The kernel packages contain the Linux kernel, the core of any Linux operating system.
This update fixes the following security issues :
- A flaw in the dccp_rcv_state_process() function could allow a remote attacker to cause a denial of service, even when the socket was already closed. (CVE-2011-1093, Important)
- Multiple buffer overflow flaws were found in the Linux kernel's Management Module Support for Message Passing Technology (MPT) based controllers. A local, unprivileged user could use these flaws to cause a denial of service, an information leak, or escalate their privileges. (CVE-2011-1494, CVE-2011-1495, Important)
- A missing validation of a null-terminated string data structure element in the bnep_sock_ioctl() function could allow a local user to cause an information leak or a denial of service. (CVE-2011-1079, Moderate)
- Missing error checking in the way page tables were handled in the Xen hypervisor implementation could allow a privileged guest user to cause the host, and the guests, to lock up. (CVE-2011-1166, Moderate)
- A flaw was found in the way the Xen hypervisor implementation checked for the upper boundary when getting a new event channel port. A privileged guest user could use this flaw to cause a denial of service or escalate their privileges. (CVE-2011-1763, Moderate)
- The start_code and end_code values in '/proc/[pid]/stat' were not protected. In certain scenarios, this flaw could be used to defeat Address Space Layout Randomization (ASLR). (CVE-2011-0726, Low)
- A missing initialization flaw in the sco_sock_getsockopt() function could allow a local, unprivileged user to cause an information leak.
(CVE-2011-1078, Low)
- A missing validation of a null-terminated string data structure element in the do_replace() function could allow a local user who has the CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1080, Low)
- A buffer overflow flaw in the DEC Alpha OSF partition implementation in the Linux kernel could allow a local attacker to cause an information leak by mounting a disk that contains specially crafted partition tables.
(CVE-2011-1163, Low)
- Missing validations of null-terminated string data structure elements in the do_replace(), compat_do_replace(), do_ipt_get_ctl(), do_ip6t_get_ctl(), and do_arpt_get_ctl() functions could allow a local user who has the CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, Low)
- A heap overflow flaw in the Linux kernel's EFI GUID Partition Table (GPT) implementation could allow a local attacker to cause a denial of service by mounting a disk that contains specially crafted partition tables.
(CVE-2011-1577, Low)
This update also fixes several bugs.
The system must be rebooted for this update to take effect.
{"id": "SL_20110531_KERNEL_ON_SL5_X.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Scientific Linux Security Update : kernel on SL5.x i386/x86_64", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n - A flaw in the dccp_rcv_state_process() function could allow a remote attacker to cause a denial of service, even when the socket was already closed. (CVE-2011-1093, Important)\n\n - Multiple buffer overflow flaws were found in the Linux kernel's Management Module Support for Message Passing Technology (MPT) based controllers. A local, unprivileged user could use these flaws to cause a denial of service, an information leak, or escalate their privileges. (CVE-2011-1494, CVE-2011-1495, Important)\n\n - A missing validation of a null-terminated string data structure element in the bnep_sock_ioctl() function could allow a local user to cause an information leak or a denial of service. (CVE-2011-1079, Moderate)\n\n - Missing error checking in the way page tables were handled in the Xen hypervisor implementation could allow a privileged guest user to cause the host, and the guests, to lock up. (CVE-2011-1166, Moderate)\n\n - A flaw was found in the way the Xen hypervisor implementation checked for the upper boundary when getting a new event channel port. A privileged guest user could use this flaw to cause a denial of service or escalate their privileges. (CVE-2011-1763, Moderate)\n\n - The start_code and end_code values in '/proc/[pid]/stat' were not protected. In certain scenarios, this flaw could be used to defeat Address Space Layout Randomization (ASLR). (CVE-2011-0726, Low)\n\n - A missing initialization flaw in the sco_sock_getsockopt() function could allow a local, unprivileged user to cause an information leak.\n (CVE-2011-1078, Low)\n\n - A missing validation of a null-terminated string data structure element in the do_replace() function could allow a local user who has the CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1080, Low)\n\n - A buffer overflow flaw in the DEC Alpha OSF partition implementation in the Linux kernel could allow a local attacker to cause an information leak by mounting a disk that contains specially crafted partition tables.\n (CVE-2011-1163, Low)\n\n - Missing validations of null-terminated string data structure elements in the do_replace(), compat_do_replace(), do_ipt_get_ctl(), do_ip6t_get_ctl(), and do_arpt_get_ctl() functions could allow a local user who has the CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, Low)\n\n - A heap overflow flaw in the Linux kernel's EFI GUID Partition Table (GPT) implementation could allow a local attacker to cause a denial of service by mounting a disk that contains specially crafted partition tables.\n (CVE-2011-1577, Low)\n\nThis update also fixes several bugs.\n\nThe system must be rebooted for this update to take effect.", "published": "2012-08-01T00:00:00", "modified": "2021-01-14T00:00:00", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/61059", "reporter": "This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0726", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1171", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1170", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1093", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1494", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1577", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1163", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1166", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1080", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1763", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1172", "http://www.nessus.org/u?f3b8fdda", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1079", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1078"], "cvelist": ["CVE-2011-0726", "CVE-2011-1078", "CVE-2011-1079", "CVE-2011-1080", "CVE-2011-1093", "CVE-2011-1163", "CVE-2011-1166", "CVE-2011-1170", "CVE-2011-1171", "CVE-2011-1172", "CVE-2011-1494", "CVE-2011-1495", "CVE-2011-1577", "CVE-2011-1763"], "immutableFields": [], "lastseen": "2023-01-11T14:25:39", "viewCount": 27, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2011-026"]}, {"type": "centos", "idList": ["CESA-2011:0833", "CESA-2012:1156"]}, {"type": "cve", "idList": ["CVE-2011-0726", "CVE-2011-1078", "CVE-2011-1079", "CVE-2011-1080", "CVE-2011-1093", "CVE-2011-1163", "CVE-2011-1166", "CVE-2011-1170", "CVE-2011-1171", "CVE-2011-1172", "CVE-2011-1494", "CVE-2011-1495", "CVE-2011-1577", "CVE-2011-1763", "CVE-2011-1776"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2240-1:38C7A", "DEBIAN:DSA-2264-1:87A7B", "DEBIAN:DSA-2337-1:3234A"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2011-1166"]}, {"type": "fedora", "idList": ["FEDORA:13309110B4E", "FEDORA:6F955210EC", "FEDORA:7AE2C1106A7", "FEDORA:8785411086D", "FEDORA:A272A110C4A", "FEDORA:ACEFF2102F", "FEDORA:BCC0720E13", "FEDORA:CAA68215A9", "FEDORA:D22E511080A"]}, {"type": "nessus", "idList": ["ALA_ALAS-2011-26.NASL", "CENTOS_RHSA-2011-0833.NASL", "CENTOS_RHSA-2012-1156.NASL", "DEBIAN_DSA-2240.NASL", "DEBIAN_DSA-2264.NASL", "DEBIAN_DSA-2337.NASL", "FEDORA_2011-6447.NASL", "FEDORA_2011-6541.NASL", "FEDORA_2011-7823.NASL", "NEWSTART_CGSL_NS-SA-2019-0264_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0266_KERNEL-RT.NASL", "ORACLELINUX_ELSA-2011-0498.NASL", "ORACLELINUX_ELSA-2011-0833.NASL", "ORACLELINUX_ELSA-2011-1189.NASL", "ORACLELINUX_ELSA-2011-1465.NASL", "ORACLELINUX_ELSA-2011-2015.NASL", "ORACLELINUX_ELSA-2011-2016.NASL", "ORACLELINUX_ELSA-2011-2033.NASL", "ORACLELINUX_ELSA-2011-2037.NASL", "ORACLELINUX_ELSA-2012-1156.NASL", "ORACLELINUX_ELSA-2019-4685.NASL", "ORACLEVM_OVMSA-2013-0039.NASL", "ORACLEVM_OVMSA-2019-0024.NASL", "REDHAT-RHSA-2011-0498.NASL", "REDHAT-RHSA-2011-0542.NASL", "REDHAT-RHSA-2011-0833.NASL", "REDHAT-RHSA-2011-0883.NASL", "REDHAT-RHSA-2011-1253.NASL", "REDHAT-RHSA-2011-1465.NASL", "REDHAT-RHSA-2012-1156.NASL", "REDHAT-RHSA-2012-1200.NASL", "SL_20110510_KERNEL_ON_SL6_X.NASL", "SL_20110519_KERNEL_ON_SL6_X.NASL", "SL_20111122_KERNEL_ON_SL6_X.NASL", "SL_20120814_KERNEL_ON_SL6_X.NASL", "SUSE_11_2_KERNEL-110413.NASL", "SUSE_11_3_KERNEL-110414.NASL", "SUSE_11_3_KERNEL-110726.NASL", "SUSE_11_3_KERNEL-111026.NASL", "SUSE_11_3_XEN-201105-110510.NASL", "SUSE_11_4_KERNEL-110426.NASL", "SUSE_11_4_KERNEL-111026.NASL", "SUSE_11_4_KERNEL-120104.NASL", "SUSE_11_4_XEN-201105-110510.NASL", "SUSE_11_KERNEL-110414.NASL", "SUSE_11_KERNEL-110415.NASL", "SUSE_11_KERNEL-110718.NASL", "SUSE_11_XEN-201105-110505.NASL", "SUSE_KERNEL-7515.NASL", "SUSE_KERNEL-7516.NASL", "SUSE_KERNEL-7568.NASL", "SUSE_KERNEL-7665.NASL", "SUSE_KERNEL-7666.NASL", "SUSE_KERNEL-7729.NASL", "SUSE_KERNEL-7734.NASL", "SUSE_KERNEL-7811.NASL", "SUSE_KERNEL-7812.NASL", "SUSE_KERNEL-7915.NASL", "SUSE_KERNEL-7918.NASL", "SUSE_SU-2013-1832-1.NASL", "SUSE_SU-2015-0812-1.NASL", "SUSE_XEN-201106-7547.NASL", "SUSE_XEN-201108-7703.NASL", "UBUNTU_USN-1093-1.NASL", "UBUNTU_USN-1141-1.NASL", "UBUNTU_USN-1159-1.NASL", "UBUNTU_USN-1160-1.NASL", "UBUNTU_USN-1161-1.NASL", "UBUNTU_USN-1162-1.NASL", "UBUNTU_USN-1164-1.NASL", "UBUNTU_USN-1167-1.NASL", "UBUNTU_USN-1168-1.NASL", "UBUNTU_USN-1170-1.NASL", "UBUNTU_USN-1183-1.NASL", "UBUNTU_USN-1186-1.NASL", "UBUNTU_USN-1187-1.NASL", "UBUNTU_USN-1189-1.NASL", "UBUNTU_USN-1193-1.NASL", "UBUNTU_USN-1202-1.NASL", "UBUNTU_USN-1203-1.NASL", "UBUNTU_USN-1204-1.NASL", "UBUNTU_USN-1208-1.NASL", "UBUNTU_USN-1212-1.NASL", "UBUNTU_USN-1216-1.NASL", "UBUNTU_USN-1218-1.NASL", "UBUNTU_USN-1256-1.NASL", "VMWARE_VMSA-2011-0012.NASL", "VMWARE_VMSA-2011-0012_REMOTE.NASL", "VMWARE_VMSA-2012-0001.NASL", "VMWARE_VMSA-2012-0001_REMOTE.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:103448", "OPENVAS:103455", "OPENVAS:1361412562310103448", "OPENVAS:1361412562310103455", "OPENVAS:1361412562310120399", "OPENVAS:1361412562310122029", "OPENVAS:1361412562310122051", "OPENVAS:1361412562310122052", "OPENVAS:1361412562310122155", "OPENVAS:1361412562310122162", "OPENVAS:1361412562310122175", "OPENVAS:1361412562310122177", "OPENVAS:1361412562310122179", "OPENVAS:1361412562310123845", "OPENVAS:136141256231069970", "OPENVAS:136141256231070551", "OPENVAS:1361412562310840671", "OPENVAS:1361412562310840691", "OPENVAS:1361412562310840693", "OPENVAS:1361412562310840696", "OPENVAS:1361412562310840698", "OPENVAS:1361412562310840699", "OPENVAS:1361412562310840700", "OPENVAS:1361412562310840703", "OPENVAS:1361412562310840704", "OPENVAS:1361412562310840716", "OPENVAS:1361412562310840718", "OPENVAS:1361412562310840720", "OPENVAS:1361412562310840725", "OPENVAS:1361412562310840726", "OPENVAS:1361412562310840743", "OPENVAS:1361412562310840744", "OPENVAS:1361412562310840745", "OPENVAS:1361412562310840746", "OPENVAS:1361412562310840748", "OPENVAS:1361412562310840760", "OPENVAS:1361412562310840761", "OPENVAS:1361412562310840802", "OPENVAS:1361412562310850163", "OPENVAS:1361412562310850165", "OPENVAS:1361412562310850211", "OPENVAS:1361412562310863087", "OPENVAS:1361412562310863138", "OPENVAS:1361412562310863279", "OPENVAS:1361412562310863292", "OPENVAS:1361412562310863447", "OPENVAS:1361412562310863571", "OPENVAS:1361412562310863604", "OPENVAS:1361412562310863606", "OPENVAS:1361412562310863647", "OPENVAS:1361412562310870439", "OPENVAS:1361412562310870632", "OPENVAS:1361412562310870685", "OPENVAS:1361412562310870693", "OPENVAS:1361412562310870808", "OPENVAS:1361412562310880551", "OPENVAS:1361412562310881248", "OPENVAS:1361412562310881469", "OPENVAS:69970", "OPENVAS:70551", "OPENVAS:840671", "OPENVAS:840691", "OPENVAS:840693", "OPENVAS:840696", "OPENVAS:840698", "OPENVAS:840699", "OPENVAS:840700", "OPENVAS:840703", "OPENVAS:840704", "OPENVAS:840716", "OPENVAS:840718", "OPENVAS:840720", "OPENVAS:840725", "OPENVAS:840726", "OPENVAS:840743", "OPENVAS:840744", "OPENVAS:840745", "OPENVAS:840746", "OPENVAS:840748", "OPENVAS:840760", "OPENVAS:840761", "OPENVAS:840802", "OPENVAS:850163", "OPENVAS:850165", "OPENVAS:850211", "OPENVAS:863087", "OPENVAS:863138", "OPENVAS:863279", "OPENVAS:863292", "OPENVAS:863447", "OPENVAS:863571", "OPENVAS:863604", "OPENVAS:863606", "OPENVAS:863647", "OPENVAS:870439", "OPENVAS:870632", "OPENVAS:870685", "OPENVAS:870693", "OPENVAS:870808", "OPENVAS:880551", "OPENVAS:881248", "OPENVAS:881469"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-0498", "ELSA-2011-0542", "ELSA-2011-0833", "ELSA-2011-1065", "ELSA-2011-1465", "ELSA-2011-1530", "ELSA-2011-2015", "ELSA-2011-2016", "ELSA-2011-2033", "ELSA-2011-2037", "ELSA-2012-1156", "ELSA-2019-4670", "ELSA-2019-4672", "ELSA-2019-4675", "ELSA-2019-4685"]}, {"type": "osv", "idList": ["OSV:DSA-2240-1", "OSV:DSA-2264-1", "OSV:DSA-2337-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:105078"]}, {"type": "redhat", "idList": ["RHSA-2011:0498", "RHSA-2011:0500", "RHSA-2011:0542", "RHSA-2011:0833", "RHSA-2011:1253", "RHSA-2011:1465", "RHSA-2012:1156", "RHSA-2012:1200"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:25985", "SECURITYVULNS:DOC:26125", "SECURITYVULNS:DOC:26416", "SECURITYVULNS:DOC:26447", "SECURITYVULNS:VULN:11523", "SECURITYVULNS:VULN:11588", "SECURITYVULNS:VULN:11656", "SECURITYVULNS:VULN:12030"]}, {"type": "seebug", "idList": ["SSV:20536", "SSV:20650", "SSV:20654"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2012:0236-1", "SUSE-SA:2011:017", "SUSE-SA:2011:019", "SUSE-SA:2011:020", "SUSE-SA:2011:021", "SUSE-SA:2011:026", "SUSE-SA:2011:027", "SUSE-SA:2011:031", "SUSE-SA:2011:034", "SUSE-SA:2011:040", "SUSE-SA:2011:042", "SUSE-SU-2011:0711-1", "SUSE-SU-2011:0832-1", "SUSE-SU-2011:0899-1", "SUSE-SU-2011:1057-1", "SUSE-SU-2011:1058-1", "SUSE-SU-2011:1195-1", "SUSE-SU-2012:0364-1", "SUSE-SU-2015:0812-1"]}, {"type": "ubuntu", "idList": ["USN-1093-1", "USN-1141-1", "USN-1159-1", "USN-1160-1", "USN-1161-1", "USN-1162-1", "USN-1164-1", "USN-1167-1", "USN-1168-1", "USN-1170-1", "USN-1183-1", "USN-1186-1", "USN-1187-1", "USN-1189-1", "USN-1193-1", "USN-1202-1", "USN-1203-1", "USN-1204-1", "USN-1208-1", "USN-1212-1", "USN-1216-1", "USN-1218-1", "USN-1256-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2011-0726", "UB:CVE-2011-1078", "UB:CVE-2011-1079", "UB:CVE-2011-1080", "UB:CVE-2011-1093", "UB:CVE-2011-1163", "UB:CVE-2011-1166", "UB:CVE-2011-1170", "UB:CVE-2011-1171", "UB:CVE-2011-1172", "UB:CVE-2011-1494", "UB:CVE-2011-1495", "UB:CVE-2011-1577", "UB:CVE-2011-1763", "UB:CVE-2011-1776"]}, {"type": "veracode", "idList": ["VERACODE:24512", "VERACODE:24513", "VERACODE:24514", "VERACODE:24515", "VERACODE:24516", "VERACODE:24517", "VERACODE:24518", "VERACODE:24519", "VERACODE:24520", "VERACODE:24521", "VERACODE:24522", "VERACODE:24523", "VERACODE:24524", "VERACODE:24525"]}, {"type": "vmware", "idList": ["VMSA-2011-0012", "VMSA-2011-0012.3", "VMSA-2012-0001", "VMSA-2012-0001.2"]}]}, "score": {"value": 0.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2011:0833", "CESA-2012:1156"]}, {"type": "cve", "idList": ["CVE-2011-0726", "CVE-2011-1078", "CVE-2011-1079", "CVE-2011-1080", "CVE-2011-1093", "CVE-2011-1163", "CVE-2011-1166", "CVE-2011-1170", "CVE-2011-1171", "CVE-2011-1172", "CVE-2011-1494", "CVE-2011-1495", "CVE-2011-1577"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2337-1:3234A"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2011-1166"]}, {"type": "fedora", "idList": ["FEDORA:6F955210EC"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/VMSA-2012-0001-CVE-2011-1776/"]}, {"type": "nessus", "idList": ["NEWSTART_CGSL_NS-SA-2019-0264_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0266_KERNEL-RT.NASL", "ORACLELINUX_ELSA-2011-0498.NASL", "ORACLELINUX_ELSA-2012-1156.NASL", "ORACLEVM_OVMSA-2013-0039.NASL", "SUSE_KERNEL-7516.NASL", "UBUNTU_USN-1164-1.NASL", "UBUNTU_USN-1193-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310122051", "OPENVAS:1361412562310840700", "OPENVAS:1361412562310840760", "OPENVAS:1361412562310863447", "OPENVAS:1361412562310870632", "OPENVAS:1361412562310881248", "OPENVAS:840802", "OPENVAS:863604"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-0498", "ELSA-2011-0542", "ELSA-2011-0833", "ELSA-2011-1065", "ELSA-2011-2015", "ELSA-2011-2016", "ELSA-2011-2037", "ELSA-2012-1156"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:105078"]}, {"type": "redhat", "idList": ["RHSA-2011:0498", "RHSA-2011:0542", "RHSA-2011:0833", "RHSA-2012:1156"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:26447"]}, {"type": "seebug", "idList": ["SSV:20654"]}, {"type": "suse", "idList": ["SUSE-SU-2011:1058-1"]}, {"type": "ubuntu", "idList": ["USN-1141-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2011-1093", "UB:CVE-2011-1163"]}, {"type": "vmware", "idList": ["VMSA-2012-0001"]}]}, "exploitation": null, "vulnersScore": 0.2}, "_state": {"dependencies": 1673447554, "score": 1673449353}, "_internal": {"score_hash": "6d51be408bd15c5d3dd3e36cdc6c39b8"}, "pluginID": "61059", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61059);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0726\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1163\", \"CVE-2011-1166\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1494\", \"CVE-2011-1577\", \"CVE-2011-1763\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n - A flaw in the dccp_rcv_state_process() function could\n allow a remote attacker to cause a denial of service,\n even when the socket was already closed. (CVE-2011-1093,\n Important)\n\n - Multiple buffer overflow flaws were found in the Linux\n kernel's Management Module Support for Message Passing\n Technology (MPT) based controllers. A local,\n unprivileged user could use these flaws to cause a\n denial of service, an information leak, or escalate\n their privileges. (CVE-2011-1494, CVE-2011-1495,\n Important)\n\n - A missing validation of a null-terminated string data\n structure element in the bnep_sock_ioctl() function\n could allow a local user to cause an information leak or\n a denial of service. (CVE-2011-1079, Moderate)\n\n - Missing error checking in the way page tables were\n handled in the Xen hypervisor implementation could allow\n a privileged guest user to cause the host, and the\n guests, to lock up. (CVE-2011-1166, Moderate)\n\n - A flaw was found in the way the Xen hypervisor\n implementation checked for the upper boundary when\n getting a new event channel port. A privileged guest\n user could use this flaw to cause a denial of service or\n escalate their privileges. (CVE-2011-1763, Moderate)\n\n - The start_code and end_code values in '/proc/[pid]/stat'\n were not protected. In certain scenarios, this flaw\n could be used to defeat Address Space Layout\n Randomization (ASLR). (CVE-2011-0726, Low)\n\n - A missing initialization flaw in the\n sco_sock_getsockopt() function could allow a local,\n unprivileged user to cause an information leak.