupted and modify memory outside of the expected area. This may overwrite kernel memory and subvert kernel execution.(CVE-2016-9083)\n\n - The use of a kzalloc with an integer multiplication allowed an integer overflow condition to be reached in vfio_pci_intrs.c. This combined with CVE-2016-9083 may allow an attacker to craft an attack and use unallocated memory, potentially crashing the machine.(CVE-2016-9084)\n\n - A flaw was found in the Linux kernel's implementation of the SCTP protocol. A remote attacker could trigger an out-of-bounds read with an offset of up to 64kB potentially causing the system to crash.(CVE-2016-9555)\n\n - It was found that the blk_rq_map_user_iov() function in the Linux kernel's block device implementation did not properly restrict the type of iterator, which could allow a local attacker to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging write access to a /dev/sg device.(CVE-2016-9576)\n\n - Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization(nVMX) feature enabled(nested=1), is vulnerable to an uncaught exception issue. It could occur if an L2 guest was to throw an exception which is not handled by an L1 guest.(CVE-2016-9588)\n\n - It was discovered that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring.(CVE-2016-9604)\n\n - A flaw was found in the Linux kernel's implementation of XFS file attributes. Two memory leaks were detected in xfs_attr_shortform_list and xfs_attr3_leaf_list_int when running a docker container backed by xfs/overlay2.\n A dedicated attacker could possible exhaust all memory and create a denial of service situation.(CVE-2016-9685)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1496)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7117", "CVE-2016-7425", "CVE-2016-7910", "CVE-2016-7911", "CVE-2016-7913", "CVE-2016-7914", "CVE-2016-7915", "CVE-2016-7916", "CVE-2016-8399", "CVE-2016-8630", "CVE-2016-8633", "CVE-2016-8645", "CVE-2016-8646", "CVE-2016-8650", "CVE-2016-8655", "CVE-2016-8666", "CVE-2016-9083", "CVE-2016-9084", "CVE-2016-9555", "CVE-2016-9576", "CVE-2016-9588", "CVE-2016-9604", "CVE-2016-9685"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1496.NASL", "href": "https://www.tenable.com/plugins/nessus/124819", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124819);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-7117\",\n \"CVE-2016-7425\",\n \"CVE-2016-7910\",\n \"CVE-2016-7911\",\n \"CVE-2016-7913\",\n \"CVE-2016-7914\",\n \"CVE-2016-7915\",\n \"CVE-2016-7916\",\n \"CVE-2016-8399\",\n \"CVE-2016-8630\",\n \"CVE-2016-8633\",\n \"CVE-2016-8645\",\n \"CVE-2016-8646\",\n \"CVE-2016-8650\",\n \"CVE-2016-8655\",\n \"CVE-2016-8666\",\n \"CVE-2016-9083\",\n \"CVE-2016-9084\",\n \"CVE-2016-9555\",\n \"CVE-2016-9576\",\n \"CVE-2016-9588\",\n \"CVE-2016-9604\",\n \"CVE-2016-9685\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1496)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A use-after-free vulnerability was found in the\n kernel's socket recvmmsg subsystem. This may allow\n remote attackers to corrupt memory and may allow\n execution of arbitrary code. This corruption takes\n place during the error handling routines within\n __sys_recvmmsg() function.(CVE-2016-7117)\n\n - A heap-buffer overflow vulnerability was found in the\n arcmsr_iop_message_xfer() function in\n 'drivers/scsi/arcmsr/arcmsr_hba.c' file in the Linux\n kernel through 4.8.2. The function does not restrict a\n certain length field, which allows local users to gain\n privileges or cause a denial of service via an\n ARCMSR_MESSAGE_WRITE_WQBUFFER control code. This can\n potentially cause kernel heap corruption and arbitrary\n kernel code execution.(CVE-2016-7425)\n\n - A flaw was found in the Linux kernel's implementation\n of seq_file where a local attacker could manipulate\n memory in the put() function pointer. This could lead\n to memory corruption and possible privileged\n escalation.(CVE-2016-7910)\n\n - A use-after-free vulnerability in sys_ioprio_get() was\n found due to get_task_ioprio() accessing the\n task-i1/4zio_context without holding the task lock and\n could potentially race with exit_io_context(), leading\n to a use-after-free.(CVE-2016-7911)\n\n - The xc2028_set_config function in\n drivers/media/tuners/tuner-xc2028.c in the Linux kernel\n before 4.6 allows local users to gain privileges or\n cause a denial of service (use-after-free) via vectors\n involving omission of the firmware name from a certain\n data structure. Due to the nature of the flaw,\n privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.(CVE-2016-7913)\n\n - The assoc_array_insert_into_terminal_node() function in\n 'lib/assoc_array.c' in the Linux kernel before 4.5.3\n does not check whether a slot is a leaf, which allows\n local users to obtain sensitive information from kernel\n memory or cause a denial of service (invalid pointer\n dereference and out-of-bounds read) via an application\n that uses associative-array data\n structures.(CVE-2016-7914)\n\n - The hid_input_field() function in\n 'drivers/hid/hid-core.c' in the Linux kernel before 4.6\n allows physically proximate attackers to obtain\n sensitive information from kernel memory or cause a\n denial of service (out-of-bounds read) by connecting a\n device.(CVE-2016-7915)\n\n - Race condition in the environ_read() function in\n 'fs/proc/base.c' in the Linux kernel before 4.5.4\n allows local users to obtain sensitive information from\n kernel memory by reading a '/proc/*/environ' file\n during a process-setup time interval in which\n environment-variable copying is\n incomplete.(CVE-2016-7916)\n\n - A flaw was found in the Linux networking subsystem\n where a local attacker with CAP_NET_ADMIN capabilities\n could cause an out-of-bounds memory access by creating\n a smaller-than-expected ICMP header and sending to its\n destination via sendto().(CVE-2016-8399)\n\n - Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support is vulnerable to a null\n pointer dereference flaw. It could occur on x86\n platform, when emulating an undefined instruction. An\n attacker could use this flaw to crash the host kernel\n resulting in DoS.(CVE-2016-8630)\n\n - A buffer overflow vulnerability due to a lack of input\n filtering of incoming fragmented datagrams was found in\n the IP-over-1394 driver firewire-net in a fragment\n handling code in the Linux kernel. The vulnerability\n exists since firewire supported IPv4, i.e. since\n version 2.6.31 (year 2009) till version v4.9-rc4. A\n maliciously formed fragment with a respectively large\n datagram offset would cause a memcpy() past the\n datagram buffer, which would cause a system panic or\n possible arbitrary code execution.The flaw requires\n firewire-net module to be loaded and is remotely\n exploitable from connected firewire devices, but not\n over a local network.(CVE-2016-8633)\n\n - It was discovered that the Linux kernel since 3.6-rc1\n with 'net.ipv4.tcp_fastopen' set to 1 can hit BUG()\n statement in tcp_collapse() function after making a\n number of certain syscalls leading to a possible system\n crash.(CVE-2016-8645)\n\n - A vulnerability was found in the Linux kernel. An\n unprivileged local user could trigger oops in\n shash_async_export() by attempting to force the\n in-kernel hashing algorithms into decrypting an empty\n data set.(CVE-2016-8646)\n\n - A flaw was found in the Linux kernel key management\n subsystem in which a local attacker could crash the\n kernel or corrupt the stack and additional memory\n (denial of service) by supplying a specially crafted\n RSA key. This flaw panics the machine during the\n verification of the RSA key.(CVE-2016-8650)\n\n - A race condition issue leading to a use-after-free flaw\n was found in the way the raw packet sockets\n implementation in the Linux kernel networking subsystem\n handled synchronization while creating the TPACKET_V3\n ring buffer. A local user able to open a raw packet\n socket (requires the CAP_NET_RAW capability) could use\n this flaw to elevate their privileges on the\n system.