ID REDHAT-RHSA-2013-1490.NASL Type nessus Reporter Tenable Modified 2018-11-10T00:00:00
Description
Updated kernel-rt packages that fix multiple security issues and one
bug are now available for Red Hat Enterprise MRG 2.4.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.
The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.
A flaw was found in the way IP packets with an Internet Header
Length (ihl) of zero were processed in the skb_flow_dissect() function
in the Linux kernel. A remote attacker could use this flaw to trigger
an infinite loop in the kernel, leading to a denial of service.
(CVE-2013-4348, Important)
A flaw was found in the way the Linux kernel's IPv6 implementation
handled certain UDP packets when the UDP Fragmentation Offload (UFO)
feature was enabled. A remote attacker could use this flaw to crash
the system or, potentially, escalate their privileges on the system.
(CVE-2013-4387, Important)
A flaw was found in the way the Linux kernel handled the creation of
temporary IPv6 addresses. If the IPv6 privacy extension was enabled
(/proc/sys/net/ipv6/conf/eth0/use_tempaddr set to '2'), an attacker on
the local network could disable IPv6 temporary address generation,
leading to a potential information disclosure. (CVE-2013-0343,
Moderate)
A flaw was found in the way the Linux kernel handled HID (Human
Interface Device) reports with an out-of-bounds Report ID. An attacker
with physical access to the system could use this flaw to crash the
system or, potentially, escalate their privileges on the system.
(CVE-2013-2888, Moderate)
Heap-based buffer overflow flaws were found in the way the
Pantherlord/GreenAsia game controller driver, the Logitech force
feedback drivers, and the Logitech Unifying receivers driver handled
HID reports. An attacker with physical access to the system could use
these flaws to crash the system or, potentially, escalate their
privileges on the system. (CVE-2013-2892, CVE-2013-2893,
CVE-2013-2895, Moderate)
A NULL pointer dereference flaw was found in the way the N-Trig
touch screen driver handled HID reports. An attacker with physical
access to the system could use this flaw to crash the system,
resulting in a denial of service. (CVE-2013-2896, Moderate)
An information leak flaw was found in the way the Linux kernel's
device mapper subsystem, under certain conditions, interpreted data
written to snapshot block devices. An attacker could use this flaw to
read data from disk blocks in free space, which are normally
inaccessible. (CVE-2013-4299, Moderate)
A use-after-free flaw was found in the tun_set_iff() function in the
Universal TUN/TAP device driver implementation in the Linux kernel. A
privileged user could use this flaw to crash the system or,
potentially, further escalate their privileges on the system.
(CVE-2013-4343, Moderate)
An off-by-one flaw was found in the way the ANSI CPRNG
implementation in the Linux kernel processed non-block size aligned
requests. This could lead to random numbers being generated with less
bits of entropy than expected when ANSI CPRNG was used.
(CVE-2013-4345, Moderate)
A flaw was found in the way the Linux kernel's IPv6 SCTP
implementation interacted with the IPsec subsystem. This resulted in
unencrypted SCTP packets being sent over the network even though IPsec
encryption was enabled. An attacker able to inspect these SCTP packets
could use this flaw to obtain potentially sensitive information.
(CVE-2013-4350, Moderate)
Red Hat would like to thank Fujitsu for reporting CVE-2013-4299 and
Stephan Mueller for reporting CVE-2013-4345. The CVE-2013-4348 issue
was discovered by Jason Wang of Red Hat.
Bug fix :
RoCE appeared to be supported in the MRG Realtime kernel even when
the required user space packages from the HPN channel were not
installed. The Realtime kernel now checks for the HPN channel packages
before exposing the RoCE interfaces. RoCE devices appear as plain
10GigE devices if the needed HPN channel user space packages are not
installed. (BZ#1012993)
Users should upgrade to these updated packages, which upgrade the
kernel-rt kernel to version kernel-rt-3.8.13-rt14, and correct these
issues. The system must be rebooted for this update to take effect.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2013:1490. The text
# itself is copyright (C) Red Hat, Inc.
#
include("compat.inc");
if (description)
{
script_id(76669);
script_version("1.9");
script_cvs_date("Date: 2018/11/10 11:49:53");
script_cve_id("CVE-2013-0343", "CVE-2013-2888", "CVE-2013-2892", "CVE-2013-2893", "CVE-2013-2895", "CVE-2013-2896", "CVE-2013-4299", "CVE-2013-4343", "CVE-2013-4345", "CVE-2013-4348", "CVE-2013-4350", "CVE-2013-4387");
script_bugtraq_id(58795, 62043, 62045, 62048, 62049, 62050, 62360, 62405, 62696, 62740, 63183);
script_xref(name:"RHSA", value:"2013:1490");
script_name(english:"RHEL 6 : MRG (RHSA-2013:1490)");
script_summary(english:"Checks the rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Red Hat host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"Updated kernel-rt packages that fix multiple security issues and one
bug are now available for Red Hat Enterprise MRG 2.4.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.
The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.
* A flaw was found in the way IP packets with an Internet Header
Length (ihl) of zero were processed in the skb_flow_dissect() function
in the Linux kernel. A remote attacker could use this flaw to trigger
an infinite loop in the kernel, leading to a denial of service.
(CVE-2013-4348, Important)
* A flaw was found in the way the Linux kernel's IPv6 implementation
handled certain UDP packets when the UDP Fragmentation Offload (UFO)
feature was enabled. A remote attacker could use this flaw to crash
the system or, potentially, escalate their privileges on the system.
(CVE-2013-4387, Important)
* A flaw was found in the way the Linux kernel handled the creation of
temporary IPv6 addresses. If the IPv6 privacy extension was enabled
(/proc/sys/net/ipv6/conf/eth0/use_tempaddr set to '2'), an attacker on
the local network could disable IPv6 temporary address generation,
leading to a potential information disclosure. (CVE-2013-0343,
Moderate)
* A flaw was found in the way the Linux kernel handled HID (Human
Interface Device) reports with an out-of-bounds Report ID. An attacker
with physical access to the system could use this flaw to crash the
system or, potentially, escalate their privileges on the system.
(CVE-2013-2888, Moderate)
* Heap-based buffer overflow flaws were found in the way the
Pantherlord/GreenAsia game controller driver, the Logitech force
feedback drivers, and the Logitech Unifying receivers driver handled
HID reports. An attacker with physical access to the system could use
these flaws to crash the system or, potentially, escalate their
privileges on the system. (CVE-2013-2892, CVE-2013-2893,
CVE-2013-2895, Moderate)
* A NULL pointer dereference flaw was found in the way the N-Trig
touch screen driver handled HID reports. An attacker with physical
access to the system could use this flaw to crash the system,
resulting in a denial of service. (CVE-2013-2896, Moderate)
* An information leak flaw was found in the way the Linux kernel's
device mapper subsystem, under certain conditions, interpreted data
written to snapshot block devices. An attacker could use this flaw to
read data from disk blocks in free space, which are normally
inaccessible. (CVE-2013-4299, Moderate)
* A use-after-free flaw was found in the tun_set_iff() function in the
Universal TUN/TAP device driver implementation in the Linux kernel. A
privileged user could use this flaw to crash the system or,
potentially, further escalate their privileges on the system.
(CVE-2013-4343, Moderate)
* An off-by-one flaw was found in the way the ANSI CPRNG
implementation in the Linux kernel processed non-block size aligned
requests. This could lead to random numbers being generated with less
bits of entropy than expected when ANSI CPRNG was used.
(CVE-2013-4345, Moderate)
* A flaw was found in the way the Linux kernel's IPv6 SCTP
implementation interacted with the IPsec subsystem. This resulted in
unencrypted SCTP packets being sent over the network even though IPsec
encryption was enabled. An attacker able to inspect these SCTP packets
could use this flaw to obtain potentially sensitive information.
(CVE-2013-4350, Moderate)
Red Hat would like to thank Fujitsu for reporting CVE-2013-4299 and
Stephan Mueller for reporting CVE-2013-4345. The CVE-2013-4348 issue
was discovered by Jason Wang of Red Hat.
Bug fix :
* RoCE appeared to be supported in the MRG Realtime kernel even when
the required user space packages from the HPN channel were not
installed. The Realtime kernel now checks for the HPN channel packages
before exposing the RoCE interfaces. RoCE devices appear as plain
10GigE devices if the needed HPN channel user space packages are not
installed. (BZ#1012993)
Users should upgrade to these updated packages, which upgrade the
kernel-rt kernel to version kernel-rt-3.8.13-rt14, and correct these
issues. The system must be rebooted for this update to take effect."
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/errata/RHSA-2013:1490"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2013-4299"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2013-0343"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2013-4345"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2013-4343"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2013-4348"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2013-2895"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2013-2896"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2013-2888"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2013-4387"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2013-2892"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2013-2893"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2013-4350"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mrg-rt-release");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
script_set_attribute(attribute:"patch_publication_date", value:"2013/10/31");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/22");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Red Hat Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! ereg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo))
{
rhsa = "RHSA-2013:1490";
yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
if (!empty_or_null(yum_report))
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : yum_report
);
exit(0);
}
else
{
audit_message = "affected by Red Hat security advisory " + rhsa;
audit(AUDIT_OS_NOT, audit_message);
}
}
else
{
flag = 0;
if (! (rpm_exists(release:"RHEL6", rpm:"mrg-release"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "MRG");
if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-3.8.13-rt14.25.el6rt")) flag++;
if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debug-3.8.13-rt14.25.el6rt")) flag++;
if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debug-debuginfo-3.8.13-rt14.25.el6rt")) flag++;
if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debug-devel-3.8.13-rt14.25.el6rt")) flag++;
if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debuginfo-3.8.13-rt14.25.el6rt")) flag++;
if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debuginfo-common-x86_64-3.8.13-rt14.25.el6rt")) flag++;
if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-devel-3.8.13-rt14.25.el6rt")) flag++;
if (rpm_check(release:"RHEL6", reference:"kernel-rt-doc-3.8.13-rt14.25.el6rt")) flag++;
if (rpm_check(release:"RHEL6", reference:"kernel-rt-firmware-3.8.13-rt14.25.el6rt")) flag++;
if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-trace-3.8.13-rt14.25.el6rt")) flag++;
if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-trace-debuginfo-3.8.13-rt14.25.el6rt")) flag++;
if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-trace-devel-3.8.13-rt14.25.el6rt")) flag++;
if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-vanilla-3.8.13-rt14.25.el6rt")) flag++;
if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-vanilla-debuginfo-3.8.13-rt14.25.el6rt")) flag++;
if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-vanilla-devel-3.8.13-rt14.25.el6rt")) flag++;
if (rpm_check(release:"RHEL6", reference:"mrg-rt-release-3.8.13-rt14.25.el6rt")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get() + redhat_report_package_caveat()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc");
}
}
{"id": "REDHAT-RHSA-2013-1490.NASL", "bulletinFamily": "scanner", "title": "RHEL 6 : MRG (RHSA-2013:1490)", "description": "Updated kernel-rt packages that fix multiple security issues and one\nbug are now available for Red Hat Enterprise MRG 2.4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way IP packets with an Internet Header\nLength (ihl) of zero were processed in the skb_flow_dissect() function\nin the Linux kernel. A remote attacker could use this flaw to trigger\nan infinite loop in the kernel, leading to a denial of service.\n(CVE-2013-4348, Important)\n\n* A flaw was found in the way the Linux kernel's IPv6 implementation\nhandled certain UDP packets when the UDP Fragmentation Offload (UFO)\nfeature was enabled. A remote attacker could use this flaw to crash\nthe system or, potentially, escalate their privileges on the system.\n(CVE-2013-4387, Important)\n\n* A flaw was found in the way the Linux kernel handled the creation of\ntemporary IPv6 addresses. If the IPv6 privacy extension was enabled\n(/proc/sys/net/ipv6/conf/eth0/use_tempaddr set to '2'), an attacker on\nthe local network could disable IPv6 temporary address generation,\nleading to a potential information disclosure. (CVE-2013-0343,\nModerate)\n\n* A flaw was found in the way the Linux kernel handled HID (Human\nInterface Device) reports with an out-of-bounds Report ID. An attacker\nwith physical access to the system could use this flaw to crash the\nsystem or, potentially, escalate their privileges on the system.\n(CVE-2013-2888, Moderate)\n\n* Heap-based buffer overflow flaws were found in the way the\nPantherlord/GreenAsia game controller driver, the Logitech force\nfeedback drivers, and the Logitech Unifying receivers driver handled\nHID reports. An attacker with physical access to the system could use\nthese flaws to crash the system or, potentially, escalate their\nprivileges on the system. (CVE-2013-2892, CVE-2013-2893,\nCVE-2013-2895, Moderate)\n\n* A NULL pointer dereference flaw was found in the way the N-Trig\ntouch screen driver handled HID reports. An attacker with physical\naccess to the system could use this flaw to crash the system,\nresulting in a denial of service. (CVE-2013-2896, Moderate)\n\n* An information leak flaw was found in the way the Linux kernel's\ndevice mapper subsystem, under certain conditions, interpreted data\nwritten to snapshot block devices. An attacker could use this flaw to\nread data from disk blocks in free space, which are normally\ninaccessible. (CVE-2013-4299, Moderate)\n\n* A use-after-free flaw was found in the tun_set_iff() function in the\nUniversal TUN/TAP device driver implementation in the Linux kernel. A\nprivileged user could use this flaw to crash the system or,\npotentially, further escalate their privileges on the system.\n(CVE-2013-4343, Moderate)\n\n* An off-by-one flaw was found in the way the ANSI CPRNG\nimplementation in the Linux kernel processed non-block size aligned\nrequests. This could lead to random numbers being generated with less\nbits of entropy than expected when ANSI CPRNG was used.\n(CVE-2013-4345, Moderate)\n\n* A flaw was found in the way the Linux kernel's IPv6 SCTP\nimplementation interacted with the IPsec subsystem. This resulted in\nunencrypted SCTP packets being sent over the network even though IPsec\nencryption was enabled. An attacker able to inspect these SCTP packets\ncould use this flaw to obtain potentially sensitive information.\n(CVE-2013-4350, Moderate)\n\nRed Hat would like to thank Fujitsu for reporting CVE-2013-4299 and\nStephan Mueller for reporting CVE-2013-4345. The CVE-2013-4348 issue\nwas discovered by Jason Wang of Red Hat.\n\nBug fix :\n\n* RoCE appeared to be supported in the MRG Realtime kernel even when\nthe required user space packages from the HPN channel were not\ninstalled. The Realtime kernel now checks for the HPN channel packages\nbefore exposing the RoCE interfaces. RoCE devices appear as plain\n10GigE devices if the needed HPN channel user space packages are not\ninstalled. (BZ#1012993)\n\nUsers should upgrade to these updated packages, which upgrade the\nkernel-rt kernel to version kernel-rt-3.8.13-rt14, and correct these\nissues. The system must be rebooted for this update to take effect.", "published": "2014-07-22T00:00:00", "modified": "2018-11-10T00:00:00", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=76669", "reporter": "Tenable", "references": ["https://access.redhat.com/security/cve/cve-2013-4299", "https://access.redhat.com/security/cve/cve-2013-0343", "https://access.redhat.com/security/cve/cve-2013-2896", "https://access.redhat.com/security/cve/cve-2013-4348", "https://access.redhat.com/security/cve/cve-2013-2888", "https://access.redhat.com/security/cve/cve-2013-4350", "https://access.redhat.com/security/cve/cve-2013-4345", "https://access.redhat.com/security/cve/cve-2013-4387", "https://access.redhat.com/security/cve/cve-2013-4343", "https://access.redhat.com/security/cve/cve-2013-2892", "https://access.redhat.com/security/cve/cve-2013-2893", "https://access.redhat.com/errata/RHSA-2013:1490", "https://access.redhat.com/security/cve/cve-2013-2895"], "cvelist": ["CVE-2013-4345", "CVE-2013-2896", "CVE-2013-2892", "CVE-2013-4387", "CVE-2013-4350", "CVE-2013-0343", "CVE-2013-2895", "CVE-2013-4348", "CVE-2013-4343", "CVE-2013-2888", "CVE-2013-4299", "CVE-2013-2893"], "type": "nessus", "lastseen": "2019-01-16T20:19:23", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:mrg-rt-release", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo"], "cvelist": ["CVE-2013-4345", "CVE-2013-2896", "CVE-2013-2892", "CVE-2013-4387", "CVE-2013-4350", "CVE-2013-0343", "CVE-2013-2895", "CVE-2013-4348", "CVE-2013-4343", "CVE-2013-2888", "CVE-2013-4299", "CVE-2013-2893"], "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "description": "Updated kernel-rt packages that fix multiple security issues and one bug are now available for Red Hat Enterprise MRG 2.4.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel-rt packages contain the Linux kernel, the core of any Linux operating system.\n\n* A flaw was found in the way IP packets with an Internet Header Length (ihl) of zero were processed in the skb_flow_dissect() function in the Linux kernel. A remote attacker could use this flaw to trigger an infinite loop in the kernel, leading to a denial of service.\n(CVE-2013-4348, Important)\n\n* A flaw was found in the way the Linux kernel's IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload (UFO) feature was enabled. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system.\n(CVE-2013-4387, Important)\n\n* A flaw was found in the way the Linux kernel handled the creation of temporary IPv6 addresses. If the IPv6 privacy extension was enabled (/proc/sys/net/ipv6/conf/eth0/use_tempaddr set to '2'), an attacker on the local network could disable IPv6 temporary address generation, leading to a potential information disclosure. (CVE-2013-0343, Moderate)\n\n* A flaw was found in the way the Linux kernel handled HID (Human Interface Device) reports with an out-of-bounds Report ID. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system.\n(CVE-2013-2888, Moderate)\n\n* Heap-based buffer overflow flaws were found in the way the Pantherlord/GreenAsia game controller driver, the Logitech force feedback drivers, and the Logitech Unifying receivers driver handled HID reports. An attacker with physical access to the system could use these flaws to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, Moderate)\n\n* A NULL pointer dereference flaw was found in the way the N-Trig touch screen driver handled HID reports. An attacker with physical access to the system could use this flaw to crash the system, resulting in a denial of service. (CVE-2013-2896, Moderate)\n\n* An information leak flaw was found in the way the Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible. (CVE-2013-4299, Moderate)\n\n* A use-after-free flaw was found in the tun_set_iff() function in the Universal TUN/TAP device driver implementation in the Linux kernel. A privileged user could use this flaw to crash the system or, potentially, further escalate their privileges on the system.\n(CVE-2013-4343, Moderate)\n\n* An off-by-one flaw was found in the way the ANSI CPRNG implementation in the Linux kernel processed non-block size aligned requests. This could lead to random numbers being generated with less bits of entropy than expected when ANSI CPRNG was used.\n(CVE-2013-4345, Moderate)\n\n* A flaw was found in the way the Linux kernel's IPv6 SCTP implementation interacted with the IPsec subsystem. This resulted in unencrypted SCTP packets being sent over the network even though IPsec encryption was enabled. An attacker able to inspect these SCTP packets could use this flaw to obtain potentially sensitive information.\n(CVE-2013-4350, Moderate)\n\nRed Hat would like to thank Fujitsu for reporting CVE-2013-4299 and Stephan Mueller for reporting CVE-2013-4345. The CVE-2013-4348 issue was discovered by Jason Wang of Red Hat.\n\nBug fix :\n\n* RoCE appeared to be supported in the MRG Realtime kernel even when the required user space packages from the HPN channel were not installed. The Realtime kernel now checks for the HPN channel packages before exposing the RoCE interfaces. RoCE devices appear as plain 10GigE devices if the needed HPN channel user space packages are not installed. (BZ#1012993)\n\nUsers should upgrade to these updated packages, which upgrade the kernel-rt kernel to version kernel-rt-3.8.13-rt14, and correct these issues. The system must be rebooted for this update to take effect.", "edition": 8, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "c74a5ff925744d91adb8c574f22461ac708e11d9c490d09bd5040f247a996125", "hashmap": [{"hash": "d7671af6991de95548756e619955253b", "key": "published"}, {"hash": "cd1ed6471de58032abf24c7ce63bd4e8", "key": "title"}, {"hash": "fa49eede1e9695a00d3f6d851b1f5b3d", "key": "references"}, {"hash": "bf85ac661e90f76efc3e3b625164c738", "key": "cvss"}, {"hash": "5bd5a57d05721707af08d62acbcb240b", "key": "cvelist"}, {"hash": "d92b7de6b45584975dd6eb0454f618c6", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "3f841da43d612555d2a226f563c450e5", "key": "pluginID"}, {"hash": "0d3302d18197b512cf87e06a1677e48b", "key": "sourceData"}, {"hash": "f88d50f5167050f5b3367c6d99617b00", "key": "modified"}, {"hash": "30078b1944ca2181356c14a8e0a672fa", "key": "cpe"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "9b63769178f5c87ea3f7240d5295b0b1", "key": "href"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=76669", "id": "REDHAT-RHSA-2013-1490.NASL", "lastseen": "2018-09-14T11:55:31", "modified": "2018-09-12T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "76669", "published": "2014-07-22T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2013-4350.html", "https://www.redhat.com/security/data/cve/CVE-2013-4345.html", "https://www.redhat.com/security/data/cve/CVE-2013-2895.html", "https://www.redhat.com/security/data/cve/CVE-2013-4299.html", "https://www.redhat.com/security/data/cve/CVE-2013-2893.html", "https://www.redhat.com/security/data/cve/CVE-2013-2896.html", "https://www.redhat.com/security/data/cve/CVE-2013-4348.html", "https://www.redhat.com/security/data/cve/CVE-2013-4387.html", "https://www.redhat.com/security/data/cve/CVE-2013-4343.html", "http://rhn.redhat.com/errata/RHSA-2013-1490.html", "https://www.redhat.com/security/data/cve/CVE-2013-0343.html", "https://www.redhat.com/security/data/cve/CVE-2013-2892.html", "https://www.redhat.com/security/data/cve/CVE-2013-2888.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1490. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76669);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/09/12 15:00:25\");\n\n script_cve_id(\"CVE-2013-0343\", \"CVE-2013-2888\", \"CVE-2013-2892\", \"CVE-2013-2893\", \"CVE-2013-2895\", \"CVE-2013-2896\", \"CVE-2013-4299\", \"CVE-2013-4343\", \"CVE-2013-4345\", \"CVE-2013-4348\", \"CVE-2013-4350\", \"CVE-2013-4387\");\n script_bugtraq_id(58795, 62043, 62045, 62048, 62049, 62050, 62360, 62405, 62696, 62740, 63183);\n script_xref(name:\"RHSA\", value:\"2013:1490\");\n\n script_name(english:\"RHEL 6 : MRG (RHSA-2013:1490)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel-rt packages that fix multiple security issues and one\nbug are now available for Red Hat Enterprise MRG 2.4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way IP packets with an Internet Header\nLength (ihl) of zero were processed in the skb_flow_dissect() function\nin the Linux kernel. A remote attacker could use this flaw to trigger\nan infinite loop in the kernel, leading to a denial of service.\n(CVE-2013-4348, Important)\n\n* A flaw was found in the way the Linux kernel's IPv6 implementation\nhandled certain UDP packets when the UDP Fragmentation Offload (UFO)\nfeature was enabled. A remote attacker could use this flaw to crash\nthe system or, potentially, escalate their privileges on the system.\n(CVE-2013-4387, Important)\n\n* A flaw was found in the way the Linux kernel handled the creation of\ntemporary IPv6 addresses. If the IPv6 privacy extension was enabled\n(/proc/sys/net/ipv6/conf/eth0/use_tempaddr set to '2'), an attacker on\nthe local network could disable IPv6 temporary address generation,\nleading to a potential information disclosure. (CVE-2013-0343,\nModerate)\n\n* A flaw was found in the way the Linux kernel handled HID (Human\nInterface Device) reports with an out-of-bounds Report ID. An attacker\nwith physical access to the system could use this flaw to crash the\nsystem or, potentially, escalate their privileges on the system.\n(CVE-2013-2888, Moderate)\n\n* Heap-based buffer overflow flaws were found in the way the\nPantherlord/GreenAsia game controller driver, the Logitech force\nfeedback drivers, and the Logitech Unifying receivers driver handled\nHID reports. An attacker with physical access to the system could use\nthese flaws to crash the system or, potentially, escalate their\nprivileges on the system. (CVE-2013-2892, CVE-2013-2893,\nCVE-2013-2895, Moderate)\n\n* A NULL pointer dereference flaw was found in the way the N-Trig\ntouch screen driver handled HID reports. An attacker with physical\naccess to the system could use this flaw to crash the system,\nresulting in a denial of service. (CVE-2013-2896, Moderate)\n\n* An information leak flaw was found in the way the Linux kernel's\ndevice mapper subsystem, under certain conditions, interpreted data\nwritten to snapshot block devices. An attacker could use this flaw to\nread data from disk blocks in free space, which are normally\ninaccessible. (CVE-2013-4299, Moderate)\n\n* A use-after-free flaw was found in the tun_set_iff() function in the\nUniversal TUN/TAP device driver implementation in the Linux kernel. A\nprivileged user could use this flaw to crash the system or,\npotentially, further escalate their privileges on the system.\n(CVE-2013-4343, Moderate)\n\n* An off-by-one flaw was found in the way the ANSI CPRNG\nimplementation in the Linux kernel processed non-block size aligned\nrequests. This could lead to random numbers being generated with less\nbits of entropy than expected when ANSI CPRNG was used.\n(CVE-2013-4345, Moderate)\n\n* A flaw was found in the way the Linux kernel's IPv6 SCTP\nimplementation interacted with the IPsec subsystem. This resulted in\nunencrypted SCTP packets being sent over the network even though IPsec\nencryption was enabled. An attacker able to inspect these SCTP packets\ncould use this flaw to obtain potentially sensitive information.\n(CVE-2013-4350, Moderate)\n\nRed Hat would like to thank Fujitsu for reporting CVE-2013-4299 and\nStephan Mueller for reporting CVE-2013-4345. The CVE-2013-4348 issue\nwas discovered by Jason Wang of Red Hat.\n\nBug fix :\n\n* RoCE appeared to be supported in the MRG Realtime kernel even when\nthe required user space packages from the HPN channel were not\ninstalled. The Realtime kernel now checks for the HPN channel packages\nbefore exposing the RoCE interfaces. RoCE devices appear as plain\n10GigE devices if the needed HPN channel user space packages are not\ninstalled. (BZ#1012993)\n\nUsers should upgrade to these updated packages, which upgrade the\nkernel-rt kernel to version kernel-rt-3.8.13-rt14, and correct these\nissues. The system must be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-1490.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4299.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0343.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4345.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4343.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4348.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-2895.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-2896.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-2888.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4387.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-2892.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-2893.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4350.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mrg-rt-release\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1490\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL6\", rpm:\"mrg-release\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MRG\");\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-devel-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-rt-doc-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-rt-firmware-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-debuginfo-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-devel-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"mrg-rt-release-3.8.13-rt14.25.el6rt\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "title": "RHEL 6 : MRG (RHSA-2013:1490)", "type": "nessus", "viewCount": 3}, "differentElements": ["references", "modified", "sourceData"], "edition": 8, "lastseen": "2018-09-14T11:55:31"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:mrg-rt-release", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo"], "cvelist": ["CVE-2013-4345", "CVE-2013-2896", "CVE-2013-2892", "CVE-2013-4387", "CVE-2013-4350", "CVE-2013-0343", "CVE-2013-2895", "CVE-2013-4348", "CVE-2013-4343", "CVE-2013-2888", "CVE-2013-4299", "CVE-2013-2893"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Updated kernel-rt packages that fix multiple security issues and one bug are now available for Red Hat Enterprise MRG 2.4.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel-rt packages contain the Linux kernel, the core of any Linux operating system.\n\n* A flaw was found in the way IP packets with an Internet Header Length (ihl) of zero were processed in the skb_flow_dissect() function in the Linux kernel. A remote attacker could use this flaw to trigger an infinite loop in the kernel, leading to a denial of service.\n(CVE-2013-4348, Important)\n\n* A flaw was found in the way the Linux kernel's IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload (UFO) feature was enabled. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system.\n(CVE-2013-4387, Important)\n\n* A flaw was found in the way the Linux kernel handled the creation of temporary IPv6 addresses. If the IPv6 privacy extension was enabled (/proc/sys/net/ipv6/conf/eth0/use_tempaddr set to '2'), an attacker on the local network could disable IPv6 temporary address generation, leading to a potential information disclosure. (CVE-2013-0343, Moderate)\n\n* A flaw was found in the way the Linux kernel handled HID (Human Interface Device) reports with an out-of-bounds Report ID. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system.\n(CVE-2013-2888, Moderate)\n\n* Heap-based buffer overflow flaws were found in the way the Pantherlord/GreenAsia game controller driver, the Logitech force feedback drivers, and the Logitech Unifying receivers driver handled HID reports. An attacker with physical access to the system could use these flaws to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, Moderate)\n\n* A NULL pointer dereference flaw was found in the way the N-Trig touch screen driver handled HID reports. An attacker with physical access to the system could use this flaw to crash the system, resulting in a denial of service. (CVE-2013-2896, Moderate)\n\n* An information leak flaw was found in the way the Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible. (CVE-2013-4299, Moderate)\n\n* A use-after-free flaw was found in the tun_set_iff() function in the Universal TUN/TAP device driver implementation in the Linux kernel. A privileged user could use this flaw to crash the system or, potentially, further escalate their privileges on the system.\n(CVE-2013-4343, Moderate)\n\n* An off-by-one flaw was found in the way the ANSI CPRNG implementation in the Linux kernel processed non-block size aligned requests. This could lead to random numbers being generated with less bits of entropy than expected when ANSI CPRNG was used.\n(CVE-2013-4345, Moderate)\n\n* A flaw was found in the way the Linux kernel's IPv6 SCTP implementation interacted with the IPsec subsystem. This resulted in unencrypted SCTP packets being sent over the network even though IPsec encryption was enabled. An attacker able to inspect these SCTP packets could use this flaw to obtain potentially sensitive information.\n(CVE-2013-4350, Moderate)\n\nRed Hat would like to thank Fujitsu for reporting CVE-2013-4299 and Stephan Mueller for reporting CVE-2013-4345. The CVE-2013-4348 issue was discovered by Jason Wang of Red Hat.\n\nBug fix :\n\n* RoCE appeared to be supported in the MRG Realtime kernel even when the required user space packages from the HPN channel were not installed. The Realtime kernel now checks for the HPN channel packages before exposing the RoCE interfaces. RoCE devices appear as plain 10GigE devices if the needed HPN channel user space packages are not installed. (BZ#1012993)\n\nUsers should upgrade to these updated packages, which upgrade the kernel-rt kernel to version kernel-rt-3.8.13-rt14, and correct these issues. The system must be rebooted for this update to take effect.", "edition": 5, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "754125db0896b9530e2774baf394c762dd86a31b8e73ef5700f6f09940350324", "hashmap": [{"hash": "66e0517618637083a3f8de225456bddc", "key": "sourceData"}, {"hash": "d7671af6991de95548756e619955253b", "key": "published"}, {"hash": "7c03779312ffcb90b2c1d0c697a916c4", "key": "modified"}, {"hash": "cd1ed6471de58032abf24c7ce63bd4e8", "key": "title"}, {"hash": "fa49eede1e9695a00d3f6d851b1f5b3d", "key": "references"}, {"hash": "5bd5a57d05721707af08d62acbcb240b", "key": "cvelist"}, {"hash": "d92b7de6b45584975dd6eb0454f618c6", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "3f841da43d612555d2a226f563c450e5", "key": "pluginID"}, {"hash": "30078b1944ca2181356c14a8e0a672fa", "key": "cpe"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "9b63769178f5c87ea3f7240d5295b0b1", "key": "href"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=76669", "id": "REDHAT-RHSA-2013-1490.NASL", "lastseen": "2018-08-30T19:34:16", "modified": "2018-07-26T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "76669", "published": "2014-07-22T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2013-4350.html", "https://www.redhat.com/security/data/cve/CVE-2013-4345.html", "https://www.redhat.com/security/data/cve/CVE-2013-2895.html", "https://www.redhat.com/security/data/cve/CVE-2013-4299.html", "https://www.redhat.com/security/data/cve/CVE-2013-2893.html", "https://www.redhat.com/security/data/cve/CVE-2013-2896.html", "https://www.redhat.com/security/data/cve/CVE-2013-4348.html", "https://www.redhat.com/security/data/cve/CVE-2013-4387.html", "https://www.redhat.com/security/data/cve/CVE-2013-4343.html", "http://rhn.redhat.com/errata/RHSA-2013-1490.html", "https://www.redhat.com/security/data/cve/CVE-2013-0343.html", "https://www.redhat.com/security/data/cve/CVE-2013-2892.html", "https://www.redhat.com/security/data/cve/CVE-2013-2888.