The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1477-1 advisory.
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID. (CVE-2018-13405)
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value. (CVE-2021-33033)
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack. (CVE-2021-34556)
REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-42739. Reason: This candidate is a reservation duplicate of CVE-2021-42739. Notes: All CVE users should reference CVE-2021-42739 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. (CVE-2021-3542)
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value.
(CVE-2021-35477)
A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory. (CVE-2021-3655)
kernel: use-after-free in route4_change() in net/sched/cls_route.c (CVE-2021-3715)
REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-43389. Reason: This candidate is a reservation duplicate of CVE-2021-43389. Notes: All CVE users should reference CVE-2021-43389 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. (CVE-2021-3896)
prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel through 5.14.9 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. (CVE-2021-41864)
The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.
(CVE-2021-42008)
An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes. (CVE-2021-42252)
The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking. (CVE-2021-42739)
An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
#
# The package checks in this plugin were extracted from
# openSUSE Security Update openSUSE-SU-2021:1477-1. The text itself
# is copyright (C) SUSE.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(155358);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/23");
script_cve_id(
"CVE-2018-13405",
"CVE-2021-3542",
"CVE-2021-3655",
"CVE-2021-3715",
"CVE-2021-3760",
"CVE-2021-3772",
"CVE-2021-3896",
"CVE-2021-33033",
"CVE-2021-34556",
"CVE-2021-35477",
"CVE-2021-41864",
"CVE-2021-42008",
"CVE-2021-42252",
"CVE-2021-42739",
"CVE-2021-43056"
);
script_name(english:"openSUSE 15 Security Update : kernel (openSUSE-SU-2021:1477-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in
the openSUSE-SU-2021:1477-1 advisory.
- The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create
files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and
is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a
plain file whose group ownership is that group. The intended behavior was that the non-member can trigger
creation of a directory (but not a plain file) whose group ownership is that group. The non-member can
escalate privileges by making the plain file executable and SGID. (CVE-2018-13405)
- The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because
the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads
to writing an arbitrary value. (CVE-2021-33033)
- In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from
kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects
the possibility of uninitialized memory locations on the BPF stack. (CVE-2021-34556)
- ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-42739. Reason: This candidate is a
reservation duplicate of CVE-2021-42739. Notes: All CVE users should reference CVE-2021-42739 instead of
this candidate. All references and descriptions in this candidate have been removed to prevent accidental
usage. (CVE-2021-3542)
- In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from
kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store
operation does not necessarily occur before a store operation that has an attacker-controlled value.
(CVE-2021-35477)
- A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on
inbound SCTP packets may allow the kernel to read uninitialized memory. (CVE-2021-3655)
- kernel: use-after-free in route4_change() in net/sched/cls_route.c (CVE-2021-3715)
- ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-43389. Reason: This candidate is a
reservation duplicate of CVE-2021-43389. Notes: All CVE users should reference CVE-2021-43389 instead of
this candidate. All references and descriptions in this candidate have been removed to prevent accidental
usage. (CVE-2021-3896)
- prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel through 5.14.9 allows
unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds
write. (CVE-2021-41864)
- The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab
out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.
(CVE-2021-42008)
- An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux
kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite
memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a
certain comparison uses values that are not memory sizes. (CVE-2021-42252)
- The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to
drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt
mishandles bounds checking. (CVE-2021-42739)
- An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to
crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S
implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1065729");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1085030");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1100416");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1129735");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1152489");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1154353");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1156395");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1157177");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1167773");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1172073");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1173604");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1176940");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1184673");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1185762");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186109");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1187167");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188563");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188876");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188983");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188985");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1189841");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190006");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190067");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190349");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190351");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190479");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190620");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190642");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190795");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190941");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191229");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191238");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191241");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191315");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191317");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191343");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191349");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191384");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191449");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191450");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191451");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191452");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191455");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191456");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191628");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191731");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191800");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191934");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191958");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1192036");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1192040");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1192041");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1192107");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1192145");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1192267");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1192549");