(CVE-2016-8655)\n\n - A flaw was found in the way the Linux kernel's\n networking subsystem handled offloaded packets with\n multiple layers of encapsulation in the GRO (Generic\n Receive Offload) code path. A remote attacker could use\n this flaw to trigger unbounded recursion in the kernel\n that could lead to stack corruption, resulting in a\n system crash.(CVE-2016-8666)\n\n - A flaw was discovered in the Linux kernel's\n implementation of VFIO. An attacker issuing an ioctl\n can create a situation where memory is corrupted and\n modify memory outside of the expected area. This may\n overwrite kernel memory and subvert kernel\n execution.(CVE-2016-9083)\n\n - The use of a kzalloc with an integer multiplication\n allowed an integer overflow condition to be reached in\n vfio_pci_intrs.c. This combined with CVE-2016-9083 may\n allow an attacker to craft an attack and use\n unallocated memory, potentially crashing the\n machine.(CVE-2016-9084)\n\n - A flaw was found in the Linux kernel's implementation\n of the SCTP protocol. A remote attacker could trigger\n an out-of-bounds read with an offset of up to 64kB\n potentially causing the system to crash.(CVE-2016-9555)\n\n - It was found that the blk_rq_map_user_iov() function in\n the Linux kernel's block device implementation did not\n properly restrict the type of iterator, which could\n allow a local attacker to read or write to arbitrary\n kernel memory locations or cause a denial of service\n (use-after-free) by leveraging write access to a\n /dev/sg device.(CVE-2016-9576)\n\n - Linux kernel built with the KVM visualization support\n (CONFIG_KVM), with nested visualization(nVMX) feature\n enabled(nested=1), is vulnerable to an uncaught\n exception issue. It could occur if an L2 guest was to\n throw an exception which is not handled by an L1\n guest.(CVE-2016-9588)\n\n - It was discovered that root can gain direct access to\n an internal keyring, such as '.dns_resolver' in RHEL-7\n or '.builtin_trusted_keys' upstream, by joining it as\n its session keyring. This allows root to bypass module\n signature verification by adding a new public key of\n its own devising to the keyring.(CVE-2016-9604)\n\n - A flaw was found in the Linux kernel's implementation\n of XFS file attributes. Two memory leaks were detected\n in xfs_attr_shortform_list and xfs_attr3_leaf_list_int\n when running a docker container backed by xfs/overlay2.\n A dedicated attacker could possible exhaust all memory\n and create a denial of service\n situation.(CVE-2016-9685)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1496\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3326f978\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET chocobo_root Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.6_42\",\n \"kernel-devel-3.10.0-862.14.1.6_42\",\n \"kernel-headers-3.10.0-862.14.1.6_42\",\n \"kernel-tools-3.10.0-862.14.1.6_42\",\n \"kernel-tools-libs-3.10.0-862.14.1.6_42\",\n \"kernel-tools-libs-devel-3.10.0-862.14.1.6_42\",\n \"perf-3.10.0-862.14.1.6_42\",\n \"python-perf-3.10.0-862.14.1.6_42\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-06T14:46:47", "description": "An update for kernel-rt is now available for Red Hat Enterprise MRG 2.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es) :\n\n* A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the next slab data or the slab's free list pointer can be corrupted with attacker-controlled data, which may lead to the privilege escalation.\n(CVE-2017-7533, Important)\n\n* It was found that the NFSv4 server in the Linux kernel did not properly validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. A remote attacker could use this flaw to soft-lockup the system and thus cause denial of service.\n(CVE-2017-8797, Important)\n\nThis update also fixes multiple Moderate and Low impact security issues :\n\nCVE-2017-8797 CVE-2015-8839 CVE-2016-9576 CVE-2016-7042 CVE-2016-7097 CVE-2016-8645 CVE-2016-9576 CVE-2016-9806 CVE-2016-10088 CVE-2017-2671 CVE-2017-5970 CVE-2017-6001 CVE-2017-6951 CVE-2017-7187 CVE-2017-7889 CVE-2017-8890 CVE-2017-9074 CVE-2017-8890 CVE-2017-9075 CVE-2017-8890 CVE-2017-9076 CVE-2017-8890 CVE-2017-9077 CVE-2016-9604 CVE-2016-9685\n\nDocumentation for these issues are available from the Technical Notes document linked to in the References section.\n\nRed Hat would like to thank Leilei Lin (Alibaba Group), Fan Wu (The University of Hong Kong), and Shixiong Zhao (The University of Hong Kong) for reporting CVE-2017-7533 and Marco Grassi for reporting CVE-2016-8645. The CVE-2016-7042 issue was discovered by Ondrej Kozina (Red Hat); the CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red Hat) and Jan Kara (SUSE); the CVE-2016-9604 issue was discovered by David Howells (Red Hat); and the CVE-2016-9685 issue was discovered by Qian Cai (Red Hat).", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-08T00:00:00", "type": "nessus", "title": "RHEL 6 : MRG (RHSA-2017:2669)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8839", "CVE-2016-10088", "CVE-2016-10741", "CVE-2016-7042", "CVE-2016-7097", "CVE-2016-8645", "CVE-2016-9576", "CVE-2016-9604", "CVE-2016-9685", "CVE-2016-9806", "CVE-2017-2671", "CVE-2017-5551", "CVE-2017-5970", "CVE-2017-6001", "CVE-2017-6951", "CVE-2017-7187", "CVE-2017-7495", "CVE-2017-7533", "CVE-2017-7889", "CVE-2017-8797", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2017-2669.NASL", "href": "https://www.tenable.com/plugins/nessus/103046", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2669. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103046);\n script_version(\"3.13\");\n script_cvs_date(\"Date: 2019/10/24 15:35:43\");\n\n script_cve_id(\"CVE-2015-8839\", \"CVE-2016-10088\", \"CVE-2016-10741\", \"CVE-2016-7042\", \"CVE-2016-7097\", \"CVE-2016-8645\", \"CVE-2016-9576\", \"CVE-2016-9604\", \"CVE-2016-9685\", \"CVE-2016-9806\", \"CVE-2017-2671\", \"CVE-2017-5551\", \"CVE-2017-5970\", \"CVE-2017-6001\", \"CVE-2017-6951\", \"CVE-2017-7187\", \"CVE-2017-7495\", \"CVE-2017-7533\", \"CVE-2017-7889\", \"CVE-2017-8797\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\");\n script_xref(name:\"RHSA\", value:\"2017:2669\");\n\n script_name(english:\"RHEL 6 : MRG (RHSA-2017:2669)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel-rt is now available for Red Hat Enterprise MRG 2.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\n* A race condition was found in the Linux kernel, present since\nv3.14-rc1 through v4.12. The race happens between threads of\ninotify_handle_event() and vfs_rename() while running the rename\noperation against the same file. As a result of the race the next slab\ndata or the slab's free list pointer can be corrupted with\nattacker-controlled data, which may lead to the privilege escalation.\n(CVE-2017-7533, Important)\n\n* It was found that the NFSv4 server in the Linux kernel did not\nproperly validate layout type when processing NFSv4 pNFS LAYOUTGET and\nGETDEVICEINFO operands. A remote attacker could use this flaw to\nsoft-lockup the system and thus cause denial of service.\n(CVE-2017-8797, Important)\n\nThis update also fixes multiple Moderate and Low impact security\nissues :\n\nCVE-2017-8797 CVE-2015-8839 CVE-2016-9576 CVE-2016-7042 CVE-2016-7097\nCVE-2016-8645 CVE-2016-9576 CVE-2016-9806 CVE-2016-10088 CVE-2017-2671\nCVE-2017-5970 CVE-2017-6001 CVE-2017-6951 CVE-2017-7187 CVE-2017-7889\nCVE-2017-8890 CVE-2017-9074 CVE-2017-8890 CVE-2017-9075 CVE-2017-8890\nCVE-2017-9076 CVE-2017-8890 CVE-2017-9077 CVE-2016-9604 CVE-2016-9685\n\nDocumentation for these issues are available from the Technical Notes\ndocument linked to in the References section.