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1490. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76669);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/26 18:45:28\");\n\n script_cve_id(\"CVE-2013-0343\", \"CVE-2013-2888\", \"CVE-2013-2892\", \"CVE-2013-2893\", \"CVE-2013-2895\", \"CVE-2013-2896\", \"CVE-2013-4299\", \"CVE-2013-4343\", \"CVE-2013-4345\", \"CVE-2013-4348\", \"CVE-2013-4350\", \"CVE-2013-4387\");\n script_bugtraq_id(58795, 62043, 62045, 62048, 62049, 62050, 62360, 62405, 62696, 62740, 63183);\n script_xref(name:\"RHSA\", value:\"2013:1490\");\n\n script_name(english:\"RHEL 6 : MRG (RHSA-2013:1490)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel-rt packages that fix multiple security issues and one\nbug are now available for Red Hat Enterprise MRG 2.4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way IP packets with an Internet Header\nLength (ihl) of zero were processed in the skb_flow_dissect() function\nin the Linux kernel. A remote attacker could use this flaw to trigger\nan infinite loop in the kernel, leading to a denial of service.\n(CVE-2013-4348, Important)\n\n* A flaw was found in the way the Linux kernel's IPv6 implementation\nhandled certain UDP packets when the UDP Fragmentation Offload (UFO)\nfeature was enabled. A remote attacker could use this flaw to crash\nthe system or, potentially, escalate their privileges on the system.\n(CVE-2013-4387, Important)\n\n* A flaw was found in the way the Linux kernel handled the creation of\ntemporary IPv6 addresses. If the IPv6 privacy extension was enabled\n(/proc/sys/net/ipv6/conf/eth0/use_tempaddr set to '2'), an attacker on\nthe local network could disable IPv6 temporary address generation,\nleading to a potential information disclosure. (CVE-2013-0343,\nModerate)\n\n* A flaw was found in the way the Linux kernel handled HID (Human\nInterface Device) reports with an out-of-bounds Report ID. An attacker\nwith physical access to the system could use this flaw to crash the\nsystem or, potentially, escalate their privileges on the system.\n(CVE-2013-2888, Moderate)\n\n* Heap-based buffer overflow flaws were found in the way the\nPantherlord/GreenAsia game controller driver, the Logitech force\nfeedback drivers, and the Logitech Unifying receivers driver handled\nHID reports. An attacker with physical access to the system could use\nthese flaws to crash the system or, potentially, escalate their\nprivileges on the system. (CVE-2013-2892, CVE-2013-2893,\nCVE-2013-2895, Moderate)\n\n* A NULL pointer dereference flaw was found in the way the N-Trig\ntouch screen driver handled HID reports. An attacker with physical\naccess to the system could use this flaw to crash the system,\nresulting in a denial of service. (CVE-2013-2896, Moderate)\n\n* An information leak flaw was found in the way the Linux kernel's\ndevice mapper subsystem, under certain conditions, interpreted data\nwritten to snapshot block devices. An attacker could use this flaw to\nread data from disk blocks in free space, which are normally\ninaccessible. (CVE-2013-4299, Moderate)\n\n* A use-after-free flaw was found in the tun_set_iff() function in the\nUniversal TUN/TAP device driver implementation in the Linux kernel. A\nprivileged user could use this flaw to crash the system or,\npotentially, further escalate their privileges on the system.\n(CVE-2013-4343, Moderate)\n\n* An off-by-one flaw was found in the way the ANSI CPRNG\nimplementation in the Linux kernel processed non-block size aligned\nrequests. This could lead to random numbers being generated with less\nbits of entropy than expected when ANSI CPRNG was used.\n(CVE-2013-4345, Moderate)\n\n* A flaw was found in the way the Linux kernel's IPv6 SCTP\nimplementation interacted with the IPsec subsystem. This resulted in\nunencrypted SCTP packets being sent over the network even though IPsec\nencryption was enabled. An attacker able to inspect these SCTP packets\ncould use this flaw to obtain potentially sensitive information.\n(CVE-2013-4350, Moderate)\n\nRed Hat would like to thank Fujitsu for reporting CVE-2013-4299 and\nStephan Mueller for reporting CVE-2013-4345. The CVE-2013-4348 issue\nwas discovered by Jason Wang of Red Hat.\n\nBug fix :\n\n* RoCE appeared to be supported in the MRG Realtime kernel even when\nthe required user space packages from the HPN channel were not\ninstalled. The Realtime kernel now checks for the HPN channel packages\nbefore exposing the RoCE interfaces. RoCE devices appear as plain\n10GigE devices if the needed HPN channel user space packages are not\ninstalled. (BZ#1012993)\n\nUsers should upgrade to these updated packages, which upgrade the\nkernel-rt kernel to version kernel-rt-3.8.13-rt14, and correct these\nissues. The system must be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0343.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-2888.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-2892.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-2893.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-2895.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-2896.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4299.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4343.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4345.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4348.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4350.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4387.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-1490.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mrg-rt-release\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1490\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL6\", rpm:\"mrg-release\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MRG\");\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-devel-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-rt-doc-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-rt-firmware-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-debuginfo-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-devel-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"mrg-rt-release-3.8.13-rt14.25.el6rt\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "title": "RHEL 6 : MRG (RHSA-2013:1490)", "type": "nessus", "viewCount": 3}, "differentElements": ["cvss"], "edition": 5, "lastseen": "2018-08-30T19:34:16"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:mrg-rt-release", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo"], "cvelist": ["CVE-2013-4345", "CVE-2013-2896", "CVE-2013-2892", "CVE-2013-4387", "CVE-2013-4350", "CVE-2013-0343", "CVE-2013-2895", "CVE-2013-4348", "CVE-2013-4343", "CVE-2013-2888", "CVE-2013-4299", "CVE-2013-2893"], "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "description": "Updated kernel-rt packages that fix multiple security issues and one bug are now available for Red Hat Enterprise MRG 2.4.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel-rt packages contain the Linux kernel, the core of any Linux operating system.\n\n* A flaw was found in the way IP packets with an Internet Header Length (ihl) of zero were processed in the skb_flow_dissect() function in the Linux kernel. A remote attacker could use this flaw to trigger an infinite loop in the kernel, leading to a denial of service.\n(CVE-2013-4348, Important)\n\n* A flaw was found in the way the Linux kernel's IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload (UFO) feature was enabled. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system.\n(CVE-2013-4387, Important)\n\n* A flaw was found in the way the Linux kernel handled the creation of temporary IPv6 addresses. If the IPv6 privacy extension was enabled (/proc/sys/net/ipv6/conf/eth0/use_tempaddr set to '2'), an attacker on the local network could disable IPv6 temporary address generation, leading to a potential information disclosure. (CVE-2013-0343, Moderate)\n\n* A flaw was found in the way the Linux kernel handled HID (Human Interface Device) reports with an out-of-bounds Report ID. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system.\n(CVE-2013-2888, Moderate)\n\n* Heap-based buffer overflow flaws were found in the way the Pantherlord/GreenAsia game controller driver, the Logitech force feedback drivers, and the Logitech Unifying receivers driver handled HID reports. An attacker with physical access to the system could use these flaws to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, Moderate)\n\n* A NULL pointer dereference flaw was found in the way the N-Trig touch screen driver handled HID reports. An attacker with physical access to the system could use this flaw to crash the system, resulting in a denial of service. (CVE-2013-2896, Moderate)\n\n* An information leak flaw was found in the way the Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible. (CVE-2013-4299, Moderate)\n\n* A use-after-free flaw was found in the tun_set_iff() function in the Universal TUN/TAP device driver implementation in the Linux kernel. A privileged user could use this flaw to crash the system or, potentially, further escalate their privileges on the system.\n(CVE-2013-4343, Moderate)\n\n* An off-by-one flaw was found in the way the ANSI CPRNG implementation in the Linux kernel processed non-block size aligned requests. This could lead to random numbers being generated with less bits of entropy than expected when ANSI CPRNG was used.\n(CVE-2013-4345, Moderate)\n\n* A flaw was found in the way the Linux kernel's IPv6 SCTP implementation interacted with the IPsec subsystem. This resulted in unencrypted SCTP packets being sent over the network even though IPsec encryption was enabled. An attacker able to inspect these SCTP packets could use this flaw to obtain potentially sensitive information.\n(CVE-2013-4350, Moderate)\n\nRed Hat would like to thank Fujitsu for reporting CVE-2013-4299 and Stephan Mueller for reporting CVE-2013-4345. The CVE-2013-4348 issue was discovered by Jason Wang of Red Hat.\n\nBug fix :\n\n* RoCE appeared to be supported in the MRG Realtime kernel even when the required user space packages from the HPN channel were not installed. The Realtime kernel now checks for the HPN channel packages before exposing the RoCE interfaces. RoCE devices appear as plain 10GigE devices if the needed HPN channel user space packages are not installed. (BZ#1012993)\n\nUsers should upgrade to these updated packages, which upgrade the kernel-rt kernel to version kernel-rt-3.8.13-rt14, and correct these issues. The system must be rebooted for this update to take effect.", "edition": 9, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "1451de58d1de4e205e0063379b68e90258342ddf730f741ebe6d9b2fd73cb221", "hashmap": [{"hash": "d7671af6991de95548756e619955253b", "key": "published"}, {"hash": "d05d4d1769641e8b73286dd7da1671aa", "key": "references"}, {"hash": "cd1ed6471de58032abf24c7ce63bd4e8", "key": "title"}, {"hash": "bf85ac661e90f76efc3e3b625164c738", "key": "cvss"}, {"hash": "5bd5a57d05721707af08d62acbcb240b", "key": "cvelist"}, {"hash": "d92b7de6b45584975dd6eb0454f618c6", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "3f841da43d612555d2a226f563c450e5", "key": "pluginID"}, {"hash": "30078b1944ca2181356c14a8e0a672fa", "key": "cpe"}, {"hash": "dceaa1e717922b419c7603f4e135f1fa", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "3c764d4cf584f9ded7aa4dcca57c78ff", "key": "modified"}, {"hash": "9b63769178f5c87ea3f7240d5295b0b1", "key": "href"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=76669", "id": "REDHAT-RHSA-2013-1490.NASL", "lastseen": "2018-11-13T16:47:39", "modified": "2018-11-10T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "76669", "published": "2014-07-22T00:00:00", "references": ["https://access.redhat.com/security/cve/cve-2013-4299", "https://access.redhat.com/security/cve/cve-2013-0343", "https://access.redhat.com/security/cve/cve-2013-2896", "https://access.redhat.com/security/cve/cve-2013-4348", "https://access.redhat.com/security/cve/cve-2013-2888", "https://access.redhat.com/security/cve/cve-2013-4350", "https://access.redhat.com/security/cve/cve-2013-4345", "https://access.redhat.com/security/cve/cve-2013-4387", "https://access.redhat.com/security/cve/cve-2013-4343", "https://access.redhat.com/security/cve/cve-2013-2892", "https://access.redhat.com/security/cve/cve-2013-2893", "https://access.redhat.com/errata/RHSA-2013:1490", "https://access.redhat.com/security/cve/cve-2013-2895"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1490. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76669);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/10 11:49:53\");\n\n script_cve_id(\"CVE-2013-0343\", \"CVE-2013-2888\", \"CVE-2013-2892\", \"CVE-2013-2893\", \"CVE-2013-2895\", \"CVE-2013-2896\", \"CVE-2013-4299\", \"CVE-2013-4343\", \"CVE-2013-4345\", \"CVE-2013-4348\", \"CVE-2013-4350\", \"CVE-2013-4387\");\n script_bugtraq_id(58795, 62043, 62045, 62048, 62049, 62050, 62360, 62405, 62696, 62740, 63183);\n script_xref(name:\"RHSA\", value:\"2013:1490\");\n\n script_name(english:\"RHEL 6 : MRG (RHSA-2013:1490)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel-rt packages that fix multiple security issues and one\nbug are now available for Red Hat Enterprise MRG 2.4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way IP packets with an Internet Header\nLength (ihl) of zero were processed in the skb_flow_dissect() function\nin the Linux kernel. A remote attacker could use this flaw to trigger\nan infinite loop in the kernel, leading to a denial of service.\n(CVE-2013-4348, Important)\n\n* A flaw was found in the way the Linux kernel's IPv6 implementation\nhandled certain UDP packets when the UDP Fragmentation Offload (UFO)\nfeature was enabled. A remote attacker could use this flaw to crash\nthe system or, potentially, escalate their privileges on the system.\n(CVE-2013-4387, Important)\n\n* A flaw was found in the way the Linux kernel handled the creation of\ntemporary IPv6 addresses. If the IPv6 privacy extension was enabled\n(/proc/sys/net/ipv6/conf/eth0/use_tempaddr set to '2'), an attacker on\nthe local network could disable IPv6 temporary address generation,\nleading to a potential information disclosure. (CVE-2013-0343,\nModerate)\n\n* A flaw was found in the way the Linux kernel handled HID (Human\nInterface Device) reports with an out-of-bounds Report ID. An attacker\nwith physical access to the system could use this flaw to crash the\nsystem or, potentially, escalate their privileges on the system.\n(CVE-2013-2888, Moderate)\n\n* Heap-based buffer overflow flaws were found in the way the\nPantherlord/GreenAsia game controller driver, the Logitech force\nfeedback drivers, and the Logitech Unifying receivers driver handled\nHID reports. An attacker with physical access to the system could use\nthese flaws to crash the system or, potentially, escalate their\nprivileges on the system. (CVE-2013-2892, CVE-2013-2893,\nCVE-2013-2895, Moderate)\n\n* A NULL pointer dereference flaw was found in the way the N-Trig\ntouch screen driver handled HID reports. An attacker with physical\naccess to the system could use this flaw to crash the system,\nresulting in a denial of service. (CVE-2013-2896, Moderate)\n\n* An information leak flaw was found in the way the Linux kernel's\ndevice mapper subsystem, under certain conditions, interpreted data\nwritten to snapshot block devices. An attacker could use this flaw to\nread data from disk blocks in free space, which are normally\ninaccessible. (CVE-2013-4299, Moderate)\n\n* A use-after-free flaw was found in the tun_set_iff() function in the\nUniversal TUN/TAP device driver implementation in the Linux kernel. A\nprivileged user could use this flaw to crash the system or,\npotentially, further escalate their privileges on the system.\n(CVE-2013-4343, Moderate)\n\n* An off-by-one flaw was found in the way the ANSI CPRNG\nimplementation in the Linux kernel processed non-block size aligned\nrequests. This could lead to random numbers being generated with less\nbits of entropy than expected when ANSI CPRNG was used.\n(CVE-2013-4345, Moderate)\n\n* A flaw was found in the way the Linux kernel's IPv6 SCTP\nimplementation interacted with the IPsec subsystem. This resulted in\nunencrypted SCTP packets being sent over the network even though IPsec\nencryption was enabled. An attacker able to inspect these SCTP packets\ncould use this flaw to obtain potentially sensitive information.\n(CVE-2013-4350, Moderate)\n\nRed Hat would like to thank Fujitsu for reporting CVE-2013-4299 and\nStephan Mueller for reporting CVE-2013-4345. The CVE-2013-4348 issue\nwas discovered by Jason Wang of Red Hat.\n\nBug fix :\n\n* RoCE appeared to be supported in the MRG Realtime kernel even when\nthe required user space packages from the HPN channel were not\ninstalled. The Realtime kernel now checks for the HPN channel packages\nbefore exposing the RoCE interfaces. RoCE devices appear as plain\n10GigE devices if the needed HPN channel user space packages are not\ninstalled. (BZ#1012993)\n\nUsers should upgrade to these updated packages, which upgrade the\nkernel-rt kernel to version kernel-rt-3.8.13-rt14, and correct these\nissues. The system must be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:1490\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4387\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2892\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4350\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mrg-rt-release\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1490\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL6\", rpm:\"mrg-release\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MRG\");\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-devel-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-rt-doc-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-rt-firmware-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-debuginfo-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-devel-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"mrg-rt-release-3.8.13-rt14.25.el6rt\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "title": "RHEL 6 : MRG (RHSA-2013:1490)", "type": "nessus", "viewCount": 3}, "differentElements": ["description"], "edition": 9, "lastseen": "2018-11-13T16:47:39"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:mrg-rt-release", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo"], "cvelist": ["CVE-2013-4345", "CVE-2013-2896", "CVE-2013-2892", "CVE-2013-4387", "CVE-2013-4350", "CVE-2013-0343", "CVE-2013-2895", "CVE-2013-4348", "CVE-2013-4343", "CVE-2013-2888", "CVE-2013-4299", "CVE-2013-2893"], "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "description": "Updated kernel-rt packages that fix multiple security issues and one bug are now available for Red Hat Enterprise MRG 2.4.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel-rt packages contain the Linux kernel, the core of any Linux operating system.\n\n* A flaw was found in the way IP packets with an Internet Header Length (ihl) of zero were processed in the skb_flow_dissect() function in the Linux kernel. A remote attacker could use this flaw to trigger an infinite loop in the kernel, leading to a denial of service.\n(CVE-2013-4348, Important)\n\n* A flaw was found in the way the Linux kernel's IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload (UFO) feature was enabled. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system.\n(CVE-2013-4387, Important)\n\n* A flaw was found in the way the Linux kernel handled the creation of temporary IPv6 addresses. If the IPv6 privacy extension was enabled (/proc/ sys/net/ipv6/conf/eth0/use_tempaddr set to '2'), an attacker on the local network could disable IPv6 temporary address generation, leading to a potential information disclosure. (CVE-2013-0343, Moderate)\n\n* A flaw was found in the way the Linux kernel handled HID (Human Interface Device) reports with an out-of-bounds Report ID. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system.\n(CVE-2013-2888, Moderate)\n\n* Heap-based buffer overflow flaws were found in the way the Pantherlord/ GreenAsia game controller driver, the Logitech force feedback drivers, and the Logitech Unifying receivers driver handled HID reports. An attacker with physical access to the system could use these flaws to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, Moderate)\n\n* A NULL pointer dereference flaw was found in the way the N-Trig touch screen driver handled HID reports. An attacker with physical access to the system could use this flaw to crash the system, resulting in a denial of service. (CVE-2013-2896, Moderate)\n\n* An information leak flaw was found in the way the Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible. (CVE-2013-4299, Moderate)\n\n* A use-after-free flaw was found in the tun_set_iff() function in the Universal TUN/TAP device driver implementation in the Linux kernel. A privileged user could use this flaw to crash the system or, potentially, further escalate their privileges on the system.\n(CVE-2013-4343, Moderate)\n\n* An off-by-one flaw was found in the way the ANSI CPRNG implementation in the Linux kernel processed non-block size aligned requests. This could lead to random numbers being generated with less bits of entropy than expected when ANSI CPRNG was used.\n(CVE-2013-4345, Moderate)\n\n* A flaw was found in the way the Linux kernel's IPv6 SCTP implementation interacted with the IPsec subsystem. This resulted in unencrypted SCTP packets being sent over the network even though IPsec encryption was enabled. An attacker able to inspect these SCTP packets could use this flaw to obtain potentially sensitive information.\n(CVE-2013-4350, Moderate)\n\nRed Hat would like to thank Fujitsu for reporting CVE-2013-4299 and Stephan Mueller for reporting CVE-2013-4345. The CVE-2013-4348 issue was discovered by Jason Wang of Red Hat.\n\nBug fix :\n\n* RoCE appeared to be supported in the MRG Realtime kernel even when the required user space packages from the HPN channel were not installed. The Realtime kernel now checks for the HPN channel packages before exposing the RoCE interfaces. RoCE devices appear as plain 10GigE devices if the needed HPN channel user space packages are not installed. (BZ#1012993)\n\nUsers should upgrade to these updated packages, which upgrade the kernel-rt kernel to version kernel-rt-3.8.13-rt14, and correct these issues. The system must be rebooted for this update to take effect.", "edition": 7, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "2ce7b6af6270d69d21a27685a4a28f4ca2cc59a551d47f1271c3d2a6c1b90bb9", "hashmap": [{"hash": "d7671af6991de95548756e619955253b", "key": "published"}, {"hash": "7f86b488cde79959076c92cafc9748f6", "key": "modified"}, {"hash": "cd1ed6471de58032abf24c7ce63bd4e8", "key": "title"}, {"hash": "bf85ac661e90f76efc3e3b625164c738", "key": "cvss"}, {"hash": "0465fedcd76cba5bf1031251991bcd4a", "key": "description"}, {"hash": "5bd5a57d05721707af08d62acbcb240b", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "3f841da43d612555d2a226f563c450e5", "key": "pluginID"}, {"hash": "30078b1944ca2181356c14a8e0a672fa", "key": "cpe"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "9b63769178f5c87ea3f7240d5295b0b1", "key": "href"}, {"hash": "fd111898f0aca00d28bef6f7afc26e53", "key": "references"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "afe5cfbf76d4df0b098af593770ecf86", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=76669", "id": "REDHAT-RHSA-2013-1490.NASL", "lastseen": "2018-09-12T09:55:30", "modified": "2018-09-10T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "76669", "published": "2014-07-22T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2013-4350.html", "https://www.redhat.com/security/data/cve/CVE-2013-4345.html", "https://www.redhat.com/security/data/cve/CVE-2013-2895.html", "https://www.redhat.com/security/data/cve/CVE-2013-4299.html", "https://www.redhat.com/security/data/cve/CVE-2013-2893.html", "https://www.redhat.com/security/data/cve/CVE-2013-2896.html", "https://www.redhat.com/security/data/cve/CVE-2013-4348.html", "https://www.redhat.com/security/data/cve/CVE-2013-4387.html", "https://www.redhat.com/security/data/cve/CVE-2013-4343.html", "https://www.redhat.com/security/data/cve/CVE-2013-0343.html", "https://www.redhat.com/security/data/cve/CVE-2013-2892.html", "https://access.redhat.com/errata/RHSA-2013:1490.html", "https://www.redhat.com/security/data/cve/CVE-2013-2888.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1490. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76669);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/09/10 11:37:05\");\n\n script_cve_id(\"CVE-2013-0343\", \"CVE-2013-2888\", \"CVE-2013-2892\", \"CVE-2013-2893\", \"CVE-2013-2895\", \"CVE-2013-2896\", \"CVE-2013-4299\", \"CVE-2013-4343\", \"CVE-2013-4345\", \"CVE-2013-4348\", \"CVE-2013-4350\", \"CVE-2013-4387\");\n script_bugtraq_id(58795, 62043, 62045, 62048, 62049, 62050, 62360, 62405, 62696, 62740, 63183);\n script_xref(name:\"RHSA\", value:\"2013:1490\");\n\n script_name(english:\"RHEL 6 : MRG (RHSA-2013:1490)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel-rt packages that fix multiple security issues and one\nbug are now available for Red Hat Enterprise MRG 2.4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way IP packets with an Internet Header\nLength (ihl) of zero were processed in the skb_flow_dissect() function\nin the Linux kernel. A remote attacker could use this flaw to trigger\nan infinite loop in the kernel, leading to a denial of service.\n(CVE-2013-4348, Important)\n\n* A flaw was found in the way the Linux kernel's IPv6 implementation\nhandled certain UDP packets when the UDP Fragmentation Offload (UFO)\nfeature was enabled. A remote attacker could use this flaw to crash\nthe system or, potentially, escalate their privileges on the system.\n(CVE-2013-4387, Important)\n\n* A flaw was found in the way the Linux kernel handled the creation of\ntemporary IPv6 addresses. If the IPv6 privacy extension was enabled\n(/proc/ sys/net/ipv6/conf/eth0/use_tempaddr set to '2'), an attacker\non the local network could disable IPv6 temporary address generation,\nleading to a potential information disclosure. (CVE-2013-0343,\nModerate)\n\n* A flaw was found in the way the Linux kernel handled HID (Human\nInterface Device) reports with an out-of-bounds Report ID. An attacker\nwith physical access to the system could use this flaw to crash the\nsystem or, potentially, escalate their privileges on the system.\n(CVE-2013-2888, Moderate)\n\n* Heap-based buffer overflow flaws were found in the way the\nPantherlord/ GreenAsia game controller driver, the Logitech force\nfeedback drivers, and the Logitech Unifying receivers driver handled\nHID reports. An attacker with physical access to the system could use\nthese flaws to crash the system or, potentially, escalate their\nprivileges on the system. (CVE-2013-2892, CVE-2013-2893,\nCVE-2013-2895, Moderate)\n\n* A NULL pointer dereference flaw was found in the way the N-Trig\ntouch screen driver handled HID reports. An attacker with physical\naccess to the system could use this flaw to crash the system,\nresulting in a denial of service. (CVE-2013-2896, Moderate)\n\n* An information leak flaw was found in the way the Linux kernel's\ndevice mapper subsystem, under certain conditions, interpreted data\nwritten to snapshot block devices. An attacker could use this flaw to\nread data from disk blocks in free space, which are normally\ninaccessible. (CVE-2013-4299, Moderate)\n\n* A use-after-free flaw was found in the tun_set_iff() function in the\nUniversal TUN/TAP device driver implementation in the Linux kernel. A\nprivileged user could use this flaw to crash the system or,\npotentially, further escalate their privileges on the system.\n(CVE-2013-4343, Moderate)\n\n* An off-by-one flaw was found in the way the ANSI CPRNG\nimplementation in the Linux kernel processed non-block size aligned\nrequests. This could lead to random numbers being generated with less\nbits of entropy than expected when ANSI CPRNG was used.\n(CVE-2013-4345, Moderate)\n\n* A flaw was found in the way the Linux kernel's IPv6 SCTP\nimplementation interacted with the IPsec subsystem. This resulted in\nunencrypted SCTP packets being sent over the network even though IPsec\nencryption was enabled. An attacker able to inspect these SCTP packets\ncould use this flaw to obtain potentially sensitive information.\n(CVE-2013-4350, Moderate)\n\nRed Hat would like to thank Fujitsu for reporting CVE-2013-4299 and\nStephan Mueller for reporting CVE-2013-4345. The CVE-2013-4348 issue\nwas discovered by Jason Wang of Red Hat.\n\nBug fix :\n\n* RoCE appeared to be supported in the MRG Realtime kernel even when\nthe required user space packages from the HPN channel were not\ninstalled. The Realtime kernel now checks for the HPN channel packages\nbefore exposing the RoCE interfaces. RoCE devices appear as plain\n10GigE devices if the needed HPN channel user space packages are not\ninstalled. (BZ#1012993)\n\nUsers should upgrade to these updated packages, which upgrade the\nkernel-rt kernel to version kernel-rt-3.8.13-rt14, and correct these\nissues. The system must be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:1490.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4299.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0343.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4345.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4343.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4348.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-2895.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-2896.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-2888.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4387.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-2892.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-2893.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4350.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mrg-rt-release\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1490\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL6\", rpm:\"mrg-release\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MRG\");\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-devel-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-rt-doc-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-rt-firmware-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-debuginfo-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-devel-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"mrg-rt-release-3.8.13-rt14.25.el6rt\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "title": "RHEL 6 : MRG (RHSA-2013:1490)", "type": "nessus", "viewCount": 3}, "differentElements": ["references", "description", "modified", "sourceData"], "edition": 7, "lastseen": "2018-09-12T09:55:30"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:mrg-rt-release", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo"], "cvelist": ["CVE-2013-4345", "CVE-2013-2896", "CVE-2013-2892", "CVE-2013-4387", "CVE-2013-4350", "CVE-2013-0343", "CVE-2013-2895", "CVE-2013-4348", "CVE-2013-4343", "CVE-2013-2888", "CVE-2013-4299", "CVE-2013-2893"], "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "description": "Updated kernel-rt packages that fix multiple security issues and one bug are now available for Red Hat Enterprise MRG 2.4.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel-rt packages contain the Linux kernel, the core of any Linux operating system.\n\n* A flaw was found in the way IP packets with an Internet Header Length (ihl) of zero were processed in the skb_flow_dissect() function in the Linux kernel. A remote attacker could use this flaw to trigger an infinite loop in the kernel, leading to a denial of service.\n(CVE-2013-4348, Important)\n\n* A flaw was found in the way the Linux kernel's IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload (UFO) feature was enabled. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system.\n(CVE-2013-4387, Important)\n\n* A flaw was found in the way the Linux kernel handled the creation of temporary IPv6 addresses. If the IPv6 privacy extension was enabled (/proc/sys/net/ipv6/conf/eth0/use_tempaddr set to '2'), an attacker on the local network could disable IPv6 temporary address generation, leading to a potential information disclosure. (CVE-2013-0343, Moderate)\n\n* A flaw was found in the way the Linux kernel handled HID (Human Interface Device) reports with an out-of-bounds Report ID. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system.\n(CVE-2013-2888, Moderate)\n\n* Heap-based buffer overflow flaws were found in the way the Pantherlord/GreenAsia game controller driver, the Logitech force feedback drivers, and the Logitech Unifying receivers driver handled HID reports. An attacker with physical access to the system could use these flaws to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, Moderate)\n\n* A NULL pointer dereference flaw was found in the way the N-Trig touch screen driver handled HID reports. An attacker with physical access to the system could use this flaw to crash the system, resulting in a denial of service. (CVE-2013-2896, Moderate)\n\n* An information leak flaw was found in the way the Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible. (CVE-2013-4299, Moderate)\n\n* A use-after-free flaw was found in the tun_set_iff() function in the Universal TUN/TAP device driver implementation in the Linux kernel. A privileged user could use this flaw to crash the system or, potentially, further escalate their privileges on the system.\n(CVE-2013-4343, Moderate)\n\n* An off-by-one flaw was found in the way the ANSI CPRNG implementation in the Linux kernel processed non-block size aligned requests. This could lead to random numbers being generated with less bits of entropy than expected when ANSI CPRNG was used.\n(CVE-2013-4345, Moderate)\n\n* A flaw was found in the way the Linux kernel's IPv6 SCTP implementation interacted with the IPsec subsystem. This resulted in unencrypted SCTP packets being sent over the network even though IPsec encryption was enabled. An attacker able to inspect these SCTP packets could use this flaw to obtain potentially sensitive information.