\n (CVE-2011-1078, Low)\n\n - A missing validation of a null-terminated string data\n structure element in the do_replace() function could\n allow a local user who has the CAP_NET_ADMIN capability\n to cause an information leak. (CVE-2011-1080, Low)\n\n - A buffer overflow flaw in the DEC Alpha OSF partition\n implementation in the Linux kernel could allow a local\n attacker to cause an information leak by mounting a disk\n that contains specially crafted partition tables.\n (CVE-2011-1163, Low)\n\n - Missing validations of null-terminated string data\n structure elements in the do_replace(),\n compat_do_replace(), do_ipt_get_ctl(),\n do_ip6t_get_ctl(), and do_arpt_get_ctl() functions could\n allow a local user who has the CAP_NET_ADMIN capability\n to cause an information leak. (CVE-2011-1170,\n CVE-2011-1171, CVE-2011-1172, Low)\n\n - A heap overflow flaw in the Linux kernel's EFI GUID\n Partition Table (GPT) implementation could allow a local\n attacker to cause a denial of service by mounting a disk\n that contains specially crafted partition tables.\n (CVE-2011-1577, Low)\n\nThis update also fixes several bugs.\n\nThe system must be rebooted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1106&L=scientific-linux-errata&T=0&P=1636\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f3b8fdda\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"kernel-2.6.18-238.12.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-238.12.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-PAE-debuginfo-2.6.18-238.12.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-238.12.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debug-2.6.18-238.12.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debug-debuginfo-2.6.18-238.12.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debug-devel-2.6.18-238.12.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debuginfo-2.6.18-238.12.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debuginfo-common-2.6.18-238.12.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-devel-2.6.18-238.12.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-headers-2.6.18-238.12.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-xen-2.6.18-238.12.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-xen-debuginfo-2.6.18-238.12.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-xen-devel-2.6.18-238.12.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Scientific Linux Local Security Checks", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "solution": "Update the affected packages.", "nessusSeverity": "High", "cvssScoreSource": "", "vendor_cvss2": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "vendor_cvss3": {"score": null, "vector": null}, "vpr": {"risk factor": "Medium", "score": "6"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2011-05-31T00:00:00", "vulnerabilityPublicationDate": "2011-04-09T00:00:00", "exploitableWith": []}
{"centos": [{"lastseen": "2023-01-01T04:47:28", "description": "**CentOS Errata and Security Advisory** CESA-2011:0833\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* A flaw in the dccp_rcv_state_process() function could allow a remote\nattacker to cause a denial of service, even when the socket was already\nclosed. (CVE-2011-1093, Important)\n\n* Multiple buffer overflow flaws were found in the Linux kernel's\nManagement Module Support for Message Passing Technology (MPT) based\ncontrollers. A local, unprivileged user could use these flaws to cause a\ndenial of service, an information leak, or escalate their privileges.\n(CVE-2011-1494, CVE-2011-1495, Important)\n\n* A missing validation of a null-terminated string data structure element\nin the bnep_sock_ioctl() function could allow a local user to cause an\ninformation leak or a denial of service. (CVE-2011-1079, Moderate)\n\n* Missing error checking in the way page tables were handled in the Xen\nhypervisor implementation could allow a privileged guest user to cause the\nhost, and the guests, to lock up. (CVE-2011-1166, Moderate)\n\n* A flaw was found in the way the Xen hypervisor implementation checked for\nthe upper boundary when getting a new event channel port. A privileged\nguest user could use this flaw to cause a denial of service or escalate\ntheir privileges. (CVE-2011-1763, Moderate)\n\n* The start_code and end_code values in \"/proc/[pid]/stat\" were not\nprotected. In certain scenarios, this flaw could be used to defeat Address\nSpace Layout Randomization (ASLR). (CVE-2011-0726, Low)\n\n* A missing initialization flaw in the sco_sock_getsockopt() function could\nallow a local, unprivileged user to cause an information leak.\n(CVE-2011-1078, Low)\n\n* A missing validation of a null-terminated string data structure element\nin the do_replace() function could allow a local user who has the\nCAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1080, Low)\n\n* A buffer overflow flaw in the DEC Alpha OSF partition implementation in\nthe Linux kernel could allow a local attacker to cause an information leak\nby mounting a disk that contains specially-crafted partition tables.\n(CVE-2011-1163, Low)\n\n* Missing validations of null-terminated string data structure elements in\nthe do_replace(), compat_do_replace(), do_ipt_get_ctl(), do_ip6t_get_ctl(),\nand do_arpt_get_ctl() functions could allow a local user who has the\nCAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1170,\nCVE-2011-1171, CVE-2011-1172, Low)\n\n* A heap overflow flaw in the Linux kernel's EFI GUID Partition Table (GPT)\nimplementation could allow a local attacker to cause a denial of service\nby mounting a disk that contains specially-crafted partition tables.\n(CVE-2011-1577, Low)\n\nRed Hat would like to thank Dan Rosenberg for reporting CVE-2011-1494 and\nCVE-2011-1495; Vasiliy Kulikov for reporting CVE-2011-1079, CVE-2011-1078,\nCVE-2011-1080, CVE-2011-1170, CVE-2011-1171, and CVE-2011-1172; Kees Cook\nfor reporting CVE-2011-0726; and Timo Warns for reporting CVE-2011-1163\nand CVE-2011-1577.\n\nThis update also fixes several bugs. Documentation for these bug fixes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues, and fix the bugs noted in the Technical\nNotes. The system must be rebooted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2011-May/067084.html\nhttps://lists.centos.org/pipermail/centos-announce/2011-May/067085.html\n\n**Affected packages:**\nkernel\nkernel-PAE\nkernel-PAE-devel\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-xen\nkernel-xen-devel\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2011:0833", "cvss3": {}, "published": "2011-05-31T23:49:24", "type": "centos", "title": "kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0726", "CVE-2011-1078", "CVE-2011-1079", "CVE-2011-1080", "CVE-2011-1093", "CVE-2011-1163", "CVE-2011-1166", "CVE-2011-1170", "CVE-2011-1171", "CVE-2011-1172", "CVE-2011-1494", "CVE-2011-1495", "CVE-2011-1577", "CVE-2011-1763"], "modified": "2011-05-31T23:49:25", "id": "CESA-2011:0833", "href": "https://lists.centos.org/pipermail/centos-announce/2011-May/067084.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-01T04:45:52", "description": "**CentOS Errata and Security Advisory** CESA-2012:1156\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* An integer overflow flaw was found in the i915_gem_execbuffer2() function\nin the Intel i915 driver in the Linux kernel. A local, unprivileged user\ncould use this flaw to cause a denial of service. This issue only affected\n32-bit systems. (CVE-2012-2383, Moderate)\n\n* A missing initialization flaw was found in the sco_sock_getsockopt_old()\nfunction in the Linux kernel's Bluetooth implementation. A local,\nunprivileged user could use this flaw to cause an information leak.\n(CVE-2011-1078, Low)\n\nRed Hat would like to thank Vasiliy Kulikov of Openwall for reporting the\nCVE-2011-1078 issue.\n\nThis update also fixes several bugs. Documentation for these changes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues, and fix the bugs noted in the Technical\nNotes. The system must be rebooted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2012-August/068278.html\n\n**Affected packages:**\nkernel\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-firmware\nkernel-headers\nperf\npython-perf\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2012:1156", "cvss3": {}, "published": "2012-08-15T04:21:07", "type": "centos", "title": "kernel, perf, python security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1078", "CVE-2012-2383"], "modified": "2012-08-15T04:21:07", "id": "CESA-2012:1156", "href": "https://lists.centos.org/pipermail/centos-announce/2012-August/068278.html", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "openvas": [{"lastseen": "2017-07-25T10:55:27", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2011:0833 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1078", "CVE-2011-1494", "CVE-2011-1166", "CVE-2011-1079", "CVE-2011-1495", "CVE-2011-1163", "CVE-2011-1093", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1171", "CVE-2011-0726", "CVE-2011-1763", "CVE-2011-1080", "CVE-2011-1577"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880551", "href": "http://plugins.openvas.org/nasl.php?oid=880551", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2011:0833 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n \n * A flaw in the dccp_rcv_state_process() function could allow a remote\n attacker to cause a denial of service, even when the socket was already\n closed. (CVE-2011-1093, Important)\n \n * Multiple buffer overflow flaws were found in the Linux kernel's\n Management Module Support for Message Passing Technology (MPT) based\n controllers. A local, unprivileged user could use these flaws to cause a\n denial of service, an information leak, or escalate their privileges.\n (CVE-2011-1494, CVE-2011-1495, Important)\n \n * A missing validation of a null-terminated string data structure element\n in the bnep_sock_ioctl() function could allow a local user to cause an\n information leak or a denial of service. (CVE-2011-1079, Moderate)\n \n * Missing error checking in the way page tables were handled in the Xen\n hypervisor implementation could allow a privileged guest user to cause the\n host, and the guests, to lock up. (CVE-2011-1166, Moderate)\n \n * A flaw was found in the way the Xen hypervisor implementation checked for\n the upper boundary when getting a new event channel port. A privileged\n guest user could use this flaw to cause a denial of service or escalate\n their privileges. (CVE-2011-1763, Moderate)\n \n * The start_code and end_code values in "/proc/[pid]/stat" were not\n protected. In certain scenarios, this flaw could be used to defeat Address\n Space Layout Randomization (ASLR). (CVE-2011-0726, Low)\n \n * A missing initialization flaw in the sco_sock_getsockopt() function could\n allow a local, unprivileged user to cause an information leak.\n (CVE-2011-1078, Low)\n \n * A missing validation of a null-terminated string data structure element\n in the do_replace() function could allow a local user who has the\n CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1080, Low)\n \n * A buffer overflow flaw in the DEC Alpha OSF partition implementation in\n the Linux kernel could allow a local attacker to cause an information leak\n by mounting a disk that contains specially-crafted partition tables.\n (CVE-2011-1163, Low)\n \n * Missing validations of null-terminated string data structure elements in\n the do_replace(), compat_do_replace(), do_ipt_get_ctl(), do_ip6t_get_ctl(),\n and do_arpt_get_ctl() functions could allow a local user who has the\n CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1170,\n CVE-2011-1171, CVE-2011-1172, Low)\n \n * A heap overflow flaw in the Linux kernel's EFI GUID Partition ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"kernel on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-May/017609.html\");\n script_id(880551);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"CESA\", value: \"2011:0833\");\n script_cve_id(\"CVE-2011-0726\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1163\", \"CVE-2011-1166\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1577\", \"CVE-2011-1763\");\n script_name(\"CentOS Update for kernel CESA-2011:0833 centos5 i386\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~238.12.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~238.12.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~238.12.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~238.12.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~238.12.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~238.12.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~238.12.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~238.12.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~238.12.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~238.12.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:55:24", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2011-06-06T00:00:00", "type": "openvas", "title": "RedHat Update for kernel RHSA-2011:0833-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1078", "CVE-2011-1494", "CVE-2011-1166", "CVE-2011-1079", "CVE-2011-1495", "CVE-2011-1163", "CVE-2011-1093", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1171", "CVE-2011-0726", "CVE-2011-1763", "CVE-2011-1080", "CVE-2011-1577"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870439", "href": "http://plugins.openvas.org/nasl.php?oid=870439", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2011:0833-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n \n * A flaw in the dccp_rcv_state_process() function could allow a remote\n attacker to cause a denial of service, even when the socket was already\n closed. (CVE-2011-1093, Important)\n \n * Multiple buffer overflow flaws were found in the Linux kernel's\n Management Module Support for Message Passing Technology (MPT) based\n controllers. A local, unprivileged user could use these flaws to cause a\n denial of service, an information leak, or escalate their privileges.\n (CVE-2011-1494, CVE-2011-1495, Important)\n \n * A missing validation of a null-terminated string data structure element\n in the bnep_sock_ioctl() function could allow a local user to cause an\n information leak or a denial of service. (CVE-2011-1079, Moderate)\n \n * Missing error checking in the way page tables were handled in the Xen\n hypervisor implementation could allow a privileged guest user to cause the\n host, and the guests, to lock up. (CVE-2011-1166, Moderate)\n \n * A flaw was found in the way the Xen hypervisor implementation checked for\n the upper boundary when getting a new event channel port. A privileged\n guest user could use this flaw to cause a denial of service or escalate\n their privileges. (CVE-2011-1763, Moderate)\n \n * The start_code and end_code values in "/proc/[pid]/stat" were not\n protected. In certain scenarios, this flaw could be used to defeat Address\n Space Layout Randomization (ASLR). (CVE-2011-0726, Low)\n \n * A missing initialization flaw in the sco_sock_getsockopt() function could\n allow a local, unprivileged user to cause an information leak.\n (CVE-2011-1078, Low)\n \n * A missing validation of a null-terminated string data structure element\n in the do_replace() function could allow a local user who has the\n CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1080, Low)\n \n * A buffer overflow flaw in the DEC Alpha OSF partition implementation in\n the Linux kernel could allow a local attacker to cause an information leak\n by mounting a disk that contains specially-crafted partition tables.