\n\nRed Hat would like to thank Leilei Lin (Alibaba Group), Fan Wu (The\nUniversity of Hong Kong), and Shixiong Zhao (The University of Hong\nKong) for reporting CVE-2017-7533 and Marco Grassi for reporting\nCVE-2016-8645. The CVE-2016-7042 issue was discovered by Ondrej Kozina\n(Red Hat); the CVE-2016-7097 issue was discovered by Andreas\nGruenbacher (Red Hat) and Jan Kara (SUSE); the CVE-2016-9604 issue was\ndiscovered by David Howells (Red Hat); and the CVE-2016-9685 issue was\ndiscovered by Qian Cai (Red Hat).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/3173821\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:2669\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8839\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-7042\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-7097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-8645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-10088\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-10741\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-2671\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5551\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-6001\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-6951\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7187\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7889\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-8797\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-8890\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-9074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-9075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-9076\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-9077\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-8839\", \"CVE-2016-10088\", \"CVE-2016-10741\", \"CVE-2016-7042\", \"CVE-2016-7097\", \"CVE-2016-8645\", \"CVE-2016-9576\", \"CVE-2016-9604\", \"CVE-2016-9685\", \"CVE-2016-9806\", \"CVE-2017-2671\", \"CVE-2017-5551\", \"CVE-2017-5970\", \"CVE-2017-6001\", \"CVE-2017-6951\", \"CVE-2017-7187\", \"CVE-2017-7495\", \"CVE-2017-7533\", \"CVE-2017-7889\", \"CVE-2017-8797\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2017:2669\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:2669\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL6\", rpm:\"mrg-release\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MRG\");\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-3.10.0-693.2.1.rt56.585.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-3.10.0-693.2.1.rt56.585.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-3.10.0-693.2.1.rt56.585.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-3.10.0-693.2.1.rt56.585.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-3.10.0-693.2.1.rt56.585.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-3.10.0-693.2.1.rt56.585.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-devel-3.10.0-693.2.1.rt56.585.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-rt-doc-3.10.0-693.2.1.rt56.585.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-rt-firmware-3.10.0-693.2.1.rt56.585.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-3.10.0-693.2.1.rt56.585.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-3.10.0-693.2.1.rt56.585.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-3.10.0-693.2.1.rt56.585.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-3.10.0-693.2.1.rt56.585.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-debuginfo-3.10.0-693.2.1.rt56.585.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-devel-3.10.0-693.2.1.rt56.585.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-16T14:58:32", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3533 advisory.\n\n - The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576. (CVE-2016-10088)\n\n - The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. (CVE-2016-7097)\n\n - An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID:\n A-31349935. (CVE-2016-8399)\n\n - The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function. (CVE-2017-7187)\n\n - Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline. (CVE-2017-2636)\n\n - crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an AF_ALG socket with an incompatible algorithm, as demonstrated by mcryptd(md5). (CVE-2016-10147)\n\n - arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest. (CVE-2016-9588)\n\n - The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code. (CVE-2016-7425)\n\n - drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets. (CVE-2016-8633)\n\n - Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor. (CVE-2016-3951)\n\n - The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits. (CVE-2016-3672)\n\n - The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel through 4.9.8 improperly emulates the VMXON instruction, which allows KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references. (CVE-2017-2596)\n\n - arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (CVE-2016-9756)\n\n - The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c. (CVE-2016-8645)\n\n - The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability. (CVE-2016-8632)\n\n - The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information from kernel stack memory by triggering failure of a get_user_ex call. (CVE-2016-9178)\n\n - The mbcache feature in the ext2 and ext4 filesystem implementations in the Linux kernel before 4.6 mishandles xattr block caching, which allows local users to cause a denial of service (soft lockup) via filesystem operations in environments that use many attributes, as demonstrated by Ceph and Samba.\n (CVE-2015-8952)\n\n - The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. (CVE-2016-3140)\n\n - The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in required circumstances, which allows local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls. (CVE-2017-6345)\n\n - The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted system calls or possibly (2) IPv4 traffic with invalid IP options. (CVE-2017-5970)\n\n - Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a software group into a hardware context. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6786. (CVE-2017-6001)\n\n - The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access. (CVE-2017-5897)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-04-03T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3533)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8952", "CVE-2016-10088", "CVE-2016-10147", "CVE-2016-3140", "CVE-2016-3672", "CVE-2016-3951", "CVE-2016-6786", "CVE-2016-7097", "CVE-2016-7425", "CVE-2016-8399", "CVE-2016-8632", "CVE-2016-8633", "CVE-2016-8645", "CVE-2016-9178", "CVE-2016-9576", "CVE-2016-9588", "CVE-2016-9644", "CVE-2016-9756", "CVE-2017-2596", "CVE-2017-2636", "CVE-2017-5897", "CVE-2017-5970", "CVE-2017-6001", "CVE-2017-6345", "CVE-2017-7187"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-61.1.33.el6uek", "p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-61.1.33.el7uek", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2017-3533.NASL", "href": "https://www.tenable.com/plugins/nessus/99159", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2017-3533.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99159);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2015-8952\",\n \"CVE-2016-3140\",\n \"CVE-2016-3672\",\n \"CVE-2016-3951\",\n \"CVE-2016-7097\",\n \"CVE-2016-7425\",\n \"CVE-2016-8399\",\n \"CVE-2016-8632\",\n \"CVE-2016-8633\",\n \"CVE-2016-8645\",\n \"CVE-2016-9178\",\n \"CVE-2016-9588\",\n \"CVE-2016-9644\",\n \"CVE-2016-9756\",\n \"CVE-2016-10088\",\n \"CVE-2016-10147\",\n \"CVE-2017-2596\",\n \"CVE-2017-2636\",\n \"CVE-2017-5897\",\n \"CVE-2017-5970\",\n \"CVE-2017-6001\",\n \"CVE-2017-6345\",\n \"CVE-2017-7187\"\n );\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3533)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2017-3533 advisory.