\n(CVE-2013-4350, Moderate)\n\nRed Hat would like to thank Fujitsu for reporting CVE-2013-4299 and Stephan Mueller for reporting CVE-2013-4345. The CVE-2013-4348 issue was discovered by Jason Wang of Red Hat.\n\nBug fix :\n\n* RoCE appeared to be supported in the MRG Realtime kernel even when the required user space packages from the HPN channel were not installed. The Realtime kernel now checks for the HPN channel packages before exposing the RoCE interfaces. RoCE devices appear as plain 10GigE devices if the needed HPN channel user space packages are not installed. (BZ#1012993)\n\nUsers should upgrade to these updated packages, which upgrade the kernel-rt kernel to version kernel-rt-3.8.13-rt14, and correct these issues. The system must be rebooted for this update to take effect.", "edition": 4, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "016e918d4ef9e804f7a957e4b90cce206fda44eee3d185a85102eb8fd30ae5d1", "hashmap": [{"hash": "66e0517618637083a3f8de225456bddc", "key": "sourceData"}, {"hash": "d7671af6991de95548756e619955253b", "key": "published"}, {"hash": "7c03779312ffcb90b2c1d0c697a916c4", "key": "modified"}, {"hash": "cd1ed6471de58032abf24c7ce63bd4e8", "key": "title"}, {"hash": "fa49eede1e9695a00d3f6d851b1f5b3d", "key": "references"}, {"hash": "bf85ac661e90f76efc3e3b625164c738", "key": "cvss"}, {"hash": "5bd5a57d05721707af08d62acbcb240b", "key": "cvelist"}, {"hash": "d92b7de6b45584975dd6eb0454f618c6", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "3f841da43d612555d2a226f563c450e5", "key": "pluginID"}, {"hash": "30078b1944ca2181356c14a8e0a672fa", "key": "cpe"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "9b63769178f5c87ea3f7240d5295b0b1", "key": "href"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=76669", "id": "REDHAT-RHSA-2013-1490.NASL", "lastseen": "2018-07-30T13:42:37", "modified": "2018-07-26T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "76669", "published": "2014-07-22T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2013-4350.html", "https://www.redhat.com/security/data/cve/CVE-2013-4345.html", "https://www.redhat.com/security/data/cve/CVE-2013-2895.html", "https://www.redhat.com/security/data/cve/CVE-2013-4299.html", "https://www.redhat.com/security/data/cve/CVE-2013-2893.html", "https://www.redhat.com/security/data/cve/CVE-2013-2896.html", "https://www.redhat.com/security/data/cve/CVE-2013-4348.html", "https://www.redhat.com/security/data/cve/CVE-2013-4387.html", "https://www.redhat.com/security/data/cve/CVE-2013-4343.html", "http://rhn.redhat.com/errata/RHSA-2013-1490.html", "https://www.redhat.com/security/data/cve/CVE-2013-0343.html", "https://www.redhat.com/security/data/cve/CVE-2013-2892.html", "https://www.redhat.com/security/data/cve/CVE-2013-2888.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1490. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76669);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/26 18:45:28\");\n\n script_cve_id(\"CVE-2013-0343\", \"CVE-2013-2888\", \"CVE-2013-2892\", \"CVE-2013-2893\", \"CVE-2013-2895\", \"CVE-2013-2896\", \"CVE-2013-4299\", \"CVE-2013-4343\", \"CVE-2013-4345\", \"CVE-2013-4348\", \"CVE-2013-4350\", \"CVE-2013-4387\");\n script_bugtraq_id(58795, 62043, 62045, 62048, 62049, 62050, 62360, 62405, 62696, 62740, 63183);\n script_xref(name:\"RHSA\", value:\"2013:1490\");\n\n script_name(english:\"RHEL 6 : MRG (RHSA-2013:1490)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel-rt packages that fix multiple security issues and one\nbug are now available for Red Hat Enterprise MRG 2.4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way IP packets with an Internet Header\nLength (ihl) of zero were processed in the skb_flow_dissect() function\nin the Linux kernel. A remote attacker could use this flaw to trigger\nan infinite loop in the kernel, leading to a denial of service.\n(CVE-2013-4348, Important)\n\n* A flaw was found in the way the Linux kernel's IPv6 implementation\nhandled certain UDP packets when the UDP Fragmentation Offload (UFO)\nfeature was enabled. A remote attacker could use this flaw to crash\nthe system or, potentially, escalate their privileges on the system.\n(CVE-2013-4387, Important)\n\n* A flaw was found in the way the Linux kernel handled the creation of\ntemporary IPv6 addresses. If the IPv6 privacy extension was enabled\n(/proc/sys/net/ipv6/conf/eth0/use_tempaddr set to '2'), an attacker on\nthe local network could disable IPv6 temporary address generation,\nleading to a potential information disclosure. (CVE-2013-0343,\nModerate)\n\n* A flaw was found in the way the Linux kernel handled HID (Human\nInterface Device) reports with an out-of-bounds Report ID. An attacker\nwith physical access to the system could use this flaw to crash the\nsystem or, potentially, escalate their privileges on the system.\n(CVE-2013-2888, Moderate)\n\n* Heap-based buffer overflow flaws were found in the way the\nPantherlord/GreenAsia game controller driver, the Logitech force\nfeedback drivers, and the Logitech Unifying receivers driver handled\nHID reports. An attacker with physical access to the system could use\nthese flaws to crash the system or, potentially, escalate their\nprivileges on the system. (CVE-2013-2892, CVE-2013-2893,\nCVE-2013-2895, Moderate)\n\n* A NULL pointer dereference flaw was found in the way the N-Trig\ntouch screen driver handled HID reports. An attacker with physical\naccess to the system could use this flaw to crash the system,\nresulting in a denial of service. (CVE-2013-2896, Moderate)\n\n* An information leak flaw was found in the way the Linux kernel's\ndevice mapper subsystem, under certain conditions, interpreted data\nwritten to snapshot block devices. An attacker could use this flaw to\nread data from disk blocks in free space, which are normally\ninaccessible. (CVE-2013-4299, Moderate)\n\n* A use-after-free flaw was found in the tun_set_iff() function in the\nUniversal TUN/TAP device driver implementation in the Linux kernel. A\nprivileged user could use this flaw to crash the system or,\npotentially, further escalate their privileges on the system.\n(CVE-2013-4343, Moderate)\n\n* An off-by-one flaw was found in the way the ANSI CPRNG\nimplementation in the Linux kernel processed non-block size aligned\nrequests. This could lead to random numbers being generated with less\nbits of entropy than expected when ANSI CPRNG was used.\n(CVE-2013-4345, Moderate)\n\n* A flaw was found in the way the Linux kernel's IPv6 SCTP\nimplementation interacted with the IPsec subsystem. This resulted in\nunencrypted SCTP packets being sent over the network even though IPsec\nencryption was enabled. An attacker able to inspect these SCTP packets\ncould use this flaw to obtain potentially sensitive information.\n(CVE-2013-4350, Moderate)\n\nRed Hat would like to thank Fujitsu for reporting CVE-2013-4299 and\nStephan Mueller for reporting CVE-2013-4345. The CVE-2013-4348 issue\nwas discovered by Jason Wang of Red Hat.\n\nBug fix :\n\n* RoCE appeared to be supported in the MRG Realtime kernel even when\nthe required user space packages from the HPN channel were not\ninstalled. The Realtime kernel now checks for the HPN channel packages\nbefore exposing the RoCE interfaces. RoCE devices appear as plain\n10GigE devices if the needed HPN channel user space packages are not\ninstalled. (BZ#1012993)\n\nUsers should upgrade to these updated packages, which upgrade the\nkernel-rt kernel to version kernel-rt-3.8.13-rt14, and correct these\nissues. The system must be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0343.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-2888.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-2892.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-2893.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-2895.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-2896.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4299.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4343.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4345.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4348.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4350.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4387.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-1490.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mrg-rt-release\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1490\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL6\", rpm:\"mrg-release\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MRG\");\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-devel-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-rt-doc-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-rt-firmware-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-debuginfo-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-devel-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"mrg-rt-release-3.8.13-rt14.25.el6rt\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "title": "RHEL 6 : MRG (RHSA-2013:1490)", "type": "nessus", "viewCount": 3}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-07-30T13:42:37"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2013-4345", "CVE-2013-2896", "CVE-2013-2892", "CVE-2013-4387", "CVE-2013-4350", "CVE-2013-0343", "CVE-2013-2895", "CVE-2013-4348", "CVE-2013-4343", "CVE-2013-2888", "CVE-2013-4299", "CVE-2013-2893"], "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "description": "Updated kernel-rt packages that fix multiple security issues and one bug are now available for Red Hat Enterprise MRG 2.4.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel-rt packages contain the Linux kernel, the core of any Linux operating system.\n\n* A flaw was found in the way IP packets with an Internet Header Length (ihl) of zero were processed in the skb_flow_dissect() function in the Linux kernel. A remote attacker could use this flaw to trigger an infinite loop in the kernel, leading to a denial of service.\n(CVE-2013-4348, Important)\n\n* A flaw was found in the way the Linux kernel's IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload (UFO) feature was enabled. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system.\n(CVE-2013-4387, Important)\n\n* A flaw was found in the way the Linux kernel handled the creation of temporary IPv6 addresses. If the IPv6 privacy extension was enabled (/proc/sys/net/ipv6/conf/eth0/use_tempaddr set to '2'), an attacker on the local network could disable IPv6 temporary address generation, leading to a potential information disclosure. (CVE-2013-0343, Moderate)\n\n* A flaw was found in the way the Linux kernel handled HID (Human Interface Device) reports with an out-of-bounds Report ID. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system.\n(CVE-2013-2888, Moderate)\n\n* Heap-based buffer overflow flaws were found in the way the Pantherlord/GreenAsia game controller driver, the Logitech force feedback drivers, and the Logitech Unifying receivers driver handled HID reports. An attacker with physical access to the system could use these flaws to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, Moderate)\n\n* A NULL pointer dereference flaw was found in the way the N-Trig touch screen driver handled HID reports. An attacker with physical access to the system could use this flaw to crash the system, resulting in a denial of service. (CVE-2013-2896, Moderate)\n\n* An information leak flaw was found in the way the Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible. (CVE-2013-4299, Moderate)\n\n* A use-after-free flaw was found in the tun_set_iff() function in the Universal TUN/TAP device driver implementation in the Linux kernel. A privileged user could use this flaw to crash the system or, potentially, further escalate their privileges on the system.\n(CVE-2013-4343, Moderate)\n\n* An off-by-one flaw was found in the way the ANSI CPRNG implementation in the Linux kernel processed non-block size aligned requests. This could lead to random numbers being generated with less bits of entropy than expected when ANSI CPRNG was used.\n(CVE-2013-4345, Moderate)\n\n* A flaw was found in the way the Linux kernel's IPv6 SCTP implementation interacted with the IPsec subsystem. This resulted in unencrypted SCTP packets being sent over the network even though IPsec encryption was enabled. An attacker able to inspect these SCTP packets could use this flaw to obtain potentially sensitive information.\n(CVE-2013-4350, Moderate)\n\nRed Hat would like to thank Fujitsu for reporting CVE-2013-4299 and Stephan Mueller for reporting CVE-2013-4345. The CVE-2013-4348 issue was discovered by Jason Wang of Red Hat.\n\nBug fix :\n\n* RoCE appeared to be supported in the MRG Realtime kernel even when the required user space packages from the HPN channel were not installed. The Realtime kernel now checks for the HPN channel packages before exposing the RoCE interfaces. RoCE devices appear as plain 10GigE devices if the needed HPN channel user space packages are not installed. (BZ#1012993)\n\nUsers should upgrade to these updated packages, which upgrade the kernel-rt kernel to version kernel-rt-3.8.13-rt14, and correct these issues. The system must be rebooted for this update to take effect.", "edition": 2, "enchantments": {}, "hash": "3aee35470c230727e61c22dbd980dd944cf78cee4af4460d01386ef45809c92d", "hashmap": [{"hash": "d7671af6991de95548756e619955253b", "key": "published"}, {"hash": "369eb856f7dc4cfd31b9acc3c0811267", "key": "modified"}, {"hash": "cd1ed6471de58032abf24c7ce63bd4e8", "key": "title"}, {"hash": "fa49eede1e9695a00d3f6d851b1f5b3d", "key": "references"}, {"hash": "bf85ac661e90f76efc3e3b625164c738", "key": "cvss"}, {"hash": "5bd5a57d05721707af08d62acbcb240b", "key": "cvelist"}, {"hash": "d92b7de6b45584975dd6eb0454f618c6", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "3f841da43d612555d2a226f563c450e5", "key": "pluginID"}, {"hash": "02bf951d20b45419d5256cb8b2caaba8", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "9b63769178f5c87ea3f7240d5295b0b1", "key": "href"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=76669", "id": "REDHAT-RHSA-2013-1490.NASL", "lastseen": "2017-01-06T02:14:11", "modified": "2017-01-05T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.2", "pluginID": "76669", "published": "2014-07-22T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2013-4350.html", "https://www.redhat.com/security/data/cve/CVE-2013-4345.html", "https://www.redhat.com/security/data/cve/CVE-2013-2895.html", "https://www.redhat.com/security/data/cve/CVE-2013-4299.html", "https://www.redhat.com/security/data/cve/CVE-2013-2893.html", "https://www.redhat.com/security/data/cve/CVE-2013-2896.html", "https://www.redhat.com/security/data/cve/CVE-2013-4348.html", "https://www.redhat.com/security/data/cve/CVE-2013-4387.html", "https://www.redhat.com/security/data/cve/CVE-2013-4343.html", "http://rhn.redhat.com/errata/RHSA-2013-1490.html", "https://www.redhat.com/security/data/cve/CVE-2013-0343.html", "https://www.redhat.com/security/data/cve/CVE-2013-2892.html", "https://www.redhat.com/security/data/cve/CVE-2013-2888.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1490. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76669);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2017/01/05 16:29:44 $\");\n\n script_cve_id(\"CVE-2013-0343\", \"CVE-2013-2888\", \"CVE-2013-2892\", \"CVE-2013-2893\", \"CVE-2013-2895\", \"CVE-2013-2896\", \"CVE-2013-4299\", \"CVE-2013-4343\", \"CVE-2013-4345\", \"CVE-2013-4348\", \"CVE-2013-4350\", \"CVE-2013-4387\");\n script_bugtraq_id(58795, 62043, 62045, 62048, 62049, 62050, 62360, 62405, 62696, 62740, 63183);\n script_osvdb_id(90811, 96767, 96771, 96772, 96774, 96775, 97236, 97569, 97888, 98017, 98634);\n script_xref(name:\"RHSA\", value:\"2013:1490\");\n\n script_name(english:\"RHEL 6 : MRG (RHSA-2013:1490)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel-rt packages that fix multiple security issues and one\nbug are now available for Red Hat Enterprise MRG 2.4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way IP packets with an Internet Header\nLength (ihl) of zero were processed in the skb_flow_dissect() function\nin the Linux kernel. A remote attacker could use this flaw to trigger\nan infinite loop in the kernel, leading to a denial of service.\n(CVE-2013-4348, Important)\n\n* A flaw was found in the way the Linux kernel's IPv6 implementation\nhandled certain UDP packets when the UDP Fragmentation Offload (UFO)\nfeature was enabled. A remote attacker could use this flaw to crash\nthe system or, potentially, escalate their privileges on the system.\n(CVE-2013-4387, Important)\n\n* A flaw was found in the way the Linux kernel handled the creation of\ntemporary IPv6 addresses. If the IPv6 privacy extension was enabled\n(/proc/sys/net/ipv6/conf/eth0/use_tempaddr set to '2'), an attacker on\nthe local network could disable IPv6 temporary address generation,\nleading to a potential information disclosure. (CVE-2013-0343,\nModerate)\n\n* A flaw was found in the way the Linux kernel handled HID (Human\nInterface Device) reports with an out-of-bounds Report ID. An attacker\nwith physical access to the system could use this flaw to crash the\nsystem or, potentially, escalate their privileges on the system.\n(CVE-2013-2888, Moderate)\n\n* Heap-based buffer overflow flaws were found in the way the\nPantherlord/GreenAsia game controller driver, the Logitech force\nfeedback drivers, and the Logitech Unifying receivers driver handled\nHID reports. An attacker with physical access to the system could use\nthese flaws to crash the system or, potentially, escalate their\nprivileges on the system. (CVE-2013-2892, CVE-2013-2893,\nCVE-2013-2895, Moderate)\n\n* A NULL pointer dereference flaw was found in the way the N-Trig\ntouch screen driver handled HID reports. An attacker with physical\naccess to the system could use this flaw to crash the system,\nresulting in a denial of service. (CVE-2013-2896, Moderate)\n\n* An information leak flaw was found in the way the Linux kernel's\ndevice mapper subsystem, under certain conditions, interpreted data\nwritten to snapshot block devices. An attacker could use this flaw to\nread data from disk blocks in free space, which are normally\ninaccessible. (CVE-2013-4299, Moderate)\n\n* A use-after-free flaw was found in the tun_set_iff() function in the\nUniversal TUN/TAP device driver implementation in the Linux kernel. A\nprivileged user could use this flaw to crash the system or,\npotentially, further escalate their privileges on the system.\n(CVE-2013-4343, Moderate)\n\n* An off-by-one flaw was found in the way the ANSI CPRNG\nimplementation in the Linux kernel processed non-block size aligned\nrequests. This could lead to random numbers being generated with less\nbits of entropy than expected when ANSI CPRNG was used.\n(CVE-2013-4345, Moderate)\n\n* A flaw was found in the way the Linux kernel's IPv6 SCTP\nimplementation interacted with the IPsec subsystem. This resulted in\nunencrypted SCTP packets being sent over the network even though IPsec\nencryption was enabled. An attacker able to inspect these SCTP packets\ncould use this flaw to obtain potentially sensitive information.\n(CVE-2013-4350, Moderate)\n\nRed Hat would like to thank Fujitsu for reporting CVE-2013-4299 and\nStephan Mueller for reporting CVE-2013-4345. The CVE-2013-4348 issue\nwas discovered by Jason Wang of Red Hat.\n\nBug fix :\n\n* RoCE appeared to be supported in the MRG Realtime kernel even when\nthe required user space packages from the HPN channel were not\ninstalled. The Realtime kernel now checks for the HPN channel packages\nbefore exposing the RoCE interfaces. RoCE devices appear as plain\n10GigE devices if the needed HPN channel user space packages are not\ninstalled. (BZ#1012993)\n\nUsers should upgrade to these updated packages, which upgrade the\nkernel-rt kernel to version kernel-rt-3.8.13-rt14, and correct these\nissues. The system must be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0343.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-2888.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-2892.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-2893.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-2895.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-2896.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4299.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4343.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4345.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4348.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4350.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4387.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-1490.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mrg-rt-release\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1490\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL6\", rpm:\"mrg-release\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MRG\");\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-devel-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-rt-doc-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-rt-firmware-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-debuginfo-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-devel-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"mrg-rt-release-3.8.13-rt14.25.el6rt\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "title": "RHEL 6 : MRG (RHSA-2013:1490)", "type": "nessus", "viewCount": 3}, "differentElements": ["cpe"], "edition": 2, "lastseen": "2017-01-06T02:14:11"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:mrg-rt-release", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo"], "cvelist": ["CVE-2013-4345", "CVE-2013-2896", "CVE-2013-2892", "CVE-2013-4387", "CVE-2013-4350", "CVE-2013-0343", "CVE-2013-2895", "CVE-2013-4348", "CVE-2013-4343", "CVE-2013-2888", "CVE-2013-4299", "CVE-2013-2893"], "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "description": "Updated kernel-rt packages that fix multiple security issues and one bug are now available for Red Hat Enterprise MRG 2.4.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel-rt packages contain the Linux kernel, the core of any Linux operating system.\n\n* A flaw was found in the way IP packets with an Internet Header Length (ihl) of zero were processed in the skb_flow_dissect() function in the Linux kernel. A remote attacker could use this flaw to trigger an infinite loop in the kernel, leading to a denial of service.\n(CVE-2013-4348, Important)\n\n* A flaw was found in the way the Linux kernel's IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload (UFO) feature was enabled. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system.\n(CVE-2013-4387, Important)\n\n* A flaw was found in the way the Linux kernel handled the creation of temporary IPv6 addresses. If the IPv6 privacy extension was enabled (/proc/sys/net/ipv6/conf/eth0/use_tempaddr set to '2'), an attacker on the local network could disable IPv6 temporary address generation, leading to a potential information disclosure. (CVE-2013-0343, Moderate)\n\n* A flaw was found in the way the Linux kernel handled HID (Human Interface Device) reports with an out-of-bounds Report ID. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system.\n(CVE-2013-2888, Moderate)\n\n* Heap-based buffer overflow flaws were found in the way the Pantherlord/GreenAsia game controller driver, the Logitech force feedback drivers, and the Logitech Unifying receivers driver handled HID reports. An attacker with physical access to the system could use these flaws to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, Moderate)\n\n* A NULL pointer dereference flaw was found in the way the N-Trig touch screen driver handled HID reports. An attacker with physical access to the system could use this flaw to crash the system, resulting in a denial of service. (CVE-2013-2896, Moderate)\n\n* An information leak flaw was found in the way the Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible. (CVE-2013-4299, Moderate)\n\n* A use-after-free flaw was found in the tun_set_iff() function in the Universal TUN/TAP device driver implementation in the Linux kernel. A privileged user could use this flaw to crash the system or, potentially, further escalate their privileges on the system.\n(CVE-2013-4343, Moderate)\n\n* An off-by-one flaw was found in the way the ANSI CPRNG implementation in the Linux kernel processed non-block size aligned requests. This could lead to random numbers being generated with less bits of entropy than expected when ANSI CPRNG was used.\n(CVE-2013-4345, Moderate)\n\n* A flaw was found in the way the Linux kernel's IPv6 SCTP implementation interacted with the IPsec subsystem. This resulted in unencrypted SCTP packets being sent over the network even though IPsec encryption was enabled. An attacker able to inspect these SCTP packets could use this flaw to obtain potentially sensitive information.\n(CVE-2013-4350, Moderate)\n\nRed Hat would like to thank Fujitsu for reporting CVE-2013-4299 and Stephan Mueller for reporting CVE-2013-4345. The CVE-2013-4348 issue was discovered by Jason Wang of Red Hat.\n\nBug fix :\n\n* RoCE appeared to be supported in the MRG Realtime kernel even when the required user space packages from the HPN channel were not installed. The Realtime kernel now checks for the HPN channel packages before exposing the RoCE interfaces. RoCE devices appear as plain 10GigE devices if the needed HPN channel user space packages are not installed. (BZ#1012993)\n\nUsers should upgrade to these updated packages, which upgrade the kernel-rt kernel to version kernel-rt-3.8.13-rt14, and correct these issues. The system must be rebooted for this update to take effect.", "edition": 3, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "7b183e44a0d94444d25d5a3fde13eaaf8740d1ec5f0f3f59b5c5d6f4931f01e4", "hashmap": [{"hash": "d7671af6991de95548756e619955253b", "key": "published"}, {"hash": "369eb856f7dc4cfd31b9acc3c0811267", "key": "modified"}, {"hash": "cd1ed6471de58032abf24c7ce63bd4e8", "key": "title"}, {"hash": "fa49eede1e9695a00d3f6d851b1f5b3d", "key": "references"}, {"hash": "bf85ac661e90f76efc3e3b625164c738", "key": "cvss"}, {"hash": "5bd5a57d05721707af08d62acbcb240b", "key": "cvelist"}, {"hash": "d92b7de6b45584975dd6eb0454f618c6", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "3f841da43d612555d2a226f563c450e5", "key": "pluginID"}, {"hash": "02bf951d20b45419d5256cb8b2caaba8", "key": "sourceData"}, {"hash": "30078b1944ca2181356c14a8e0a672fa", "key": "cpe"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "9b63769178f5c87ea3f7240d5295b0b1", "key": "href"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=76669", "id": "REDHAT-RHSA-2013-1490.NASL", "lastseen": "2017-10-29T13:35:21", "modified": "2017-01-05T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "76669", "published": "2014-07-22T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2013-4350.html", "https://www.redhat.com/security/data/cve/CVE-2013-4345.html", "https://www.redhat.com/security/data/cve/CVE-2013-2895.html", "https://www.redhat.com/security/data/cve/CVE-2013-4299.html", "https://www.redhat.com/security/data/cve/CVE-2013-2893.html", "https://www.redhat.com/security/data/cve/CVE-2013-2896.html", "https://www.redhat.com/security/data/cve/CVE-2013-4348.html", "https://www.redhat.com/security/data/cve/CVE-2013-4387.html", "https://www.redhat.com/security/data/cve/CVE-2013-4343.html", "http://rhn.redhat.com/errata/RHSA-2013-1490.html", "https://www.redhat.com/security/data/cve/CVE-2013-0343.html", "https://www.redhat.com/security/data/cve/CVE-2013-2892.html", "https://www.redhat.com/security/data/cve/CVE-2013-2888.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1490. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76669);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2017/01/05 16:29:44 $\");\n\n script_cve_id(\"CVE-2013-0343\", \"CVE-2013-2888\", \"CVE-2013-2892\", \"CVE-2013-2893\", \"CVE-2013-2895\", \"CVE-2013-2896\", \"CVE-2013-4299\", \"CVE-2013-4343\", \"CVE-2013-4345\", \"CVE-2013-4348\", \"CVE-2013-4350\", \"CVE-2013-4387\");\n script_bugtraq_id(58795, 62043, 62045, 62048, 62049, 62050, 62360, 62405, 62696, 62740, 63183);\n script_osvdb_id(90811, 96767, 96771, 96772, 96774, 96775, 97236, 97569, 97888, 98017, 98634);\n script_xref(name:\"RHSA\", value:\"2013:1490\");\n\n script_name(english:\"RHEL 6 : MRG (RHSA-2013:1490)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel-rt packages that fix multiple security issues and one\nbug are now available for Red Hat Enterprise MRG 2.4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way IP packets with an Internet Header\nLength (ihl) of zero were processed in the skb_flow_dissect() function\nin the Linux kernel. A remote attacker could use this flaw to trigger\nan infinite loop in the kernel, leading to a denial of service.\n(CVE-2013-4348, Important)\n\n* A flaw was found in the way the Linux kernel's IPv6 implementation\nhandled certain UDP packets when the UDP Fragmentation Offload (UFO)\nfeature was enabled. A remote attacker could use this flaw to crash\nthe system or, potentially, escalate their privileges on the system.\n(CVE-2013-4387, Important)\n\n* A flaw was found in the way the Linux kernel handled the creation of\ntemporary IPv6 addresses. If the IPv6 privacy extension was enabled\n(/proc/sys/net/ipv6/conf/eth0/use_tempaddr set to '2'), an attacker on\nthe local network could disable IPv6 temporary address generation,\nleading to a potential information disclosure. (CVE-2013-0343,\nModerate)\n\n* A flaw was found in the way the Linux kernel handled HID (Human\nInterface Device) reports with an out-of-bounds Report ID. An attacker\nwith physical access to the system could use this flaw to crash the\nsystem or, potentially, escalate their privileges on the system.\n(CVE-2013-2888, Moderate)\n\n* Heap-based buffer overflow flaws were found in the way the\nPantherlord/GreenAsia game controller driver, the Logitech force\nfeedback drivers, and the Logitech Unifying receivers driver handled\nHID reports. An attacker with physical access to the system could use\nthese flaws to crash the system or, potentially, escalate their\nprivileges on the system. (CVE-2013-2892, CVE-2013-2893,\nCVE-2013-2895, Moderate)\n\n* A NULL pointer dereference flaw was found in the way the N-Trig\ntouch screen driver handled HID reports. An attacker with physical\naccess to the system could use this flaw to crash the system,\nresulting in a denial of service. (CVE-2013-2896, Moderate)\n\n* An information leak flaw was found in the way the Linux kernel's\ndevice mapper subsystem, under certain conditions, interpreted data\nwritten to snapshot block devices. An attacker could use this flaw to\nread data from disk blocks in free space, which are normally\ninaccessible. (CVE-2013-4299, Moderate)\n\n* A use-after-free flaw was found in the tun_set_iff() function in the\nUniversal TUN/TAP device driver implementation in the Linux kernel. A\nprivileged user could use this flaw to crash the system or,\npotentially, further escalate their privileges on the system.\n(CVE-2013-4343, Moderate)\n\n* An off-by-one flaw was found in the way the ANSI CPRNG\nimplementation in the Linux kernel processed non-block size aligned\nrequests. This could lead to random numbers being generated with less\nbits of entropy than expected when ANSI CPRNG was used.\n(CVE-2013-4345, Moderate)\n\n* A flaw was found in the way the Linux kernel's IPv6 SCTP\nimplementation interacted with the IPsec subsystem. This resulted in\nunencrypted SCTP packets being sent over the network even though IPsec\nencryption was enabled. An attacker able to inspect these SCTP packets\ncould use this flaw to obtain potentially sensitive information.\n(CVE-2013-4350, Moderate)\n\nRed Hat would like to thank Fujitsu for reporting CVE-2013-4299 and\nStephan Mueller for reporting CVE-2013-4345. The CVE-2013-4348 issue\nwas discovered by Jason Wang of Red Hat.\n\nBug fix :\n\n* RoCE appeared to be supported in the MRG Realtime kernel even when\nthe required user space packages from the HPN channel were not\ninstalled. The Realtime kernel now checks for the HPN channel packages\nbefore exposing the RoCE interfaces. RoCE devices appear as plain\n10GigE devices if the needed HPN channel user space packages are not\ninstalled. (BZ#1012993)\n\nUsers should upgrade to these updated packages, which upgrade the\nkernel-rt kernel to version kernel-rt-3.8.13-rt14, and correct these\nissues. The system must be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0343.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-2888.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-2892.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-2893.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-2895.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-2896.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4299.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4343.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4345.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4348.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4350.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4387.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-1490.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mrg-rt-release\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1490\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL6\", rpm:\"mrg-release\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MRG\");\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-devel-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-rt-doc-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-rt-firmware-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-debuginfo-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-devel-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"mrg-rt-release-3.8.13-rt14.25.el6rt\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "title": "RHEL 6 : MRG (RHSA-2013:1490)", "type": "nessus", "viewCount": 3}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2017-10-29T13:35:21"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2013-4345", "CVE-2013-2896", "CVE-2013-2892", "CVE-2013-4387", "CVE-2013-4350", "CVE-2013-0343", "CVE-2013-2895", "CVE-2013-4348", "CVE-2013-4343", "CVE-2013-2888", "CVE-2013-4299", "CVE-2013-2893"], "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "description": "Updated kernel-rt packages that fix multiple security issues and one bug are now available for Red Hat Enterprise MRG 2.4.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel-rt packages contain the Linux kernel, the core of any Linux operating system.\n\n* A flaw was found in the way IP packets with an Internet Header Length (ihl) of zero were processed in the skb_flow_dissect() function in the Linux kernel. A remote attacker could use this flaw to trigger an infinite loop in the kernel, leading to a denial of service.\n(CVE-2013-4348, Important)\n\n* A flaw was found in the way the Linux kernel's IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload (UFO) feature was enabled. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system.