\n (CVE-2011-1163, Low)\n \n * Missing validations of null-terminated string data structure elements in\n the do_replace(), compat_do_replace(), do_ipt_get_ctl(), do_ip6t_get_ctl(),\n and do_arpt_get_ctl() functions could allow a local user who has the\n CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1170,\n CVE-2011-1171, CVE-2011-1172, Low)\n \n * A heap overflow flaw in the Lin ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"kernel on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-May/msg00027.html\");\n script_id(870439);\n script_version(\"$Revision: 6685 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:44:46 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-06 16:56:27 +0200 (Mon, 06 Jun 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"RHSA\", value: \"2011:0833-01\");\n script_cve_id(\"CVE-2011-0726\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1163\", \"CVE-2011-1166\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1577\", \"CVE-2011-1763\");\n script_name(\"RedHat Update for kernel RHSA-2011:0833-01\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~238.12.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~238.12.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.18~238.12.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~238.12.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~238.12.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.18~238.12.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~238.12.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.18~238.12.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.18~238.12.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~238.12.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~238.12.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~238.12.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~2.6.18~238.12.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~238.12.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~238.12.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:07", "description": "Oracle Linux Local Security Checks ELSA-2011-0833", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-0833", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1078", "CVE-2011-1494", "CVE-2011-1166", "CVE-2011-1079", "CVE-2011-1495", "CVE-2011-1163", "CVE-2011-1093", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1171", "CVE-2011-0726", "CVE-2011-1763", "CVE-2011-1080", "CVE-2011-1577"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122155", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122155", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-0833.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122155\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:13:58 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-0833\");\n script_tag(name:\"insight\", value:\"ELSA-2011-0833 - kernel security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-0833\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-0833.html\");\n script_cve_id(\"CVE-2011-0726\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1163\", \"CVE-2011-1166\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1577\", \"CVE-2011-1763\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~238.12.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~238.12.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~238.12.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~238.12.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~238.12.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~238.12.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~238.12.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~238.12.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~238.12.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~238.12.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~238.12.1.0.1.el5~1.4.8~2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~238.12.1.0.1.el5PAE~1.4.8~2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~238.12.1.0.1.el5debug~1.4.8~2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~238.12.1.0.1.el5xen~1.4.8~2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~238.12.1.0.1.el5~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~238.12.1.0.1.el5PAE~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~238.12.1.0.1.el5debug~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~238.12.1.0.1.el5xen~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:38:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2011:0833 centos5 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1078", "CVE-2011-1494", "CVE-2011-1166", "CVE-2011-1079", "CVE-2011-1495", "CVE-2011-1163", "CVE-2011-1093", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1171", "CVE-2011-0726", "CVE-2011-1763", "CVE-2011-1080", "CVE-2011-1577"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881248", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881248", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2011:0833 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-May/017610.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881248\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:09:50 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-0726\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\",\n \"CVE-2011-1093\", \"CVE-2011-1163\", \"CVE-2011-1166\", \"CVE-2011-1170\",\n \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1494\", \"CVE-2011-1495\",\n \"CVE-2011-1577\", \"CVE-2011-1763\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"CESA\", value:\"2011:0833\");\n script_name(\"CentOS Update for kernel CESA-2011:0833 centos5 x86_64\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"kernel on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n\n * A flaw in the dccp_rcv_state_process() function could allow a remote\n attacker to cause a denial of service, even when the socket was already\n closed. (CVE-2011-1093, Important)\n\n * Multiple buffer overflow flaws were found in the Linux kernel's\n Management Module Support for Message Passing Technology (MPT) based\n controllers. A local, unprivileged user could use these flaws to cause a\n denial of service, an information leak, or escalate their privileges.\n (CVE-2011-1494, CVE-2011-1495, Important)\n\n * A missing validation of a null-terminated string data structure element\n in the bnep_sock_ioctl() function could allow a local user to cause an\n information leak or a denial of service. (CVE-2011-1079, Moderate)\n\n * Missing error checking in the way page tables were handled in the Xen\n hypervisor implementation could allow a privileged guest user to cause the\n host, and the guests, to lock up. (CVE-2011-1166, Moderate)\n\n * A flaw was found in the way the Xen hypervisor implementation checked for\n the upper boundary when getting a new event channel port. A privileged\n guest user could use this flaw to cause a denial of service or escalate\n their privileges. (CVE-2011-1763, Moderate)\n\n * The start_code and end_code values in '/proc/[pid]/stat' were not\n protected. In certain scenarios, this flaw could be used to defeat Address\n Space Layout Randomization (ASLR). (CVE-2011-0726, Low)\n\n * A missing initialization flaw in the sco_sock_getsockopt() function could\n allow a local, unprivileged user to cause an information leak.\n (CVE-2011-1078, Low)\n\n * A missing validation of a null-terminated string data structure element\n in the do_replace() function could allow a local user who has the\n CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1080, Low)\n\n * A buffer overflow flaw in the DEC Alpha OSF partition implementation in\n the Linux kernel could allow a local attacker to cause an information leak\n by mounting a disk that contains specially-crafted partition tables.\n (CVE-2011-1163, Low)\n\n * Missing validations of null-terminated string data structure elements in\n the do_replace(), compat_do_replace(), do_ipt_get_ctl(), do_ip6t_get_ctl(),\n and do_arpt_get_ctl() functions could allow a local user who has the\n CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1170,\n CVE-2011-1171, CVE-2011-1172, Low)\n\n * A heap overflow flaw in the Linux kernel's EFI GUID Partition ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~238.12.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~238.12.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~238.12.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~238.12.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~238.12.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~238.12.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~238.12.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~238.12.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:39:30", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2011:0833 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1078", "CVE-2011-1494", "CVE-2011-1166", "CVE-2011-1079", "CVE-2011-1495", "CVE-2011-1163", "CVE-2011-1093", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1171", "CVE-2011-0726", "CVE-2011-1763", "CVE-2011-1080", "CVE-2011-1577"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880551", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880551", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2011:0833 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-May/017609.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880551\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"CESA\", value:\"2011:0833\");\n script_cve_id(\"CVE-2011-0726\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1163\", \"CVE-2011-1166\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1577\", \"CVE-2011-1763\");\n script_name(\"CentOS Update for kernel CESA-2011:0833 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"kernel on CentOS 5\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n\n * A flaw in the dccp_rcv_state_process() function could allow a remote\n attacker to cause a denial of service, even when the socket was already\n closed. (CVE-2011-1093, Important)\n\n * Multiple buffer overflow flaws were found in the Linux kernel's\n Management Module Support for Message Passing Technology (MPT) based\n controllers. A local, unprivileged user could use these flaws to cause a\n denial of service, an information leak, or escalate their privileges.\n (CVE-2011-1494, CVE-2011-1495, Important)\n\n * A missing validation of a null-terminated string data structure element\n in the bnep_sock_ioctl() function could allow a local user to cause an\n information leak or a denial of service. (CVE-2011-1079, Moderate)\n\n * Missing error checking in the way page tables were handled in the Xen\n hypervisor implementation could allow a privileged guest user to cause the\n host, and the guests, to lock up. (CVE-2011-1166, Moderate)\n\n * A flaw was found in the way the Xen hypervisor implementation checked for\n the upper boundary when getting a new event channel port. A privileged\n guest user could use this flaw to cause a denial of service or escalate\n their privileges. (CVE-2011-1763, Moderate)\n\n * The start_code and end_code values in '/proc/[pid]/stat' were not\n protected. In certain scenarios, this flaw could be used to defeat Address\n Space Layout Randomization (ASLR). (CVE-2011-0726, Low)\n\n * A missing initialization flaw in the sco_sock_getsockopt() function could\n allow a local, unprivileged user to cause an information leak.\n (CVE-2011-1078, Low)\n\n * A missing validation of a null-terminated string data structure element\n in the do_replace() function could allow a local user who has the\n CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1080, Low)\n\n * A buffer overflow flaw in the DEC Alpha OSF partition implementation in\n the Linux kernel could allow a local attacker to cause an information leak\n by mounting a disk that contains specially-crafted partition tables.\n (CVE-2011-1163, Low)\n\n * Missing validations of null-terminated string data structure elements in\n the do_replace(), compat_do_replace(), do_ipt_get_ctl(), do_ip6t_get_ctl(),\n and do_arpt_get_ctl() functions could allow a local user who has the\n CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1170,\n CVE-2011-1171, CVE-2011-1172, Low)\n\n * A heap overflow flaw in the Linux kernel's EFI GUID Partition ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~238.12.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~238.12.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~238.12.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~238.12.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~238.12.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~238.12.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~238.12.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~238.12.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~238.12.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~238.12.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2018-01-02T10:56:24", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2011:0833 centos5 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1078", "CVE-2011-1494", "CVE-2011-1166", "CVE-2011-1079", "CVE-2011-1495", "CVE-2011-1163", "CVE-2011-1093", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1171", "CVE-2011-0726", "CVE-2011-1763", "CVE-2011-1080", "CVE-2011-1577"], "modified": "2018-01-02T00:00:00", "id": "OPENVAS:881248", "href": "http://plugins.openvas.org/nasl.php?oid=881248", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2011:0833 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n \n * A flaw in the dccp_rcv_state_process() function could allow a remote\n attacker to cause a denial of service, even when the socket was already\n closed. (CVE-2011-1093, Important)\n \n * Multiple buffer overflow flaws were found in the Linux kernel's\n Management Module Support for Message Passing Technology (MPT) based\n controllers. A local, unprivileged user could use these flaws to cause a\n denial of service, an information leak, or escalate their privileges.\n (CVE-2011-1494, CVE-2011-1495, Important)\n \n * A missing validation of a null-terminated string data structure element\n in the bnep_sock_ioctl() function could allow a local user to cause an\n information leak or a denial of service. (CVE-2011-1079, Moderate)\n \n * Missing error checking in the way page tables were handled in the Xen\n hypervisor implementation could allow a privileged guest user to cause the\n host, and the guests, to lock up. (CVE-2011-1166, Moderate)\n \n * A flaw was found in the way the Xen hypervisor implementation checked for\n the upper boundary when getting a new event channel port. A privileged\n guest user could use this flaw to cause a denial of service or escalate\n their privileges. (CVE-2011-1763, Moderate)\n \n * The start_code and end_code values in "/proc/[pid]/stat" were not\n protected. In certain scenarios, this flaw could be used to defeat Address\n Space Layout Randomization (ASLR). (CVE-2011-0726, Low)\n \n * A missing initialization flaw in the sco_sock_getsockopt() function could\n allow a local, unprivileged user to cause an information leak.\n (CVE-2011-1078, Low)\n \n * A missing validation of a null-terminated string data structure element\n in the do_replace() function could allow a local user who has the\n CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1080, Low)\n \n * A buffer overflow flaw in the DEC Alpha OSF partition implementation in\n the Linux kernel could allow a local attacker to cause an information leak\n by mounting a disk that contains specially-crafted partition tables.\n (CVE-2011-1163, Low)\n \n * Missing validations of null-terminated string data structure elements in\n the do_replace(), compat_do_replace(), do_ipt_get_ctl(), do_ip6t_get_ctl(),\n and do_arpt_get_ctl() functions could allow a local user who has the\n CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1170,\n CVE-2011-1171, CVE-2011-1172, Low)\n \n * A heap overflow flaw in the Linux kernel's EFI GUID Partition ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"kernel on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-May/017610.html\");\n script_id(881248);\n script_version(\"$Revision: 8267 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 07:29:17 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:09:50 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-0726\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\",\n \"CVE-2011-1093\", \"CVE-2011-1163\", \"CVE-2011-1166\", \"CVE-2011-1170\",\n \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1494\", \"CVE-2011-1495\",\n \"CVE-2011-1577\", \"CVE-2011-1763\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"CESA\", value: \"2011:0833\");\n script_name(\"CentOS Update for kernel CESA-2011:0833 centos5 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~238.12.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~238.12.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~238.12.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~238.12.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~238.12.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~238.12.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~238.12.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~238.12.