\n\n - The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in\n situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary\n kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg\n device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2016-9576. (CVE-2016-10088)\n\n - The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr\n call, which allows local users to gain group privileges by leveraging the existence of a setgid program\n with restrictions on execute permissions. (CVE-2016-7097)\n\n - An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious\n application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate\n because it first requires compromising a privileged process and current compiler optimizations restrict\n access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID:\n A-31349935. (CVE-2016-8399)\n\n - The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause\n a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large\n command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write\n function. (CVE-2017-7187)\n\n - Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain\n privileges or cause a denial of service (double free) by setting the HDLC line discipline. (CVE-2017-2636)\n\n - crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service (NULL\n pointer dereference and system crash) by using an AF_ALG socket with an incompatible algorithm, as\n demonstrated by mcryptd(md5). (CVE-2016-10147)\n\n - arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows\n guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by\n an L2 guest. (CVE-2016-9588)\n\n - The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2\n does not restrict a certain length field, which allows local users to gain privileges or cause a denial of\n service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code. (CVE-2016-7425)\n\n - drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations,\n allows remote attackers to execute arbitrary code via crafted fragmented packets. (CVE-2016-8633)\n\n - Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically\n proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact\n by inserting a USB device with an invalid USB descriptor. (CVE-2016-3951)\n\n - The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not\n properly randomize the legacy base address, which makes it easier for local users to defeat the intended\n restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or\n setgid program, by disabling stack-consumption resource limits. (CVE-2016-3672)\n\n - The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel through 4.9.8 improperly\n emulates the VMXON instruction, which allows KVM L1 guest OS users to cause a denial of service (host OS\n memory consumption) by leveraging the mishandling of page references. (CVE-2017-2596)\n\n - arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in\n certain error cases, which allows local users to obtain sensitive information from kernel stack memory via\n a crafted application. (CVE-2016-9756)\n\n - The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to\n cause a denial of service (system crash) via a crafted application that makes sendto system calls, related\n to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c. (CVE-2016-8645)\n\n - The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the\n relationship between the minimum fragment length and the maximum packet size, which allows local users to\n gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN\n capability. (CVE-2016-8632)\n\n - The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not\n initialize a certain integer variable, which allows local users to obtain sensitive information from\n kernel stack memory by triggering failure of a get_user_ex call. (CVE-2016-9178)\n\n - The mbcache feature in the ext2 and ext4 filesystem implementations in the Linux kernel before 4.6\n mishandles xattr block caching, which allows local users to cause a denial of service (soft lockup) via\n filesystem operations in environments that use many attributes, as demonstrated by Ceph and Samba.\n (CVE-2015-8952)\n\n - The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1\n allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system\n crash) via a crafted endpoints value in a USB device descriptor. (CVE-2016-3140)\n\n - The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in\n required circumstances, which allows local users to cause a denial of service (BUG_ON) or possibly have\n unspecified other impact via crafted system calls. (CVE-2017-6345)\n\n - The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows\n attackers to cause a denial of service (system crash) via (1) an application that makes crafted system\n calls or possibly (2) IPv4 traffic with invalid IP options. (CVE-2017-5970)\n\n - Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain\n privileges via a crafted application that makes concurrent perf_event_open system calls for moving a\n software group into a hardware context. NOTE: this vulnerability exists because of an incomplete fix for\n CVE-2016-6786. (CVE-2017-6001)\n\n - The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have\n unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds\n access. (CVE-2017-5897)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2017-3533.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-6001\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-61.1.33.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-61.1.33.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-61.1.33.el6uek', '4.1.12-61.1.33.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2017-3533');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'dtrace-modules-4.1.12-61.1.33.el6uek-0.5.3-2.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-4.1.12-61.1.33.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-61.1.33.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-61.1.33.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-61.1.33.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-61.1.33.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-61.1.33.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'dtrace-modules-4.1.12-61.1.33.el7uek-0.5.3-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-4.1.12-61.1.33.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-61.1.33.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-61.1.33.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-61.1.33.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-61.1.33.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-61.1.33.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dtrace-modules-4.1.12-61.1.33.el6uek / dtrace-modules-4.1.12-61.1.33.el7uek / kernel-uek / etc');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-16T14:57:39", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3534 advisory.\n\n - The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler. (CVE-2015-4700)\n\n - The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576. (CVE-2016-10088)\n\n - An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID:\n A-31349935. (CVE-2016-8399)\n\n - An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) messages.