\n(CVE-2013-4387, Important)\n\n* A flaw was found in the way the Linux kernel handled the creation of temporary IPv6 addresses. If the IPv6 privacy extension was enabled (/proc/sys/net/ipv6/conf/eth0/use_tempaddr set to '2'), an attacker on the local network could disable IPv6 temporary address generation, leading to a potential information disclosure. (CVE-2013-0343, Moderate)\n\n* A flaw was found in the way the Linux kernel handled HID (Human Interface Device) reports with an out-of-bounds Report ID. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system.\n(CVE-2013-2888, Moderate)\n\n* Heap-based buffer overflow flaws were found in the way the Pantherlord/GreenAsia game controller driver, the Logitech force feedback drivers, and the Logitech Unifying receivers driver handled HID reports. An attacker with physical access to the system could use these flaws to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, Moderate)\n\n* A NULL pointer dereference flaw was found in the way the N-Trig touch screen driver handled HID reports. An attacker with physical access to the system could use this flaw to crash the system, resulting in a denial of service. (CVE-2013-2896, Moderate)\n\n* An information leak flaw was found in the way the Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible. (CVE-2013-4299, Moderate)\n\n* A use-after-free flaw was found in the tun_set_iff() function in the Universal TUN/TAP device driver implementation in the Linux kernel. A privileged user could use this flaw to crash the system or, potentially, further escalate their privileges on the system.\n(CVE-2013-4343, Moderate)\n\n* An off-by-one flaw was found in the way the ANSI CPRNG implementation in the Linux kernel processed non-block size aligned requests. This could lead to random numbers being generated with less bits of entropy than expected when ANSI CPRNG was used.\n(CVE-2013-4345, Moderate)\n\n* A flaw was found in the way the Linux kernel's IPv6 SCTP implementation interacted with the IPsec subsystem. This resulted in unencrypted SCTP packets being sent over the network even though IPsec encryption was enabled. An attacker able to inspect these SCTP packets could use this flaw to obtain potentially sensitive information.\n(CVE-2013-4350, Moderate)\n\nRed Hat would like to thank Fujitsu for reporting CVE-2013-4299 and Stephan Mueller for reporting CVE-2013-4345. The CVE-2013-4348 issue was discovered by Jason Wang of Red Hat.\n\nBug fix :\n\n* RoCE appeared to be supported in the MRG Realtime kernel even when the required user space packages from the HPN channel were not installed. The Realtime kernel now checks for the HPN channel packages before exposing the RoCE interfaces. RoCE devices appear as plain 10GigE devices if the needed HPN channel user space packages are not installed. (BZ#1012993)\n\nUsers should upgrade to these updated packages, which upgrade the kernel-rt kernel to version kernel-rt-3.8.13-rt14, and correct these issues. The system must be rebooted for this update to take effect.", "edition": 1, "hash": "c052ec6115c135736dba686f92a2a265e9ccd7515b5549d2c848a0b709908454", "hashmap": [{"hash": "d7671af6991de95548756e619955253b", "key": "published"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "cd1ed6471de58032abf24c7ce63bd4e8", "key": "title"}, {"hash": "fa49eede1e9695a00d3f6d851b1f5b3d", "key": "references"}, {"hash": "bf85ac661e90f76efc3e3b625164c738", "key": "cvss"}, {"hash": "5bd5a57d05721707af08d62acbcb240b", "key": "cvelist"}, {"hash": "d92b7de6b45584975dd6eb0454f618c6", "key": "description"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "3f841da43d612555d2a226f563c450e5", "key": "pluginID"}, {"hash": "e05e82b03df63e6ed23ab635fdf098a6", "key": "sourceData"}, {"hash": "3e0d5f68ea443bf5c2d6670aea7c2420", "key": "modified"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "9b63769178f5c87ea3f7240d5295b0b1", "key": "href"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=76669", "id": "REDHAT-RHSA-2013-1490.NASL", "lastseen": "2016-09-26T17:23:45", "modified": "2015-06-02T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.2", "pluginID": "76669", "published": "2014-07-22T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2013-4350.html", "https://www.redhat.com/security/data/cve/CVE-2013-4345.html", "https://www.redhat.com/security/data/cve/CVE-2013-2895.html", "https://www.redhat.com/security/data/cve/CVE-2013-4299.html", "https://www.redhat.com/security/data/cve/CVE-2013-2893.html", "https://www.redhat.com/security/data/cve/CVE-2013-2896.html", "https://www.redhat.com/security/data/cve/CVE-2013-4348.html", "https://www.redhat.com/security/data/cve/CVE-2013-4387.html", "https://www.redhat.com/security/data/cve/CVE-2013-4343.html", "http://rhn.redhat.com/errata/RHSA-2013-1490.html", "https://www.redhat.com/security/data/cve/CVE-2013-0343.html", "https://www.redhat.com/security/data/cve/CVE-2013-2892.html", "https://www.redhat.com/security/data/cve/CVE-2013-2888.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1490. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76669);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/06/02 13:55:20 $\");\n\n script_cve_id(\"CVE-2013-0343\", \"CVE-2013-2888\", \"CVE-2013-2892\", \"CVE-2013-2893\", \"CVE-2013-2895\", \"CVE-2013-2896\", \"CVE-2013-4299\", \"CVE-2013-4343\", \"CVE-2013-4345\", \"CVE-2013-4348\", \"CVE-2013-4350\", \"CVE-2013-4387\");\n script_bugtraq_id(58795, 62043, 62045, 62048, 62049, 62050, 62360, 62405, 62696, 62740, 63183);\n script_osvdb_id(90811, 96767, 96771, 96772, 96774, 96775, 97236, 97569, 97888, 98017, 98634);\n script_xref(name:\"RHSA\", value:\"2013:1490\");\n\n script_name(english:\"RHEL 6 : MRG (RHSA-2013:1490)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel-rt packages that fix multiple security issues and one\nbug are now available for Red Hat Enterprise MRG 2.4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way IP packets with an Internet Header\nLength (ihl) of zero were processed in the skb_flow_dissect() function\nin the Linux kernel. A remote attacker could use this flaw to trigger\nan infinite loop in the kernel, leading to a denial of service.\n(CVE-2013-4348, Important)\n\n* A flaw was found in the way the Linux kernel's IPv6 implementation\nhandled certain UDP packets when the UDP Fragmentation Offload (UFO)\nfeature was enabled. A remote attacker could use this flaw to crash\nthe system or, potentially, escalate their privileges on the system.\n(CVE-2013-4387, Important)\n\n* A flaw was found in the way the Linux kernel handled the creation of\ntemporary IPv6 addresses. If the IPv6 privacy extension was enabled\n(/proc/sys/net/ipv6/conf/eth0/use_tempaddr set to '2'), an attacker on\nthe local network could disable IPv6 temporary address generation,\nleading to a potential information disclosure. (CVE-2013-0343,\nModerate)\n\n* A flaw was found in the way the Linux kernel handled HID (Human\nInterface Device) reports with an out-of-bounds Report ID. An attacker\nwith physical access to the system could use this flaw to crash the\nsystem or, potentially, escalate their privileges on the system.\n(CVE-2013-2888, Moderate)\n\n* Heap-based buffer overflow flaws were found in the way the\nPantherlord/GreenAsia game controller driver, the Logitech force\nfeedback drivers, and the Logitech Unifying receivers driver handled\nHID reports. An attacker with physical access to the system could use\nthese flaws to crash the system or, potentially, escalate their\nprivileges on the system. (CVE-2013-2892, CVE-2013-2893,\nCVE-2013-2895, Moderate)\n\n* A NULL pointer dereference flaw was found in the way the N-Trig\ntouch screen driver handled HID reports. An attacker with physical\naccess to the system could use this flaw to crash the system,\nresulting in a denial of service. (CVE-2013-2896, Moderate)\n\n* An information leak flaw was found in the way the Linux kernel's\ndevice mapper subsystem, under certain conditions, interpreted data\nwritten to snapshot block devices. An attacker could use this flaw to\nread data from disk blocks in free space, which are normally\ninaccessible. (CVE-2013-4299, Moderate)\n\n* A use-after-free flaw was found in the tun_set_iff() function in the\nUniversal TUN/TAP device driver implementation in the Linux kernel. A\nprivileged user could use this flaw to crash the system or,\npotentially, further escalate their privileges on the system.\n(CVE-2013-4343, Moderate)\n\n* An off-by-one flaw was found in the way the ANSI CPRNG\nimplementation in the Linux kernel processed non-block size aligned\nrequests. This could lead to random numbers being generated with less\nbits of entropy than expected when ANSI CPRNG was used.\n(CVE-2013-4345, Moderate)\n\n* A flaw was found in the way the Linux kernel's IPv6 SCTP\nimplementation interacted with the IPsec subsystem. This resulted in\nunencrypted SCTP packets being sent over the network even though IPsec\nencryption was enabled. An attacker able to inspect these SCTP packets\ncould use this flaw to obtain potentially sensitive information.\n(CVE-2013-4350, Moderate)\n\nRed Hat would like to thank Fujitsu for reporting CVE-2013-4299 and\nStephan Mueller for reporting CVE-2013-4345. The CVE-2013-4348 issue\nwas discovered by Jason Wang of Red Hat.\n\nBug fix :\n\n* RoCE appeared to be supported in the MRG Realtime kernel even when\nthe required user space packages from the HPN channel were not\ninstalled. The Realtime kernel now checks for the HPN channel packages\nbefore exposing the RoCE interfaces. RoCE devices appear as plain\n10GigE devices if the needed HPN channel user space packages are not\ninstalled. (BZ#1012993)\n\nUsers should upgrade to these updated packages, which upgrade the\nkernel-rt kernel to version kernel-rt-3.8.13-rt14, and correct these\nissues. The system must be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0343.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-2888.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-2892.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-2893.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-2895.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-2896.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4299.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4343.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4345.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4348.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4350.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4387.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-1490.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mrg-rt-release\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\n\nif (! (rpm_exists(release:\"RHEL6\", rpm:\"mrg-release\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MRG\");\n\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-3.8.13-rt14.25.el6rt\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-3.8.13-rt14.25.el6rt\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-3.8.13-rt14.25.el6rt\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-3.8.13-rt14.25.el6rt\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-3.8.13-rt14.25.el6rt\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-3.8.13-rt14.25.el6rt\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-devel-3.8.13-rt14.25.el6rt\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"kernel-rt-doc-3.8.13-rt14.25.el6rt\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"kernel-rt-firmware-3.8.13-rt14.25.el6rt\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-3.8.13-rt14.25.el6rt\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-3.8.13-rt14.25.el6rt\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-3.8.13-rt14.25.el6rt\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-3.8.13-rt14.25.el6rt\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-debuginfo-3.8.13-rt14.25.el6rt\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-devel-3.8.13-rt14.25.el6rt\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"mrg-rt-release-3.8.13-rt14.25.el6rt\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n}\n", "title": "RHEL 6 : MRG (RHSA-2013:1490)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2016-09-26T17:23:45"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:mrg-rt-release", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo"], "cvelist": ["CVE-2013-4345", "CVE-2013-2896", "CVE-2013-2892", "CVE-2013-4387", "CVE-2013-4350", "CVE-2013-0343", "CVE-2013-2895", "CVE-2013-4348", "CVE-2013-4343", "CVE-2013-2888", "CVE-2013-4299", "CVE-2013-2893"], "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "description": "Updated kernel-rt packages that fix multiple security issues and one bug are now available for Red Hat Enterprise MRG 2.4.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel-rt packages contain the Linux kernel, the core of any Linux operating system.\n\n* A flaw was found in the way IP packets with an Internet Header Length (ihl) of zero were processed in the skb_flow_dissect() function in the Linux kernel. A remote attacker could use this flaw to trigger an infinite loop in the kernel, leading to a denial of service.\n(CVE-2013-4348, Important)\n\n* A flaw was found in the way the Linux kernel's IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload (UFO) feature was enabled. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system.\n(CVE-2013-4387, Important)\n\n* A flaw was found in the way the Linux kernel handled the creation of temporary IPv6 addresses. If the IPv6 privacy extension was enabled (/proc/sys/net/ipv6/conf/eth0/use_tempaddr set to '2'), an attacker on the local network could disable IPv6 temporary address generation, leading to a potential information disclosure. (CVE-2013-0343, Moderate)\n\n* A flaw was found in the way the Linux kernel handled HID (Human Interface Device) reports with an out-of-bounds Report ID. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system.\n(CVE-2013-2888, Moderate)\n\n* Heap-based buffer overflow flaws were found in the way the Pantherlord/GreenAsia game controller driver, the Logitech force feedback drivers, and the Logitech Unifying receivers driver handled HID reports. An attacker with physical access to the system could use these flaws to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, Moderate)\n\n* A NULL pointer dereference flaw was found in the way the N-Trig touch screen driver handled HID reports. An attacker with physical access to the system could use this flaw to crash the system, resulting in a denial of service. (CVE-2013-2896, Moderate)\n\n* An information leak flaw was found in the way the Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible. (CVE-2013-4299, Moderate)\n\n* A use-after-free flaw was found in the tun_set_iff() function in the Universal TUN/TAP device driver implementation in the Linux kernel. A privileged user could use this flaw to crash the system or, potentially, further escalate their privileges on the system.\n(CVE-2013-4343, Moderate)\n\n* An off-by-one flaw was found in the way the ANSI CPRNG implementation in the Linux kernel processed non-block size aligned requests. This could lead to random numbers being generated with less bits of entropy than expected when ANSI CPRNG was used.\n(CVE-2013-4345, Moderate)\n\n* A flaw was found in the way the Linux kernel's IPv6 SCTP implementation interacted with the IPsec subsystem. This resulted in unencrypted SCTP packets being sent over the network even though IPsec encryption was enabled. An attacker able to inspect these SCTP packets could use this flaw to obtain potentially sensitive information.\n(CVE-2013-4350, Moderate)\n\nRed Hat would like to thank Fujitsu for reporting CVE-2013-4299 and Stephan Mueller for reporting CVE-2013-4345. The CVE-2013-4348 issue was discovered by Jason Wang of Red Hat.\n\nBug fix :\n\n* RoCE appeared to be supported in the MRG Realtime kernel even when the required user space packages from the HPN channel were not installed. The Realtime kernel now checks for the HPN channel packages before exposing the RoCE interfaces. RoCE devices appear as plain 10GigE devices if the needed HPN channel user space packages are not installed. (BZ#1012993)\n\nUsers should upgrade to these updated packages, which upgrade the kernel-rt kernel to version kernel-rt-3.8.13-rt14, and correct these issues. The system must be rebooted for this update to take effect.", "edition": 6, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "016e918d4ef9e804f7a957e4b90cce206fda44eee3d185a85102eb8fd30ae5d1", "hashmap": [{"hash": "66e0517618637083a3f8de225456bddc", "key": "sourceData"}, {"hash": "d7671af6991de95548756e619955253b", "key": "published"}, {"hash": "7c03779312ffcb90b2c1d0c697a916c4", "key": "modified"}, {"hash": "cd1ed6471de58032abf24c7ce63bd4e8", "key": "title"}, {"hash": "fa49eede1e9695a00d3f6d851b1f5b3d", "key": "references"}, {"hash": "bf85ac661e90f76efc3e3b625164c738", "key": "cvss"}, {"hash": "5bd5a57d05721707af08d62acbcb240b", "key": "cvelist"}, {"hash": "d92b7de6b45584975dd6eb0454f618c6", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "3f841da43d612555d2a226f563c450e5", "key": "pluginID"}, {"hash": "30078b1944ca2181356c14a8e0a672fa", "key": "cpe"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "9b63769178f5c87ea3f7240d5295b0b1", "key": "href"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=76669", "id": "REDHAT-RHSA-2013-1490.NASL", "lastseen": "2018-09-01T23:37:46", "modified": "2018-07-26T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "76669", "published": "2014-07-22T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2013-4350.html", "https://www.redhat.com/security/data/cve/CVE-2013-4345.html", "https://www.redhat.com/security/data/cve/CVE-2013-2895.html", "https://www.redhat.com/security/data/cve/CVE-2013-4299.html", "https://www.redhat.com/security/data/cve/CVE-2013-2893.html", "https://www.redhat.com/security/data/cve/CVE-2013-2896.html", "https://www.redhat.com/security/data/cve/CVE-2013-4348.html", "https://www.redhat.com/security/data/cve/CVE-2013-4387.html", "https://www.redhat.com/security/data/cve/CVE-2013-4343.html", "http://rhn.redhat.com/errata/RHSA-2013-1490.html", "https://www.redhat.com/security/data/cve/CVE-2013-0343.html", "https://www.redhat.com/security/data/cve/CVE-2013-2892.html", "https://www.redhat.com/security/data/cve/CVE-2013-2888.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1490. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76669);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/26 18:45:28\");\n\n script_cve_id(\"CVE-2013-0343\", \"CVE-2013-2888\", \"CVE-2013-2892\", \"CVE-2013-2893\", \"CVE-2013-2895\", \"CVE-2013-2896\", \"CVE-2013-4299\", \"CVE-2013-4343\", \"CVE-2013-4345\", \"CVE-2013-4348\", \"CVE-2013-4350\", \"CVE-2013-4387\");\n script_bugtraq_id(58795, 62043, 62045, 62048, 62049, 62050, 62360, 62405, 62696, 62740, 63183);\n script_xref(name:\"RHSA\", value:\"2013:1490\");\n\n script_name(english:\"RHEL 6 : MRG (RHSA-2013:1490)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel-rt packages that fix multiple security issues and one\nbug are now available for Red Hat Enterprise MRG 2.4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way IP packets with an Internet Header\nLength (ihl) of zero were processed in the skb_flow_dissect() function\nin the Linux kernel. A remote attacker could use this flaw to trigger\nan infinite loop in the kernel, leading to a denial of service.\n(CVE-2013-4348, Important)\n\n* A flaw was found in the way the Linux kernel's IPv6 implementation\nhandled certain UDP packets when the UDP Fragmentation Offload (UFO)\nfeature was enabled. A remote attacker could use this flaw to crash\nthe system or, potentially, escalate their privileges on the system.\n(CVE-2013-4387, Important)\n\n* A flaw was found in the way the Linux kernel handled the creation of\ntemporary IPv6 addresses. If the IPv6 privacy extension was enabled\n(/proc/sys/net/ipv6/conf/eth0/use_tempaddr set to '2'), an attacker on\nthe local network could disable IPv6 temporary address generation,\nleading to a potential information disclosure. (CVE-2013-0343,\nModerate)\n\n* A flaw was found in the way the Linux kernel handled HID (Human\nInterface Device) reports with an out-of-bounds Report ID. An attacker\nwith physical access to the system could use this flaw to crash the\nsystem or, potentially, escalate their privileges on the system.\n(CVE-2013-2888, Moderate)\n\n* Heap-based buffer overflow flaws were found in the way the\nPantherlord/GreenAsia game controller driver, the Logitech force\nfeedback drivers, and the Logitech Unifying receivers driver handled\nHID reports. An attacker with physical access to the system could use\nthese flaws to crash the system or, potentially, escalate their\nprivileges on the system. (CVE-2013-2892, CVE-2013-2893,\nCVE-2013-2895, Moderate)\n\n* A NULL pointer dereference flaw was found in the way the N-Trig\ntouch screen driver handled HID reports. An attacker with physical\naccess to the system could use this flaw to crash the system,\nresulting in a denial of service. (CVE-2013-2896, Moderate)\n\n* An information leak flaw was found in the way the Linux kernel's\ndevice mapper subsystem, under certain conditions, interpreted data\nwritten to snapshot block devices. An attacker could use this flaw to\nread data from disk blocks in free space, which are normally\ninaccessible. (CVE-2013-4299, Moderate)\n\n* A use-after-free flaw was found in the tun_set_iff() function in the\nUniversal TUN/TAP device driver implementation in the Linux kernel. A\nprivileged user could use this flaw to crash the system or,\npotentially, further escalate their privileges on the system.\n(CVE-2013-4343, Moderate)\n\n* An off-by-one flaw was found in the way the ANSI CPRNG\nimplementation in the Linux kernel processed non-block size aligned\nrequests. This could lead to random numbers being generated with less\nbits of entropy than expected when ANSI CPRNG was used.\n(CVE-2013-4345, Moderate)\n\n* A flaw was found in the way the Linux kernel's IPv6 SCTP\nimplementation interacted with the IPsec subsystem. This resulted in\nunencrypted SCTP packets being sent over the network even though IPsec\nencryption was enabled. An attacker able to inspect these SCTP packets\ncould use this flaw to obtain potentially sensitive information.\n(CVE-2013-4350, Moderate)\n\nRed Hat would like to thank Fujitsu for reporting CVE-2013-4299 and\nStephan Mueller for reporting CVE-2013-4345. The CVE-2013-4348 issue\nwas discovered by Jason Wang of Red Hat.\n\nBug fix :\n\n* RoCE appeared to be supported in the MRG Realtime kernel even when\nthe required user space packages from the HPN channel were not\ninstalled. The Realtime kernel now checks for the HPN channel packages\nbefore exposing the RoCE interfaces. RoCE devices appear as plain\n10GigE devices if the needed HPN channel user space packages are not\ninstalled. (BZ#1012993)\n\nUsers should upgrade to these updated packages, which upgrade the\nkernel-rt kernel to version kernel-rt-3.8.13-rt14, and correct these\nissues. The system must be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0343.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-2888.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-2892.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-2893.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-2895.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-2896.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4299.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4343.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4345.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4348.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4350.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4387.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-1490.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mrg-rt-release\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1490\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL6\", rpm:\"mrg-release\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MRG\");\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-devel-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-rt-doc-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-rt-firmware-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-debuginfo-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-devel-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"mrg-rt-release-3.8.13-rt14.25.el6rt\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "title": "RHEL 6 : MRG (RHSA-2013:1490)", "type": "nessus", "viewCount": 3}, "differentElements": ["references", "description", "modified", "sourceData"], "edition": 6, "lastseen": "2018-09-01T23:37:46"}], "edition": 10, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "30078b1944ca2181356c14a8e0a672fa"}, {"key": "cvelist", "hash": "5bd5a57d05721707af08d62acbcb240b"}, {"key": "cvss", "hash": "bf85ac661e90f76efc3e3b625164c738"}, {"key": "description", "hash": "5b23cbcc1e9a4d178401f8d5402ea74e"}, {"key": "href", "hash": "9b63769178f5c87ea3f7240d5295b0b1"}, {"key": "modified", "hash": "3c764d4cf584f9ded7aa4dcca57c78ff"}, {"key": "naslFamily", "hash": "b46559ea68ec9a13474c3a7776817cfd"}, {"key": "pluginID", "hash": "3f841da43d612555d2a226f563c450e5"}, {"key": "published", "hash": "d7671af6991de95548756e619955253b"}, {"key": "references", "hash": "d05d4d1769641e8b73286dd7da1671aa"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "dceaa1e717922b419c7603f4e135f1fa"}, {"key": "title", "hash": "cd1ed6471de58032abf24c7ce63bd4e8"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "d4df2f03dbc8a68bead3a08387a294b4fdbf2f7aa4cdcbbc3a8dfe9661f6c936", "viewCount": 3, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}, "dependencies": {"references": [{"type": "redhat", "idList": ["RHSA-2013:1490", "RHSA-2013:1449"]}, {"type": "ubuntu", "idList": ["USN-2039-1", "USN-2022-1", "USN-2024-1", "USN-2021-1", "USN-2038-1", "USN-2019-1", "USN-1976-1", "USN-1977-1", "USN-2050-1", "USN-2041-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310841643", "OPENVAS:1361412562310841629", "OPENVAS:1361412562310841627", "OPENVAS:841627", "OPENVAS:841626", "OPENVAS:841647", "OPENVAS:1361412562310841626", "OPENVAS:841629", "OPENVAS:841643", "OPENVAS:1361412562310841647"]}, {"type": "nessus", "idList": ["UBUNTU_USN-2021-1.NASL", "UBUNTU_USN-2019-1.NASL", "UBUNTU_USN-2038-1.NASL", "UBUNTU_USN-1976-1.NASL", "UBUNTU_USN-2045-1.NASL", "UBUNTU_USN-2041-1.NASL", "UBUNTU_USN-1977-1.NASL", "ORACLELINUX_ELSA-2013-2583.NASL", "UBUNTU_USN-2049-1.NASL", "ORACLELINUX_ELSA-2014-3002.NASL"]}, {"type": "cve", "idList": ["CVE-2013-2892", "CVE-2013-2888", "CVE-2013-4387", "CVE-2013-2896", "CVE-2013-4348", "CVE-2013-4350", "CVE-2013-2895", "CVE-2013-4299", "CVE-2013-0343", "CVE-2013-4345"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:29823", "SECURITYVULNS:VULN:13400", "SECURITYVULNS:DOC:30048"]}, {"type": "f5", "idList": ["SOL15299", "F5:K74007441", "F5:K56923528"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-2583", "ELSA-2013-1449", "ELSA-2013-1449-1"]}, {"type": "seebug", "idList": ["SSV:61030"]}, {"type": "centos", "idList": ["CESA-2013:1449"]}], "modified": "2019-01-16T20:19:23"}, "vulnersScore": 7.2}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1490. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76669);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/10 11:49:53\");\n\n script_cve_id(\"CVE-2013-0343\", \"CVE-2013-2888\", \"CVE-2013-2892\", \"CVE-2013-2893\", \"CVE-2013-2895\", \"CVE-2013-2896\", \"CVE-2013-4299\", \"CVE-2013-4343\", \"CVE-2013-4345\", \"CVE-2013-4348\", \"CVE-2013-4350\", \"CVE-2013-4387\");\n script_bugtraq_id(58795, 62043, 62045, 62048, 62049, 62050, 62360, 62405, 62696, 62740, 63183);\n script_xref(name:\"RHSA\", value:\"2013:1490\");\n\n script_name(english:\"RHEL 6 : MRG (RHSA-2013:1490)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel-rt packages that fix multiple security issues and one\nbug are now available for Red Hat Enterprise MRG 2.4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way IP packets with an Internet Header\nLength (ihl) of zero were processed in the skb_flow_dissect() function\nin the Linux kernel. A remote attacker could use this flaw to trigger\nan infinite loop in the kernel, leading to a denial of service.\n(CVE-2013-4348, Important)\n\n* A flaw was found in the way the Linux kernel's IPv6 implementation\nhandled certain UDP packets when the UDP Fragmentation Offload (UFO)\nfeature was enabled. A remote attacker could use this flaw to crash\nthe system or, potentially, escalate their privileges on the system.\n(CVE-2013-4387, Important)\n\n* A flaw was found in the way the Linux kernel handled the creation of\ntemporary IPv6 addresses. If the IPv6 privacy extension was enabled\n(/proc/sys/net/ipv6/conf/eth0/use_tempaddr set to '2'), an attacker on\nthe local network could disable IPv6 temporary address generation,\nleading to a potential information disclosure. (CVE-2013-0343,\nModerate)\n\n* A flaw was found in the way the Linux kernel handled HID (Human\nInterface Device) reports with an out-of-bounds Report ID. An attacker\nwith physical access to the system could use this flaw to crash the\nsystem or, potentially, escalate their privileges on the system.\n(CVE-2013-2888, Moderate)\n\n* Heap-based buffer overflow flaws were found in the way the\nPantherlord/GreenAsia game controller driver, the Logitech force\nfeedback drivers, and the Logitech Unifying receivers driver handled\nHID reports. An attacker with physical access to the system could use\nthese flaws to crash the system or, potentially, escalate their\nprivileges on the system. (CVE-2013-2892, CVE-2013-2893,\nCVE-2013-2895, Moderate)\n\n* A NULL pointer dereference flaw was found in the way the N-Trig\ntouch screen driver handled HID reports. An attacker with physical\naccess to the system could use this flaw to crash the system,\nresulting in a denial of service. (CVE-2013-2896, Moderate)\n\n* An information leak flaw was found in the way the Linux kernel's\ndevice mapper subsystem, under certain conditions, interpreted data\nwritten to snapshot block devices. An attacker could use this flaw to\nread data from disk blocks in free space, which are normally\ninaccessible. (CVE-2013-4299, Moderate)\n\n* A use-after-free flaw was found in the tun_set_iff() function in the\nUniversal TUN/TAP device driver implementation in the Linux kernel. A\nprivileged user could use this flaw to crash the system or,\npotentially, further escalate their privileges on the system.\n(CVE-2013-4343, Moderate)\n\n* An off-by-one flaw was found in the way the ANSI CPRNG\nimplementation in the Linux kernel processed non-block size aligned\nrequests. This could lead to random numbers being generated with less\nbits of entropy than expected when ANSI CPRNG was used.\n(CVE-2013-4345, Moderate)\n\n* A flaw was found in the way the Linux kernel's IPv6 SCTP\nimplementation interacted with the IPsec subsystem. This resulted in\nunencrypted SCTP packets being sent over the network even though IPsec\nencryption was enabled. An attacker able to inspect these SCTP packets\ncould use this flaw to obtain potentially sensitive information.\n(CVE-2013-4350, Moderate)\n\nRed Hat would like to thank Fujitsu for reporting CVE-2013-4299 and\nStephan Mueller for reporting CVE-2013-4345. The CVE-2013-4348 issue\nwas discovered by Jason Wang of Red Hat.\n\nBug fix :\n\n* RoCE appeared to be supported in the MRG Realtime kernel even when\nthe required user space packages from the HPN channel were not\ninstalled. The Realtime kernel now checks for the HPN channel packages\nbefore exposing the RoCE interfaces. RoCE devices appear as plain\n10GigE devices if the needed HPN channel user space packages are not\ninstalled. (BZ#1012993)\n\nUsers should upgrade to these updated packages, which upgrade the\nkernel-rt kernel to version kernel-rt-3.8.13-rt14, and correct these\nissues. The system must be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:1490\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4387\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2892\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4350\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mrg-rt-release\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1490\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL6\", rpm:\"mrg-release\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MRG\");\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-devel-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-rt-doc-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-rt-firmware-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-debuginfo-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-devel-3.8.13-rt14.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"mrg-rt-release-3.8.13-rt14.25.el6rt\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "naslFamily": "Red Hat Local Security Checks", "pluginID": "76669", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:mrg-rt-release", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo"]}