# https://lists.opensuse.org/archives/list/[email protected]/thread/J325P6NPH7BF7P7B3LO6FGQNCTFNGKEW/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7ad35c01");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-13405");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-33033");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-34556");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-3542");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-35477");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-3655");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-3715");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-3760");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-3772");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-3896");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-41864");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-42008");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-42252");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-42739");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-43056");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-3760");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2021-42252");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/06");
script_set_attribute(attribute:"patch_publication_date", value:"2021/11/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/11/16");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-rebuild");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-macros");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-qa");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-preempt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-preempt-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.2");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('audit.inc');
include('global_settings.inc');
include('misc_func.inc');
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item('Host/SuSE/release');
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, 'openSUSE');
var os_ver = pregmatch(pattern: "^SUSE([\d.]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');
os_ver = os_ver[1];
if (release !~ "^(SUSE15\.2)$") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);
var pkgs = [
{'reference':'kernel-debug-5.3.18-lp152.102.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-devel-5.3.18-lp152.102.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-default-5.3.18-lp152.102.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-default-base-5.3.18-lp152.102.1.lp152.8.49.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-default-base-rebuild-5.3.18-lp152.102.1.lp152.8.49.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-default-devel-5.3.18-lp152.102.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-devel-5.3.18-lp152.102.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-kvmsmall-5.3.18-lp152.102.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-kvmsmall-devel-5.3.18-lp152.102.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-macros-5.3.18-lp152.102.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-obs-build-5.3.18-lp152.102.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-obs-qa-5.3.18-lp152.102.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-preempt-5.3.18-lp152.102.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-preempt-devel-5.3.18-lp152.102.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-source-5.3.18-lp152.102.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-source-vanilla-5.3.18-lp152.102.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-syms-5.3.18-lp152.102.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach package_array ( pkgs ) {
var reference = NULL;
var release = NULL;
var cpu = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) release = package_array['release'];
if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && release) {
if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-debug / kernel-debug-devel / kernel-default / etc');
}
Vendor | Product | Version | CPE |
---|---|---|---|
novell | opensuse | kernel-debug | p-cpe:/a:novell:opensuse:kernel-debug |
novell | opensuse | kernel-debug-devel | p-cpe:/a:novell:opensuse:kernel-debug-devel |
novell | opensuse | kernel-default | p-cpe:/a:novell:opensuse:kernel-default |
novell | opensuse | kernel-default-base | p-cpe:/a:novell:opensuse:kernel-default-base |
novell | opensuse | kernel-default-base-rebuild | p-cpe:/a:novell:opensuse:kernel-default-base-rebuild |
novell | opensuse | kernel-default-devel | p-cpe:/a:novell:opensuse:kernel-default-devel |
novell | opensuse | kernel-devel | p-cpe:/a:novell:opensuse:kernel-devel |
novell | opensuse | kernel-kvmsmall | p-cpe:/a:novell:opensuse:kernel-kvmsmall |
novell | opensuse | kernel-kvmsmall-devel | p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel |
novell | opensuse | kernel-macros | p-cpe:/a:novell:opensuse:kernel-macros |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13405
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33033
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34556
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3542
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35477
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3655
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3715
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3760
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3772
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3896
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41864
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42008
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42252
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42739
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43056
www.nessus.org/u?7ad35c01
bugzilla.suse.com/1065729
bugzilla.suse.com/1085030
bugzilla.suse.com/1100416
bugzilla.suse.com/1129735
bugzilla.suse.com/1152489
bugzilla.suse.com/1154353
bugzilla.suse.com/1156395
bugzilla.suse.com/1157177
bugzilla.suse.com/1167773
bugzilla.suse.com/1172073
bugzilla.suse.com/1173604
bugzilla.suse.com/1176940
bugzilla.suse.com/1184673
bugzilla.suse.com/1185762
bugzilla.suse.com/1186109
bugzilla.suse.com/1187167
bugzilla.suse.com/1188563
bugzilla.suse.com/1188876
bugzilla.suse.com/1188983
bugzilla.suse.com/1188985
bugzilla.suse.com/1189841
bugzilla.suse.com/1190006
bugzilla.suse.com/1190067
bugzilla.suse.com/1190349
bugzilla.suse.com/1190351
bugzilla.suse.com/1190479
bugzilla.suse.com/1190620
bugzilla.suse.com/1190642
bugzilla.suse.com/1190795
bugzilla.suse.com/1190941
bugzilla.suse.com/1191229
bugzilla.suse.com/1191238
bugzilla.suse.com/1191241
bugzilla.suse.com/1191315
bugzilla.suse.com/1191317
bugzilla.suse.com/1191343
bugzilla.suse.com/1191349
bugzilla.suse.com/1191384
bugzilla.suse.com/1191449
bugzilla.suse.com/1191450
bugzilla.suse.com/1191451
bugzilla.suse.com/1191452
bugzilla.suse.com/1191455
bugzilla.suse.com/1191456
bugzilla.suse.com/1191628
bugzilla.suse.com/1191731
bugzilla.suse.com/1191800
bugzilla.suse.com/1191934
bugzilla.suse.com/1191958
bugzilla.suse.com/1192036
bugzilla.suse.com/1192040
bugzilla.suse.com/1192041
bugzilla.suse.com/1192107
bugzilla.suse.com/1192145
bugzilla.suse.com/1192267
bugzilla.suse.com/1192549
www.suse.com/security/cve/CVE-2018-13405
www.suse.com/security/cve/CVE-2021-33033
www.suse.com/security/cve/CVE-2021-34556
www.suse.com/security/cve/CVE-2021-3542
www.suse.com/security/cve/CVE-2021-35477
www.suse.com/security/cve/CVE-2021-3655
www.suse.com/security/cve/CVE-2021-3715
www.suse.com/security/cve/CVE-2021-3760
www.suse.com/security/cve/CVE-2021-3772
www.suse.com/security/cve/CVE-2021-3896
www.suse.com/security/cve/CVE-2021-41864
www.suse.com/security/cve/CVE-2021-42008
www.suse.com/security/cve/CVE-2021-42252
www.suse.com/security/cve/CVE-2021-42739
www.suse.com/security/cve/CVE-2021-43056