\n (The scope of this CVE is all affected IPv6 implementations from all vendors.) The security implications of IP fragmentation have been discussed at length in [RFC6274] and [RFC7739]. An attacker can leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow (in scenarios in which actual fragmentation of packets is not needed) and can subsequently perform any type of fragmentation-based attack against legacy IPv6 nodes that do not implement [RFC6946]. That is, employing fragmentation where not actually needed allows for fragmentation-based attack vectors to be employed, unnecessarily. We note that, unfortunately, even nodes that already implement [RFC6946] can be subject to DoS attacks as a result of the generation of IPv6 atomic fragments. Let us assume that Host A is communicating with Host B and that, as a result of the widespread dropping of IPv6 packets that contain extension headers (including fragmentation) [RFC7872], some intermediate node filters fragments between Host B and Host A. If an attacker sends a forged ICMPv6 PTB error message to Host B, reporting an MTU smaller than 1280, this will trigger the generation of IPv6 atomic fragments from that moment on (as required by [RFC2460]). When Host B starts sending IPv6 atomic fragments (in response to the received ICMPv6 PTB error message), these packets will be dropped, since we previously noted that IPv6 packets with extension headers were being dropped between Host B and Host A. Thus, this situation will result in a DoS scenario. Another possible scenario is that in which two BGP peers are employing IPv6 transport and they implement Access Control Lists (ACLs) to drop IPv6 fragments (to avoid control-plane attacks). If the aforementioned BGP peers drop IPv6 fragments but still honor received ICMPv6 PTB error messages, an attacker could easily attack the corresponding peering session by simply sending an ICMPv6 PTB message with a reported MTU smaller than 1280 bytes. Once the attack packet has been sent, the aforementioned routers will themselves be the ones dropping their own traffic. (CVE-2016-10142)\n\n - The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function. (CVE-2017-7187)\n\n - Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline. (CVE-2017-2636)\n\n - arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest. (CVE-2016-9588)\n\n - The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code. (CVE-2016-7425)\n\n - The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application. (CVE-2015-8569)\n\n - The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request. (CVE-2016-4580)\n\n - drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets. (CVE-2016-8633)\n\n - The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits. (CVE-2016-3672)\n\n - The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c. (CVE-2016-8645)\n\n - The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information from kernel stack memory by triggering failure of a get_user_ex call. (CVE-2016-9178)\n\n - The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. (CVE-2016-3140)\n\n - The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in required circumstances, which allows local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls. (CVE-2017-6345)\n\n - The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted system calls or possibly (2) IPv4 traffic with invalid IP options. (CVE-2017-5970)\n\n - Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request. (CVE-2015-5707)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.6, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2017-04-03T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3534)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7446", "CVE-2015-4700", "CVE-2015-5707", "CVE-2015-8569", "CVE-2016-10088", "CVE-2016-10142", "CVE-2016-3140", "CVE-2016-3672", "CVE-2016-4482", "CVE-2016-4485", "CVE-2016-4580", "CVE-2016-7425", "CVE-2016-8399", "CVE-2016-8633", "CVE-2016-8645", "CVE-2016-8646", "CVE-2016-9178", "CVE-2016-9576", "CVE-2016-9588", "CVE-2016-9644", "CVE-2016-9793", "CVE-2017-2636", "CVE-2017-5970", "CVE-2017-6074", "CVE-2017-6345", "CVE-2017-7187"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.17.4.el6uek", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.17.4.el7uek", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2017-3534.NASL", "href": "https://www.tenable.com/plugins/nessus/99160", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2017-3534.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99160);\n script_version(\"3.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2013-7446\",\n \"CVE-2015-4700\",\n \"CVE-2015-5707\",\n \"CVE-2015-8569\",\n \"CVE-2016-3140\",\n \"CVE-2016-3672\",\n \"CVE-2016-4482\",\n \"CVE-2016-4485\",\n \"CVE-2016-4580\",\n \"CVE-2016-7425\",\n \"CVE-2016-8399\",\n \"CVE-2016-8633\",\n \"CVE-2016-8645\",\n \"CVE-2016-8646\",\n \"CVE-2016-9178\",\n \"CVE-2016-9588\",\n \"CVE-2016-9644\",\n \"CVE-2016-9793\",\n \"CVE-2016-10088\",\n \"CVE-2016-10142\",\n \"CVE-2017-2636\",\n \"CVE-2017-5970\",\n \"CVE-2017-6074\",\n \"CVE-2017-6345\",\n \"CVE-2017-7187\"\n );\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3534)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2017-3534 advisory.\n\n - The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows\n local users to cause a denial of service (system crash) by creating a packet filter and then loading\n crafted BPF instructions that trigger late convergence by the JIT compiler. (CVE-2015-4700)\n\n - The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in\n situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary\n kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg\n device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2016-9576. (CVE-2016-10088)\n\n - An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious\n application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate\n because it first requires compromising a privileged process and current compiler optimizations restrict\n access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID:\n A-31349935. (CVE-2016-8399)\n\n - An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) messages.\n (The scope of this CVE is all affected IPv6 implementations from all vendors.) The security implications\n of IP fragmentation have been discussed at length in [RFC6274] and [RFC7739]. An attacker can leverage the\n generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow (in\n scenarios in which actual fragmentation of packets is not needed) and can subsequently perform any type of\n fragmentation-based attack against legacy IPv6 nodes that do not implement [RFC6946]. That is, employing\n fragmentation where not actually needed allows for fragmentation-based attack vectors to be employed,\n unnecessarily. We note that, unfortunately, even nodes that already implement [RFC6946] can be subject to\n DoS attacks as a result of the generation of IPv6 atomic fragments. Let us assume that Host A is\n communicating with Host B and that, as a result of the widespread dropping of IPv6 packets that contain\n extension headers (including fragmentation) [RFC7872], some intermediate node filters fragments between\n Host B and Host A. If an attacker sends a forged ICMPv6 PTB error message to Host B, reporting an MTU\n smaller than 1280, this will trigger the generation of IPv6 atomic fragments from that moment on (as\n required by [RFC2460]). When Host B starts sending IPv6 atomic fragments (in response to the received\n ICMPv6 PTB error message), these packets will be dropped, since we previously noted that IPv6 packets with\n extension headers were being dropped between Host B and Host A. Thus, this situation will result in a DoS\n scenario. Another possible scenario is that in which two BGP peers are employing IPv6 transport and they\n implement Access Control Lists (ACLs) to drop IPv6 fragments (to avoid control-plane attacks). If the\n aforementioned BGP peers drop IPv6 fragments but still honor received ICMPv6 PTB error messages, an\n attacker could easily attack the corresponding peering session by simply sending an ICMPv6 PTB message\n with a reported MTU smaller than 1280 bytes. Once the attack packet has been sent, the aforementioned\n routers will themselves be the ones dropping their own traffic. (CVE-2016-10142)\n\n - The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause\n a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large\n command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write\n function. (CVE-2017-7187)\n\n - Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain\n privileges or cause a denial of service (double free) by setting the HDLC line discipline. (CVE-2017-2636)\n\n - arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows\n guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by\n an L2 guest. (CVE-2016-9588)\n\n - The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2\n does not restrict a certain length field, which allows local users to gain privileges or cause a denial of\n service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code. (CVE-2016-7425)\n\n - The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through\n 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from\n kernel memory and bypass the KASLR protection mechanism via a crafted application. (CVE-2015-8569)\n\n - The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does\n not properly initialize a certain data structure, which allows attackers to obtain sensitive information\n from kernel stack memory via an X.25 Call Request. (CVE-2016-4580)\n\n - drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations,\n allows remote attackers to execute arbitrary code via crafted fragmented packets. (CVE-2016-8633)\n\n - The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not\n properly randomize the legacy base address, which makes it easier for local users to defeat the intended\n restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or\n setgid program, by disabling stack-consumption resource limits. (CVE-2016-3672)\n\n - The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to\n cause a denial of service (system crash) via a crafted application that makes sendto system calls, related\n to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c. (CVE-2016-8645)\n\n - The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not\n initialize a certain integer variable, which allows local users to obtain sensitive information from\n kernel stack memory by triggering failure of a get_user_ex call. (CVE-2016-9178)\n\n - The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1\n allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system\n crash) via a crafted endpoints value in a USB device descriptor. (CVE-2016-3140)\n\n - The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in\n required circumstances, which allows local users to cause a denial of service (BUG_ON) or possibly have\n unspecified other impact via crafted system calls. (CVE-2017-6345)\n\n - The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows\n attackers to cause a denial of service (system crash) via (1) an application that makes crafted system\n calls or possibly (2) IPv4 traffic with invalid IP options. (CVE-2017-5970)\n\n - Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x\n before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a\n large iov_count value in a write request. (CVE-2015-5707)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2017-3534.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-8399\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.17.4.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.17.4.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.8.13-118.17.4.el6uek', '3.8.13-118.17.4.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2017-3534');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.8';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'dtrace-modules-3.8.13-118.17.4.el6uek-0.4.5-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-118.17.4.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-118.17.4.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-118.17.4.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-118.17.4.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-118.17.4.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-118.17.4.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'},\n {'reference':'dtrace-modules-3.8.13-118.17.4.el7uek-0.4.5-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-118.17.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-118.17.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-118.17.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-118.17.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-118.17.4.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-118.17.4.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dtrace-modules-3.8.13-118.17.4.el6uek / dtrace-modules-3.8.13-118.17.4.el7uek / kernel-uek / etc');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-20T15:03:28", "description": "The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed :\n\n - CVE-2015-8970: crypto/algif_skcipher.c in the Linux kernel did not verify that a setkey operation has been performed on an AF_ALG socket before an accept system call is processed, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that did not supply a key, related to the lrw_crypt function in crypto/lrw.c (bnc#1008374).\n\n - CVE-2017-5551: Clear S_ISGID on tmpfs when setting posix ACLs (bsc#1021258).\n\n - CVE-2016-7097: The filesystem implementation in the Linux kernel preserves the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions (bnc#995968).\n\n - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c.\n NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 (bnc#1017710).\n\n - CVE-2004-0230: TCP, when using a large Window Size, made it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP (bnc#969340).\n\n - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831).\n\n - CVE-2016-8399: An elevation of privilege vulnerability in the kernel networking subsystem could have enabled a local malicious application to execute arbitrary code within the context of the kernel bnc#1014746).\n\n - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531).\n\n - CVE-2012-6704: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option (bnc#1013542).\n\n - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application (bnc#1013038).\n\n - CVE-2016-3841: The IPv6 stack in the Linux kernel mishandled options data, which allowed local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call (bnc#992566).\n\n - CVE-2016-9685: Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations (bnc#1012832).\n\n - CVE-2015-1350: The VFS subsystem in the Linux kernel provided an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939).\n\n - CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501).\n\n - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacked chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685).\n\n - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed (bnc#1010716).\n\n - CVE-2016-7911: Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call (bnc#1010711).\n\n - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507).\n\n - CVE-2016-7916: Race condition in the environ_read function in fs/proc/base.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete (bnc#1010467).\n\n - CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the Linux kernel allowed local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data (bnc#1010150).\n\n - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel in certain unusual hardware configurations allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833).\n\n - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux, when the GNU Compiler Collection (gcc) stack protector is enabled, used an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517).\n\n - CVE-2015-8956: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket (bnc#1003925).\n\n - CVE-2016-7117: Use-after-free vulnerability in the\n __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bnc#1003077).\n\n - CVE-2016-0823: The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel allowed local users to obtain sensitive physical-address information by reading a pagemap file (bnc#994759).\n\n - CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).\n\n - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in the Linux kernel did not properly maintain certain SACK state after a failed data copy, which allowed local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option (bnc#994296).