{"redhat": [{"lastseen": "2018-12-11T19:41:16", "bulletinFamily": "unix", "description": "The kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way IP packets with an Internet Header Length\n(ihl) of zero were processed in the skb_flow_dissect() function in the\nLinux kernel. A remote attacker could use this flaw to trigger an infinite\nloop in the kernel, leading to a denial of service. (CVE-2013-4348,\nImportant)\n\n* A flaw was found in the way the Linux kernel's IPv6 implementation\nhandled certain UDP packets when the UDP Fragmentation Offload (UFO)\nfeature was enabled. A remote attacker could use this flaw to crash the\nsystem or, potentially, escalate their privileges on the system.\n(CVE-2013-4387, Important)\n\n* A flaw was found in the way the Linux kernel handled the creation of\ntemporary IPv6 addresses. If the IPv6 privacy extension was enabled\n(/proc/sys/net/ipv6/conf/eth0/use_tempaddr set to '2'), an attacker on\nthe local network could disable IPv6 temporary address generation, leading\nto a potential information disclosure. (CVE-2013-0343, Moderate)\n\n* A flaw was found in the way the Linux kernel handled HID (Human Interface\nDevice) reports with an out-of-bounds Report ID. An attacker with physical\naccess to the system could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2013-2888,\nModerate)\n\n* Heap-based buffer overflow flaws were found in the way the\nPantherlord/GreenAsia game controller driver, the Logitech force feedback\ndrivers, and the Logitech Unifying receivers driver handled HID reports.\nAn attacker with physical access to the system could use these flaws to\ncrash the system or, potentially, escalate their privileges on the system.\n(CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, Moderate)\n\n* A NULL pointer dereference flaw was found in the way the N-Trig touch\nscreen driver handled HID reports. An attacker with physical access to the\nsystem could use this flaw to crash the system, resulting in a denial of\nservice. (CVE-2013-2896, Moderate)\n\n* An information leak flaw was found in the way the Linux kernel's device\nmapper subsystem, under certain conditions, interpreted data written to\nsnapshot block devices. An attacker could use this flaw to read data from\ndisk blocks in free space, which are normally inaccessible. (CVE-2013-4299,\nModerate)\n\n* A use-after-free flaw was found in the tun_set_iff() function in the\nUniversal TUN/TAP device driver implementation in the Linux kernel.\nA privileged user could use this flaw to crash the system or, potentially,\nfurther escalate their privileges on the system. (CVE-2013-4343, Moderate)\n\n* An off-by-one flaw was found in the way the ANSI CPRNG implementation in\nthe Linux kernel processed non-block size aligned requests. This could lead\nto random numbers being generated with less bits of entropy than expected\nwhen ANSI CPRNG was used. (CVE-2013-4345, Moderate)\n\n* A flaw was found in the way the Linux kernel's IPv6 SCTP implementation\ninteracted with the IPsec subsystem. This resulted in unencrypted SCTP\npackets being sent over the network even though IPsec encryption was\nenabled. An attacker able to inspect these SCTP packets could use this flaw\nto obtain potentially sensitive information. (CVE-2013-4350, Moderate)\n\nRed Hat would like to thank Fujitsu for reporting CVE-2013-4299 and Stephan\nMueller for reporting CVE-2013-4345. The CVE-2013-4348 issue was discovered\nby Jason Wang of Red Hat.\n\nBug fix:\n\n* RoCE appeared to be supported in the MRG Realtime kernel even when the\nrequired user space packages from the HPN channel were not installed.\nThe Realtime kernel now checks for the HPN channel packages before exposing\nthe RoCE interfaces. RoCE devices appear as plain 10GigE devices if the\nneeded HPN channel user space packages are not installed. (BZ#1012993)\n\nUsers should upgrade to these updated packages, which upgrade the kernel-rt\nkernel to version kernel-rt-3.8.13-rt14, and correct these issues.\nThe system must be rebooted for this update to take effect.\n", "modified": "2018-06-07T08:58:25", "published": "2013-10-31T04:00:00", "id": "RHSA-2013:1490", "href": "https://access.redhat.com/errata/RHSA-2013:1490", "type": "redhat", "title": "(RHSA-2013:1490) Important: kernel-rt security and bug fix update", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:41:45", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel handled the creation of\ntemporary IPv6 addresses. If the IPv6 privacy extension was enabled\n(/proc/sys/net/ipv6/conf/eth0/use_tempaddr is set to '2'), an attacker on\nthe local network could disable IPv6 temporary address generation, leading\nto a potential information disclosure. (CVE-2013-0343, Moderate)\n\n* An information leak flaw was found in the way Linux kernel's device\nmapper subsystem, under certain conditions, interpreted data written to\nsnapshot block devices. An attacker could use this flaw to read data from\ndisk blocks in free space, which are normally inaccessible. (CVE-2013-4299,\nModerate)\n\n* An off-by-one flaw was found in the way the ANSI CPRNG implementation in\nthe Linux kernel processed non-block size aligned requests. This could lead\nto random numbers being generated with less bits of entropy than expected\nwhen ANSI CPRNG was used. (CVE-2013-4345, Moderate)\n\n* An information leak flaw was found in the way Xen hypervisor emulated the\nOUTS instruction for 64-bit paravirtualized guests. A privileged guest user\ncould use this flaw to leak hypervisor stack memory to the guest.\n(CVE-2013-4368, Moderate)\n\nRed Hat would like to thank Fujitsu for reporting CVE-2013-4299, Stephan\nMueller for reporting CVE-2013-4345, and the Xen project for reporting\nCVE-2013-4368.\n\nThis update also fixes the following bug:\n\n* A bug in the GFS2 code prevented glock work queues from freeing\nglock-related memory while the glock memory shrinker repeatedly queued a\nlarge number of demote requests, for example when performing a simultaneous\nbackup of several live GFS2 volumes with a large file count. As a\nconsequence, the glock work queues became overloaded which resulted in a\nhigh CPU usage and the GFS2 file systems being unresponsive for a\nsignificant amount of time. A patch has been applied to alleviate this\nproblem by calling the yield() function after scheduling a certain amount\nof tasks on the glock work queues. The problem can now occur only with\nextremely high work loads. (BZ#1014714)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n", "modified": "2017-09-08T11:49:13", "published": "2013-10-22T04:00:00", "id": "RHSA-2013:1449", "href": "https://access.redhat.com/errata/RHSA-2013:1449", "type": "redhat", "title": "(RHSA-2013:1449) Moderate: kernel security and bug fix update", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:10:10", "bulletinFamily": "unix", "description": "An information leak was discovered in the handling of ICMPv6 Router Advertisement (RA) messages in the Linux kernel\u2019s IPv6 network stack. A remote attacker could exploit this flaw to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information. (CVE-2013-0343)\n\nA flaw was discovered in the Xen subsystem of the Linux kernel when it provides read-only access to a disk that supports TRIM or SCSI UNMAP to a guest OS. A privileged user in the guest OS could exploit this flaw to destroy data on the disk, even though the guest OS should not be able to write to the disk. (CVE-2013-2140)\n\nKees Cook discovered flaw in the Human Interface Device (HID) subsystem of the Linux kernel. A physically proximate attacker could exploit this flaw to execute arbitrary code or cause a denial of service (heap memory corruption) via a specially crafted device that provides an invalid Report ID. (CVE-2013-2888)\n\nKees Cook discovered flaw in the Human Interface Device (HID) subsystem when CONFIG_HID_ZEROPLUS is enabled. A physically proximate attacker could leverage this flaw to cause a denial of service via a specially crafted device. (CVE-2013-2889)\n\nKees Cook discovered a flaw in the Human Interface Device (HID) subsystem of the Linux kerenl when CONFIG_HID_PANTHERLORD is enabled. A physically proximate attacker could cause a denial of service (heap out-of-bounds write) via a specially crafted device. (CVE-2013-2892)\n\nKees Cook discovered another flaw in the Human Interface Device (HID) subsystem of the Linux kernel when any of CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF are enabled. A physcially proximate attacker can leverage this flaw to cause a denial of service vias a specially crafted device. (CVE-2013-2893)\n\nKees Cook discovered another flaw in the Human Interface Device (HID) subsystem of the Linux kernel when CONFIG_HID_LOGITECH_DJ is enabled. A physically proximate attacker could cause a denial of service (OOPS) or obtain sensitive information from kernel memory via a specially crafted device. (CVE-2013-2895)\n\nKees Cook discovered a vulnerability in the Linux Kernel\u2019s Human Interface Device (HID) subsystem\u2019s support for N-Trig touch screens. A physically proximate attacker could exploit this flaw to cause a denial of service (OOPS) via a specially crafted device. (CVE-2013-2896)\n\nKees Cook discovered yet another flaw in the Human Interface Device (HID) subsystem of the Linux kernel when CONFIG_HID_MULTITOUCH is enabled. A physically proximate attacker could leverage this flaw to cause a denial of service (OOPS) via a specially crafted device. (CVE-2013-2897)\n\nKees Cook discovered a flaw in the Human Interface Device (HID) subsystem of the Linux kernel whe CONFIG_HID_PICOLCD is enabled. A physically proximate attacker could exploit this flaw to cause a denial of service (OOPS) via a specially crafted device. (CVE-2013-2899)\n\nAlan Chester reported a flaw in the IPv6 Stream Control Transmission Protocol (SCTP) of the Linux kernel. A remote attacker could exploit this flaw to obtain sensitive information by sniffing network traffic. (CVE-2013-4350)\n\nDmitry Vyukov reported a flaw in the Linux kernel\u2019s handling of IPv6 UDP Fragmentation Offload (UFO) processing. A remote attacker could leverage this flaw to cause a denial of service (system crash). (CVE-2013-4387)", "modified": "2013-12-03T00:00:00", "published": "2013-12-03T00:00:00", "id": "USN-2039-1", "href": "https://usn.ubuntu.com/2039-1/", "title": "Linux kernel (OMAP4) vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:09:57", "bulletinFamily": "unix", "description": "An information leak was discovered in the handling of ICMPv6 Router Advertisement (RA) messages in the Linux kernel\u2019s IPv6 network stack. A remote attacker could exploit this flaw to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information. (CVE-2013-0343)\n\nKees Cook discovered flaw in the Human Interface Device (HID) subsystem of the Linux kernel. A physically proximate attacker could exploit this flaw to execute arbitrary code or cause a denial of service (heap memory corruption) via a specially crafted device that provides an invalid Report ID. (CVE-2013-2888)\n\nKees Cook discovered flaw in the Human Interface Device (HID) subsystem when CONFIG_HID_ZEROPLUS is enabled. A physically proximate attacker could leverage this flaw to cause a denial of service via a specially crafted device. (CVE-2013-2889)\n\nKees Cook discovered a flaw in the Human Interface Device (HID) subsystem of the Linux kerenl when CONFIG_HID_PANTHERLORD is enabled. A physically proximate attacker could cause a denial of service (heap out-of-bounds write) via a specially crafted device. (CVE-2013-2892)\n\nKees Cook discovered another flaw in the Human Interface Device (HID) subsystem of the Linux kernel when any of CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF are enabled. A physcially proximate attacker can leverage this flaw to cause a denial of service vias a specially crafted device. (CVE-2013-2893)\n\nKees Cook discovered another flaw in the Human Interface Device (HID) subsystem of the Linux kernel when CONFIG_HID_LOGITECH_DJ is enabled. A physically proximate attacker could cause a denial of service (OOPS) or obtain sensitive information from kernel memory via a specially crafted device. (CVE-2013-2895)\n\nKees Cook discovered a vulnerability in the Linux Kernel\u2019s Human Interface Device (HID) subsystem\u2019s support for N-Trig touch screens. A physically proximate attacker could exploit this flaw to cause a denial of service (OOPS) via a specially crafted device. (CVE-2013-2896)\n\nKees Cook discovered yet another flaw in the Human Interface Device (HID) subsystem of the Linux kernel when CONFIG_HID_MULTITOUCH is enabled. A physically proximate attacker could leverage this flaw to cause a denial of service (OOPS) via a specially crafted device. (CVE-2013-2897)\n\nKees Cook discovered a flaw in the Human Interface Device (HID) subsystem of the Linux kernel whe CONFIG_HID_PICOLCD is enabled. A physically proximate attacker could exploit this flaw to cause a denial of service (OOPS) via a specially crafted device. (CVE-2013-2899)\n\nAlan Chester reported a flaw in the IPv6 Stream Control Transmission Protocol (SCTP) of the Linux kernel. A remote attacker could exploit this flaw to obtain sensitive information by sniffing network traffic. (CVE-2013-4350)\n\nDmitry Vyukov reported a flaw in the Linux kernel\u2019s handling of IPv6 UDP Fragmentation Offload (UFO) processing. A remote attacker could leverage this flaw to cause a denial of service (system crash). (CVE-2013-4387)", "modified": "2013-11-08T00:00:00", "published": "2013-11-08T00:00:00", "id": "USN-2022-1", "href": "https://usn.ubuntu.com/2022-1/", "title": "Linux kernel (OMAP4) vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:09:54", "bulletinFamily": "unix", "description": "An information leak was discovered in the handling of ICMPv6 Router Advertisement (RA) messages in the Linux kernel\u2019s IPv6 network stack. A remote attacker could exploit this flaw to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information. (CVE-2013-0343)\n\nKees Cook discovered flaw in the Human Interface Device (HID) subsystem of the Linux kernel. A physically proximate attacker could exploit this flaw to execute arbitrary code or cause a denial of service (heap memory corruption) via a specially crafted device that provides an invalid Report ID. (CVE-2013-2888)\n\nKees Cook discovered flaw in the Human Interface Device (HID) subsystem when CONFIG_HID_ZEROPLUS is enabled. A physically proximate attacker could leverage this flaw to cause a denial of service via a specially crafted device. (CVE-2013-2889)\n\nKees Cook discovered a flaw in the Human Interface Device (HID) subsystem of the Linux kerenl when CONFIG_HID_PANTHERLORD is enabled. A physically proximate attacker could cause a denial of service (heap out-of-bounds write) via a specially crafted device. (CVE-2013-2892)\n\nKees Cook discovered another flaw in the Human Interface Device (HID) subsystem of the Linux kernel when any of CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF are enabled. A physcially proximate attacker can leverage this flaw to cause a denial of service vias a specially crafted device. (CVE-2013-2893)\n\nKees Cook discovered another flaw in the Human Interface Device (HID) subsystem of the Linux kernel when CONFIG_HID_LOGITECH_DJ is enabled. A physically proximate attacker could cause a denial of service (OOPS) or obtain sensitive information from kernel memory via a specially crafted device. (CVE-2013-2895)\n\nKees Cook discovered a vulnerability in the Linux Kernel\u2019s Human Interface Device (HID) subsystem\u2019s support for N-Trig touch screens. A physically proximate attacker could exploit this flaw to cause a denial of service (OOPS) via a specially crafted device. (CVE-2013-2896)\n\nKees Cook discovered yet another flaw in the Human Interface Device (HID) subsystem of the Linux kernel when CONFIG_HID_MULTITOUCH is enabled. A physically proximate attacker could leverage this flaw to cause a denial of service (OOPS) via a specially crafted device. (CVE-2013-2897)\n\nKees Cook discovered a flaw in the Human Interface Device (HID) subsystem of the Linux kernel whe CONFIG_HID_PICOLCD is enabled. A physically proximate attacker could exploit this flaw to cause a denial of service (OOPS) via a specially crafted device. (CVE-2013-2899)\n\nAlan Chester reported a flaw in the IPv6 Stream Control Transmission Protocol (SCTP) of the Linux kernel. A remote attacker could exploit this flaw to obtain sensitive information by sniffing network traffic. (CVE-2013-4350)\n\nDmitry Vyukov reported a flaw in the Linux kernel\u2019s handling of IPv6 UDP Fragmentation Offload (UFO) processing. A remote attacker could leverage this flaw to cause a denial of service (system crash). (CVE-2013-4387)", "modified": "2013-11-08T00:00:00", "published": "2013-11-08T00:00:00", "id": "USN-2024-1", "href": "https://usn.ubuntu.com/2024-1/", "title": "Linux kernel (OMAP4) vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:08:35", "bulletinFamily": "unix", "description": "An information leak was discovered in the handling of ICMPv6 Router Advertisement (RA) messages in the Linux kernel\u2019s IPv6 network stack. A remote attacker could exploit this flaw to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information. (CVE-2013-0343)\n\nKees Cook discovered flaw in the Human Interface Device (HID) subsystem of the Linux kernel. A physically proximate attacker could exploit this flaw to execute arbitrary code or cause a denial of service (heap memory corruption) via a specially crafted device that provides an invalid Report ID. (CVE-2013-2888)\n\nKees Cook discovered flaw in the Human Interface Device (HID) subsystem when CONFIG_HID_ZEROPLUS is enabled. A physically proximate attacker could leverage this flaw to cause a denial of service via a specially crafted device. (CVE-2013-2889)\n\nKees Cook discovered a flaw in the Human Interface Device (HID) subsystem of the Linux kerenl when CONFIG_HID_PANTHERLORD is enabled. A physically proximate attacker could cause a denial of service (heap out-of-bounds write) via a specially crafted device. (CVE-2013-2892)\n\nKees Cook discovered another flaw in the Human Interface Device (HID) subsystem of the Linux kernel when any of CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF are enabled. A physcially proximate attacker can leverage this flaw to cause a denial of service vias a specially crafted device. (CVE-2013-2893)\n\nKees Cook discovered another flaw in the Human Interface Device (HID) subsystem of the Linux kernel when CONFIG_HID_LOGITECH_DJ is enabled. A physically proximate attacker could cause a denial of service (OOPS) or obtain sensitive information from kernel memory via a specially crafted device. (CVE-2013-2895)\n\nKees Cook discovered a vulnerability in the Linux Kernel\u2019s Human Interface Device (HID) subsystem\u2019s support for N-Trig touch screens. A physically proximate attacker could exploit this flaw to cause a denial of service (OOPS) via a specially crafted device. (CVE-2013-2896)\n\nKees Cook discovered yet another flaw in the Human Interface Device (HID) subsystem of the Linux kernel when CONFIG_HID_MULTITOUCH is enabled. A physically proximate attacker could leverage this flaw to cause a denial of service (OOPS) via a specially crafted device. (CVE-2013-2897)\n\nKees Cook discovered a flaw in the Human Interface Device (HID) subsystem of the Linux kernel whe CONFIG_HID_PICOLCD is enabled. A physically proximate attacker could exploit this flaw to cause a denial of service (OOPS) via a specially crafted device. (CVE-2013-2899)\n\nAlan Chester reported a flaw in the IPv6 Stream Control Transmission Protocol (SCTP) of the Linux kernel. A remote attacker could exploit this flaw to obtain sensitive information by sniffing network traffic. (CVE-2013-4350)\n\nDmitry Vyukov reported a flaw in the Linux kernel\u2019s handling of IPv6 UDP Fragmentation Offload (UFO) processing. A remote attacker could leverage this flaw to cause a denial of service (system crash). (CVE-2013-4387)", "modified": "2013-11-08T00:00:00", "published": "2013-11-08T00:00:00", "id": "USN-2019-1", "href": "https://usn.ubuntu.com/2019-1/", "title": "Linux kernel (Quantal HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:09:31", "bulletinFamily": "unix", "description": "An information leak was discovered in the handling of ICMPv6 Router Advertisement (RA) messages in the Linux kernel\u2019s IPv6 network stack. A remote attacker could exploit this flaw to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information. (CVE-2013-0343)\n\nA flaw was discovered in the Xen subsystem of the Linux kernel when it provides read-only access to a disk that supports TRIM or SCSI UNMAP to a guest OS. A privileged user in the guest OS could exploit this flaw to destroy data on the disk, even though the guest OS should not be able to write to the disk. (CVE-2013-2140)\n\nKees Cook discovered flaw in the Human Interface Device (HID) subsystem of the Linux kernel. A physically proximate attacker could exploit this flaw to execute arbitrary code or cause a denial of service (heap memory corruption) via a specially crafted device that provides an invalid Report ID. (CVE-2013-2888)\n\nKees Cook discovered flaw in the Human Interface Device (HID) subsystem when CONFIG_HID_ZEROPLUS is enabled. A physically proximate attacker could leverage this flaw to cause a denial of service via a specially crafted device. (CVE-2013-2889)\n\nKees Cook discovered a flaw in the Human Interface Device (HID) subsystem of the Linux kerenl when CONFIG_HID_PANTHERLORD is enabled. A physically proximate attacker could cause a denial of service (heap out-of-bounds write) via a specially crafted device. (CVE-2013-2892)\n\nKees Cook discovered another flaw in the Human Interface Device (HID) subsystem of the Linux kernel when any of CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF are enabled. A physcially proximate attacker can leverage this flaw to cause a denial of service vias a specially crafted device. (CVE-2013-2893)\n\nKees Cook discovered another flaw in the Human Interface Device (HID) subsystem of the Linux kernel when CONFIG_HID_LOGITECH_DJ is enabled. A physically proximate attacker could cause a denial of service (OOPS) or obtain sensitive information from kernel memory via a specially crafted device. (CVE-2013-2895)\n\nKees Cook discovered a vulnerability in the Linux Kernel\u2019s Human Interface Device (HID) subsystem\u2019s support for N-Trig touch screens. A physically proximate attacker could exploit this flaw to cause a denial of service (OOPS) via a specially crafted device. (CVE-2013-2896)\n\nKees Cook discovered yet another flaw in the Human Interface Device (HID) subsystem of the Linux kernel when CONFIG_HID_MULTITOUCH is enabled. A physically proximate attacker could leverage this flaw to cause a denial of service (OOPS) via a specially crafted device. (CVE-2013-2897)\n\nKees Cook discovered a flaw in the Human Interface Device (HID) subsystem of the Linux kernel whe CONFIG_HID_PICOLCD is enabled. A physically proximate attacker could exploit this flaw to cause a denial of service (OOPS) via a specially crafted device. (CVE-2013-2899)\n\nAlan Chester reported a flaw in the IPv6 Stream Control Transmission Protocol (SCTP) of the Linux kernel. A remote attacker could exploit this flaw to obtain sensitive information by sniffing network traffic. (CVE-2013-4350)\n\nDmitry Vyukov reported a flaw in the Linux kernel\u2019s handling of IPv6 UDP Fragmentation Offload (UFO) processing. A remote attacker could leverage this flaw to cause a denial of service (system crash). (CVE-2013-4387)", "modified": "2013-12-03T00:00:00", "published": "2013-12-03T00:00:00", "id": "USN-2038-1", "href": "https://usn.ubuntu.com/2038-1/", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:09:29", "bulletinFamily": "unix", "description": "An information leak was discovered in the handling of ICMPv6 Router Advertisement (RA) messages in the Linux kernel\u2019s IPv6 network stack. A remote attacker could exploit this flaw to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information. (CVE-2013-0343)\n\nKees Cook discovered flaw in the Human Interface Device (HID) subsystem of the Linux kernel. A physically proximate attacker could exploit this flaw to execute arbitrary code or cause a denial of service (heap memory corruption) via a specially crafted device that provides an invalid Report ID. (CVE-2013-2888)\n\nKees Cook discovered flaw in the Human Interface Device (HID) subsystem when CONFIG_HID_ZEROPLUS is enabled. A physically proximate attacker could leverage this flaw to cause a denial of service via a specially crafted device. (CVE-2013-2889)\n\nKees Cook discovered a flaw in the Human Interface Device (HID) subsystem of the Linux kerenl when CONFIG_HID_PANTHERLORD is enabled. A physically proximate attacker could cause a denial of service (heap out-of-bounds write) via a specially crafted device. (CVE-2013-2892)\n\nKees Cook discovered another flaw in the Human Interface Device (HID) subsystem of the Linux kernel when any of CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF are enabled. A physcially proximate attacker can leverage this flaw to cause a denial of service vias a specially crafted device. (CVE-2013-2893)\n\nKees Cook discovered another flaw in the Human Interface Device (HID) subsystem of the Linux kernel when CONFIG_HID_LOGITECH_DJ is enabled. A physically proximate attacker could cause a denial of service (OOPS) or obtain sensitive information from kernel memory via a specially crafted device. (CVE-2013-2895)\n\nKees Cook discovered a vulnerability in the Linux Kernel\u2019s Human Interface Device (HID) subsystem\u2019s support for N-Trig touch screens. A physically proximate attacker could exploit this flaw to cause a denial of service (OOPS) via a specially crafted device. (CVE-2013-2896)\n\nKees Cook discovered yet another flaw in the Human Interface Device (HID) subsystem of the Linux kernel when CONFIG_HID_MULTITOUCH is enabled. A physically proximate attacker could leverage this flaw to cause a denial of service (OOPS) via a specially crafted device. (CVE-2013-2897)\n\nKees Cook discovered a flaw in the Human Interface Device (HID) subsystem of the Linux kernel whe CONFIG_HID_PICOLCD is enabled. A physically proximate attacker could exploit this flaw to cause a denial of service (OOPS) via a specially crafted device. (CVE-2013-2899)\n\nAlan Chester reported a flaw in the IPv6 Stream Control Transmission Protocol (SCTP) of the Linux kernel. A remote attacker could exploit this flaw to obtain sensitive information by sniffing network traffic. (CVE-2013-4350)\n\nDmitry Vyukov reported a flaw in the Linux kernel\u2019s handling of IPv6 UDP Fragmentation Offload (UFO) processing. A remote attacker could leverage this flaw to cause a denial of service (system crash). (CVE-2013-4387)", "modified": "2013-11-08T00:00:00", "published": "2013-11-08T00:00:00", "id": "USN-2021-1", "href": "https://usn.ubuntu.com/2021-1/", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:08:57", "bulletinFamily": "unix", "description": "An information leak was discovered in the handling of ICMPv6 Router Advertisement (RA) messages in the Linux kernel\u2019s IPv6 network stack. A remote attacker could exploit this flaw to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information. (CVE-2013-0343)\n\nKees Cook discovered flaw in the Human Interface Device (HID) subsystem of the Linux kernel. A physically proximate attacker could exploit this flaw to execute arbitrary code or cause a denial of service (heap memory corruption) via a specially crafted device that provides an invalid Report ID. (CVE-2013-2888)\n\nKees Cook discovered a flaw in the Human Interface Device (HID) subsystem of the Linux kerenl when CONFIG_HID_PANTHERLORD is enabled. A physically proximate attacker could cause a denial of service (heap out-of-bounds write) via a specially crafted device. (CVE-2013-2892)", "modified": "2013-09-30T00:00:00", "published": "2013-09-30T00:00:00", "id": "USN-1976-1", "href": "https://usn.ubuntu.com/1976-1/", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:09:33", "bulletinFamily": "unix", "description": "An information leak was discovered in the handling of ICMPv6 Router Advertisement (RA) messages in the Linux kernel\u2019s IPv6 network stack. A remote attacker could exploit this flaw to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information. (CVE-2013-0343)\n\nKees Cook discovered flaw in the Human Interface Device (HID) subsystem of the Linux kernel. A physically proximate attacker could exploit this flaw to execute arbitrary code or cause a denial of service (heap memory corruption) via a specially crafted device that provides an invalid Report ID. (CVE-2013-2888)\n\nKees Cook discovered a flaw in the Human Interface Device (HID) subsystem of the Linux kerenl when CONFIG_HID_PANTHERLORD is enabled. A physically proximate attacker could cause a denial of service (heap out-of-bounds write) via a specially crafted device. (CVE-2013-2892)", "modified": "2013-09-30T00:00:00", "published": "2013-09-30T00:00:00", "id": "USN-1977-1", "href": "https://usn.ubuntu.com/1977-1/", "title": "Linux kernel (EC2) vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:09:26", "bulletinFamily": "unix", "description": "An information leak was discovered in the handling of ICMPv6 Router Advertisement (RA) messages in the Linux kernel\u2019s IPv6 network stack. A remote attacker could exploit this flaw to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information. (CVE-2013-0343)\n\nDan Carpenter discovered an information leak in the HP Smart Array and Compaq SMART2 disk-array driver in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2147)\n\nKees Cook discovered flaw in the Human Interface Device (HID) subsystem of the Linux kernel. A physically proximate attacker could exploit this flaw to execute arbitrary code or cause a denial of service (heap memory corruption) via a specially crafted device that provides an invalid Report ID. (CVE-2013-2888)\n\nKees Cook discovered flaw in the Human Interface Device (HID) subsystem when CONFIG_HID_ZEROPLUS is enabled. A physically proximate attacker could leverage this flaw to cause a denial of service via a specially crafted device. (CVE-2013-2889)\n\nKees Cook discovered a flaw in the Human Interface Device (HID) subsystem of the Linux kerenl when CONFIG_HID_PANTHERLORD is enabled. A physically proximate attacker could cause a denial of service (heap out-of-bounds write) via a specially crafted device. (CVE-2013-2892)\n\nKees Cook discovered another flaw in the Human Interface Device (HID) subsystem of the Linux kernel when any of CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF are enabled. A physcially proximate attacker can leverage this flaw to cause a denial of service vias a specially crafted device. (CVE-2013-2893)\n\nKees Cook discovered another flaw in the Human Interface Device (HID) subsystem of the Linux kernel when CONFIG_HID_LOGITECH_DJ is enabled. A physically proximate attacker could cause a denial of service (OOPS) or obtain sensitive information from kernel memory via a specially crafted device. (CVE-2013-2895)\n\nKees Cook discovered a vulnerability in the Linux Kernel\u2019s Human Interface Device (HID) subsystem\u2019s support for N-Trig touch screens. A physically proximate attacker could exploit this flaw to cause a denial of service (OOPS) via a specially crafted device. (CVE-2013-2896)\n\nKees Cook discovered yet another flaw in the Human Interface Device (HID) subsystem of the Linux kernel when CONFIG_HID_MULTITOUCH is enabled. A physically proximate attacker could leverage this flaw to cause a denial of service (OOPS) via a specially crafted device. (CVE-2013-2897)\n\nKees Cook discovered a flaw in the Human Interface Device (HID) subsystem of the Linux kernel whe CONFIG_HID_PICOLCD is enabled. A physically proximate attacker could exploit this flaw to cause a denial of service (OOPS) via a specially crafted device. (CVE-2013-2899)\n\nA flaw was discovered in the Linux kernel\u2019s dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. (CVE-2013-4299)\n\nAlan Chester reported a flaw in the IPv6 Stream Control Transmission Protocol (SCTP) of the Linux kernel. A remote attacker could exploit this flaw to obtain sensitive information by sniffing network traffic. (CVE-2013-4350)\n\nDmitry Vyukov reported a flaw in the Linux kernel\u2019s handling of IPv6 UDP Fragmentation Offload (UFO) processing. A remote attacker could leverage this flaw to cause a denial of service (system crash). (CVE-2013-4387)\n\nHannes Frederic Sowa discovered a flaw in the Linux kernel\u2019s UDP Fragmentation Offload (UFO). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2013-4470)\n\nAn information leak was discovered in the Linux kernel\u2019s SIOCWANDEV ioctl call. A local user with the CAP_NET_ADMIN capability could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-1444)\n\nAn information leak was discovered in the wanxl ioctl function the Linux kernel. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-1445)", "modified": "2013-12-07T00:00:00", "published": "2013-12-07T00:00:00", "id": "USN-2050-1", "href": "https://usn.ubuntu.com/2050-1/", "title": "Linux kernel (OMAP4) vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:09:58", "bulletinFamily": "unix", "description": "A flaw was discovered in the Linux kernel\u2019s dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. (CVE-2013-4299)\n\nAlan Chester reported a flaw in the IPv6 Stream Control Transmission Protocol (SCTP) of the Linux kernel. A remote attacker could exploit this flaw to obtain sensitive information by sniffing network traffic. (CVE-2013-4350)\n\nDmitry Vyukov reported a flaw in the Linux kernel\u2019s handling of IPv6 UDP Fragmentation Offload (UFO) processing. A remote attacker could leverage this flaw to cause a denial of service (system crash). (CVE-2013-4387)\n\nA flaw was discovered in the Linux kernel\u2019s fib6 error-code encoding for IPv6. A local user with the CAT_NET_ADMIN capability could exploit this flaw to cause a denial of service (system crash). (CVE-2013-6431)", "modified": "2013-12-03T00:00:00", "published": "2013-12-03T00:00:00", "id": "USN-2041-1", "href": "https://usn.ubuntu.com/2041-1/", "title": "Linux kernel (Raring HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.1, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-12-04T11:22:24", "bulletinFamily": "scanner", "description": "Check for the Version of linux-ti-omap4", "modified": "2017-12-01T00:00:00", "published": "2013-11-18T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=841627", "id": "OPENVAS:841627", "title": "Ubuntu Update for linux-ti-omap4 USN-2022-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2022_1.nasl 7958 2017-12-01 06:47:47Z santu $\n#\n# Ubuntu Update for linux-ti-omap4 USN-2022-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841627);\n script_version(\"$Revision: 7958 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:47:47 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-18 16:26:00 +0530 (Mon, 18 Nov 2013)\");\n script_cve_id(\"CVE-2013-0343\", \"CVE-2013-2888\", \"CVE-2013-2889\", \"CVE-2013-2892\",\n \"CVE-2013-2893\", \"CVE-2013-2895\", \"CVE-2013-2896\", \"CVE-2013-2897\",\n \"CVE-2013-2899\", \"CVE-2013-4350\", \"CVE-2013-4387\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-2022-1\");\n\n tag_insight = \"An information leak was discovered in the handling of ICMPv6\nRouter Advertisement (RA) messages in the Linux kernel's IPv6 network stack. A\nremote attacker could exploit this flaw to cause a denial of service\n(excessive retries and address-generation outage), and consequently obtain\nsensitive information. (CVE-2013-0343)\n\nKees Cook discovered flaw in the Human Interface Device (HID) subsystem of\nthe Linux kernel. A physically proximate attacker could exploit this flaw\nto execute arbitrary code or cause a denial of service (heap memory\ncorruption) via a specially crafted device that provides an invalid Report\nID. (CVE-2013-2888)\n\nKees Cook discovered flaw in the Human Interface Device (HID) subsystem\nwhen CONFIG_HID_ZEROPLUS is enabled. A physically proximate attacker could\nleverage this flaw to cause a denial of service via a specially crafted\ndevice. (CVE-2013-2889)\n\nKees Cook discovered a flaw in the Human Interface Device (HID) subsystem\nof the Linux kerenl when CONFIG_HID_PANTHERLORD is enabled. A physically\nproximate attacker could cause a denial of service (heap out-of-bounds\nwrite) via a specially crafted device. (CVE-2013-2892)\n\nKees Cook discovered another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when any of CONFIG_LOGITECH_FF,\nCONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF are enabled. A physcially\nproximate attacker can leverage this flaw to cause a denial of service vias\na specially crafted device. (CVE-2013-2893)\n\nKees Cook discovered another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when CONFIG_HID_LOGITECH_DJ is enabled. A\nphysically proximate attacker could cause a denial of service (OOPS) or\nobtain sensitive information from kernel memory via a specially crafted\ndevice. (CVE-2013-2895)\n\nKees Cook discovered a vulnerability in the Linux Kernel's Human Interface\nDevice (HID) subsystem's support for N-Trig touch screens. A physically\nproximate attacker could exploit this flaw to cause a denial of service\n(OOPS) via a specially crafted device. (CVE-2013-2896)\n\nKees Cook discovered yet another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when CONFIG_HID_MULTITOUCH is enabled. A\nphysically proximate attacker could leverage this flaw to cause a denial of\nservice (OOPS) via a specially crafted device. (CVE-2013-2897)\n\nKees Cook discovered a flaw in the Human Interface Device (HID) subsystem\nof the Linux kernel whe CONFIG_HID_PICOLCD is enabled. A physically\nproximate attacker could exploit this flaw to cause a denial of service\n(OOPS) via a specially crafted device. (CVE-2013-2899)\n\nAlan Chester ...