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:56", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-06-06T00:00:00", "type": "openvas", "title": "RedHat Update for kernel RHSA-2011:0833-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1078", "CVE-2011-1494", "CVE-2011-1166", "CVE-2011-1079", "CVE-2011-1495", "CVE-2011-1163", "CVE-2011-1093", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1171", "CVE-2011-0726", "CVE-2011-1763", "CVE-2011-1080", "CVE-2011-1577"], "modified": "2019-03-12T00:00:00", "id": "OPENVAS:1361412562310870439", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870439", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2011:0833-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-May/msg00027.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870439\");\n script_version(\"$Revision: 14114 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 12:48:52 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-06 16:56:27 +0200 (Mon, 06 Jun 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"RHSA\", value:\"2011:0833-01\");\n script_cve_id(\"CVE-2011-0726\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1163\", \"CVE-2011-1166\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1577\", \"CVE-2011-1763\");\n script_name(\"RedHat Update for kernel RHSA-2011:0833-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"kernel on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n\n * A flaw in the dccp_rcv_state_process() function could allow a remote\n attacker to cause a denial of service, even when the socket was already\n closed. (CVE-2011-1093, Important)\n\n * Multiple buffer overflow flaws were found in the Linux kernel's\n Management Module Support for Message Passing Technology (MPT) based\n controllers. A local, unprivileged user could use these flaws to cause a\n denial of service, an information leak, or escalate their privileges.\n (CVE-2011-1494, CVE-2011-1495, Important)\n\n * A missing validation of a null-terminated string data structure element\n in the bnep_sock_ioctl() function could allow a local user to cause an\n information leak or a denial of service. (CVE-2011-1079, Moderate)\n\n * Missing error checking in the way page tables were handled in the Xen\n hypervisor implementation could allow a privileged guest user to cause the\n host, and the guests, to lock up. (CVE-2011-1166, Moderate)\n\n * A flaw was found in the way the Xen hypervisor implementation checked for\n the upper boundary when getting a new event channel port. A privileged\n guest user could use this flaw to cause a denial of service or escalate\n their privileges. (CVE-2011-1763, Moderate)\n\n * The start_code and end_code values in '/proc/[pid]/stat' were not\n protected. In certain scenarios, this flaw could be used to defeat Address\n Space Layout Randomization (ASLR). (CVE-2011-0726, Low)\n\n * A missing initialization flaw in the sco_sock_getsockopt() function could\n allow a local, unprivileged user to cause an information leak.\n (CVE-2011-1078, Low)\n\n * A missing validation of a null-terminated string data structure element\n in the do_replace() function could allow a local user who has the\n CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1080, Low)\n\n * A buffer overflow flaw in the DEC Alpha OSF partition implementation in\n the Linux kernel could allow a local attacker to cause an information leak\n by mounting a disk that contains specially-crafted partition tables.\n (CVE-2011-1163, Low)\n\n * Missing validations of null-terminated string data structure elements in\n the do_replace(), compat_do_replace(), do_ipt_get_ctl(), do_ip6t_get_ctl(),\n and do_arpt_get_ctl() functions could allow a local user who has the\n CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1170,\n CVE-2011-1171, CVE-2011-1172, Low)\n\n * A heap overflow flaw in the Lin ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~238.12.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~238.12.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.18~238.12.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~238.12.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~238.12.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.18~238.12.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~238.12.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.18~238.12.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.18~238.12.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~238.12.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~238.12.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~238.12.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~2.6.18~238.12.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~238.12.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~238.12.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-08-05T16:03:33", "description": "Oracle Linux Local Security Checks ELSA-2011-2016", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-2016", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1494", "CVE-2010-4251", "CVE-2011-1023", "CVE-2011-1495", "CVE-2011-1163", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1171", "CVE-2011-1082"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122175", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122175", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-2016.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122175\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:14:16 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-2016\");\n script_tag(name:\"insight\", value:\"ELSA-2011-2016 - Unbreakable Enterprise kernel security fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-2016\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-2016.html\");\n script_cve_id(\"CVE-2010-4251\", \"CVE-2011-1023\", \"CVE-2011-1082\", \"CVE-2011-1163\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1494\", \"CVE-2011-1495\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.32~100.28.17.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.32~100.28.17.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.32~100.28.17.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.32~100.28.17.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.32~100.28.17.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.32~100.28.17.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-headers\", rpm:\"kernel-uek-headers~2.6.32~100.28.17.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~100.28.17.el5~1.5.1~4.0.28\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~100.28.17.el5debug~1.5.1~4.0.28\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.32~100.28.17.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.32~100.28.17.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.32~100.28.17.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.32~100.28.17.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.32~100.28.17.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.32~100.28.17.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-headers\", rpm:\"kernel-uek-headers~2.6.32~100.28.17.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-07-30T14:09:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-06-06T00:00:00", "type": "openvas", "title": "RedHat Update for Red Hat Enterprise Linux 6.1 kernel RHSA-2011:0542-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1494", "CVE-2010-4251", "CVE-2011-1023", "CVE-2011-1581", "CVE-2011-1495", "CVE-2011-1163", "CVE-2011-0999", "CVE-2011-1010", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1171", "CVE-2011-1082", "CVE-2011-1090"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870685", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870685", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for Red Hat Enterprise Linux 6.1 kernel RHSA-2011:0542-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-May/msg00014.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870685\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-06 10:46:14 +0530 (Wed, 06 Jun 2012)\");\n script_cve_id(\"CVE-2010-4251\", \"CVE-2011-0999\", \"CVE-2011-1010\", \"CVE-2011-1023\",\n \"CVE-2011-1082\", \"CVE-2011-1090\", \"CVE-2011-1163\", \"CVE-2011-1170\",\n \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1494\", \"CVE-2011-1495\",\n \"CVE-2011-1581\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2011:0542-01\");\n script_name(\"RedHat Update for Red Hat Enterprise Linux 6.1 kernel RHSA-2011:0542-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Red Hat Enterprise Linux 6.1 kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"Red Hat Enterprise Linux 6.1 kernel on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n\n * Multiple buffer overflow flaws were found in the Linux kernel's\n Management Module Support for Message Passing Technology (MPT) based\n controllers. A local, unprivileged user could use these flaws to cause a\n denial of service, an information leak, or escalate their privileges.\n (CVE-2011-1494, CVE-2011-1495, Important)\n\n * A flaw was found in the Linux kernel's Ethernet bonding driver\n implementation. Packets coming in from network devices that have more\n than 16 receive queues to a bonding interface could cause a denial of\n service. (CVE-2011-1581, Important)\n\n * A flaw was found in the Linux kernel's networking subsystem. If the\n number of packets received exceeded the receiver's buffer limit, they were\n queued in a backlog, consuming memory, instead of being discarded. A remote\n attacker could abuse this flaw to cause a denial of service (out-of-memory\n condition). (CVE-2010-4251, Moderate)\n\n * A flaw was found in the Linux kernel's Transparent Huge Pages (THP)\n implementation. A local, unprivileged user could abuse this flaw to allow\n the user stack (when it is using huge pages) to grow and cause a denial of\n service. (CVE-2011-0999, Moderate)\n\n * A flaw was found in the transmit methods (xmit) for the loopback and\n InfiniBand transports in the Linux kernel's Reliable Datagram Sockets (RDS)\n implementation. A local, unprivileged user could use this flaw to cause a\n denial of service. (CVE-2011-1023, Moderate)\n\n * A flaw in the Linux kernel's Event Poll (epoll) implementation could\n allow a local, unprivileged user to cause a denial of service.\n (CVE-2011-1082, Moderate)\n\n * An inconsistency was found in the interaction between the Linux kernel's\n method for allocating NFSv4 (Network File System version 4) ACL data and\n the method by which it was freed. This inconsistency led to a kernel panic\n which could be triggered by a local, unprivileged user with files owned by\n said user on an NFSv4 share. (CVE-2011-1090, Moderate)\n\n * A missing validation check was found in the Linux kernel's\n mac_partition() implementation, used for supporting file systems created\n on Mac OS operating systems. A local attacker could use this flaw to cause\n a denial of service by mounting a disk that contains specially-crafted\n partitions. (CVE-2011-1010, Low)\n\n * A buffer ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~131.0.15.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~131.0.15.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.32~131.0.15.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~131.0.15.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.32~131.0.15.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-i686\", rpm:\"kernel-debuginfo-common-i686~2.6.32~131.0.15.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~131.0.15.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~131.0.15.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~131.0.15.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~2.6.32~131.0.15.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~131.0.15.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~131.0.15.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~2.6.32~131.0.15.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2018-01-02T10:58:02", "description": "Check for the Version of Red Hat Enterprise Linux 6.1 kernel", "cvss3": {}, "published": "2012-06-06T00:00:00", "type": "openvas", "title": "RedHat Update for Red Hat Enterprise Linux 6.1 kernel RHSA-2011:0542-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1494", "CVE-2010-4251", "CVE-2011-1023", "CVE-2011-1581", "CVE-2011-1495", "CVE-2011-1163", "CVE-2011-0999", "CVE-2011-1010", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1171", "CVE-2011-1082", "CVE-2011-1090"], "modified": "2017-12-26T00:00:00", "id": "OPENVAS:870685", "href": "http://plugins.openvas.org/nasl.php?oid=870685", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for Red Hat Enterprise Linux 6.1 kernel RHSA-2011:0542-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n\n * Multiple buffer overflow flaws were found in the Linux kernel's\n Management Module Support for Message Passing Technology (MPT) based\n controllers. A local, unprivileged user could use these flaws to cause a\n denial of service, an information leak, or escalate their privileges.\n (CVE-2011-1494, CVE-2011-1495, Important)\n\n * A flaw was found in the Linux kernel's Ethernet bonding driver\n implementation. Packets coming in from network devices that have more\n than 16 receive queues to a bonding interface could cause a denial of\n service. (CVE-2011-1581, Important)\n\n * A flaw was found in the Linux kernel's networking subsystem. If the\n number of packets received exceeded the receiver's buffer limit, they were\n queued in a backlog, consuming memory, instead of being discarded. A remote\n attacker could abuse this flaw to cause a denial of service (out-of-memory\n condition). (CVE-2010-4251, Moderate)\n\n * A flaw was found in the Linux kernel's Transparent Huge Pages (THP)\n implementation. A local, unprivileged user could abuse this flaw to allow\n the user stack (when it is using huge pages) to grow and cause a denial of\n service. (CVE-2011-0999, Moderate)\n\n * A flaw was found in the transmit methods (xmit) for the loopback and\n InfiniBand transports in the Linux kernel's Reliable Datagram Sockets (RDS)\n implementation. A local, unprivileged user could use this flaw to cause a\n denial of service. (CVE-2011-1023, Moderate)\n\n * A flaw in the Linux kernel's Event Poll (epoll) implementation could\n allow a local, unprivileged user to cause a denial of service.\n (CVE-2011-1082, Moderate)\n\n * An inconsistency was found in the interaction between the Linux kernel's\n method for allocating NFSv4 (Network File System version 4) ACL data and\n the method by which it was freed. This inconsistency led to a kernel panic\n which could be triggered by a local, unprivileged user with files owned by\n said user on an NFSv4 share. (CVE-2011-1090, Moderate)\n\n * A missing validation check was found in the Linux kernel's\n mac_partition() implementation, used for supporting file systems created\n on Mac OS operating systems. A local attacker could use this flaw to cause\n a denial of service by mounting a disk that contains specially-crafted\n partitions. (CVE-2011-1010, Low)\n\n * A buffer ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"Red Hat Enterprise Linux 6.1 kernel on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-May/msg00014.html\");\n script_id(870685);\n script_version(\"$Revision: 8245 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-26 07:29:59 +0100 (Tue, 26 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-06 10:46:14 +0530 (Wed, 06 Jun 2012)\");\n script_cve_id(\"CVE-2010-4251\", \"CVE-2011-0999\", \"CVE-2011-1010\", \"CVE-2011-1023\",\n \"CVE-2011-1082\", \"CVE-2011-1090\", \"CVE-2011-1163\", \"CVE-2011-1170\",\n \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1494\", \"CVE-2011-1495\",\n \"CVE-2011-1581\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2011:0542-01\");\n script_name(\"RedHat Update for Red Hat Enterprise Linux 6.1 kernel RHSA-2011:0542-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of Red Hat Enterprise Linux 6.1 kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~131.0.15.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~131.0.15.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.32~131.0.15.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~131.0.15.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.32~131.0.15.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-i686\", rpm:\"kernel-debuginfo-common-i686~2.6.32~131.0.15.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~131.0.15.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~131.0.15.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~131.0.15.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~2.6.32~131.0.15.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~131.0.15.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~131.0.15.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~2.6.32~131.0.15.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-07-30T14:00:00", "description": "Oracle Linux Local Security Checks ELSA-2011-0542", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-0542", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3881", "CVE-2011-1494", "CVE-2010-4251", "CVE-2011-1023", "CVE-2011-1581", "CVE-2010-4805", "CVE-2011-1495", "CVE-2011-1163", "CVE-2011-0999", "CVE-2011-1010", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1171", "CVE-2011-1082", "CVE-2011-1090"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122162", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122162", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-0542.