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-02-21T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : kernel (SUSE-SU-2017:0494-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0230", "CVE-2012-6704", "CVE-2015-1350", "CVE-2015-8956", "CVE-2015-8962", "CVE-2015-8964", "CVE-2015-8970", "CVE-2016-0823", "CVE-2016-10088", "CVE-2016-3841", "CVE-2016-6828", "CVE-2016-7042", "CVE-2016-7097", "CVE-2016-7117", "CVE-2016-7425", "CVE-2016-7910", "CVE-2016-7911", "CVE-2016-7916", "CVE-2016-8399", "CVE-2016-8632", "CVE-2016-8633", "CVE-2016-8646", "CVE-2016-9555", "CVE-2016-9576", "CVE-2016-9685", "CVE-2016-9756", "CVE-2016-9793", "CVE-2017-5551"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-bigsmp", "p-cpe:/a:novell:suse_linux:kernel-bigsmp-base", "p-cpe:/a:novell:suse_linux:kernel-bigsmp-devel", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-ec2", "p-cpe:/a:novell:suse_linux:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:kernel-ec2-devel", "p-cpe:/a:novell:suse_linux:kernel-pae", "p-cpe:/a:novell:suse_linux:kernel-pae-base", "p-cpe:/a:novell:suse_linux:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-trace", "p-cpe:/a:novell:suse_linux:kernel-trace-base", "p-cpe:/a:novell:suse_linux:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2017-0494-1.NASL", "href": "https://www.tenable.com/plugins/nessus/97297", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0494-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97297);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2004-0230\", \"CVE-2012-6704\", \"CVE-2015-1350\", \"CVE-2015-8956\", \"CVE-2015-8962\", \"CVE-2015-8964\", \"CVE-2015-8970\", \"CVE-2016-0823\", \"CVE-2016-10088\", \"CVE-2016-3841\", \"CVE-2016-6828\", \"CVE-2016-7042\", \"CVE-2016-7097\", \"CVE-2016-7117\", \"CVE-2016-7425\", \"CVE-2016-7910\", \"CVE-2016-7911\", \"CVE-2016-7916\", \"CVE-2016-8399\", \"CVE-2016-8632\", \"CVE-2016-8633\", \"CVE-2016-8646\", \"CVE-2016-9555\", \"CVE-2016-9576\", \"CVE-2016-9685\", \"CVE-2016-9756\", \"CVE-2016-9793\", \"CVE-2017-5551\");\n script_bugtraq_id(10183);\n\n script_name(english:\"SUSE SLES11 Security Update : kernel (SUSE-SU-2017:0494-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive\nvarious security and bugfixes. The following security bugs were \nfixed :\n\n - CVE-2015-8970: crypto/algif_skcipher.c in the Linux\n kernel did not verify that a setkey operation has been\n performed on an AF_ALG socket before an accept system\n call is processed, which allowed local users to cause a\n denial of service (NULL pointer dereference and system\n crash) via a crafted application that did not supply a\n key, related to the lrw_crypt function in crypto/lrw.c\n (bnc#1008374).\n\n - CVE-2017-5551: Clear S_ISGID on tmpfs when setting posix\n ACLs (bsc#1021258).\n\n - CVE-2016-7097: The filesystem implementation in the\n Linux kernel preserves the setgid bit during a setxattr\n call, which allowed local users to gain group privileges\n by leveraging the existence of a setgid program with\n restrictions on execute permissions (bnc#995968).\n\n - CVE-2016-10088: The sg implementation in the Linux\n kernel did not properly restrict write operations in\n situations where the KERNEL_DS option is set, which\n allowed local users to read or write to arbitrary kernel\n memory locations or cause a denial of service\n (use-after-free) by leveraging access to a /dev/sg\n device, related to block/bsg.c and drivers/scsi/sg.c.\n NOTE: this vulnerability exists because of an incomplete\n fix for CVE-2016-9576 (bnc#1017710).\n\n - CVE-2004-0230: TCP, when using a large Window Size, made\n it easier for remote attackers to guess sequence numbers\n and cause a denial of service (connection loss) to\n persistent TCP connections by repeatedly injecting a TCP\n RST packet, especially in protocols that use long-lived\n connections, such as BGP (bnc#969340).\n\n - CVE-2016-8632: The tipc_msg_build function in\n net/tipc/msg.c in the Linux kernel did not validate the\n relationship between the minimum fragment length and the\n maximum packet size, which allowed local users to gain\n privileges or cause a denial of service (heap-based\n buffer overflow) by leveraging the CAP_NET_ADMIN\n capability (bnc#1008831).\n\n - CVE-2016-8399: An elevation of privilege vulnerability\n in the kernel networking subsystem could have enabled a\n local malicious application to execute arbitrary code\n within the context of the kernel bnc#1014746).\n\n - CVE-2016-9793: The sock_setsockopt function in\n net/core/sock.c in the Linux kernel mishandled negative\n values of sk_sndbuf and sk_rcvbuf, which allowed local\n users to cause a denial of service (memory corruption\n and system crash) or possibly have unspecified other\n impact by leveraging the CAP_NET_ADMIN capability for a\n crafted setsockopt system call with the (1)\n SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option\n (bnc#1013531).\n\n - CVE-2012-6704: The sock_setsockopt function in\n net/core/sock.c in the Linux kernel mishandled negative\n values of sk_sndbuf and sk_rcvbuf, which allowed local\n users to cause a denial of service (memory corruption\n and system crash) or possibly have unspecified other\n impact by leveraging the CAP_NET_ADMIN capability for a\n crafted setsockopt system call with the (1) SO_SNDBUF or\n (2) SO_RCVBUF option (bnc#1013542).\n\n - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux\n kernel did not properly initialize Code Segment (CS) in\n certain error cases, which allowed local users to obtain\n sensitive information from kernel stack memory via a\n crafted application (bnc#1013038).\n\n - CVE-2016-3841: The IPv6 stack in the Linux kernel\n mishandled options data, which allowed local users to\n gain privileges or cause a denial of service\n (use-after-free and system crash) via a crafted sendmsg\n system call (bnc#992566).\n\n - CVE-2016-9685: Multiple memory leaks in error paths in\n fs/xfs/xfs_attr_list.c in the Linux kernel allowed local\n users to cause a denial of service (memory consumption)\n via crafted XFS filesystem operations (bnc#1012832).\n\n - CVE-2015-1350: The VFS subsystem in the Linux kernel\n provided an incomplete set of requirements for setattr\n operations that underspecifies removing extended\n privilege attributes, which allowed local users to cause\n a denial of service (capability stripping) via a failed\n invocation of a system call, as demonstrated by using\n chown to remove a capability from the ping or Wireshark\n dumpcap program (bnc#914939).\n\n - CVE-2015-8962: Double free vulnerability in the\n sg_common_write function in drivers/scsi/sg.c in the\n Linux kernel allowed local users to gain privileges or\n cause a denial of service (memory corruption and system\n crash) by detaching a device during an SG_IO ioctl call\n (bnc#1010501).\n\n - CVE-2016-9555: The sctp_sf_ootb function in\n net/sctp/sm_statefuns.c in the Linux kernel lacked\n chunk-length checking for the first chunk, which allowed\n remote attackers to cause a denial of service\n (out-of-bounds slab access) or possibly have unspecified\n other impact via crafted SCTP data (bnc#1011685).\n\n - CVE-2016-7910: Use-after-free vulnerability in the\n disk_seqf_stop function in block/genhd.c in the Linux\n kernel allowed local users to gain privileges by\n leveraging the execution of a certain stop operation\n even if the corresponding start operation had failed\n (bnc#1010716).\n\n - CVE-2016-7911: Race condition in the get_task_ioprio\n function in block/ioprio.c in the Linux kernel allowed\n local users to gain privileges or cause a denial of\n service (use-after-free) via a crafted ioprio_get system\n call (bnc#1010711).\n\n - CVE-2015-8964: The tty_set_termios_ldisc function in\n drivers/tty/tty_ldisc.c in the Linux kernel allowed\n local users to obtain sensitive information from kernel\n memory by reading a tty data structure (bnc#1010507).\n\n - CVE-2016-7916: Race condition in the environ_read\n function in fs/proc/base.c in the Linux kernel allowed\n local users to obtain sensitive information from kernel\n memory by reading a /proc/*/environ file during a\n process-setup time interval in which\n environment-variable copying is incomplete\n (bnc#1010467).