\n\n Description truncated, for more information please check the Reference URL\";\n\n tag_affected = \"linux-ti-omap4 on Ubuntu 12.10\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"2022-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-2022-1/\");\n script_summary(\"Check for the Version of linux-ti-omap4\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-235-omap4\", ver:\"3.5.0-235.51\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T13:04:10", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2013-11-18T00:00:00", "id": "OPENVAS:1361412562310841627", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841627", "title": "Ubuntu Update for linux-ti-omap4 USN-2022-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2022_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# Ubuntu Update for linux-ti-omap4 USN-2022-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841627\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-18 16:26:00 +0530 (Mon, 18 Nov 2013)\");\n script_cve_id(\"CVE-2013-0343\", \"CVE-2013-2888\", \"CVE-2013-2889\", \"CVE-2013-2892\",\n \"CVE-2013-2893\", \"CVE-2013-2895\", \"CVE-2013-2896\", \"CVE-2013-2897\",\n \"CVE-2013-2899\", \"CVE-2013-4350\", \"CVE-2013-4387\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-2022-1\");\n\n\n script_tag(name:\"affected\", value:\"linux-ti-omap4 on Ubuntu 12.10\");\n script_tag(name:\"insight\", value:\"An information leak was discovered in the handling of ICMPv6\nRouter Advertisement (RA) messages in the Linux kernel's IPv6 network stack. A\nremote attacker could exploit this flaw to cause a denial of service\n(excessive retries and address-generation outage), and consequently obtain\nsensitive information. (CVE-2013-0343)\n\nKees Cook discovered flaw in the Human Interface Device (HID) subsystem of\nthe Linux kernel. A physically proximate attacker could exploit this flaw\nto execute arbitrary code or cause a denial of service (heap memory\ncorruption) via a specially crafted device that provides an invalid Report\nID. (CVE-2013-2888)\n\nKees Cook discovered flaw in the Human Interface Device (HID) subsystem\nwhen CONFIG_HID_ZEROPLUS is enabled. A physically proximate attacker could\nleverage this flaw to cause a denial of service via a specially crafted\ndevice. (CVE-2013-2889)\n\nKees Cook discovered a flaw in the Human Interface Device (HID) subsystem\nof the Linux kerenl when CONFIG_HID_PANTHERLORD is enabled. A physically\nproximate attacker could cause a denial of service (heap out-of-bounds\nwrite) via a specially crafted device. (CVE-2013-2892)\n\nKees Cook discovered another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when any of CONFIG_LOGITECH_FF,\nCONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF are enabled. A physcially\nproximate attacker can leverage this flaw to cause a denial of service vias\na specially crafted device. (CVE-2013-2893)\n\nKees Cook discovered another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when CONFIG_HID_LOGITECH_DJ is enabled. A\nphysically proximate attacker could cause a denial of service (OOPS) or\nobtain sensitive information from kernel memory via a specially crafted\ndevice. (CVE-2013-2895)\n\nKees Cook discovered a vulnerability in the Linux Kernel's Human Interface\nDevice (HID) subsystem's support for N-Trig touch screens. A physically\nproximate attacker could exploit this flaw to cause a denial of service\n(OOPS) via a specially crafted device. (CVE-2013-2896)\n\nKees Cook discovered yet another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when CONFIG_HID_MULTITOUCH is enabled. A\nphysically proximate attacker could leverage this flaw to cause a denial of\nservice (OOPS) via a specially crafted device. (CVE-2013-2897)\n\nKees Cook discovered a flaw in the Human Interface Device (HID) subsystem\nof the Linux kernel when CONFIG_HID_PICOLCD is enabled. A physically\nproximate attacker could exploit this flaw to cause a denial of service\n(OOPS) via a specially crafted device. (CVE-2013-2899)\n\nAlan Chester ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2022-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2022-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-ti-omap4'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.10\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-235-omap4\", ver:\"3.5.0-235.51\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T13:04:22", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2013-12-04T00:00:00", "id": "OPENVAS:1361412562310841643", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841643", "title": "Ubuntu Update for linux-ti-omap4 USN-2039-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2039_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# Ubuntu Update for linux-ti-omap4 USN-2039-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841643\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-04 10:18:47 +0530 (Wed, 04 Dec 2013)\");\n script_cve_id(\"CVE-2013-0343\", \"CVE-2013-2140\", \"CVE-2013-2888\", \"CVE-2013-2889\",\n \"CVE-2013-2892\", \"CVE-2013-2893\", \"CVE-2013-2895\", \"CVE-2013-2896\",\n \"CVE-2013-2897\", \"CVE-2013-2899\", \"CVE-2013-4350\", \"CVE-2013-4387\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-2039-1\");\n\n\n script_tag(name:\"affected\", value:\"linux-ti-omap4 on Ubuntu 12.04 LTS\");\n script_tag(name:\"insight\", value:\"An information leak was discovered in the handling of ICMPv6\nRouter Advertisement (RA) messages in the Linux kernel's IPv6 network stack. A\nremote attacker could exploit this flaw to cause a denial of service\n(excessive retries and address-generation outage), and consequently obtain\nsensitive information. (CVE-2013-0343)\n\nA flaw was discovered in the Xen subsystem of the Linux kernel when it\nprovides read-only access to a disk that supports TRIM or SCSI UNMAP to a\nguest OS. A privileged user in the guest OS could exploit this flaw to\ndestroy data on the disk, even though the guest OS should not be able to\nwrite to the disk. (CVE-2013-2140)\n\nKees Cook discovered flaw in the Human Interface Device (HID) subsystem of\nthe Linux kernel. A physically proximate attacker could exploit this flaw\nto execute arbitrary code or cause a denial of service (heap memory\ncorruption) via a specially crafted device that provides an invalid Report\nID. (CVE-2013-2888)\n\nKees Cook discovered flaw in the Human Interface Device (HID) subsystem\nwhen CONFIG_HID_ZEROPLUS is enabled. A physically proximate attacker could\nleverage this flaw to cause a denial of service via a specially crafted\ndevice. (CVE-2013-2889)\n\nKees Cook discovered a flaw in the Human Interface Device (HID) subsystem\nof the Linux kerenl when CONFIG_HID_PANTHERLORD is enabled. A physically\nproximate attacker could cause a denial of service (heap out-of-bounds\nwrite) via a specially crafted device. (CVE-2013-2892)\n\nKees Cook discovered another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when any of CONFIG_LOGITECH_FF,\nCONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF are enabled. A physcially\nproximate attacker can leverage this flaw to cause a denial of service vias\na specially crafted device. (CVE-2013-2893)\n\nKees Cook discovered another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when CONFIG_HID_LOGITECH_DJ is enabled. A\nphysically proximate attacker could cause a denial of service (OOPS) or\nobtain sensitive information from kernel memory via a specially crafted\ndevice. (CVE-2013-2895)\n\nKees Cook discovered a vulnerability in the Linux Kernel's Human Interface\nDevice (HID) subsystem's support for N-Trig touch screens. A physically\nproximate attacker could exploit this flaw to cause a denial of service\n(OOPS) via a specially crafted device. (CVE-2013-2896)\n\nKees Cook discovered yet another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when CONFIG_HID_MULTITOUCH is enabled. A\nphysically proximate attacker could leverage this flaw to cause a denial of\nservice (OOPS) via ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2039-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2039-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-ti-omap4'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-1441-omap4\", ver:\"3.2.0-1441.60\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T13:04:25", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2013-11-18T00:00:00", "id": "OPENVAS:1361412562310841629", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841629", "title": "Ubuntu Update for linux-lts-quantal USN-2019-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2019_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# Ubuntu Update for linux-lts-quantal USN-2019-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841629\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-18 16:51:24 +0530 (Mon, 18 Nov 2013)\");\n script_cve_id(\"CVE-2013-0343\", \"CVE-2013-2888\", \"CVE-2013-2889\", \"CVE-2013-2892\",\n \"CVE-2013-2893\", \"CVE-2013-2895\", \"CVE-2013-2896\", \"CVE-2013-2897\",\n \"CVE-2013-2899\", \"CVE-2013-4350\", \"CVE-2013-4387\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux-lts-quantal USN-2019-1\");\n\n\n script_tag(name:\"affected\", value:\"linux-lts-quantal on Ubuntu 12.04 LTS\");\n script_tag(name:\"insight\", value:\"An information leak was discovered in the handling of ICMPv6\nRouter Advertisement (RA) messages in the Linux kernel's IPv6 network stack. A\nremote attacker could exploit this flaw to cause a denial of service\n(excessive retries and address-generation outage), and consequently obtain\nsensitive information. (CVE-2013-0343)\n\nKees Cook discovered flaw in the Human Interface Device (HID) subsystem of\nthe Linux kernel. A physically proximate attacker could exploit this flaw\nto execute arbitrary code or cause a denial of service (heap memory\ncorruption) via a specially crafted device that provides an invalid Report\nID. (CVE-2013-2888)\n\nKees Cook discovered flaw in the Human Interface Device (HID) subsystem\nwhen CONFIG_HID_ZEROPLUS is enabled. A physically proximate attacker could\nleverage this flaw to cause a denial of service via a specially crafted\ndevice. (CVE-2013-2889)\n\nKees Cook discovered a flaw in the Human Interface Device (HID) subsystem\nof the Linux kerenl when CONFIG_HID_PANTHERLORD is enabled. A physically\nproximate attacker could cause a denial of service (heap out-of-bounds\nwrite) via a specially crafted device. (CVE-2013-2892)\n\nKees Cook discovered another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when any of CONFIG_LOGITECH_FF,\nCONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF are enabled. A physcially\nproximate attacker can leverage this flaw to cause a denial of service vias\na specially crafted device. (CVE-2013-2893)\n\nKees Cook discovered another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when CONFIG_HID_LOGITECH_DJ is enabled. A\nphysically proximate attacker could cause a denial of service (OOPS) or\nobtain sensitive information from kernel memory via a specially crafted\ndevice. (CVE-2013-2895)\n\nKees Cook discovered a vulnerability in the Linux Kernel's Human Interface\nDevice (HID) subsystem's support for N-Trig touch screens. A physically\nproximate attacker could exploit this flaw to cause a denial of service\n(OOPS) via a specially crafted device. (CVE-2013-2896)\n\nKees Cook discovered yet another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when CONFIG_HID_MULTITOUCH is enabled. A\nphysically proximate attacker could leverage this flaw to cause a denial of\nservice (OOPS) via a specially crafted device. (CVE-2013-2897)\n\nKees Cook discovered a flaw in the Human Interface Device (HID) subsystem\nof the Linux kernel when CONFIG_HID_PICOLCD is enabled. A physically\nproximate attacker could exploit this flaw to cause a denial of service\n(OOPS) via a specially crafted device. (CVE-2013-2899)\n\nAlan C ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2019-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2019-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-quantal'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-43-generic\", ver:\"3.5.0-43.66~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T13:04:41", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2013-12-04T00:00:00", "id": "OPENVAS:1361412562310841647", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841647", "title": "Ubuntu Update for linux USN-2038-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2038_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# Ubuntu Update for linux USN-2038-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841647\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-04 10:29:02 +0530 (Wed, 04 Dec 2013)\");\n script_cve_id(\"CVE-2013-0343\", \"CVE-2013-2140\", \"CVE-2013-2888\", \"CVE-2013-2889\",\n \"CVE-2013-2892\", \"CVE-2013-2893\", \"CVE-2013-2895\", \"CVE-2013-2896\",\n \"CVE-2013-2897\", \"CVE-2013-2899\", \"CVE-2013-4350\", \"CVE-2013-4387\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux USN-2038-1\");\n\n\n script_tag(name:\"affected\", value:\"linux on Ubuntu 12.04 LTS\");\n script_tag(name:\"insight\", value:\"An information leak was discovered in the handling of ICMPv6\nRouter Advertisement (RA) messages in the Linux kernel's IPv6 network stack. A\nremote attacker could exploit this flaw to cause a denial of service\n(excessive retries and address-generation outage), and consequently obtain\nsensitive information. (CVE-2013-0343)\n\nA flaw was discovered in the Xen subsystem of the Linux kernel when it\nprovides read-only access to a disk that supports TRIM or SCSI UNMAP to a\nguest OS. A privileged user in the guest OS could exploit this flaw to\ndestroy data on the disk, even though the guest OS should not be able to\nwrite to the disk. (CVE-2013-2140)\n\nKees Cook discovered flaw in the Human Interface Device (HID) subsystem of\nthe Linux kernel. A physically proximate attacker could exploit this flaw\nto execute arbitrary code or cause a denial of service (heap memory\ncorruption) via a specially crafted device that provides an invalid Report\nID. (CVE-2013-2888)\n\nKees Cook discovered flaw in the Human Interface Device (HID) subsystem\nwhen CONFIG_HID_ZEROPLUS is enabled. A physically proximate attacker could\nleverage this flaw to cause a denial of service via a specially crafted\ndevice. (CVE-2013-2889)\n\nKees Cook discovered a flaw in the Human Interface Device (HID) subsystem\nof the Linux kerenl when CONFIG_HID_PANTHERLORD is enabled. A physically\nproximate attacker could cause a denial of service (heap out-of-bounds\nwrite) via a specially crafted device. (CVE-2013-2892)\n\nKees Cook discovered another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when any of CONFIG_LOGITECH_FF,\nCONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF are enabled. A physcially\nproximate attacker can leverage this flaw to cause a denial of service vias\na specially crafted device. (CVE-2013-2893)\n\nKees Cook discovered another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when CONFIG_HID_LOGITECH_DJ is enabled. A\nphysically proximate attacker could cause a denial of service (OOPS) or\nobtain sensitive information from kernel memory via a specially crafted\ndevice. (CVE-2013-2895)\n\nKees Cook discovered a vulnerability in the Linux Kernel's Human Interface\nDevice (HID) subsystem's support for N-Trig touch screens. A physically\nproximate attacker could exploit this flaw to cause a denial of service\n(OOPS) via a specially crafted device. (CVE-2013-2896)\n\nKees Cook discovered yet another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when CONFIG_HID_MULTITOUCH is enabled. A\nphysically proximate attacker could leverage this flaw to cause a denial of\nservice (OOPS) via a specia ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2038-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2038-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-57-generic\", ver:\"3.2.0-57.87\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-57-generic-pae\", ver:\"3.2.0-57.87\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-57-highbank\", ver:\"3.2.0-57.87\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-57-omap\", ver:\"3.2.0-57.87\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-57-powerpc-smp\", ver:\"3.2.0-57.87\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-57-powerpc64-smp\", ver:\"3.2.0-57.87\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-57-virtual\", ver:\"3.2.0-57.87\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-02-05T11:11:07", "bulletinFamily": "scanner", "description": "Check for the Version of linux-lts-quantal", "modified": "2018-02-03T00:00:00", "published": "2013-11-18T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=841629", "id": "OPENVAS:841629", "title": "Ubuntu Update for linux-lts-quantal USN-2019-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2019_1.nasl 8650 2018-02-03 12:16:59Z teissa $\n#\n# Ubuntu Update for linux-lts-quantal USN-2019-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841629);\n script_version(\"$Revision: 8650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-03 13:16:59 +0100 (Sat, 03 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-18 16:51:24 +0530 (Mon, 18 Nov 2013)\");\n script_cve_id(\"CVE-2013-0343\", \"CVE-2013-2888\", \"CVE-2013-2889\", \"CVE-2013-2892\",\n \"CVE-2013-2893\", \"CVE-2013-2895\", \"CVE-2013-2896\", \"CVE-2013-2897\",\n \"CVE-2013-2899\", \"CVE-2013-4350\", \"CVE-2013-4387\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux-lts-quantal USN-2019-1\");\n\n tag_insight = \"An information leak was discovered in the handling of ICMPv6\nRouter Advertisement (RA) messages in the Linux kernel's IPv6 network stack. A\nremote attacker could exploit this flaw to cause a denial of service\n(excessive retries and address-generation outage), and consequently obtain\nsensitive information. (CVE-2013-0343)\n\nKees Cook discovered flaw in the Human Interface Device (HID) subsystem of\nthe Linux kernel. A physically proximate attacker could exploit this flaw\nto execute arbitrary code or cause a denial of service (heap memory\ncorruption) via a specially crafted device that provides an invalid Report\nID. (CVE-2013-2888)\n\nKees Cook discovered flaw in the Human Interface Device (HID) subsystem\nwhen CONFIG_HID_ZEROPLUS is enabled. A physically proximate attacker could\nleverage this flaw to cause a denial of service via a specially crafted\ndevice. (CVE-2013-2889)\n\nKees Cook discovered a flaw in the Human Interface Device (HID) subsystem\nof the Linux kerenl when CONFIG_HID_PANTHERLORD is enabled. A physically\nproximate attacker could cause a denial of service (heap out-of-bounds\nwrite) via a specially crafted device. (CVE-2013-2892)\n\nKees Cook discovered another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when any of CONFIG_LOGITECH_FF,\nCONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF are enabled. A physcially\nproximate attacker can leverage this flaw to cause a denial of service vias\na specially crafted device. (CVE-2013-2893)\n\nKees Cook discovered another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when CONFIG_HID_LOGITECH_DJ is enabled. A\nphysically proximate attacker could cause a denial of service (OOPS) or\nobtain sensitive information from kernel memory via a specially crafted\ndevice. (CVE-2013-2895)\n\nKees Cook discovered a vulnerability in the Linux Kernel's Human Interface\nDevice (HID) subsystem's support for N-Trig touch screens. A physically\nproximate attacker could exploit this flaw to cause a denial of service\n(OOPS) via a specially crafted device. (CVE-2013-2896)\n\nKees Cook discovered yet another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when CONFIG_HID_MULTITOUCH is enabled. A\nphysically proximate attacker could leverage this flaw to cause a denial of\nservice (OOPS) via a specially crafted device. (CVE-2013-2897)\n\nKees Cook discovered a flaw in the Human Interface Device (HID) subsystem\nof the Linux kernel whe CONFIG_HID_PICOLCD is enabled. A physically\nproximate attacker could exploit this flaw to cause a denial of service\n(OOPS) via a specially crafted device. (CVE-2013-2899)\n\nAlan C ... \n\n Description truncated, for more information please check the Reference URL\";\n\n tag_affected = \"linux-lts-quantal on Ubuntu 12.04 LTS\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"2019-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-2019-1/\");\n script_tag(name: \"summary\" , value: \"Check for the Version of linux-lts-quantal\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-43-generic\", ver:\"3.5.0-43.66~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-02-06T13:10:26", "bulletinFamily": "scanner", "description": "Check for the Version of linux-ti-omap4", "modified": "2018-02-05T00:00:00", "published": "2013-12-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=841643", "id": "OPENVAS:841643", "title": "Ubuntu Update for linux-ti-omap4 USN-2039-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2039_1.nasl 8672 2018-02-05 16:39:18Z teissa $\n#\n# Ubuntu Update for linux-ti-omap4 USN-2039-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841643);\n script_version(\"$Revision: 8672 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-05 17:39:18 +0100 (Mon, 05 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-04 10:18:47 +0530 (Wed, 04 Dec 2013)\");\n script_cve_id(\"CVE-2013-0343\", \"CVE-2013-2140\", \"CVE-2013-2888\", \"CVE-2013-2889\",\n \"CVE-2013-2892\", \"CVE-2013-2893\", \"CVE-2013-2895\", \"CVE-2013-2896\",\n \"CVE-2013-2897\", \"CVE-2013-2899\", \"CVE-2013-4350\", \"CVE-2013-4387\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-2039-1\");\n\n tag_insight = \"An information leak was discovered in the handling of ICMPv6\nRouter Advertisement (RA) messages in the Linux kernel's IPv6 network stack. A\nremote attacker could exploit this flaw to cause a denial of service\n(excessive retries and address-generation outage), and consequently obtain\nsensitive information. (CVE-2013-0343)\n\nA flaw was discovered in the Xen subsystem of the Linux kernel when it\nprovides read-only access to a disk that supports TRIM or SCSI UNMAP to a\nguest OS. A privileged user in the guest OS could exploit this flaw to\ndestroy data on the disk, even though the guest OS should not be able to\nwrite to the disk. (CVE-2013-2140)\n\nKees Cook discovered flaw in the Human Interface Device (HID) subsystem of\nthe Linux kernel. A physically proximate attacker could exploit this flaw\nto execute arbitrary code or cause a denial of service (heap memory\ncorruption) via a specially crafted device that provides an invalid Report\nID. (CVE-2013-2888)\n\nKees Cook discovered flaw in the Human Interface Device (HID) subsystem\nwhen CONFIG_HID_ZEROPLUS is enabled. A physically proximate attacker could\nleverage this flaw to cause a denial of service via a specially crafted\ndevice. (CVE-2013-2889)\n\nKees Cook discovered a flaw in the Human Interface Device (HID) subsystem\nof the Linux kerenl when CONFIG_HID_PANTHERLORD is enabled. A physically\nproximate attacker could cause a denial of service (heap out-of-bounds\nwrite) via a specially crafted device. (CVE-2013-2892)\n\nKees Cook discovered another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when any of CONFIG_LOGITECH_FF,\nCONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF are enabled. A physcially\nproximate attacker can leverage this flaw to cause a denial of service vias\na specially crafted device. (CVE-2013-2893)\n\nKees Cook discovered another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when CONFIG_HID_LOGITECH_DJ is enabled. A\nphysically proximate attacker could cause a denial of service (OOPS) or\nobtain sensitive information from kernel memory via a specially crafted\ndevice. (CVE-2013-2895)\n\nKees Cook discovered a vulnerability in the Linux Kernel's Human Interface\nDevice (HID) subsystem's support for N-Trig touch screens. A physically\nproximate attacker could exploit this flaw to cause a denial of service\n(OOPS) via a specially crafted device. (CVE-2013-2896)\n\nKees Cook discovered yet another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when CONFIG_HID_MULTITOUCH is enabled. A\nphysically proximate attacker could leverage this flaw to cause a denial of\nservice (OOPS) via ...\n\n Description truncated, for more information please check the Reference URL\";\n\n tag_affected = \"linux-ti-omap4 on Ubuntu 12.04 LTS\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"2039-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-2039-1/\");\n script_tag(name: \"summary\" , value: \"Check for the Version of linux-ti-omap4\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-1441-omap4\", ver:\"3.2.0-1441.60\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T13:04:43", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2013-11-18T00:00:00", "id": "OPENVAS:1361412562310841626", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841626", "title": "Ubuntu Update for linux USN-2021-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2021_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# Ubuntu Update for linux USN-2021-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841626\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-18 16:13:47 +0530 (Mon, 18 Nov 2013)\");\n script_cve_id(\"CVE-2013-0343\", \"CVE-2013-2888\", \"CVE-2013-2889\", \"CVE-2013-2892\",\n \"CVE-2013-2893\", \"CVE-2013-2895\", \"CVE-2013-2896\", \"CVE-2013-2897\",\n \"CVE-2013-2899\", \"CVE-2013-4350\", \"CVE-2013-4387\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux USN-2021-1\");\n\n\n script_tag(name:\"affected\", value:\"linux on Ubuntu 12.10\");\n script_tag(name:\"insight\", value:\"An information leak was discovered in the handling of ICMPv6\nRouter Advertisement (RA) messages in the Linux kernel's IPv6 network stack. A\nremote attacker could exploit this flaw to cause a denial of service\n(excessive retries and address-generation outage), and consequently obtain\nsensitive information. (CVE-2013-0343)\n\nKees Cook discovered flaw in the Human Interface Device (HID) subsystem of\nthe Linux kernel. A physically proximate attacker could exploit this flaw\nto execute arbitrary code or cause a denial of service (heap memory\ncorruption) via a specially crafted device that provides an invalid Report\nID. (CVE-2013-2888)\n\nKees Cook discovered flaw in the Human Interface Device (HID) subsystem\nwhen CONFIG_HID_ZEROPLUS is enabled. A physically proximate attacker could\nleverage this flaw to cause a denial of service via a specially crafted\ndevice. (CVE-2013-2889)\n\nKees Cook discovered a flaw in the Human Interface Device (HID) subsystem\nof the Linux kerenl when CONFIG_HID_PANTHERLORD is enabled. A physically\nproximate attacker could cause a denial of service (heap out-of-bounds\nwrite) via a specially crafted device. (CVE-2013-2892)\n\nKees Cook discovered another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when any of CONFIG_LOGITECH_FF,\nCONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF are enabled. A physcially\nproximate attacker can leverage this flaw to cause a denial of service vias\na specially crafted device. (CVE-2013-2893)\n\nKees Cook discovered another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when CONFIG_HID_LOGITECH_DJ is enabled. A\nphysically proximate attacker could cause a denial of service (OOPS) or\nobtain sensitive information from kernel memory via a specially crafted\ndevice. (CVE-2013-2895)\n\nKees Cook discovered a vulnerability in the Linux Kernel's Human Interface\nDevice (HID) subsystem's support for N-Trig touch screens. A physically\nproximate attacker could exploit this flaw to cause a denial of service\n(OOPS) via a specially crafted device. (CVE-2013-2896)\n\nKees Cook discovered yet another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when CONFIG_HID_MULTITOUCH is enabled. A\nphysically proximate attacker could leverage this flaw to cause a denial of\nservice (OOPS) via a specially crafted device. (CVE-2013-2897)\n\nKees Cook discovered a flaw in the Human Interface Device (HID) subsystem\nof the Linux kernel when CONFIG_HID_PICOLCD is enabled. A physically\nproximate attacker could exploit this flaw to cause a denial of service\n(OOPS) via a specially crafted device. (CVE-2013-2899)\n\nAlan Chester reported ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2021-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2021-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.10\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-43-generic\", ver:\"3.5.0-43.66\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-43-highbank\", ver:\"3.5.0-43.66\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-43-omap\", ver:\"3.5.0-43.66\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-43-powerpc-smp\", ver:\"3.5.0-43.66\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-43-powerpc64-smp\", ver:\"3.5.0-43.66\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-22T13:09:44", "bulletinFamily": "scanner", "description": "Check for the Version of linux", "modified": "2018-01-22T00:00:00", "published": "2013-11-18T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=841626", "id": "OPENVAS:841626", "title": "Ubuntu Update for linux USN-2021-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2021_1.nasl 8483 2018-01-22 06:58:04Z teissa $\n#\n# Ubuntu Update for linux USN-2021-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841626);\n script_version(\"$Revision: 8483 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 07:58:04 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-18 16:13:47 +0530 (Mon, 18 Nov 2013)\");\n script_cve_id(\"CVE-2013-0343\", \"CVE-2013-2888\", \"CVE-2013-2889\", \"CVE-2013-2892\",\n \"CVE-2013-2893\", \"CVE-2013-2895\", \"CVE-2013-2896\", \"CVE-2013-2897\",\n \"CVE-2013-2899\", \"CVE-2013-4350\", \"CVE-2013-4387\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux USN-2021-1\");\n\n tag_insight = \"An information leak was discovered in the handling of ICMPv6\nRouter Advertisement (RA) messages in the Linux kernel's IPv6 network stack. A\nremote attacker could exploit this flaw to cause a denial of service\n(excessive retries and address-generation outage), and consequently obtain\nsensitive information. (CVE-2013-0343)\n\nKees Cook discovered flaw in the Human Interface Device (HID) subsystem of\nthe Linux kernel. A physically proximate attacker could exploit this flaw\nto execute arbitrary code or cause a denial of service (heap memory\ncorruption) via a specially crafted device that provides an invalid Report\nID. (CVE-2013-2888)\n\nKees Cook discovered flaw in the Human Interface Device (HID) subsystem\nwhen CONFIG_HID_ZEROPLUS is enabled. A physically proximate attacker could\nleverage this flaw to cause a denial of service via a specially crafted\ndevice. (CVE-2013-2889)\n\nKees Cook discovered a flaw in the Human Interface Device (HID) subsystem\nof the Linux kerenl when CONFIG_HID_PANTHERLORD is enabled. A physically\nproximate attacker could cause a denial of service (heap out-of-bounds\nwrite) via a specially crafted device. (CVE-2013-2892)\n\nKees Cook discovered another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when any of CONFIG_LOGITECH_FF,\nCONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF are enabled. A physcially\nproximate attacker can leverage this flaw to cause a denial of service vias\na specially crafted device. (CVE-2013-2893)\n\nKees Cook discovered another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when CONFIG_HID_LOGITECH_DJ is enabled. A\nphysically proximate attacker could cause a denial of service (OOPS) or\nobtain sensitive information from kernel memory via a specially crafted\ndevice. (CVE-2013-2895)\n\nKees Cook discovered a vulnerability in the Linux Kernel's Human Interface\nDevice (HID) subsystem's support for N-Trig touch screens. A physically\nproximate attacker could exploit this flaw to cause a denial of service\n(OOPS) via a specially crafted device. (CVE-2013-2896)\n\nKees Cook discovered yet another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when CONFIG_HID_MULTITOUCH is enabled. A\nphysically proximate attacker could leverage this flaw to cause a denial of\nservice (OOPS) via a specially crafted device. (CVE-2013-2897)\n\nKees Cook discovered a flaw in the Human Interface Device (HID) subsystem\nof the Linux kernel whe CONFIG_HID_PICOLCD is enabled. A physically\nproximate attacker could exploit this flaw to cause a denial of service\n(OOPS) via a specially crafted device. (CVE-2013-2899)\n\nAlan Chester reported ...