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122162\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:14:05 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-0542\");\n script_tag(name:\"insight\", value:\"ELSA-2011-0542 - Oracle Linux 6.1 kernel security, bug fix and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-0542\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-0542.html\");\n script_cve_id(\"CVE-2010-3881\", \"CVE-2010-4251\", \"CVE-2010-4805\", \"CVE-2011-0999\", \"CVE-2011-1010\", \"CVE-2011-1023\", \"CVE-2011-1082\", \"CVE-2011-1090\", \"CVE-2011-1163\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1581\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~131.0.15.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~131.0.15.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~131.0.15.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~131.0.15.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~131.0.15.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~131.0.15.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~131.0.15.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~131.0.15.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2017-12-04T11:26:59", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1189-1", "cvss3": {}, "published": "2011-08-24T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1189-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1160", "CVE-2011-1078", "CVE-2011-2492", "CVE-2011-1180", "CVE-2011-1079", "CVE-2011-1093", "CVE-2011-1020", "CVE-2011-1493", "CVE-2011-1080"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840725", "href": "http://plugins.openvas.org/nasl.php?oid=840725", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1189_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux USN-1189-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that the /proc filesystem did not correctly handle\n permission changes when programs executed. A local attacker could hold open\n files to examine details about programs running with higher privileges,\n potentially increasing the chances of exploiting additional\n vulnerabilities. (CVE-2011-1020)\n\n Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear\n memory. A local attacker could exploit this to read kernel stack memory,\n leading to a loss of privacy. (CVE-2011-1078)\n \n Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check\n that device name strings were NULL terminated. A local attacker could\n exploit this to crash the system, leading to a denial of service, or leak\n contents of kernel stack memory, leading to a loss of privacy.\n (CVE-2011-1079)\n \n Vasiliy Kulikov discovered that bridge network filtering did not check that\n name fields were NULL terminated. A local attacker could exploit this to\n leak contents of kernel stack memory, leading to a loss of privacy.\n (CVE-2011-1080)\n \n Johan Hovold discovered that the DCCP network stack did not correctly\n handle certain packet combinations. A remote attacker could send specially\n crafted network traffic that would crash the system, leading to a denial of\n service. (CVE-2011-1093)\n \n Peter Huewe discovered that the TPM device did not correctly initialize\n memory. A local attacker could exploit this to read kernel heap memory\n contents, leading to a loss of privacy. (CVE-2011-1160)\n \n Dan Rosenberg discovered that the IRDA subsystem did not correctly check\n certain field sizes. If a system was using IRDA, a remote attacker could\n send specially crafted traffic to crash the system or gain root privileges.\n (CVE-2011-1180)\n \n Dan Rosenberg discovered that the X.25 Rose network stack did not correctly\n handle certain fields. If a system was running with Rose enabled, a remote\n attacker could send specially crafted traffic to gain root privileges.\n (CVE-2011-1493)\n \n It was discovered that Bluetooth l2cap and rfcomm did not correctly\n initialize structures. A local attacker could exploit this to read portions\n of the kernel stack, leading to a loss of privacy. (CVE-2011-2492)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1189-1\";\ntag_affected = \"linux on Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1189-1/\");\n script_id(840725);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-24 09:14:07 +0200 (Wed, 24 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"USN\", value: \"1189-1\");\n script_cve_id(\"CVE-2011-1020\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1160\", \"CVE-2011-1180\", \"CVE-2011-1493\", \"CVE-2011-2492\");\n script_name(\"Ubuntu Update for linux USN-1189-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-386\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-generic\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-hppa32\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-hppa64\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-itanium\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-lpia\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-lpiacompat\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-mckinley\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-openvz\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-powerpc\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-powerpc-smp\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-powerpc64-smp\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-rt\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-server\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-sparc64\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-sparc64-smp\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-virtual\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-xen\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:52", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1189-1", "cvss3": {}, "published": "2011-08-24T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1189-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1160", "CVE-2011-1078", "CVE-2011-2492", "CVE-2011-1180", "CVE-2011-1079", "CVE-2011-1093", "CVE-2011-1020", "CVE-2011-1493", "CVE-2011-1080"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840725", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840725", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1189_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux USN-1189-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1189-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840725\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-24 09:14:07 +0200 (Wed, 24 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"USN\", value:\"1189-1\");\n script_cve_id(\"CVE-2011-1020\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1160\", \"CVE-2011-1180\", \"CVE-2011-1493\", \"CVE-2011-2492\");\n script_name(\"Ubuntu Update for linux USN-1189-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU8\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1189-1\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 8.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that the /proc filesystem did not correctly handle\n permission changes when programs executed. A local attacker could hold open\n files to examine details about programs running with higher privileges,\n potentially increasing the chances of exploiting additional\n vulnerabilities. (CVE-2011-1020)\n\n Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear\n memory. A local attacker could exploit this to read kernel stack memory,\n leading to a loss of privacy. (CVE-2011-1078)\n\n Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check\n that device name strings were NULL terminated. A local attacker could\n exploit this to crash the system, leading to a denial of service, or leak\n contents of kernel stack memory, leading to a loss of privacy.\n (CVE-2011-1079)\n\n Vasiliy Kulikov discovered that bridge network filtering did not check that\n name fields were NULL terminated. A local attacker could exploit this to\n leak contents of kernel stack memory, leading to a loss of privacy.\n (CVE-2011-1080)\n\n Johan Hovold discovered that the DCCP network stack did not correctly\n handle certain packet combinations. A remote attacker could send specially\n crafted network traffic that would crash the system, leading to a denial of\n service. (CVE-2011-1093)\n\n Peter Huewe discovered that the TPM device did not correctly initialize\n memory. A local attacker could exploit this to read kernel heap memory\n contents, leading to a loss of privacy. (CVE-2011-1160)\n\n Dan Rosenberg discovered that the IRDA subsystem did not correctly check\n certain field sizes. If a system was using IRDA, a remote attacker could\n send specially crafted traffic to crash the system or gain root privileges.\n (CVE-2011-1180)\n\n Dan Rosenberg discovered that the X.25 Rose network stack did not correctly\n handle certain fields. If a system was running with Rose enabled, a remote\n attacker could send specially crafted traffic to gain root privileges.\n (CVE-2011-1493)\n\n It was discovered that Bluetooth l2cap and rfcomm did not correctly\n initialize structures. A local attacker could exploit this to read portions\n of the kernel stack, leading to a loss of privacy. (CVE-2011-2492)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-386\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-generic\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-hppa32\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-hppa64\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-itanium\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-lpia\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-lpiacompat\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-mckinley\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-openvz\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-powerpc\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-powerpc-smp\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-powerpc64-smp\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-rt\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-server\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-sparc64\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-sparc64-smp\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-virtual\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-xen\", ver:\"2.6.24-29.93\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-12-19T16:08:49", "description": "The remote ESXi is missing one or more security related Updates from VMSA-2012-0001.", "cvss3": {}, "published": "2012-03-15T00:00:00", "type": "openvas", "title": "VMware ESXi/ESX updates to third party library and ESX Service Console (VMSA-2012-0001)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0547", "CVE-2010-3493", "CVE-2011-1746", "CVE-2011-1678", "CVE-2011-0695", "CVE-2011-1521", "CVE-2011-1078", "CVE-2011-1494", "CVE-2011-2491", "CVE-2010-4649", "CVE-2010-2059", "CVE-2011-1776", "CVE-2011-2517", "CVE-2011-1576", "CVE-2011-1573", "CVE-2011-2492", "CVE-2011-1780", "CVE-2011-2495", "CVE-2011-1166", "CVE-2011-0711", "CVE-2011-2901", "CVE-2011-2022", "CVE-2011-1079", "CVE-2011-1044", "CVE-2011-1495", "CVE-2010-0787", "CVE-2011-1163", "CVE-2011-2519", "CVE-2010-2089", "CVE-2011-1093", "CVE-2011-1593", "CVE-2011-2522", "CVE-2011-1170", "CVE-2011-1936", "CVE-2011-2482", "CVE-2011-1172", "CVE-2011-1171", "CVE-2011-2213", "CVE-2011-1015", "CVE-2011-2689", "CVE-2009-3720", "CVE-2011-3378", "CVE-2010-1634", "CVE-2009-3560", "CVE-2011-0726", "CVE-2011-1745", "CVE-2011-1182", "CVE-2011-1763", "CVE-2011-2525", "CVE-2011-1080", "CVE-2011-2694", "CVE-2011-1577", "CVE-2011-2192"], "modified": "2019-12-18T00:00:00", "id": "OPENVAS:1361412562310103448", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103448", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# VMSA-2012-0001 VMware ESXi and ESX updates to third party library and ESX Service Console\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103448\");\n script_cve_id(\"CVE-2009-3560\", \"CVE-2009-3720\", \"CVE-2010-0547\", \"CVE-2010-0787\", \"CVE-2010-1634\", \"CVE-2010-2059\", \"CVE-2010-2089\", \"CVE-2010-3493\", \"CVE-2010-4649\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-0726\", \"CVE-2011-1015\", \"CVE-2011-1044\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1163\", \"CVE-2011-1166\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1182\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1521\", \"CVE-2011-1573\", \"CVE-2011-1576\", \"CVE-2011-1577\", \"CVE-2011-1593\", \"CVE-2011-1678\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1763\", \"CVE-2011-1776\", \"CVE-2011-1780\", \"CVE-2011-1936\", \"CVE-2011-2022\", \"CVE-2011-2192\", \"CVE-2011-2213\", \"CVE-2011-2482\", \"CVE-2011-2491\", \"CVE-2011-2492\", \"CVE-2011-2495\", \"CVE-2011-2517\", \"CVE-2011-2519\", \"CVE-2011-2522\", \"CVE-2011-2525\", \"CVE-2011-2689\", \"CVE-2011-2694\", \"CVE-2011-2901\", \"CVE-2011-3378\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_version(\"2019-12-18T11:13:08+0000\");\n script_name(\"VMware ESXi/ESX updates to third party library and ESX Service Console (VMSA-2012-0001)\");\n script_tag(name:\"last_modification\", value:\"2019-12-18 11:13:08 +0000 (Wed, 18 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2012-03-15 14:13:01 +0100 (Thu, 15 Mar 2012)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"VMware Local Security Checks\");\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_esxi_init.nasl\");\n script_mandatory_keys(\"VMware/ESXi/LSC\", \"VMware/ESX/version\");\n\n script_xref(name:\"URL\", value:\"http://www.vmware.com/security/advisories/VMSA-2012-0001.html\");\n\n script_tag(name:\"solution\", value:\"Apply the missing patch(es).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if the target host is missing one or more patch(es).\");\n\n script_tag(name:\"summary\", value:\"The remote ESXi is missing one or more security related Updates from VMSA-2012-0001.\");\n\n script_tag(name:\"affected\", value:\"ESXi 4.1 without patch ESXi410-201201401-SG\n\n ESXi 5.0 without patch ESXi500-201203101-SG\n\n ESXi 4.0 without patch ESXi400-201203401-SG\n\n ESX 4.1 without patches ESX410-201201401-SG, ESX410-201201402-SG,\n ESX410-201201404-SG, ESX410-201201405-SG, ESX410-201201406-SG,\n ESX410-201201407-SG\");\n\n script_tag(name:\"insight\", value:\"VMware ESXi and ESX updates to third party library and ESX Service Console address\n several security issues.\n\n a. ESX third party update for Service Console kernel\n\n The ESX Service Console Operating System (COS) kernel is updated to kernel-2.6.18-274.3.1.el5\n to fix multiple security issues in the COS kernel.\n\n b. ESX third party update for Service Console cURL RPM\n\n The ESX Service Console (COS) curl RPM is updated to cURL-7.15.5.9 resolving a security issue.\n\n c. ESX third party update for Service Console nspr and nss RPMs\n\n The ESX Service Console (COS) nspr and nss RPMs are updated to nspr-4.8.8-1.el5_7 and\n nss-3.12.10-4.el5_7 respectively resolving a security issue.\n\n A Certificate Authority (CA) issued fraudulent SSL certificates and Netscape\n Portable Runtime (NSPR) and Network Security Services (NSS) contain the\n built-in tokens of this fraudulent Certificate Authority. This update renders\n all SSL certificates signed by the fraudulent CA as untrusted for all uses.\n\n d. ESX third party update for Service Console rpm RPMs\n\n The ESX Service Console Operating System (COS) rpm packages are updated to\n popt-1.10.2.3-22.el5_7.2, rpm-4.4.2.3-22.el5_7.2, rpm-libs-4.4.2.3-22.el5_7.2\n and rpm-python-4.4.2.3-22.el5_7.2 which fixes multiple security issues.\n\n e. ESX third party update for Service Console samba RPMs\n\n The ESX Service Console Operating System (COS) samba packages are updated to\n samba-client-3.0.33-3.29.el5_7.4, samba-common-3.0.33-3.29.el5_7.4 and\n libsmbclient-3.0.33-3.29.el5_7.4 which fixes multiple security issues in the\n Samba client.\n\n f. ESX third party update for Service Console python package\n\n The ESX Service Console (COS) python package is updated to 2.4.3-44 which fixes\n multiple security issues.\n\n g. ESXi update to third party component python\n\n The python third party library is updated to python 2.5.6 which fixes multiple\n security issues.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"vmware_esx.inc\");\ninclude(\"version_func.inc\");\n\nif(!get_kb_item(\"VMware/ESXi/LSC\"))\n exit(0);\n\nif(!esxVersion = get_kb_item(\"VMware/ESX/version\"))\n exit(0);\n\npatches = make_array(\"4.1.0\", \"ESXi410-201201401-SG\",\n \"4.0.0\", \"ESXi400-201203401-SG\",\n \"5.0.0\", \"VIB:esx-base:5.0.0-0.10.608089\");\n\nif(!patches[esxVersion])\n exit(99);\n\nif(report = esxi_patch_missing(esxi_version:esxVersion, patch:patches[esxVersion])) {\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:10:29", "description": "The remote ESXi is missing one or more security related Updates from VMSA-2012-0001.\n\nSummary\n\nVMware ESXi and ESX updates to third party library and ESX Service Console address\nseveral security issues.\n\nRelevant releases:\n\nESXi 4.1 without patch ESXi410-201201401-SG\nESXi 5.0 without patch ESXi500-201203101-SG\nESXi 4.0 without patch ESXi400-201203401-SG\n\nESX 4.1 without patches ESX410-201201401-SG, ESX410-201201402-SG,\nESX410-201201404-SG, ESX410-201201405-SG, ESX410-201201406-SG,\nESX410-201201407-SG.\n \nProblem Description\n\na. ESX third party update for Service Console kernel\n\n The ESX Service Console Operating System (COS) kernel is updated to kernel-2.6.18-274.3.1.el5\n to fix multiple security issues in the COS kernel.\n \nb. ESX third party update for Service Console cURL RPM\n\n The ESX Service Console (COS) curl RPM is updated to cURL-7.15.5.9 resolving a security issue.