\n\n - CVE-2016-8646: The hash_accept function in\n crypto/algif_hash.c in the Linux kernel allowed local\n users to cause a denial of service (OOPS) by attempting\n to trigger use of in-kernel hash algorithms for a socket\n that has received zero bytes of data (bnc#1010150).\n\n - CVE-2016-8633: drivers/firewire/net.c in the Linux\n kernel in certain unusual hardware configurations\n allowed remote attackers to execute arbitrary code via\n crafted fragmented packets (bnc#1008833).\n\n - CVE-2016-7042: The proc_keys_show function in\n security/keys/proc.c in the Linux, when the GNU Compiler\n Collection (gcc) stack protector is enabled, used an\n incorrect buffer size for certain timeout data, which\n allowed local users to cause a denial of service (stack\n memory corruption and panic) by reading the /proc/keys\n file (bnc#1004517).\n\n - CVE-2015-8956: The rfcomm_sock_bind function in\n net/bluetooth/rfcomm/sock.c in the Linux kernel allowed\n local users to obtain sensitive information or cause a\n denial of service (NULL pointer dereference) via vectors\n involving a bind system call on a Bluetooth RFCOMM\n socket (bnc#1003925).\n\n - CVE-2016-7117: Use-after-free vulnerability in the\n __sys_recvmmsg function in net/socket.c in the Linux\n kernel allowed remote attackers to execute arbitrary\n code via vectors involving a recvmmsg system call that\n is mishandled during error processing (bnc#1003077).\n\n - CVE-2016-0823: The pagemap_open function in\n fs/proc/task_mmu.c in the Linux kernel allowed local\n users to obtain sensitive physical-address information\n by reading a pagemap file (bnc#994759).\n\n - CVE-2016-7425: The arcmsr_iop_message_xfer function in\n drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did\n not restrict a certain length field, which allowed local\n users to gain privileges or cause a denial of service\n (heap-based buffer overflow) via an\n ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).\n\n - CVE-2016-6828: The tcp_check_send_head function in\n include/net/tcp.h in the Linux kernel did not properly\n maintain certain SACK state after a failed data copy,\n which allowed local users to cause a denial of service\n (tcp_xmit_retransmit_queue use-after-free and system\n crash) via a crafted SACK option (bnc#994296).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1001419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1002165\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003253\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003925\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1004517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1007944\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008833\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008850\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1009875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010150\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010467\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010501\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012832\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012851\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012852\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013042\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013531\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015878\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1018446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019783\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021258\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=821612\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=824171\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=914939\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=929141\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935436\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961923\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966826\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=967716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=969340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973691\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979595\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=987576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989261\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=992566\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=992569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=992906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=992991\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=993890\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=993891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=994296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=994618\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=994759\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=995968\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=996329\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=996541\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=996557\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997059\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997708\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=998689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999932\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999943\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2004-0230/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2012-6704/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1350/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8956/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8962/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8964/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8970/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0823/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10088/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3841/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6828/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7042/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7097/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7117/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7425/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7910/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7911/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7916/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8399/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8632/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8633/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8646/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9555/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9685/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9756/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9793/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5551/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170494-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1b5b010b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 5:zypper in -t patch\nsleclo50sp3-linux-kernel-12992=1\n\nSUSE Manager Proxy 2.1:zypper in -t patch\nslemap21-linux-kernel-12992=1\n\nSUSE Manager 2.1:zypper in -t patch sleman21-linux-kernel-12992=1\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-linux-kernel-12992=1\n\nSUSE Linux Enterprise Server 11-EXTRA:zypper in -t patch\nslexsp3-linux-kernel-12992=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-linux-kernel-12992=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch\ndbgsp3-linux-kernel-12992=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin
openSUSE Security Update : the openSUSE Leap 42.1 kernel. (openSUSE-2016-1439)