\n\n Description truncated, for more information please check the Reference URL\";\n\n tag_affected = \"linux on Ubuntu 12.10\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"2021-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-2021-1/\");\n script_tag(name: \"summary\" , value: \"Check for the Version of linux\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-43-generic\", ver:\"3.5.0-43.66\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-43-highbank\", ver:\"3.5.0-43.66\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-43-omap\", ver:\"3.5.0-43.66\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-43-powerpc-smp\", ver:\"3.5.0-43.66\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-43-powerpc64-smp\", ver:\"3.5.0-43.66\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-22T13:10:40", "bulletinFamily": "scanner", "description": "Check for the Version of linux", "modified": "2018-01-22T00:00:00", "published": "2013-12-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=841647", "id": "OPENVAS:841647", "title": "Ubuntu Update for linux USN-2038-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2038_1.nasl 8483 2018-01-22 06:58:04Z teissa $\n#\n# Ubuntu Update for linux USN-2038-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841647);\n script_version(\"$Revision: 8483 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 07:58:04 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-04 10:29:02 +0530 (Wed, 04 Dec 2013)\");\n script_cve_id(\"CVE-2013-0343\", \"CVE-2013-2140\", \"CVE-2013-2888\", \"CVE-2013-2889\",\n \"CVE-2013-2892\", \"CVE-2013-2893\", \"CVE-2013-2895\", \"CVE-2013-2896\",\n \"CVE-2013-2897\", \"CVE-2013-2899\", \"CVE-2013-4350\", \"CVE-2013-4387\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux USN-2038-1\");\n\n tag_insight = \"An information leak was discovered in the handling of ICMPv6\nRouter Advertisement (RA) messages in the Linux kernel's IPv6 network stack. A\nremote attacker could exploit this flaw to cause a denial of service\n(excessive retries and address-generation outage), and consequently obtain\nsensitive information. (CVE-2013-0343)\n\nA flaw was discovered in the Xen subsystem of the Linux kernel when it\nprovides read-only access to a disk that supports TRIM or SCSI UNMAP to a\nguest OS. A privileged user in the guest OS could exploit this flaw to\ndestroy data on the disk, even though the guest OS should not be able to\nwrite to the disk. (CVE-2013-2140)\n\nKees Cook discovered flaw in the Human Interface Device (HID) subsystem of\nthe Linux kernel. A physically proximate attacker could exploit this flaw\nto execute arbitrary code or cause a denial of service (heap memory\ncorruption) via a specially crafted device that provides an invalid Report\nID. (CVE-2013-2888)\n\nKees Cook discovered flaw in the Human Interface Device (HID) subsystem\nwhen CONFIG_HID_ZEROPLUS is enabled. A physically proximate attacker could\nleverage this flaw to cause a denial of service via a specially crafted\ndevice. (CVE-2013-2889)\n\nKees Cook discovered a flaw in the Human Interface Device (HID) subsystem\nof the Linux kerenl when CONFIG_HID_PANTHERLORD is enabled. A physically\nproximate attacker could cause a denial of service (heap out-of-bounds\nwrite) via a specially crafted device. (CVE-2013-2892)\n\nKees Cook discovered another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when any of CONFIG_LOGITECH_FF,\nCONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF are enabled. A physcially\nproximate attacker can leverage this flaw to cause a denial of service vias\na specially crafted device. (CVE-2013-2893)\n\nKees Cook discovered another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when CONFIG_HID_LOGITECH_DJ is enabled. A\nphysically proximate attacker could cause a denial of service (OOPS) or\nobtain sensitive information from kernel memory via a specially crafted\ndevice. (CVE-2013-2895)\n\nKees Cook discovered a vulnerability in the Linux Kernel's Human Interface\nDevice (HID) subsystem's support for N-Trig touch screens. A physically\nproximate attacker could exploit this flaw to cause a denial of service\n(OOPS) via a specially crafted device. (CVE-2013-2896)\n\nKees Cook discovered yet another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when CONFIG_HID_MULTITOUCH is enabled. A\nphysically proximate attacker could leverage this flaw to cause a denial of\nservice (OOPS) via a specia ...\n\n Description truncated, for more information please check the Reference URL\";\n\n tag_affected = \"linux on Ubuntu 12.04 LTS\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"2038-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-2038-1/\");\n script_tag(name: \"summary\" , value: \"Check for the Version of linux\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-57-generic\", ver:\"3.2.0-57.87\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-57-generic-pae\", ver:\"3.2.0-57.87\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-57-highbank\", ver:\"3.2.0-57.87\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-57-omap\", ver:\"3.2.0-57.87\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-57-powerpc-smp\", ver:\"3.2.0-57.87\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-57-powerpc64-smp\", ver:\"3.2.0-57.87\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-57-virtual\", ver:\"3.2.0-57.87\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-01-16T20:17:39", "bulletinFamily": "scanner", "description": "An information leak was discovered in the handling of ICMPv6 Router\nAdvertisement (RA) messages in the Linux kernel's IPv6 network stack.\nA remote attacker could exploit this flaw to cause a denial of service\n(excessive retries and address-generation outage), and consequently\nobtain sensitive information. (CVE-2013-0343)\n\nA flaw was discovered in the Xen subsystem of the Linux kernel when it\nprovides read-only access to a disk that supports TRIM or SCSI UNMAP\nto a guest OS. A privileged user in the guest OS could exploit this\nflaw to destroy data on the disk, even though the guest OS should not\nbe able to write to the disk. (CVE-2013-2140)\n\nKees Cook discovered flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel. A physically proximate attacker could\nexploit this flaw to execute arbitrary code or cause a denial of\nservice (heap memory corruption) via a specially crafted device that\nprovides an invalid Report ID. (CVE-2013-2888)\n\nKees Cook discovered flaw in the Human Interface Device (HID)\nsubsystem when CONFIG_HID_ZEROPLUS is enabled. A physically proximate\nattacker could leverage this flaw to cause a denial of service via a\nspecially crafted device. (CVE-2013-2889)\n\nKees Cook discovered a flaw in the Human Interface Device (HID)\nsubsystem of the Linux kerenl when CONFIG_HID_PANTHERLORD is enabled.\nA physically proximate attacker could cause a denial of service (heap\nout-of-bounds write) via a specially crafted device. (CVE-2013-2892)\n\nKees Cook discovered another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when any of CONFIG_LOGITECH_FF,\nCONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF are enabled. A physcially\nproximate attacker can leverage this flaw to cause a denial of service\nvias a specially crafted device. (CVE-2013-2893)\n\nKees Cook discovered another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when CONFIG_HID_LOGITECH_DJ is enabled.\nA physically proximate attacker could cause a denial of service (OOPS)\nor obtain sensitive information from kernel memory via a specially\ncrafted device. (CVE-2013-2895)\n\nKees Cook discovered a vulnerability in the Linux Kernel's Human\nInterface Device (HID) subsystem's support for N-Trig touch screens. A\nphysically proximate attacker could exploit this flaw to cause a\ndenial of service (OOPS) via a specially crafted device.\n(CVE-2013-2896)\n\nKees Cook discovered yet another flaw in the Human Interface Device\n(HID) subsystem of the Linux kernel when CONFIG_HID_MULTITOUCH is\nenabled. A physically proximate attacker could leverage this flaw to\ncause a denial of service (OOPS) via a specially crafted device.\n(CVE-2013-2897)\n\nKees Cook discovered a flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel whe CONFIG_HID_PICOLCD is enabled. A\nphysically proximate attacker could exploit this flaw to cause a\ndenial of service (OOPS) via a specially crafted device.\n(CVE-2013-2899)\n\nAlan Chester reported a flaw in the IPv6 Stream Control Transmission\nProtocol (SCTP) of the Linux kernel. A remote attacker could exploit\nthis flaw to obtain sensitive information by sniffing network traffic.\n(CVE-2013-4350)\n\nDmitry Vyukov reported a flaw in the Linux kernel's handling of IPv6\nUDP Fragmentation Offload (UFO) processing. A remote attacker could\nleverage this flaw to cause a denial of service (system crash).\n(CVE-2013-4387).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-12-01T00:00:00", "published": "2013-12-04T00:00:00", "id": "UBUNTU_USN-2038-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=71205", "title": "Ubuntu 12.04 LTS : linux vulnerabilities (USN-2038-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2038-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71205);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/12/01 13:19:08\");\n\n script_cve_id(\"CVE-2013-0343\", \"CVE-2013-2140\", \"CVE-2013-2888\", \"CVE-2013-2889\", \"CVE-2013-2892\", \"CVE-2013-2893\", \"CVE-2013-2895\", \"CVE-2013-2896\", \"CVE-2013-2897\", \"CVE-2013-2899\", \"CVE-2013-4350\", \"CVE-2013-4387\");\n script_bugtraq_id(58795, 60414, 62042, 62043, 62044, 62045, 62046, 62048, 62049, 62050, 62405, 62696);\n script_xref(name:\"USN\", value:\"2038-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux vulnerabilities (USN-2038-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An information leak was discovered in the handling of ICMPv6 Router\nAdvertisement (RA) messages in the Linux kernel's IPv6 network stack.\nA remote attacker could exploit this flaw to cause a denial of service\n(excessive retries and address-generation outage), and consequently\nobtain sensitive information. (CVE-2013-0343)\n\nA flaw was discovered in the Xen subsystem of the Linux kernel when it\nprovides read-only access to a disk that supports TRIM or SCSI UNMAP\nto a guest OS. A privileged user in the guest OS could exploit this\nflaw to destroy data on the disk, even though the guest OS should not\nbe able to write to the disk. (CVE-2013-2140)\n\nKees Cook discovered flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel. A physically proximate attacker could\nexploit this flaw to execute arbitrary code or cause a denial of\nservice (heap memory corruption) via a specially crafted device that\nprovides an invalid Report ID. (CVE-2013-2888)\n\nKees Cook discovered flaw in the Human Interface Device (HID)\nsubsystem when CONFIG_HID_ZEROPLUS is enabled. A physically proximate\nattacker could leverage this flaw to cause a denial of service via a\nspecially crafted device. (CVE-2013-2889)\n\nKees Cook discovered a flaw in the Human Interface Device (HID)\nsubsystem of the Linux kerenl when CONFIG_HID_PANTHERLORD is enabled.\nA physically proximate attacker could cause a denial of service (heap\nout-of-bounds write) via a specially crafted device. (CVE-2013-2892)\n\nKees Cook discovered another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when any of CONFIG_LOGITECH_FF,\nCONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF are enabled. A physcially\nproximate attacker can leverage this flaw to cause a denial of service\nvias a specially crafted device. (CVE-2013-2893)\n\nKees Cook discovered another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when CONFIG_HID_LOGITECH_DJ is enabled.\nA physically proximate attacker could cause a denial of service (OOPS)\nor obtain sensitive information from kernel memory via a specially\ncrafted device. (CVE-2013-2895)\n\nKees Cook discovered a vulnerability in the Linux Kernel's Human\nInterface Device (HID) subsystem's support for N-Trig touch screens. A\nphysically proximate attacker could exploit this flaw to cause a\ndenial of service (OOPS) via a specially crafted device.\n(CVE-2013-2896)\n\nKees Cook discovered yet another flaw in the Human Interface Device\n(HID) subsystem of the Linux kernel when CONFIG_HID_MULTITOUCH is\nenabled. A physically proximate attacker could leverage this flaw to\ncause a denial of service (OOPS) via a specially crafted device.\n(CVE-2013-2897)\n\nKees Cook discovered a flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel whe CONFIG_HID_PICOLCD is enabled. A\nphysically proximate attacker could exploit this flaw to cause a\ndenial of service (OOPS) via a specially crafted device.\n(CVE-2013-2899)\n\nAlan Chester reported a flaw in the IPv6 Stream Control Transmission\nProtocol (SCTP) of the Linux kernel. A remote attacker could exploit\nthis flaw to obtain sensitive information by sniffing network traffic.\n(CVE-2013-4350)\n\nDmitry Vyukov reported a flaw in the Linux kernel's handling of IPv6\nUDP Fragmentation Offload (UFO) processing. A remote attacker could\nleverage this flaw to cause a denial of service (system crash).\n(CVE-2013-4387).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2038-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-57-generic\", pkgver:\"3.2.0-57.87\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-57-generic-pae\", pkgver:\"3.2.0-57.87\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-57-highbank\", pkgver:\"3.2.0-57.87\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-57-virtual\", pkgver:\"3.2.0-57.87\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.2-generic / linux-image-3.2-generic-pae / etc\");\n}\n", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:17:33", "bulletinFamily": "scanner", "description": "An information leak was discovered in the handling of ICMPv6 Router\nAdvertisement (RA) messages in the Linux kernel's IPv6 network stack.\nA remote attacker could exploit this flaw to cause a denial of service\n(excessive retries and address-generation outage), and consequently\nobtain sensitive information. (CVE-2013-0343)\n\nKees Cook discovered flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel. A physically proximate attacker could\nexploit this flaw to execute arbitrary code or cause a denial of\nservice (heap memory corruption) via a specially crafted device that\nprovides an invalid Report ID. (CVE-2013-2888)\n\nKees Cook discovered flaw in the Human Interface Device (HID)\nsubsystem when CONFIG_HID_ZEROPLUS is enabled. A physically proximate\nattacker could leverage this flaw to cause a denial of service via a\nspecially crafted device. (CVE-2013-2889)\n\nKees Cook discovered a flaw in the Human Interface Device (HID)\nsubsystem of the Linux kerenl when CONFIG_HID_PANTHERLORD is enabled.\nA physically proximate attacker could cause a denial of service (heap\nout-of-bounds write) via a specially crafted device. (CVE-2013-2892)\n\nKees Cook discovered another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when any of CONFIG_LOGITECH_FF,\nCONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF are enabled. A physcially\nproximate attacker can leverage this flaw to cause a denial of service\nvias a specially crafted device. (CVE-2013-2893)\n\nKees Cook discovered another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when CONFIG_HID_LOGITECH_DJ is enabled.\nA physically proximate attacker could cause a denial of service (OOPS)\nor obtain sensitive information from kernel memory via a specially\ncrafted device. (CVE-2013-2895)\n\nKees Cook discovered a vulnerability in the Linux Kernel's Human\nInterface Device (HID) subsystem's support for N-Trig touch screens. A\nphysically proximate attacker could exploit this flaw to cause a\ndenial of service (OOPS) via a specially crafted device.\n(CVE-2013-2896)\n\nKees Cook discovered yet another flaw in the Human Interface Device\n(HID) subsystem of the Linux kernel when CONFIG_HID_MULTITOUCH is\nenabled. A physically proximate attacker could leverage this flaw to\ncause a denial of service (OOPS) via a specially crafted device.\n(CVE-2013-2897)\n\nKees Cook discovered a flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel whe CONFIG_HID_PICOLCD is enabled. A\nphysically proximate attacker could exploit this flaw to cause a\ndenial of service (OOPS) via a specially crafted device.\n(CVE-2013-2899)\n\nAlan Chester reported a flaw in the IPv6 Stream Control Transmission\nProtocol (SCTP) of the Linux kernel. A remote attacker could exploit\nthis flaw to obtain sensitive information by sniffing network traffic.\n(CVE-2013-4350)\n\nDmitry Vyukov reported a flaw in the Linux kernel's handling of IPv6\nUDP Fragmentation Offload (UFO) processing. A remote attacker could\nleverage this flaw to cause a denial of service (system crash).\n(CVE-2013-4387).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-12-01T00:00:00", "published": "2013-11-09T00:00:00", "id": "UBUNTU_USN-2019-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=70802", "title": "Ubuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-2019-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2019-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70802);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/12/01 13:19:08\");\n\n script_cve_id(\"CVE-2013-0343\", \"CVE-2013-2888\", \"CVE-2013-2889\", \"CVE-2013-2892\", \"CVE-2013-2893\", \"CVE-2013-2895\", \"CVE-2013-2896\", \"CVE-2013-2897\", \"CVE-2013-2899\", \"CVE-2013-4350\", \"CVE-2013-4387\");\n script_xref(name:\"USN\", value:\"2019-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-2019-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An information leak was discovered in the handling of ICMPv6 Router\nAdvertisement (RA) messages in the Linux kernel's IPv6 network stack.\nA remote attacker could exploit this flaw to cause a denial of service\n(excessive retries and address-generation outage), and consequently\nobtain sensitive information. (CVE-2013-0343)\n\nKees Cook discovered flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel. A physically proximate attacker could\nexploit this flaw to execute arbitrary code or cause a denial of\nservice (heap memory corruption) via a specially crafted device that\nprovides an invalid Report ID. (CVE-2013-2888)\n\nKees Cook discovered flaw in the Human Interface Device (HID)\nsubsystem when CONFIG_HID_ZEROPLUS is enabled. A physically proximate\nattacker could leverage this flaw to cause a denial of service via a\nspecially crafted device. (CVE-2013-2889)\n\nKees Cook discovered a flaw in the Human Interface Device (HID)\nsubsystem of the Linux kerenl when CONFIG_HID_PANTHERLORD is enabled.\nA physically proximate attacker could cause a denial of service (heap\nout-of-bounds write) via a specially crafted device. (CVE-2013-2892)\n\nKees Cook discovered another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when any of CONFIG_LOGITECH_FF,\nCONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF are enabled. A physcially\nproximate attacker can leverage this flaw to cause a denial of service\nvias a specially crafted device. (CVE-2013-2893)\n\nKees Cook discovered another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when CONFIG_HID_LOGITECH_DJ is enabled.\nA physically proximate attacker could cause a denial of service (OOPS)\nor obtain sensitive information from kernel memory via a specially\ncrafted device. (CVE-2013-2895)\n\nKees Cook discovered a vulnerability in the Linux Kernel's Human\nInterface Device (HID) subsystem's support for N-Trig touch screens. A\nphysically proximate attacker could exploit this flaw to cause a\ndenial of service (OOPS) via a specially crafted device.\n(CVE-2013-2896)\n\nKees Cook discovered yet another flaw in the Human Interface Device\n(HID) subsystem of the Linux kernel when CONFIG_HID_MULTITOUCH is\nenabled. A physically proximate attacker could leverage this flaw to\ncause a denial of service (OOPS) via a specially crafted device.\n(CVE-2013-2897)\n\nKees Cook discovered a flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel whe CONFIG_HID_PICOLCD is enabled. A\nphysically proximate attacker could exploit this flaw to cause a\ndenial of service (OOPS) via a specially crafted device.\n(CVE-2013-2899)\n\nAlan Chester reported a flaw in the IPv6 Stream Control Transmission\nProtocol (SCTP) of the Linux kernel. A remote attacker could exploit\nthis flaw to obtain sensitive information by sniffing network traffic.\n(CVE-2013-4350)\n\nDmitry Vyukov reported a flaw in the Linux kernel's handling of IPv6\nUDP Fragmentation Offload (UFO) processing. A remote attacker could\nleverage this flaw to cause a denial of service (system crash).\n(CVE-2013-4387).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2019-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected linux-image-3.5-generic package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.5.0-43-generic\", pkgver:\"3.5.0-43.66~precise1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.5-generic\");\n}\n", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:17:33", "bulletinFamily": "scanner", "description": "An information leak was discovered in the handling of ICMPv6 Router\nAdvertisement (RA) messages in the Linux kernel's IPv6 network stack.\nA remote attacker could exploit this flaw to cause a denial of service\n(excessive retries and address-generation outage), and consequently\nobtain sensitive information. (CVE-2013-0343)\n\nKees Cook discovered flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel. A physically proximate attacker could\nexploit this flaw to execute arbitrary code or cause a denial of\nservice (heap memory corruption) via a specially crafted device that\nprovides an invalid Report ID. (CVE-2013-2888)\n\nKees Cook discovered flaw in the Human Interface Device (HID)\nsubsystem when CONFIG_HID_ZEROPLUS is enabled. A physically proximate\nattacker could leverage this flaw to cause a denial of service via a\nspecially crafted device. (CVE-2013-2889)\n\nKees Cook discovered a flaw in the Human Interface Device (HID)\nsubsystem of the Linux kerenl when CONFIG_HID_PANTHERLORD is enabled.\nA physically proximate attacker could cause a denial of service (heap\nout-of-bounds write) via a specially crafted device. (CVE-2013-2892)\n\nKees Cook discovered another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when any of CONFIG_LOGITECH_FF,\nCONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF are enabled. A physcially\nproximate attacker can leverage this flaw to cause a denial of service\nvias a specially crafted device. (CVE-2013-2893)\n\nKees Cook discovered another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when CONFIG_HID_LOGITECH_DJ is enabled.\nA physically proximate attacker could cause a denial of service (OOPS)\nor obtain sensitive information from kernel memory via a specially\ncrafted device. (CVE-2013-2895)\n\nKees Cook discovered a vulnerability in the Linux Kernel's Human\nInterface Device (HID) subsystem's support for N-Trig touch screens. A\nphysically proximate attacker could exploit this flaw to cause a\ndenial of service (OOPS) via a specially crafted device.\n(CVE-2013-2896)\n\nKees Cook discovered yet another flaw in the Human Interface Device\n(HID) subsystem of the Linux kernel when CONFIG_HID_MULTITOUCH is\nenabled. A physically proximate attacker could leverage this flaw to\ncause a denial of service (OOPS) via a specially crafted device.\n(CVE-2013-2897)\n\nKees Cook discovered a flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel whe CONFIG_HID_PICOLCD is enabled. A\nphysically proximate attacker could exploit this flaw to cause a\ndenial of service (OOPS) via a specially crafted device.\n(CVE-2013-2899)\n\nAlan Chester reported a flaw in the IPv6 Stream Control Transmission\nProtocol (SCTP) of the Linux kernel. A remote attacker could exploit\nthis flaw to obtain sensitive information by sniffing network traffic.\n(CVE-2013-4350)\n\nDmitry Vyukov reported a flaw in the Linux kernel's handling of IPv6\nUDP Fragmentation Offload (UFO) processing. A remote attacker could\nleverage this flaw to cause a denial of service (system crash).\n(CVE-2013-4387).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-12-01T00:00:00", "published": "2013-11-09T00:00:00", "id": "UBUNTU_USN-2021-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=70804", "title": "Ubuntu 12.10 : linux vulnerabilities (USN-2021-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2021-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70804);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/12/01 13:19:08\");\n\n script_cve_id(\"CVE-2013-0343\", \"CVE-2013-2888\", \"CVE-2013-2889\", \"CVE-2013-2892\", \"CVE-2013-2893\", \"CVE-2013-2895\", \"CVE-2013-2896\", \"CVE-2013-2897\", \"CVE-2013-2899\", \"CVE-2013-4350\", \"CVE-2013-4387\");\n script_xref(name:\"USN\", value:\"2021-1\");\n\n script_name(english:\"Ubuntu 12.10 : linux vulnerabilities (USN-2021-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An information leak was discovered in the handling of ICMPv6 Router\nAdvertisement (RA) messages in the Linux kernel's IPv6 network stack.\nA remote attacker could exploit this flaw to cause a denial of service\n(excessive retries and address-generation outage), and consequently\nobtain sensitive information. (CVE-2013-0343)\n\nKees Cook discovered flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel. A physically proximate attacker could\nexploit this flaw to execute arbitrary code or cause a denial of\nservice (heap memory corruption) via a specially crafted device that\nprovides an invalid Report ID. (CVE-2013-2888)\n\nKees Cook discovered flaw in the Human Interface Device (HID)\nsubsystem when CONFIG_HID_ZEROPLUS is enabled. A physically proximate\nattacker could leverage this flaw to cause a denial of service via a\nspecially crafted device. (CVE-2013-2889)\n\nKees Cook discovered a flaw in the Human Interface Device (HID)\nsubsystem of the Linux kerenl when CONFIG_HID_PANTHERLORD is enabled.\nA physically proximate attacker could cause a denial of service (heap\nout-of-bounds write) via a specially crafted device. (CVE-2013-2892)\n\nKees Cook discovered another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when any of CONFIG_LOGITECH_FF,\nCONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF are enabled. A physcially\nproximate attacker can leverage this flaw to cause a denial of service\nvias a specially crafted device. (CVE-2013-2893)\n\nKees Cook discovered another flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel when CONFIG_HID_LOGITECH_DJ is enabled.\nA physically proximate attacker could cause a denial of service (OOPS)\nor obtain sensitive information from kernel memory via a specially\ncrafted device. (CVE-2013-2895)\n\nKees Cook discovered a vulnerability in the Linux Kernel's Human\nInterface Device (HID) subsystem's support for N-Trig touch screens. A\nphysically proximate attacker could exploit this flaw to cause a\ndenial of service (OOPS) via a specially crafted device.\n(CVE-2013-2896)\n\nKees Cook discovered yet another flaw in the Human Interface Device\n(HID) subsystem of the Linux kernel when CONFIG_HID_MULTITOUCH is\nenabled. A physically proximate attacker could leverage this flaw to\ncause a denial of service (OOPS) via a specially crafted device.\n(CVE-2013-2897)\n\nKees Cook discovered a flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel whe CONFIG_HID_PICOLCD is enabled. A\nphysically proximate attacker could exploit this flaw to cause a\ndenial of service (OOPS) via a specially crafted device.\n(CVE-2013-2899)\n\nAlan Chester reported a flaw in the IPv6 Stream Control Transmission\nProtocol (SCTP) of the Linux kernel. A remote attacker could exploit\nthis flaw to obtain sensitive information by sniffing network traffic.\n(CVE-2013-4350)\n\nDmitry Vyukov reported a flaw in the Linux kernel's handling of IPv6\nUDP Fragmentation Offload (UFO) processing. A remote attacker could\nleverage this flaw to cause a denial of service (system crash).\n(CVE-2013-4387).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2021-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.5-generic and / or\nlinux-image-3.5-highbank packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-highbank\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.10\", pkgname:\"linux-image-3.5.0-43-generic\", pkgver:\"3.5.0-43.66\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"linux-image-3.5.0-43-highbank\", pkgver:\"3.5.0-43.66\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.5-generic / linux-image-3.5-highbank\");\n}\n", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:17:19", "bulletinFamily": "scanner", "description": "An information leak was discovered in the handling of ICMPv6 Router\nAdvertisement (RA) messages in the Linux kernel's IPv6 network stack.\nA remote attacker could exploit this flaw to cause a denial of service\n(excessive retries and address-generation outage), and consequently\nobtain sensitive information. (CVE-2013-0343)\n\nKees Cook discovered flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel. A physically proximate attacker could\nexploit this flaw to execute arbitrary code or cause a denial of\nservice (heap memory corruption) via a specially crafted device that\nprovides an invalid Report ID. (CVE-2013-2888)\n\nKees Cook discovered a flaw in the Human Interface Device (HID)\nsubsystem of the Linux kerenl when CONFIG_HID_PANTHERLORD is enabled.\nA physically proximate attacker could cause a denial of service (heap\nout-of-bounds write) via a specially crafted device. (CVE-2013-2892).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-12-01T00:00:00", "published": "2013-10-01T00:00:00", "id": "UBUNTU_USN-1976-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=70251", "title": "Ubuntu 10.04 LTS : linux vulnerabilities (USN-1976-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1976-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70251);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/12/01 13:19:08\");\n\n script_cve_id(\"CVE-2013-0343\", \"CVE-2013-2888\", \"CVE-2013-2892\");\n script_bugtraq_id(58795, 62043, 62049);\n script_xref(name:\"USN\", value:\"1976-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux vulnerabilities (USN-1976-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An information leak was discovered in the handling of ICMPv6 Router\nAdvertisement (RA) messages in the Linux kernel's IPv6 network stack.\nA remote attacker could exploit this flaw to cause a denial of service\n(excessive retries and address-generation outage), and consequently\nobtain sensitive information. (CVE-2013-0343)\n\nKees Cook discovered flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel. A physically proximate attacker could\nexploit this flaw to execute arbitrary code or cause a denial of\nservice (heap memory corruption) via a specially crafted device that\nprovides an invalid Report ID. (CVE-2013-2888)\n\nKees Cook discovered a flaw in the Human Interface Device (HID)\nsubsystem of the Linux kerenl when CONFIG_HID_PANTHERLORD is enabled.\nA physically proximate attacker could cause a denial of service (heap\nout-of-bounds write) via a specially crafted device. (CVE-2013-2892).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1976-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-52-386\", pkgver:\"2.6.32-52.114\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-52-generic\", pkgver:\"2.6.32-52.114\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-52-generic-pae\", pkgver:\"2.6.32-52.114\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-52-lpia\", pkgver:\"2.6.32-52.114\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-52-preempt\", pkgver:\"2.6.32-52.114\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-52-server\", pkgver:\"2.6.32-52.114\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-52-versatile\", pkgver:\"2.6.32-52.114\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-52-virtual\", pkgver:\"2.6.32-52.114\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-386 / linux-image-2.6-generic / etc\");\n}\n", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:17:40", "bulletinFamily": "scanner", "description": "A flaw was discovered in the Linux kernel's dm snapshot facility. A\nremote authenticated user could exploit this flaw to obtain sensitive\ninformation or modify/corrupt data. (CVE-2013-4299)\n\nAlan Chester reported a flaw in the IPv6 Stream Control Transmission\nProtocol (SCTP) of the Linux kernel. A remote attacker could exploit\nthis flaw to obtain sensitive information by sniffing network traffic.\n(CVE-2013-4350)\n\nDmitry Vyukov reported a flaw in the Linux kernel's handling of IPv6\nUDP Fragmentation Offload (UFO) processing. A remote attacker could\nleverage this flaw to cause a denial of service (system crash).\n(CVE-2013-4387).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-12-01T00:00:00", "published": "2013-12-04T00:00:00", "id": "UBUNTU_USN-2045-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=71210", "title": "Ubuntu 13.04 : linux vulnerabilities (USN-2045-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2045-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71210);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/12/01 13:19:08\");\n\n script_cve_id(\"CVE-2013-4299\", \"CVE-2013-4350\", \"CVE-2013-4387\");\n script_bugtraq_id(62405, 62696, 63183);\n script_xref(name:\"USN\", value:\"2045-1\");\n\n script_name(english:\"Ubuntu 13.04 : linux vulnerabilities (USN-2045-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was discovered in the Linux kernel's dm snapshot facility. A\nremote authenticated user could exploit this flaw to obtain sensitive\ninformation or modify/corrupt data. (CVE-2013-4299)\n\nAlan Chester reported a flaw in the IPv6 Stream Control Transmission\nProtocol (SCTP) of the Linux kernel. A remote attacker could exploit\nthis flaw to obtain sensitive information by sniffing network traffic.\n(CVE-2013-4350)\n\nDmitry Vyukov reported a flaw in the Linux kernel's handling of IPv6\nUDP Fragmentation Offload (UFO) processing. A remote attacker could\nleverage this flaw to cause a denial of service (system crash).\n(CVE-2013-4387).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2045-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected linux-image-3.8-generic package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.8-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(13\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 13.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"13.04\", pkgname:\"linux-image-3.8.0-34-generic\", pkgver:\"3.8.0-34.49\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.8-generic\");\n}\n", "cvss": {"score": 6.1, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:17:40", "bulletinFamily": "scanner", "description": "A flaw was discovered in the Linux kernel's dm snapshot facility. A\nremote authenticated user could exploit this flaw to obtain sensitive\ninformation or modify/corrupt data. (CVE-2013-4299)\n\nAlan Chester reported a flaw in the IPv6 Stream Control Transmission\nProtocol (SCTP) of the Linux kernel. A remote attacker could exploit\nthis flaw to obtain sensitive information by sniffing network traffic.\n(CVE-2013-4350)\n\nDmitry Vyukov reported a flaw in the Linux kernel's handling of IPv6\nUDP Fragmentation Offload (UFO) processing. A remote attacker could\nleverage this flaw to cause a denial of service (system crash).\n(CVE-2013-4387).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-12-01T00:00:00", "published": "2013-12-04T00:00:00", "id": "UBUNTU_USN-2041-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=71207", "title": "Ubuntu 12.04 LTS : linux-lts-raring vulnerabilities (USN-2041-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2041-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71207);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/12/01 13:19:08\");\n\n script_cve_id(\"CVE-2013-4299\", \"CVE-2013-4350\", \"CVE-2013-4387\");\n script_bugtraq_id(62405, 62696, 63183);\n script_xref(name:\"USN\", value:\"2041-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux-lts-raring vulnerabilities (USN-2041-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was discovered in the Linux kernel's dm snapshot facility. A\nremote authenticated user could exploit this flaw to obtain sensitive\ninformation or modify/corrupt data. (CVE-2013-4299)\n\nAlan Chester reported a flaw in the IPv6 Stream Control Transmission\nProtocol (SCTP) of the Linux kernel. A remote attacker could exploit\nthis flaw to obtain sensitive information by sniffing network traffic.\n(CVE-2013-4350)\n\nDmitry Vyukov reported a flaw in the Linux kernel's handling of IPv6\nUDP Fragmentation Offload (UFO) processing. A remote attacker could\nleverage this flaw to cause a denial of service (system crash).\n(CVE-2013-4387).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2041-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected linux-image-3.8-generic package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.8-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.8.0-34-generic\", pkgver:\"3.8.0-34.49~precise1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.8-generic\");\n}\n", "cvss": {"score": 6.1, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:17:19", "bulletinFamily": "scanner", "description": "An information leak was discovered in the handling of ICMPv6 Router\nAdvertisement (RA) messages in the Linux kernel's IPv6 network stack.