\n\nc. ESX third party update for Service Console nspr and nss RPMs\n\n The ESX Service Console (COS) nspr and nss RPMs are updated to nspr-4.8.8-1.el5_7 and\n nss-3.12.10-4.el5_7 respectively resolving a security issue.\n\n A Certificate Authority (CA) issued fraudulent SSL certificates and Netscape\n Portable Runtime (NSPR) and Network Security Services (NSS) contain the\n built-in tokens of this fraudulent Certificate Authority. This update renders\n all SSL certificates signed by the fraudulent CA as untrusted for all uses.\n\nd. ESX third party update for Service Console rpm RPMs\n\n The ESX Service Console Operating System (COS) rpm packages are updated to\n popt-1.10.2.3-22.el5_7.2, rpm-4.4.2.3-22.el5_7.2, rpm-libs-4.4.2.3-22.el5_7.2\n and rpm-python-4.4.2.3-22.el5_7.2 which fixes multiple security issues.\n\ne. ESX third party update for Service Console samba RPMs\n\n The ESX Service Console Operating System (COS) samba packages are updated to\n samba-client-3.0.33-3.29.el5_7.4, samba-common-3.0.33-3.29.el5_7.4 and\n libsmbclient-3.0.33-3.29.el5_7.4 which fixes multiple security issues in the\n Samba client.\n\nf. ESX third party update for Service Console python package\n\n The ESX Service Console (COS) python package is updated to 2.4.3-44 which fixes\n multiple security issues.\n\ng. ESXi update to third party component python\n\n The python third party library is updated to python 2.5.6 which fixes multiple\n security issues.", "cvss3": {}, "published": "2012-03-15T00:00:00", "type": "openvas", "title": "VMSA-2012-0001 VMware ESXi and ESX updates to third party library and ESX Service Console", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0547", "CVE-2010-3493", "CVE-2011-1746", "CVE-2011-1678", "CVE-2011-0695", "CVE-2011-1521", "CVE-2011-1078", "CVE-2011-1494", "CVE-2011-2491", "CVE-2010-4649", "CVE-2010-2059", "CVE-2011-1776", "CVE-2011-2517", "CVE-2011-1576", "CVE-2011-1573", "CVE-2011-2492", "CVE-2011-1780", "CVE-2011-2495", "CVE-2011-1166", "CVE-2011-0711", "CVE-2011-2901", "CVE-2011-2022", "CVE-2011-1079", "CVE-2011-1044", "CVE-2011-1495", "CVE-2010-0787", "CVE-2011-1163", "CVE-2011-2519", "CVE-2010-2089", "CVE-2011-1093", "CVE-2011-1593", "CVE-2011-2522", "CVE-2011-1170", "CVE-2011-1936", "CVE-2011-2482", "CVE-2011-1172", "CVE-2011-1171", "CVE-2011-2213", "CVE-2011-1015", "CVE-2011-2689", "CVE-2009-3720", "CVE-2011-3378", "CVE-2010-1634", "CVE-2009-3560", "CVE-2011-0726", "CVE-2011-1745", "CVE-2011-1182", "CVE-2011-1763", "CVE-2011-2525", "CVE-2011-1080", "CVE-2011-2694", "CVE-2011-1577", "CVE-2011-2192"], "modified": "2017-04-19T00:00:00", "id": "OPENVAS:103448", "href": "http://plugins.openvas.org/nasl.php?oid=103448", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_VMSA-2012-0001.nasl 5977 2017-04-19 09:02:22Z teissa $\n#\n# VMSA-2012-0001 VMware ESXi and ESX updates to third party library and ESX Service Console\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_summary = \"The remote ESXi is missing one or more security related Updates from VMSA-2012-0001.\n\nSummary\n\nVMware ESXi and ESX updates to third party library and ESX Service Console address\nseveral security issues.\n\nRelevant releases:\n\nESXi 4.1 without patch ESXi410-201201401-SG\nESXi 5.0 without patch ESXi500-201203101-SG\nESXi 4.0 without patch ESXi400-201203401-SG\n\nESX 4.1 without patches ESX410-201201401-SG, ESX410-201201402-SG,\nESX410-201201404-SG, ESX410-201201405-SG, ESX410-201201406-SG,\nESX410-201201407-SG.\n \nProblem Description\n\na. ESX third party update for Service Console kernel\n\n The ESX Service Console Operating System (COS) kernel is updated to kernel-2.6.18-274.3.1.el5\n to fix multiple security issues in the COS kernel.\n \nb. ESX third party update for Service Console cURL RPM\n\n The ESX Service Console (COS) curl RPM is updated to cURL-7.15.5.9 resolving a security issue.\n\nc. ESX third party update for Service Console nspr and nss RPMs\n\n The ESX Service Console (COS) nspr and nss RPMs are updated to nspr-4.8.8-1.el5_7 and\n nss-3.12.10-4.el5_7 respectively resolving a security issue.\n\n A Certificate Authority (CA) issued fraudulent SSL certificates and Netscape\n Portable Runtime (NSPR) and Network Security Services (NSS) contain the\n built-in tokens of this fraudulent Certificate Authority. This update renders\n all SSL certificates signed by the fraudulent CA as untrusted for all uses.\n\nd. ESX third party update for Service Console rpm RPMs\n\n The ESX Service Console Operating System (COS) rpm packages are updated to\n popt-1.10.2.3-22.el5_7.2, rpm-4.4.2.3-22.el5_7.2, rpm-libs-4.4.2.3-22.el5_7.2\n and rpm-python-4.4.2.3-22.el5_7.2 which fixes multiple security issues.\n\ne. ESX third party update for Service Console samba RPMs\n\n The ESX Service Console Operating System (COS) samba packages are updated to\n samba-client-3.0.33-3.29.el5_7.4, samba-common-3.0.33-3.29.el5_7.4 and\n libsmbclient-3.0.33-3.29.el5_7.4 which fixes multiple security issues in the\n Samba client.\n\nf. ESX third party update for Service Console python package\n\n The ESX Service Console (COS) python package is updated to 2.4.3-44 which fixes\n multiple security issues.\n\ng. ESXi update to third party component python\n\n The python third party library is updated to python 2.5.6 which fixes multiple\n security issues.\";\n\ntag_solution = \"Apply the missing patch(es).\";\n\nif (description)\n{\n script_id(103448);\n script_cve_id(\"CVE-2009-3560\", \"CVE-2009-3720\", \"CVE-2010-0547\", \"CVE-2010-0787\", \"CVE-2010-1634\", \"CVE-2010-2059\", \"CVE-2010-2089\", \"CVE-2010-3493\", \"CVE-2010-4649\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-0726\", \"CVE-2011-1015\", \"CVE-2011-1044\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1163\", \"CVE-2011-1166\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1182\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1521\", \"CVE-2011-1573\", \"CVE-2011-1576\", \"CVE-2011-1577\", \"CVE-2011-1593\", \"CVE-2011-1678\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1763\", \"CVE-2011-1776\", \"CVE-2011-1780\", \"CVE-2011-1936\", \"CVE-2011-2022\", \"CVE-2011-2192\", \"CVE-2011-2213\", \"CVE-2011-2482\", \"CVE-2011-2491\", \"CVE-2011-2492\", \"CVE-2011-2495\", \"CVE-2011-2517\", \"CVE-2011-2519\", \"CVE-2011-2522\", \"CVE-2011-2525\", \"CVE-2011-2689\", \"CVE-2011-2694\", \"CVE-2011-2901\", \"CVE-2011-3378\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_version (\"$Revision: 5977 $\");\n script_name(\"VMSA-2012-0001 VMware ESXi and ESX updates to third party library and ESX Service Console\");\n\n\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-19 11:02:22 +0200 (Wed, 19 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-15 14:13:01 +0100 (Thu, 15 Mar 2012)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"VMware Local Security Checks\");\n script_copyright(\"This script is Copyright (C) 2012 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_esxi_init.nasl\");\n script_mandatory_keys(\"VMware/ESXi/LSC\",\"VMware/ESX/version\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://www.vmware.com/security/advisories/VMSA-2012-0001.html\");\n exit(0);\n}\n\ninclude(\"vmware_esx.inc\");\ninclude(\"version_func.inc\");\n\nif(!get_kb_item('VMware/ESXi/LSC'))exit(0);\nif(! esxVersion = get_kb_item(\"VMware/ESX/version\"))exit(0);\n\npatches = make_array(\"4.1.0\", \"ESXi410-201201401-SG\",\n \"4.0.0\", \"ESXi400-201203401-SG\",\n \"5.0.0\", \"VIB:esx-base:5.0.0-0.10.608089\");\n\nif(!patches[esxVersion])exit(0);\n\nif(_esxi_patch_missing(esxi_version:esxVersion, patch:patches[esxVersion])) {\n\n security_message(port:0);\n exit(0);\n\n}\n\nexit(99);\n\n\n\n\n\n\n\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:27:24", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1212-1", "cvss3": {}, "published": "2011-09-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-1212-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1017", "CVE-2011-2918", "CVE-2011-1746", "CVE-2011-1160", "CVE-2011-1078", "CVE-2011-2493", "CVE-2011-1494", "CVE-2011-1771", "CVE-2011-1598", "CVE-2011-2492", "CVE-2011-1173", "CVE-2011-2699", "CVE-2011-0463", "CVE-2011-2484", "CVE-2011-2022", "CVE-2011-1180", "CVE-2011-1079", "CVE-2011-1581", "CVE-2011-1770", "CVE-2011-1495", "CVE-2011-1833", "CVE-2011-1020", "CVE-2011-1593", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1748", "CVE-2011-1171", "CVE-2011-1493", "CVE-2011-2689", "CVE-2011-2534", "CVE-2011-1745", "CVE-2011-1182", "CVE-2011-1080", "CVE-2011-1577"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840748", "href": "http://plugins.openvas.org/nasl.php?oid=840748", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1212_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux-ti-omap4 USN-1212-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly\n clear memory when writing certain file holes. A local attacker could\n exploit this to read uninitialized data from the disk, leading to a loss of\n privacy. (CVE-2011-0463)\n\n Timo Warns discovered that the LDM disk partition handling code did not\n correctly handle certain values. By inserting a specially crafted disk\n device, a local attacker could exploit this to gain root privileges.\n (CVE-2011-1017)\n \n It was discovered that the /proc filesystem did not correctly handle\n permission changes when programs executed. A local attacker could hold open\n files to examine details about programs running with higher privileges,\n potentially increasing the chances of exploiting additional\n vulnerabilities. (CVE-2011-1020)\n \n Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear\n memory. A local attacker could exploit this to read kernel stack memory,\n leading to a loss of privacy. (CVE-2011-1078)\n \n Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check\n that device name strings were NULL terminated. A local attacker could\n exploit this to crash the system, leading to a denial of service, or leak\n contents of kernel stack memory, leading to a loss of privacy.\n (CVE-2011-1079)\n \n Vasiliy Kulikov discovered that bridge network filtering did not check that\n name fields were NULL terminated. A local attacker could exploit this to\n leak contents of kernel stack memory, leading to a loss of privacy.\n (CVE-2011-1080)\n \n Peter Huewe discovered that the TPM device did not correctly initialize\n memory. A local attacker could exploit this to read kernel heap memory\n contents, leading to a loss of privacy. (CVE-2011-1160)\n \n Vasiliy Kulikov discovered that the netfilter code did not check certain\n strings copied from userspace. A local attacker with netfilter access could\n exploit this to read kernel memory or crash the system, leading to a denial\n of service. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-2534)\n \n Vasiliy Kulikov discovered that the Acorn Universal Networking driver did\n not correctly initialize memory. A remote attacker could send specially\n crafted traffic to read kernel stack memory, leading to a loss of privacy.\n (CVE-2011-1173)\n \n Dan Rosenberg discovered that the IRDA subsystem did not correctly check\n certain field sizes. If a system was using IRDA, a remote attacker could\n send specially crafted traffic to crash the system or gain root privileges.\n (CVE-2011-1180)\n \n Julien Tinnes discovered that the kernel d ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1212-1\";\ntag_affected = \"linux-ti-omap4 on Ubuntu 11.04\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1212-1/\");\n script_id(840748);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-23 16:39:49 +0200 (Fri, 23 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"USN\", value: \"1212-1\");\n script_cve_id(\"CVE-2011-0463\", \"CVE-2011-1017\", \"CVE-2011-1020\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1160\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-2534\", \"CVE-2011-1173\", \"CVE-2011-1180\", \"CVE-2011-1182\", \"CVE-2011-1493\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1577\", \"CVE-2011-1581\", \"CVE-2011-1593\", \"CVE-2011-1598\", \"CVE-2011-1748\", \"CVE-2011-1745\", \"CVE-2011-2022\", \"CVE-2011-1746\", \"CVE-2011-1770\", \"CVE-2011-1771\", \"CVE-2011-1833\", \"CVE-2011-2484\", \"CVE-2011-2492\", \"CVE-2011-2493\", \"CVE-2011-2689\", \"CVE-2011-2699\", \"CVE-2011-2918\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-1212-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-1209-omap4\", ver:\"2.6.38-1209.15\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2020-07-30T14:10:05", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1212-1", "cvss3": {}, "published": "2011-09-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-1212-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1017", "CVE-2011-2918", "CVE-2011-1746", "CVE-2011-1160", "CVE-2011-1078", "CVE-2011-2493", "CVE-2011-1494", "CVE-2011-1771", "CVE-2011-1598", "CVE-2011-2492", "CVE-2011-1173", "CVE-2011-2699", "CVE-2011-0463", "CVE-2011-2484", "CVE-2011-2022", "CVE-2011-1180", "CVE-2011-1079", "CVE-2011-1581", "CVE-2011-1770", "CVE-2011-1495", "CVE-2011-1833", "CVE-2011-1020", "CVE-2011-1593", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1748", "CVE-2011-1171", "CVE-2011-1493", "CVE-2011-2689", "CVE-2011-2534", "CVE-2011-1745", "CVE-2011-1182", "CVE-2011-1080", "CVE-2011-1577"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840748", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840748", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1212_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-ti-omap4 USN-1212-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1212-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840748\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-23 16:39:49 +0200 (Fri, 23 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"USN\", value:\"1212-1\");\n script_cve_id(\"CVE-2011-0463\", \"CVE-2011-1017\", \"CVE-2011-1020\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1160\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-2534\", \"CVE-2011-1173\", \"CVE-2011-1180\", \"CVE-2011-1182\", \"CVE-2011-1493\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1577\", \"CVE-2011-1581\", \"CVE-2011-1593\", \"CVE-2011-1598\", \"CVE-2011-1748\", \"CVE-2011-1745\", \"CVE-2011-2022\", \"CVE-2011-1746\", \"CVE-2011-1770\", \"CVE-2011-1771\", \"CVE-2011-1833\", \"CVE-2011-2484\", \"CVE-2011-2492\", \"CVE-2011-2493\", \"CVE-2011-2689\", \"CVE-2011-2699\", \"CVE-2011-2918\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-1212-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU11\\.04\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1212-1\");\n script_tag(name:\"affected\", value:\"linux-ti-omap4 on Ubuntu 11.04\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly\n clear memory when writing certain file holes. A local attacker could\n exploit this to read uninitialized data from the disk, leading to a loss of\n privacy. (CVE-2011-0463)\n\n Timo Warns discovered that the LDM disk partition handling code did not\n correctly handle certain values. By inserting a specially crafted disk\n device, a local attacker could exploit this to gain root privileges.\n (CVE-2011-1017)\n\n It was discovered that the /proc filesystem did not correctly handle\n permission changes when programs executed. A local attacker could hold open\n files to examine details about programs running with higher privileges,\n potentially increasing the chances of exploiting additional\n vulnerabilities. (CVE-2011-1020)\n\n Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear\n memory. A local attacker could exploit this to read kernel stack memory,\n leading to a loss of privacy. (CVE-2011-1078)\n\n Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check\n that device name strings were NULL terminated. A local attacker could\n exploit this to crash the system, leading to a denial of service, or leak\n contents of kernel stack memory, leading to a loss of privacy.\n (CVE-2011-1079)\n\n Vasiliy Kulikov discovered that bridge network filtering did not check that\n name fields were NULL terminated. A local attacker could exploit this to\n leak contents of kernel stack memory, leading to a loss of privacy.\n (CVE-2011-1080)\n\n Peter Huewe discovered that the TPM device did not correctly initialize\n memory. A local attacker could exploit this to read kernel heap memory\n contents, leading to a loss of privacy. (CVE-2011-1160)\n\n Vasiliy Kulikov discovered that the netfilter code did not check certain\n strings copied from userspace. A local attacker with netfilter access could\n exploit this to read kernel memory or crash the system, leading to a denial\n of service. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-2534)\n\n Vasiliy Kulikov discovered that the Acorn Universal Networking driver did\n not correctly initialize memory. A remote attacker could send specially\n crafted traffic to read kernel stack memory, leading to a loss of privacy.\n (CVE-2011-1173)\n\n Dan Rosenberg discovered that the IRDA subsystem did not correctly check\n certain field sizes. If a system was using IRDA, a remote attacker could\n send specially crafted traffic to crash the system or gain root privileges.\n (CVE-2011-1180)\n\n Julien Tinnes discovered that the kernel d ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-1209-omap4\", ver:\"2.6.38-1209.15\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2019-05-29T18:39:27", "description": "The remote host is missing an update to linux-2.6\nannounced via advisory DSA 2264-1.", "cvss3": {}, "published": "2011-08-03T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2264-1 (linux-2.6)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1017", "CVE-2011-1768", "CVE-2011-1746", "CVE-2011-0695", "CVE-2011-1160", "CVE-2011-1078", "CVE-2011-1776", "CVE-2011-1767", "CVE-2011-1012", "CVE-2011-1598", "CVE-2010-3875", "CVE-2011-1173", "CVE-2010-2524", "CVE-2011-1759", "CVE-2011-2182", "CVE-2011-0711", "CVE-2011-0710", "CVE-2011-2022", "CVE-2011-1180", "CVE-2011-1079", "CVE-2011-1163", "CVE-2011-1093", "CVE-2011-1010", "CVE-2011-1593", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1748", "CVE-2011-1171", "CVE-2011-1477", "CVE-2011-1493", "CVE-2011-0726", "CVE-2011-1745", "CVE-2011-1182", "CVE-2011-1090", "CVE-2011-1080", "CVE-2010-4075", "CVE-2010-4655", "CVE-2011-1577"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:136141256231069970", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231069970", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2264_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2264-1 (linux-2.6)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.69970\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-03 04:36:20 +0200 (Wed, 03 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cve_id(\"CVE-2010-2524\", \"CVE-2010-3875\", \"CVE-2010-4075\", \"CVE-2010-4655\", \"CVE-2011-0695\", \"CVE-2011-0710\", \"CVE-2011-0711\", \"CVE-2011-0726\", \"CVE-2011-1010\", \"CVE-2011-1012\", \"CVE-2011-1017\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1090\", \"CVE-2011-1093\", \"CVE-2011-1160\", \"CVE-2011-1163\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1173\", \"CVE-2011-1180\", \"CVE-2011-1182\", \"CVE-2011-1477\", \"CVE-2011-1493\", \"CVE-2011-1577\", \"CVE-2011-1593\", \"CVE-2011-1598\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1748\", \"CVE-2011-1759\", \"CVE-2011-1767\", \"CVE-2011-1768\", \"CVE-2011-1776\", \"CVE-2011-2022\", \"CVE-2011-2182\");\n script_name(\"Debian Security Advisory DSA 2264-1 (linux-2.6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB5\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202264-1\");\n script_tag(name:\"insight\", value:\"Several vulnerabilities have been discovered in the Linux kernel that may lead\nto a privilege escalation, denial of service or information leak. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2010-2524\n\nDavid Howells reported an issue in the Common Internet File System (CIFS).\nLocal users could cause arbitrary CIFS shares to be mounted by introducing\nmalicious redirects.\n\nCVE-2010-3875\n\nVasiliy Kulikov discovered an issue in the Linux implementation of the\nAmateur Radio AX.25 Level 2 protocol. Local users may obtain access to\nsensitive kernel memory.\n\nCVE-2010-4075\n\nDan Rosenberg reported an issue in the tty layer that may allow local\nusers to obtain access to sensitive kernel memory.\n\nCVE-2010-4655\n\nKees Cook discovered several issues in the ethtool interface which may\nallow local users with the CAP_NET_ADMIN capability to obtain access to\nsensitive kernel memory.\n\nDescription truncated. Please see the referenced advisory for more information.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 2.6.26-26lenny3. Updates for arm and hppa are not yet available,\nbut will be released as soon as possible.\n\nThe following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:\n\nDebian 5.0 (lenny)\nuser-mode-linux 2.6.26-1um-2+26lenny3\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your linux-2.6 and user-mode-linux packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to linux-2.6\nannounced via advisory DSA 2264-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"linux-doc-2.6.26\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-486\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-4kc-malta\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-5kc-malta\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-686\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-686-bigmem\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-alpha\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-amd64\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-arm\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-armel\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-hppa\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-i386\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-ia64\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-mips\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-mipsel\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-powerpc\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-s390\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-sparc\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-alpha-generic\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-alpha-legacy\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-alpha-smp\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-amd64\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-common\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-common-openvz\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-common-vserver\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-common-xen\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-footbridge\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-iop32x\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-itanium\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-ixp4xx\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-mckinley\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-openvz-686\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-openvz-amd64\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-orion5x\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-parisc\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-parisc-smp\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-parisc64\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-parisc64-smp\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-powerpc\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-powerpc-smp\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-powerpc64\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-r4k-ip22\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-r5k-cobalt\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-r5k-ip32\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-s390\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-s390x\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-sb1-bcm91250a\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-sb1a-bcm91480b\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-sparc64\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-sparc64-smp\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-versatile\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-686\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-686-bigmem\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-amd64\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-itanium\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-mckinley\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-powerpc\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-powerpc64\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-s390x\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-sparc64\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-xen-686\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-xen-amd64\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-486\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-4kc-malta\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-5kc-malta\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-686\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-686-bigmem\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-alpha-generic\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-alpha-legacy\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-alpha-smp\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-amd64\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-footbridge\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-iop32x\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-itanium\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-ixp4xx\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-mckinley\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-openvz-686\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-openvz-amd64\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-orion5x\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-parisc\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-parisc-smp\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-parisc64\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-parisc64-smp\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-powerpc\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-powerpc-smp\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-powerpc64\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-r4k-ip22\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-r5k-cobalt\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-r5k-ip32\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-s390\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-s390-tape\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-s390x\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-sb1-bcm91250a\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-sb1a-bcm91480b\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-sparc64\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-sparc64-smp\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-versatile\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-686\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-686-bigmem\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-amd64\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-itanium\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-mckinley\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-powerpc\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-powerpc64\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-s390x\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-sparc64\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-xen-686\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-xen-amd64\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-manual-2.6.26\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-modules-2.6.26-2-xen-686\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-modules-2.6.26-2-xen-amd64\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-patch-debian-2.6.26\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-source-2.6.26\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-support-2.6.26-2\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-tree-2.6.26\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-linux-system-2.6.26-2-xen-686\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-linux-system-2.6.26-2-xen-amd64\", ver:\"2.6.26-26lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-07-24T12:55:45", "description": "The remote host is missing an update to linux-2.6\nannounced via advisory DSA 2264-1.", "cvss3": {}, "published": "2011-08-03T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2264-1 (linux-2.6)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1017", "CVE-2011-1768", "CVE-2011-1746", "CVE-2011-0695", "CVE-2011-1160", "CVE-2011-1078", "CVE-2011-1776", "CVE-2011-1767", "CVE-2011-1012", "CVE-2011-1598", "CVE-2010-3875", "CVE-2011-1173", "CVE-2010-2524", "CVE-2011-1759", "CVE-2011-2182", "CVE-2011-0711", "CVE-2011-0710", "CVE-2011-2022", "CVE-2011-1180", "CVE-2011-1079", "CVE-2011-1163", "CVE-2011-1093", "CVE-2011-1010", "CVE-2011-1593", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1748", "CVE-2011-1171", "CVE-2011-1477", "CVE-2011-1493", "CVE-2011-0726", "CVE-2011-1745", "CVE-2011-1182", "CVE-2011-1090", "CVE-2011-1080", "CVE-2010-4075", "CVE-2010-4655", "CVE-2011-1577"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:69970", "href": "http://plugins.openvas.org/nasl.php?oid=69970", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2264_1.nasl 6613 2017-07-07 12:08:40Z cfischer $\n# Description: Auto-generated from advisory DSA 2264-1 (linux-2.6)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in the Linux kernel that may lead\nto a privilege escalation, denial of service or information leak. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2010-2524\n\nDavid Howells reported an issue in the Common Internet File System (CIFS).\nLocal users could cause arbitrary CIFS shares to be mounted by introducing\nmalicious redirects.\n\nCVE-2010-3875\n\nVasiliy Kulikov discovered an issue in the Linux implementation of the\nAmateur Radio AX.25 Level 2 protocol. Local users may obtain access to\nsensitive kernel memory.\n\nCVE-2010-4075\n\nDan Rosenberg reported an issue in the tty layer that may allow local\nusers to obtain access to sensitive kernel memory.\n\nCVE-2010-4655\n\nKees Cook discovered several issues in the ethtool interface which may\nallow local users with the CAP_NET_ADMIN capability to obtain access to\nsensitive kernel memory.\n\nCVE-2011-0695\n\nJens Kuehnel reported an issue in the InfiniBand stack. Remote attackers can\nexploit a race condition to cause a denial of service (kernel panic).\n\nCVE-2011-0710\n\nAl Viro reported an issue in the /proc/<pid>/status interface on the\ns390 architecture. Local users could gain access to sensitive memory\nin processes they do not own via the task_show_regs entry.\n\nCVE-2011-0711\n\nDan Rosenberg reported an issue in the XFS filesystem. Local users may\nobtain access to sensitive kernel memory.\n\nCVE-2011-0726\n\nKees Cook reported an issue in the /proc/pid/stat implementation. Local\nusers could learn the text location of a process, defeating protections\nprovided by address space layout randomization (ASLR).\n\nCVE-2011-1010\n\nTimo Warns reported an issue in the Linux support for Mac partition tables.\nLocal users with physical access could cause a denial of service (panic)\nby adding a storage device with a malicious map_count value.\n\nCVE-2011-1012\n\nTimo Warns reported an issue in the Linux support for Mac partition tables.\nLocal users with physical access could cause a denial of service (panic)\nby adding a storage device with a malicious map_count value.\n\nCVE-2011-1017\n\nTimo Warns reported an issue in the Linux support for LDM partition tables.\nUsers with physical access can gain access to sensitive kernel memory or\ngain elevated privileges by adding a storage device with a specially\ncrafted LDM partition.\n\nCVE-2011-1078\n\nVasiliy Kulikov discovered an issue in the Bluetooth subsystem. Local users\ncan obtain access to sensitive kernel memory.\n\nCVE-2011-1079\n\nVasiliy Kulikov discovered an issue in the Bluetooth subsystem. Local users\nwith the CAP_NET_ADMIN capability can cause a denial of service (kernel\nOops).\n\nCVE-2011-1080\n\nVasiliy Kulikov discovered an issue in the Netfilter subsystem. Local users\ncan obtain access to sensitive kernel memory.\n\nCVE-2011-1090\n\nNeil Horman discovered a memory leak in the setacl() call on NFSv4\nfilesystems. Local users can exploit this to cause a denial of service\n(Oops).\n\nCVE-2011-1093\n\nJohan Hovold reported an issue in the Datagram Congestion Control Protocol\n(DCCP) implementation. Remote users could cause a denial of service by\nsending data after closing a socket.\n\nCVE-2011-1160\n\nPeter Huewe reported an issue in the Linux kernel's support for TPM security\nchips. Local users with permission to open the device can gain access to\nsensitive kernel memory.\n\nCVE-2011-1163\n\nTimo Warns reported an issue in the kernel support for Alpha OSF format disk\npartitions. Users with physical access can gain access to sensitive kernel\nmemory by adding a storage device with a specially crafted OSF partition.\n\nCVE-2011-1170\n\nVasiliy Kulikov reported an issue in the Netfilter arp table\nimplementation. Local users with the CAP_NET_ADMIN capability can gain\naccess to sensitive kernel memory.\n\nCVE-2011-1171\n\nVasiliy Kulikov reported an issue in the Netfilter IP table\nimplementation. Local users with the CAP_NET_ADMIN capability can gain\naccess to sensitive kernel memory.\n\nCVE-2011-1172\n\nVasiliy Kulikov reported an issue in the Netfilter IP6 table\nimplementation. Local users with the CAP_NET_ADMIN capability can gain\naccess to sensitive kernel memory.\n\nCVE-2011-1173\n\nVasiliy Kulikov reported an issue in the Acorn Econet protocol\nimplementation. Local users can obtain access to sensitive kernel memory on\nsystems that use this rare hardware.\n\nCVE-2011-1180\n\nDan Rosenberg reported a buffer overflow in the Information Access Service\nof the IrDA protocol, used for Infrared devices. Remote attackers within IR\ndevice range can cause a denial of service or possibly gain elevated\nprivileges.\n\nCVE-2011-1182\n\nJulien Tinnes reported an issue in the rt_sigqueueinfo interface. Local\nusers can generate signals with falsified source pid and uid information.\n\nCVE-2011-1477\n\nDan Rosenberg reported issues in the Open Sound System driver for cards that\ninclude a Yamaha FM synthesizer chip. Local users can cause memory\ncorruption resulting in a denial of service. This issue does not affect\nofficial Debian Linux image packages as they no longer provide support for\nOSS. However, custom kernels built from Debians linux-source-2.6.32 may\nhave enabled this configuration and would therefore be vulnerable.