\nA remote attacker could exploit this flaw to cause a denial of service\n(excessive retries and address-generation outage), and consequently\nobtain sensitive information. (CVE-2013-0343)\n\nKees Cook discovered flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel. A physically proximate attacker could\nexploit this flaw to execute arbitrary code or cause a denial of\nservice (heap memory corruption) via a specially crafted device that\nprovides an invalid Report ID. (CVE-2013-2888)\n\nKees Cook discovered a flaw in the Human Interface Device (HID)\nsubsystem of the Linux kerenl when CONFIG_HID_PANTHERLORD is enabled.\nA physically proximate attacker could cause a denial of service (heap\nout-of-bounds write) via a specially crafted device. (CVE-2013-2892).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-12-01T00:00:00", "published": "2013-10-01T00:00:00", "id": "UBUNTU_USN-1977-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=70252", "title": "Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1977-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1977-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70252);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/12/01 13:19:08\");\n\n script_cve_id(\"CVE-2013-0343\", \"CVE-2013-2888\", \"CVE-2013-2892\");\n script_bugtraq_id(58795, 62043, 62049);\n script_xref(name:\"USN\", value:\"1977-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1977-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An information leak was discovered in the handling of ICMPv6 Router\nAdvertisement (RA) messages in the Linux kernel's IPv6 network stack.\nA remote attacker could exploit this flaw to cause a denial of service\n(excessive retries and address-generation outage), and consequently\nobtain sensitive information. (CVE-2013-0343)\n\nKees Cook discovered flaw in the Human Interface Device (HID)\nsubsystem of the Linux kernel. A physically proximate attacker could\nexploit this flaw to execute arbitrary code or cause a denial of\nservice (heap memory corruption) via a specially crafted device that\nprovides an invalid Report ID. (CVE-2013-2888)\n\nKees Cook discovered a flaw in the Human Interface Device (HID)\nsubsystem of the Linux kerenl when CONFIG_HID_PANTHERLORD is enabled.\nA physically proximate attacker could cause a denial of service (heap\nout-of-bounds write) via a specially crafted device. (CVE-2013-2892).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1977-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected linux-image-2.6-ec2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-357-ec2\", pkgver:\"2.6.32-357.70\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-ec2\");\n}\n", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:17:39", "bulletinFamily": "scanner", "description": "Description of changes:\n\n[3.8.13-16.2.2.el6uek]\n- HID: pantherlord: validate output report details (Kees Cook) [Orabug: \n17841973] {CVE-2013-2892}\n- HID: zeroplus: validate output report details (Kees Cook) [Orabug: \n17841968] {CVE-2013-2889}\n- HID: provide a helper for validating hid reports (Kees Cook) [Orabug: \n17841968] {CVE-2013-2889}\n- KVM: Fix iommu map/unmap to handle memory slot moves (Alex Williamson) \n[Orabug: 17841960] {CVE-2013-4592}\n- ansi_cprng: Fix off by one error in non-block size request (Jerry \nSnitselaar) [Orabug: 17837997] {CVE-2013-4345}\n- HID: validate HID report id size (Kees Cook) [Orabug: 17841940] \n{CVE-2013-2888}\n- ipv6: remove max_addresses check from ipv6_create_tempaddr (Hannes \nFrederic Sowa) [Orabug: 17841911] {CVE-2013-0343}\n- ipv6: udp packets following an UFO enqueued packet need also be \nhandled by UFO (Hannes Frederic Sowa) [Orabug: 17841928] {CVE-2013-4387}", "modified": "2015-12-01T00:00:00", "published": "2013-11-29T00:00:00", "id": "ORACLELINUX_ELSA-2013-2583.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=71132", "title": "Oracle Linux 6 : unbreakable enterprise kernel (ELSA-2013-2583)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2013-2583.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71132);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/12/01 17:25:13 $\");\n\n script_cve_id(\"CVE-2013-0343\", \"CVE-2013-2888\", \"CVE-2013-2889\", \"CVE-2013-2892\", \"CVE-2013-4345\", \"CVE-2013-4387\", \"CVE-2013-4592\");\n script_bugtraq_id(58795, 62042, 62043, 62049, 62696, 62740, 63790);\n\n script_name(english:\"Oracle Linux 6 : unbreakable enterprise kernel (ELSA-2013-2583)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[3.8.13-16.2.2.el6uek]\n- HID: pantherlord: validate output report details (Kees Cook) [Orabug: \n17841973] {CVE-2013-2892}\n- HID: zeroplus: validate output report details (Kees Cook) [Orabug: \n17841968] {CVE-2013-2889}\n- HID: provide a helper for validating hid reports (Kees Cook) [Orabug: \n17841968] {CVE-2013-2889}\n- KVM: Fix iommu map/unmap to handle memory slot moves (Alex Williamson) \n[Orabug: 17841960] {CVE-2013-4592}\n- ansi_cprng: Fix off by one error in non-block size request (Jerry \nSnitselaar) [Orabug: 17837997] {CVE-2013-4345}\n- HID: validate HID report id size (Kees Cook) [Orabug: 17841940] \n{CVE-2013-2888}\n- ipv6: remove max_addresses check from ipv6_create_tempaddr (Hannes \nFrederic Sowa) [Orabug: 17841911] {CVE-2013-0343}\n- ipv6: udp packets following an UFO enqueued packet need also be \nhandled by UFO (Hannes Frederic Sowa) [Orabug: 17841928] {CVE-2013-4387}\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-November/003830.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-16.2.2.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-16.2.2.el6uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-16.2.2.el6uek-provider-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"dtrace-modules-3.8.13-16.2.2.el6uek-0.4.1-3.el6\")) flag++;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"dtrace-modules-3.8.13-16.2.2.el6uek-headers-0.4.1-3.el6\")) flag++;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"dtrace-modules-3.8.13-16.2.2.el6uek-provider-headers-0.4.1-3.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-3.8.13-16.2.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-3.8.13-16.2.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-3.8.13-16.2.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-devel-3.8.13-16.2.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-doc-3.8.13-16.2.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-3.8.13-16.2.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-headers-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-headers-3.8.13-16.2.2.el6uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:17:59", "bulletinFamily": "scanner", "description": "The remote Oracle Linux host is missing a security update for\nthe Unbreakable Enterprise kernel package(s).", "modified": "2015-12-01T00:00:00", "published": "2014-02-13T00:00:00", "id": "ORACLELINUX_ELSA-2014-3002.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=72472", "title": "Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2014-3002)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from Oracle Linux\n# Security Advisory ELSA-2014-3002.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72472);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2015/12/01 17:35:11 $\");\n\n script_cve_id(\"CVE-2013-0343\", \"CVE-2013-2147\", \"CVE-2013-2148\", \"CVE-2013-2850\", \"CVE-2013-2888\", \"CVE-2013-2889\", \"CVE-2013-2892\", \"CVE-2013-2893\", \"CVE-2013-2895\", \"CVE-2013-2896\", \"CVE-2013-2897\", \"CVE-2013-2898\", \"CVE-2013-2899\", \"CVE-2013-4299\", \"CVE-2013-4345\", \"CVE-2013-4350\", \"CVE-2013-4470\", \"CVE-2013-4592\", \"CVE-2013-6367\", \"CVE-2013-6368\", \"CVE-2013-6376\");\n\n script_name(english:\"Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2014-3002)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Oracle Linux host is missing a security update for\nthe Unbreakable Enterprise kernel package(s).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-February/003959.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-26.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-provider-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"dtrace-modules-3.8.13-26.el6uek-0.4.2-3.el6\")) flag++;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"dtrace-modules-headers-0.4.2-3.el6\")) flag++;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"dtrace-modules-provider-headers-0.4.2-3.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-3.8.13-26.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-3.8.13-26.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-3.8.13-26.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-devel-3.8.13-26.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-doc-3.8.13-26.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-3.8.13-26.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-headers-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-headers-3.8.13-26.el6uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 7.9, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:17:40", "bulletinFamily": "scanner", "description": "Miroslav Vadkerti discovered a flaw in how the permissions for network\nsysctls are handled in the Linux kernel. An unprivileged local user\ncould exploit this flaw to have privileged access to files in\n/proc/sys/net/. (CVE-2013-4270)\n\nA flaw was discovered in the Linux kernel's dm snapshot facility. A\nremote authenticated user could exploit this flaw to obtain sensitive\ninformation or modify/corrupt data. (CVE-2013-4299)\n\nWannes Rombouts reported a vulnerability in the networking tuntap\ninterface of the Linux kernel. A local user with the CAP_NET_ADMIN\ncapability could leverage this flaw to gain full admin privileges.\n(CVE-2013-4343)\n\nAlan Chester reported a flaw in the IPv6 Stream Control Transmission\nProtocol (SCTP) of the Linux kernel. A remote attacker could exploit\nthis flaw to obtain sensitive information by sniffing network traffic.\n(CVE-2013-4350)\n\nDmitry Vyukov reported a flaw in the Linux kernel's handling of IPv6\nUDP Fragmentation Offload (UFO) processing. A remote attacker could\nleverage this flaw to cause a denial of service (system crash).\n(CVE-2013-4387)\n\nHannes Frederic Sowa discovered a flaw in the Linux kernel's UDP\nFragmenttation Offload (UFO). An unprivileged local user could exploit\nthis flaw to cause a denial of service (system crash) or possibly gain\nadministrative privileges. (CVE-2013-4470).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-12-01T00:00:00", "published": "2013-12-09T00:00:00", "id": "UBUNTU_USN-2049-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=71260", "title": "Ubuntu 13.10 : linux vulnerabilities (USN-2049-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2049-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71260);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/12/01 13:19:08\");\n\n script_cve_id(\"CVE-2013-4270\", \"CVE-2013-4299\", \"CVE-2013-4343\", \"CVE-2013-4350\", \"CVE-2013-4387\", \"CVE-2013-4470\");\n script_bugtraq_id(62360, 62405, 62696, 63183, 63359);\n script_xref(name:\"USN\", value:\"2049-1\");\n\n script_name(english:\"Ubuntu 13.10 : linux vulnerabilities (USN-2049-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Miroslav Vadkerti discovered a flaw in how the permissions for network\nsysctls are handled in the Linux kernel. An unprivileged local user\ncould exploit this flaw to have privileged access to files in\n/proc/sys/net/. (CVE-2013-4270)\n\nA flaw was discovered in the Linux kernel's dm snapshot facility. A\nremote authenticated user could exploit this flaw to obtain sensitive\ninformation or modify/corrupt data. (CVE-2013-4299)\n\nWannes Rombouts reported a vulnerability in the networking tuntap\ninterface of the Linux kernel. A local user with the CAP_NET_ADMIN\ncapability could leverage this flaw to gain full admin privileges.\n(CVE-2013-4343)\n\nAlan Chester reported a flaw in the IPv6 Stream Control Transmission\nProtocol (SCTP) of the Linux kernel. A remote attacker could exploit\nthis flaw to obtain sensitive information by sniffing network traffic.\n(CVE-2013-4350)\n\nDmitry Vyukov reported a flaw in the Linux kernel's handling of IPv6\nUDP Fragmentation Offload (UFO) processing. A remote attacker could\nleverage this flaw to cause a denial of service (system crash).\n(CVE-2013-4387)\n\nHannes Frederic Sowa discovered a flaw in the Linux kernel's UDP\nFragmenttation Offload (UFO). An unprivileged local user could exploit\nthis flaw to cause a denial of service (system crash) or possibly gain\nadministrative privileges. (CVE-2013-4470).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2049-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.11-generic and / or\nlinux-image-3.11-generic-lpae packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.11-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.11-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(13\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 13.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"13.10\", pkgname:\"linux-image-3.11.0-14-generic\", pkgver:\"3.11.0-14.21\")) flag++;\nif (ubuntu_check(osver:\"13.10\", pkgname:\"linux-image-3.11.0-14-generic-lpae\", pkgver:\"3.11.0-14.21\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.11-generic / linux-image-3.11-generic-lpae\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2017-04-18T15:53:54", "bulletinFamily": "NVD", "description": "drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.", "modified": "2016-12-30T21:59:03", "published": "2013-09-16T09:01:44", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2892", "id": "CVE-2013-2892", "title": "CVE-2013-2892", "type": "cve", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-03T18:28:11", "bulletinFamily": "NVD", "description": "Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID.", "modified": "2014-01-03T23:47:06", "published": "2013-09-16T09:01:24", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2888", "id": "CVE-2013-2888", "type": "cve", "title": "CVE-2013-2888", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-03T18:47:12", "bulletinFamily": "NVD", "description": "net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not properly determine the need for UDP Fragmentation Offload (UFO) processing of small packets after the UFO queueing of a large packet, which allows remote attackers to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via network traffic that triggers a large response packet.", "modified": "2014-03-26T00:50:36", "published": "2013-10-10T06:55:06", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4387", "id": "CVE-2013-4387", "type": "cve", "title": "CVE-2013-4387", "cvss": {"score": 6.1, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-03T18:28:20", "bulletinFamily": "NVD", "description": "drivers/hid/hid-ntrig.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_NTRIG is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device.", "modified": "2014-01-03T23:47:07", "published": "2013-09-16T09:01:44", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2896", "id": "CVE-2013-2896", "type": "cve", "title": "CVE-2013-2896", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-03T18:46:44", "bulletinFamily": "NVD", "description": "The skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel through 3.12 allows remote attackers to cause a denial of service (infinite loop) via a small value in the IHL field of a packet with IPIP encapsulation.", "modified": "2014-03-05T23:47:31", "published": "2013-11-04T10:55:05", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4348", "id": "CVE-2013-4348", "type": "cve", "title": "CVE-2013-4348", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-03T18:46:45", "bulletinFamily": "NVD", "description": "The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended configuration of IPsec encryption, which allows remote attackers to obtain sensitive information by sniffing the network.", "modified": "2014-01-03T23:48:39", "published": "2013-09-25T06:31:29", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4350", "id": "CVE-2013-4350", "type": "cve", "title": "CVE-2013-4350", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-09T15:22:57", "bulletinFamily": "NVD", "description": "Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device.", "modified": "2018-01-08T21:29:04", "published": "2013-10-24T06:53:09", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4299", "id": "CVE-2013-4299", "title": "CVE-2013-4299", "type": "cve", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-03T18:46:40", "bulletinFamily": "NVD", "description": "Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data.", "modified": "2016-03-31T13:30:54", "published": "2013-10-10T06:55:06", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4345", "id": "CVE-2013-4345", "type": "cve", "title": "CVE-2013-4345", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-03T18:28:18", "bulletinFamily": "NVD", "description": "drivers/hid/hid-logitech-dj.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LOGITECH_DJ is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) or obtain sensitive information from kernel memory via a crafted device.", "modified": "2014-01-03T23:47:06", "published": "2013-09-16T09:01:44", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2895", "id": "CVE-2013-2895", "type": "cve", "title": "CVE-2013-2895", "cvss": {"score": 5.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-03T17:53:04", "bulletinFamily": "NVD", "description": "The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.8 does not properly handle problems with the generation of IPv6 temporary addresses, which allows remote attackers to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information, via ICMPv6 Router Advertisement (RA) messages.", "modified": "2014-03-05T23:42:55", "published": "2013-02-28T14:55:01", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0343", "id": "CVE-2013-0343", "title": "CVE-2013-0343", "type": "cve", "cvss": {"score": 3.2, "vector": "AV:ADJACENT_NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:53", "bulletinFamily": "software", "description": "DoS conditions, information leakage, tuntap interface privilege escalation, bt8xx driver privilege escalation, IPv6 ICTP, UDP offload, ipip memory corruptions.", "modified": "2013-11-26T00:00:00", "published": "2013-11-26T00:00:00", "id": "SECURITYVULNS:VULN:13400", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13400", "title": "Linux kernel security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:49", "bulletinFamily": "software", "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-1976-1\r\nSeptember 30, 2013\r\n\r\nlinux vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 10.04 LTS\r\n\r\nSummary:\r\n\r\nSeveral security issues were fixed in the kernel.\r\n\r\nSoftware Description:\r\n- linux: Linux kernel\r\n\r\nDetails:\r\n\r\nAn information leak was discovered in the handling of ICMPv6 Router\r\nAdvertisement (RA) messages in the Linux kernel's IPv6 network stack. A\r\nremote attacker could exploit this flaw to cause a denial of service\r\n(excessive retries and address-generation outage), and consequently obtain\r\nsensitive information. (CVE-2013-0343)\r\n\r\nKees Cook discovered flaw in the Human Interface Device (HID) subsystem of\r\nthe Linux kernel. A physically proximate attacker could exploit this flaw\r\nto execute arbitrary code or cause a denial of service (heap memory\r\ncorruption) via a specially crafted device that provides an invalid Report\r\nID. (CVE-2013-2888)\r\n\r\nKees Cook discovered a flaw in the Human Interface Device (HID) subsystem\r\nof the Linux kerenl when CONFIG_HID_PANTHERLORD is enabled. A physically\r\nproximate attacker could cause a denial of service (heap out-of-bounds\r\nwrite) via a specially crafted device. (CVE-2013-2892)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 10.04 LTS:\r\n linux-image-2.6.32-52-386 2.6.32-52.114\r\n linux-image-2.6.32-52-generic 2.6.32-52.114\r\n linux-image-2.6.32-52-generic-pae 2.6.32-52.114\r\n linux-image-2.6.32-52-ia64 2.6.32-52.114\r\n linux-image-2.6.32-52-lpia 2.6.32-52.114\r\n linux-image-2.6.32-52-powerpc 2.6.32-52.114\r\n linux-image-2.6.32-52-powerpc-smp 2.6.32-52.114\r\n linux-image-2.6.32-52-powerpc64-smp 2.6.32-52.114\r\n linux-image-2.6.32-52-preempt 2.6.32-52.114\r\n linux-image-2.6.32-52-server 2.6.32-52.114\r\n linux-image-2.6.32-52-sparc64 2.6.32-52.114\r\n linux-image-2.6.32-52-sparc64-smp 2.6.32-52.114\r\n linux-image-2.6.32-52-versatile 2.6.32-52.114\r\n linux-image-2.6.32-52-virtual 2.6.32-52.114\r\n\r\nAfter a standard system update you need to reboot your computer to make\r\nall the necessary changes.\r\n\r\nATTENTION: Due to an unavoidable ABI change the kernel updates have\r\nbeen given a new version number, which requires you to recompile and\r\nreinstall all third party kernel modules you might have installed. If\r\nyou use linux-restricted-modules, you have to update that package as\r\nwell to get modules which work with the new kernel version. Unless you\r\nmanually uninstalled the standard kernel metapackages (e.g. linux-generic,\r\nlinux-server, linux-powerpc), a standard system upgrade will automatically\r\nperform this as well.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1976-1\r\n CVE-2013-0343, CVE-2013-2888, CVE-2013-2892\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/linux/2.6.32-52.114\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "modified": "2013-10-01T00:00:00", "published": "2013-10-01T00:00:00", "id": "SECURITYVULNS:DOC:29823", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29823", "title": "USN-1976-1] Linux kernel vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:49", "bulletinFamily": "software", "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2049-1\r\nDecember 07, 2013\r\n\r\nlinux vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 13.10\r\n\r\nSummary:\r\n\r\nSeveral security issues were fixed in the kernel.\r\n\r\nSoftware Description:\r\n- linux: Linux kernel\r\n\r\nDetails:\r\n\r\nMiroslav Vadkerti discovered a flaw in how the permissions for network\r\nsysctls are handled in the Linux kernel. An unprivileged local user could\r\nexploit this flaw to have privileged access to files in /proc/sys/net/.\r\n(CVE-2013-4270)\r\n\r\nA flaw was discovered in the Linux kernel's dm snapshot facility. A remote\r\nauthenticated user could exploit this flaw to obtain sensitive information\r\nor modify/corrupt data. (CVE-2013-4299)\r\n\r\nWannes Rombouts reported a vulnerability in the networking tuntap interface\r\nof the Linux kernel. A local user with the CAP_NET_ADMIN capability could\r\nleverage this flaw to gain full admin privileges. (CVE-2013-4343)\r\n\r\nAlan Chester reported a flaw in the IPv6 Stream Control Transmission\r\nProtocol (SCTP) of the Linux kernel. A remote attacker could exploit this\r\nflaw to obtain sensitive information by sniffing network traffic.\r\n(CVE-2013-4350)\r\n\r\nDmitry Vyukov reported a flaw in the Linux kernel's handling of IPv6 UDP\r\nFragmentation Offload (UFO) processing. A remote attacker could leverage\r\nthis flaw to cause a denial of service (system crash). (CVE-2013-4387)\r\n\r\nHannes Frederic Sowa discovered a flaw in the Linux kernel's UDP\r\nFragmenttation Offload (UFO). An unprivileged local user could exploit this\r\nflaw to cause a denial of service (system crash) or possibly gain\r\nadministrative privileges. (CVE-2013-4470)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 13.10:\r\n linux-image-3.11.0-14-generic 3.11.0-14.21\r\n linux-image-3.11.0-14-generic-lpae 3.11.0-14.21\r\n\r\nAfter a standard system update you need to reboot your computer to make\r\nall the necessary changes.\r\n\r\nATTENTION: Due to an unavoidable ABI change the kernel updates have\r\nbeen given a new version number, which requires you to recompile and\r\nreinstall all third party kernel modules you might have installed. If\r\nyou use linux-restricted-modules, you have to update that package as\r\nwell to get modules which work with the new kernel version. Unless you\r\nmanually uninstalled the standard kernel metapackages (e.g. linux-generic,\r\nlinux-server, linux-powerpc), a standard system upgrade will automatically\r\nperform this as well.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2049-1\r\n CVE-2013-4270, CVE-2013-4299, CVE-2013-4343, CVE-2013-4350,\r\n CVE-2013-4387, CVE-2013-4470\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/linux/3.11.0-14.21\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n", "modified": "2013-12-09T00:00:00", "published": "2013-12-09T00:00:00", "id": "SECURITYVULNS:DOC:30048", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30048", "title": "[USN-2049-1] Linux kernel vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "f5": [{"lastseen": "2016-09-26T17:23:03", "bulletinFamily": "software", "description": "Recommended action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.\n\nTo mitigate the risk posed by this vulnerability, you can deploy devices in a secure location. \n\n\n**Impact of action:** Performing the following procedure should not have a negative impact on your system. \n\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n * SOL6845: Managing BIG-IP product hotfixes (9.x)\n * SOL9502: BIG-IP hotfix matrix\n * SOL12766: ARX hotfix matrix\n * SOL3430: Installing FirePass hotfixes\n * SOL6664: Obtaining and installing OPSWAT hotfixes for FirePass\n * SOL10942: Installing OPSWAT hotfixes on BIG-IP APM systems\n", "modified": "2014-06-02T00:00:00", "published": "2014-06-02T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15299.html", "id": "SOL15299", "title": "SOL15299 - Linux kernel vulnerability CVE-2013-2888", "type": "f5", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-19T13:04:12", "bulletinFamily": "software", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "modified": "2018-09-26T05:07:00", "published": "2018-09-26T05:07:00", "id": "F5:K74007441", "href": "https://support.f5.com/csp/article/K74007441", "title": "Linux kernel vulnerability CVE-2013-4350", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-19T13:03:49", "bulletinFamily": "software", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "modified": "2018-09-14T09:48:00", "published": "2018-09-14T09:48:00", "id": "F5:K56923528", "href": "https://support.f5.com/csp/article/K56923528", "title": "Linux kernel vulnerability CVE-2013-4343", "type": "f5", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:46:22", "bulletinFamily": "unix", "description": "[3.8.13-16.2.2.el6uek]\n- HID: pantherlord: validate output report details (Kees Cook) [Orabug: 17841973] {CVE-2013-2892}\n- HID: zeroplus: validate output report details (Kees Cook) [Orabug: 17841968] {CVE-2013-2889}\n- HID: provide a helper for validating hid reports (Kees Cook) [Orabug: 17841968] {CVE-2013-2889}\n- KVM: Fix iommu map/unmap to handle memory slot moves (Alex Williamson) [Orabug: 17841960] {CVE-2013-4592}\n- ansi_cprng: Fix off by one error in non-block size request (Jerry Snitselaar) [Orabug: 17837997] {CVE-2013-4345}\n- HID: validate HID report id size (Kees Cook) [Orabug: 17841940] {CVE-2013-2888}\n- ipv6: remove max_addresses check from ipv6_create_tempaddr (Hannes Frederic Sowa) [Orabug: 17841911] {CVE-2013-0343}\n- ipv6: udp packets following an UFO enqueued packet need also be handled by UFO (Hannes Frederic Sowa) [Orabug: 17841928] {CVE-2013-4387}", "modified": "2013-11-28T00:00:00", "published": "2013-11-28T00:00:00", "id": "ELSA-2013-2583", "href": "http://linux.oracle.com/errata/ELSA-2013-2583.html", "title": "Unbreakable Enterprise Kernel security update", "type": "oraclelinux", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:38:54", "bulletinFamily": "unix", "description": "kernel\n[2.6.18-371.1.2.0.1]\n- i386: fix MTRR code (Zhenzhong Duan) [orabug 15862649]\n- [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030]\n- [oprofile] export __get_user_pages_fast() function [orabug 14277030]\n- [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030]\n- [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030]\n- [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030]\n- [kernel] Initialize the local uninitialized variable stats. [orabug 14051367]\n- [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763]\n- [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272]\n- [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075]\n- fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan)\n- [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan)\n- [x86] Fix lvt0 reset when hvm boot up with noapic param\n- [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason)\n [orabug 12342275]\n- [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346]\n- [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566]\n- [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042]\n- [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646]\n- fix filp_close() race (Joe Jin) [orabug 10335998]\n- make xenkbd.abs_pointer=1 by default [orabug 67188919]\n- [xen] check to see if hypervisor supports memory reservation change\n (Chuck Anderson) [orabug 7556514]\n- [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki)\n [orabug 10315433]\n- [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258]\n- [mm] Patch shrink_zone to yield during severe mempressure events, avoiding\n hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839]\n- [mm] Enhance shrink_zone patch allow full swap utilization, and also be\n NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919]\n- fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042]\n- [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson)\n [orabug 9107465]\n- [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson)\n [orabug 9764220]\n- Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615]\n- fix overcommit memory to use percpu_counter for (KOSAKI Motohiro,\n Guru Anbalagane) [orabug 6124033]\n- [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208]\n- [ib] fix memory corruption (Andy Grover) [orabug 9972346]\n- [usb] USB: fix __must_check warnings in drivers/usb/core/ (Junxiao Bi) [orabug 14795203]\n- [usb] usbcore: fix endpoint device creation (Junxiao Bi) [orabug 14795203]\n- [usb] usbcore: fix refcount bug in endpoint removal (Junxiao Bi) [orabug 14795203]", "modified": "2013-10-22T00:00:00", "published": "2013-10-22T00:00:00", "id": "ELSA-2013-1449-1", "href": "http://linux.oracle.com/errata/ELSA-2013-1449-1.html", "title": "1 ", "type": "oraclelinux", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:44:51", "bulletinFamily": "unix", "description": "kernel\n[2.6.18-371.1.2]\n- [xen] x86: check segment descriptor read result in 64-bit OUTS emulation (Radim Krcmar) [1012958 1012959] {CVE-2013-4368}\n- [md] dm snapshot: fix data corruption (Mikulas Patocka) [1004734 975353] {CVE-2013-4299}\n[2.6.18-371.1.1]\n- [crypto] ansi_cprng fix off by one err in non-block size request (Neil Horman) [1007692 1007693] {CVE-2013-4345}\n- [fs] gfs2: yield() in shrinker to allow glock_workqueues to run (Abhijith Das) [1014714 928518]\n- [net] ipv6: ipv6_create_tempaddr cleanup (Petr Holasek) [999361 999362] {CVE-2013-0343}\n- [net] ipv6: remove max_addresses check from ipv6_create_tempaddr (Petr Holasek) [999361 999362] {CVE-2013-0343}", "modified": "2013-10-22T00:00:00", "published": "2013-10-22T00:00:00", "id": "ELSA-2013-1449", "href": "http://linux.oracle.com/errata/ELSA-2013-1449.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "seebug": [{"lastseen": "2017-11-19T17:39:40", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 62405\r\nCVE(CAN) ID: CVE-2013-4350\r\n\r\nLinux Kernel\u662fLinux\u64cd\u4f5c\u7cfb\u7edf\u7684\u5185\u6838\u3002\r\n\r\nLinux kernel\u5728sctp_v6_xmit\u4e2d\u5b58\u5728ipv6\u52a0\u5bc6bug\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u6cc4\u9732\u654f\u611f\u4fe1\u606f\u3002\r\n0\r\nLinux kernel\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nLinux\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.kernel.org/", "modified": "2013-09-18T00:00:00", "published": "2013-09-18T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61030", "id": "SSV:61030", "type": "seebug", "title": "Linux Kernel 'sctp_v6_xmit()'\u51fd\u6570\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e(CVE-2013-4350)", "sourceData": "", "sourceHref": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "centos": [{"lastseen": "2017-10-03T18:25:19", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2013:1449\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel handled the creation of\ntemporary IPv6 addresses. If the IPv6 privacy extension was enabled\n(/proc/sys/net/ipv6/conf/eth0/use_tempaddr is set to '2'), an attacker on\nthe local network could disable IPv6 temporary address generation, leading\nto a potential information disclosure. (CVE-2013-0343, Moderate)\n\n* An information leak flaw was found in the way Linux kernel's device\nmapper subsystem, under certain conditions, interpreted data written to\nsnapshot block devices. An attacker could use this flaw to read data from\ndisk blocks in free space, which are normally inaccessible. (CVE-2013-4299,\nModerate)\n\n* An off-by-one flaw was found in the way the ANSI CPRNG implementation in\nthe Linux kernel processed non-block size aligned requests. This could lead\nto random numbers being generated with less bits of entropy than expected\nwhen ANSI CPRNG was used. (CVE-2013-4345, Moderate)\n\n* An information leak flaw was found in the way Xen hypervisor emulated the\nOUTS instruction for 64-bit paravirtualized guests. A privileged guest user\ncould use this flaw to leak hypervisor stack memory to the guest.\n(CVE-2013-4368, Moderate)\n\nRed Hat would like to thank Fujitsu for reporting CVE-2013-4299, Stephan\nMueller for reporting CVE-2013-4345, and the Xen project for reporting\nCVE-2013-4368.\n\nThis update also fixes the following bug:\n\n* A bug in the GFS2 code prevented glock work queues from freeing\nglock-related memory while the glock memory shrinker repeatedly queued a\nlarge number of demote requests, for example when performing a simultaneous\nbackup of several live GFS2 volumes with a large file count. As a\nconsequence, the glock work queues became overloaded which resulted in a\nhigh CPU usage and the GFS2 file systems being unresponsive for a\nsignificant amount of time. A patch has been applied to alleviate this\nproblem by calling the yield() function after scheduling a certain amount\nof tasks on the glock work queues. The problem can now occur only with\nextremely high work loads. (BZ#1014714)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-October/019981.html\n\n**Affected packages:**\nkernel\nkernel-PAE\nkernel-PAE-devel\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-xen\nkernel-xen-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-1449.html", "modified": "2013-10-23T00:10:49", "published": "2013-10-23T00:10:49", "href": "http://lists.centos.org/pipermail/centos-announce/2013-October/019981.html", "id": "CESA-2013:1449", "title": "kernel security update", "type": "centos", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}