\n\nCVE-2011-1493\n\nDan Rosenburg reported two issues in the Linux implementation of the\nAmateur Radio X.25 PLP (Rose) protocol. A remote user can cause a denial of\nservice by providing specially crafted facilities fields.\n\nCVE-2011-1577\n\nTimo Warns reported an issue in the Linux support for GPT partition tables.\nLocal users with physical access could cause a denial of service (Oops)\nby adding a storage device with a malicious partition table header.\n\nCVE-2011-1593\n\nRobert Swiecki reported a signednes issue in the next_pidmap() function,\nwhich can be exploited my local users to cause a denial of service.\n\nCVE-2011-1598\n\nDave Jones reported an issue in the Broadcast Manager Controller Area\nNetwork (CAN/BCM) protocol that may allow local users to cause a NULL\npointer dereference, resulting in a denial of service.\n\nCVE-2011-1745\n\nVasiliy Kulikov reported an issue in the Linux support for AGP devices.\nLocal users can obtain elevated privileges or cause a denial of service due\nto missing bounds checking in the AGPIOC_BIND ioctl. On default Debian\ninstallations, this is exploitable only by users in the video group.\n\nCVE-2011-1746\n\nVasiliy Kulikov reported an issue in the Linux support for AGP devices.\nLocal users can obtain elevated privileges or cause a denial of service\ndue to missing bounds checking in the agp_allocate_memory and\nagp_create_user_memory. On default Debian installations, this is\nexploitable only by users in the video group.\n\nCVE-2011-1748\n\nOliver Kartkopp reported an issue in the Controller Area Network (CAN) raw\nsocket implementation which permits ocal users to cause a NULL pointer\ndereference, resulting in a denial of service.\n\nCVE-2011-1759\n\nDan Rosenberg reported an issue in the support for executing old ABI\nbinaries on ARM processors. Local users can obtain elevated privileges due\nto insufficient bounds checking in the semtimedop system call.\n\nCVE-2011-1767\n\nAlexecy Dobriyan reported an issue in the GRE over IP implementation.\nRemote users can cause a denial of service by sending a packet during\nmodule initialization.\n\nCVE-2011-1768\n\nAlexecy Dobriyan reported an issue in the IP tunnels implementation.\nRemote users can cause a denial of service by sending a packet during\nmodule initialization.\n\nCVE-2011-1776\n\nTimo Warns reported an issue in the Linux implementation for GUID\npartitions. Users with physical access can gain access to sensitive kernel\nmemory by adding a storage device with a specially crafted corrupted\ninvalid partition table.\n\nCVE-2011-2022\n\nVasiliy Kulikov reported an issue in the Linux support for AGP devices.\nLocal users can obtain elevated privileges or cause a denial of service due\nto missing bounds checking in the AGPIOC_UNBIND ioctl. On default Debian\ninstallations, this is exploitable only by users in the video group.\n\nCVE-2011-2182\n\nBen Hutchings reported an issue with the fix for CVE-2011-1017 (see above)\nthat made it insufficient to resolve the issue.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 2.6.26-26lenny3. Updates for arm and hppa are not yet available,\nbut will be released as soon as possible.\n\nThe following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:\n\nDebian 5.0 (lenny)\nuser-mode-linux 2.6.26-1um-2+26lenny3\n\nWe recommend that you upgrade your linux-2.6 and user-mode-linux packages.\";\ntag_summary = \"The remote host is missing an update to linux-2.6\nannounced via advisory DSA 2264-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202264-1\";\n\n\nif(description)\n{\n script_id(69970);\n script_version(\"$Revision: 6613 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:40 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-03 04:36:20 +0200 (Wed, 03 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cve_id(\"CVE-2010-2524\", \"CVE-2010-3875\", \"CVE-2010-4075\", \"CVE-2010-4655\", \"CVE-2011-0695\", \"CVE-2011-0710\", \"CVE-2011-0711\", \"CVE-2011-0726\", \"CVE-2011-1010\", \"CVE-2011-1012\", \"CVE-2011-1017\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1090\", \"CVE-2011-1093\", \"CVE-2011-1160\", \"CVE-2011-1163\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1173\", \"CVE-2011-1180\", \"CVE-2011-1182\", \"CVE-2011-1477\", \"CVE-2011-1493\", \"CVE-2011-1577\", \"CVE-2011-1593\", \"CVE-2011-1598\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1748\", \"CVE-2011-1759\", \"CVE-2011-1767\", \"CVE-2011-1768\", \"CVE-2011-1776\", \"CVE-2011-2022\", \"CVE-2011-2182\");\n script_name(\"Debian Security Advisory DSA 2264-1 (linux-2.6)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"linux-doc-2.6.26\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-486\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-4kc-malta\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-5kc-malta\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-686\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-686-bigmem\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-alpha\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-amd64\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-arm\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-armel\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-hppa\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-i386\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-ia64\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-mips\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-mipsel\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-powerpc\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-s390\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-sparc\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-alpha-generic\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-alpha-legacy\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-alpha-smp\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-amd64\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-common\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-common-openvz\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-common-vserver\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-common-xen\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-footbridge\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-iop32x\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-itanium\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-ixp4xx\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-mckinley\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-openvz-686\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-openvz-amd64\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-orion5x\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-parisc\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-parisc-smp\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-parisc64\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-parisc64-smp\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-powerpc\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-powerpc-smp\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-powerpc64\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-r4k-ip22\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-r5k-cobalt\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-r5k-ip32\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-s390\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-s390x\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-sb1-bcm91250a\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-sb1a-bcm91480b\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-sparc64\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-sparc64-smp\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-versatile\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-686\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-686-bigmem\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-amd64\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-itanium\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-mckinley\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-powerpc\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-powerpc64\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-s390x\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-sparc64\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-xen-686\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-xen-amd64\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-486\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-4kc-malta\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-5kc-malta\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-686\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-686-bigmem\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-alpha-generic\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-alpha-legacy\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-alpha-smp\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-amd64\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-footbridge\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-iop32x\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-itanium\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-ixp4xx\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-mckinley\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-openvz-686\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-openvz-amd64\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-orion5x\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-parisc\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-parisc-smp\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-parisc64\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-parisc64-smp\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-powerpc\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-powerpc-smp\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-powerpc64\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-r4k-ip22\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-r5k-cobalt\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-r5k-ip32\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-s390\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-s390-tape\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-s390x\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-sb1-bcm91250a\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-sb1a-bcm91480b\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-sparc64\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-sparc64-smp\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-versatile\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-686\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-686-bigmem\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-amd64\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-itanium\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-mckinley\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-powerpc\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-powerpc64\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-s390x\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-sparc64\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-xen-686\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-xen-amd64\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-manual-2.6.26\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-modules-2.6.26-2-xen-686\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-modules-2.6.26-2-xen-amd64\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-patch-debian-2.6.26\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-source-2.6.26\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-support-2.6.26-2\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-tree-2.6.26\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-2.6.26-2-xen-686\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-2.6.26-2-xen-amd64\", ver:\"2.6.26-26lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:53", "description": "Oracle Linux Local Security Checks ELSA-2011-2015", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-2015", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4649", "CVE-2011-1573", "CVE-2011-0006", "CVE-2011-0711", "CVE-2011-1079", "CVE-2011-1044", "CVE-2011-0712", "CVE-2011-1019", "CVE-2011-1013", "CVE-2011-1093", "CVE-2011-1016", "CVE-2011-0726", "CVE-2010-4565", "CVE-2011-1080"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122177", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122177", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-2015.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122177\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:14:18 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-2015\");\n script_tag(name:\"insight\", value:\"ELSA-2011-2015 - Oracle Linux 6 Unbreakable Enterprise kernel security fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-2015\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-2015.html\");\n script_cve_id(\"CVE-2010-4565\", \"CVE-2010-4649\", \"CVE-2011-0006\", \"CVE-2011-0711\", \"CVE-2011-0712\", \"CVE-2011-0726\", \"CVE-2011-1013\", \"CVE-2011-1016\", \"CVE-2011-1019\", \"CVE-2011-1044\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1573\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.32~100.28.15.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.32~100.28.15.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.32~100.28.15.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.32~100.28.15.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.32~100.28.15.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.32~100.28.15.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-headers\", rpm:\"kernel-uek-headers~2.6.32~100.28.15.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~100.28.15.el5~1.5.1~4.0.28\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~100.28.15.el5debug~1.5.1~4.0.28\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.32~100.28.15.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.32~100.28.15.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.32~100.28.15.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.32~100.28.15.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.32~100.28.15.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.32~100.28.15.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-headers\", rpm:\"kernel-uek-headers~2.6.32~100.28.15.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:39:16", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-06-06T00:00:00", "type": "openvas", "title": "RedHat Update for kernel RHSA-2011:0498-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4649", "CVE-2011-1573", "CVE-2011-0006", "CVE-2011-0711", "CVE-2011-1079", "CVE-2011-1044", "CVE-2011-0712", "CVE-2011-1019", "CVE-2011-1013", "CVE-2010-4250", "CVE-2011-1093", "CVE-2011-1016", "CVE-2011-0726", "CVE-2010-4565", "CVE-2011-1080"], "modified": "2019-03-12T00:00:00", "id": "OPENVAS:1361412562310870632", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870632", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2011:0498-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-May/msg00008.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870632\");\n script_version(\"$Revision: 14114 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 12:48:52 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-06 10:37:21 +0530 (Wed, 06 Jun 2012)\");\n script_cve_id(\"CVE-2010-4250\", \"CVE-2010-4565\", \"CVE-2010-4649\", \"CVE-2011-0006\",\n \"CVE-2011-0711\", \"CVE-2011-0712\", \"CVE-2011-0726\", \"CVE-2011-1013\",\n \"CVE-2011-1016\", \"CVE-2011-1019\", \"CVE-2011-1044\", \"CVE-2011-1079\",\n \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1573\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"RHSA\", value:\"2011:0498-01\");\n script_name(\"RedHat Update for kernel RHSA-2011:0498-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"kernel on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n Security fixes:\n\n * An integer overflow flaw in ib_uverbs_poll_cq() could allow a local,\n unprivileged user to cause a denial of service or escalate their\n privileges. (CVE-2010-4649, Important)\n\n * An integer signedness flaw in drm_modeset_ctl() could allow a local,\n unprivileged user to cause a denial of service or escalate their\n privileges. (CVE-2011-1013, Important)\n\n * The Radeon GPU drivers in the Linux kernel were missing sanity checks for\n the Anti Aliasing (AA) resolve register values which could allow a local,\n unprivileged user to cause a denial of service or escalate their privileges\n on systems using a graphics card from the ATI Radeon R300, R400, or R500\n family of cards. (CVE-2011-1016, Important)\n\n * A flaw in dccp_rcv_state_process() could allow a remote attacker to\n cause a denial of service, even when the socket was already closed.\n (CVE-2011-1093, Important)\n\n * A flaw in the Linux kernel's Stream Control Transmission Protocol (SCTP)\n implementation could allow a remote attacker to cause a denial of service\n if the sysctl 'net.sctp.addip_enable' and 'auth_enable' variables were\n turned on (they are off by default). (CVE-2011-1573, Important)\n\n * A memory leak in the inotify_init() system call. In some cases, it could\n leak a group, which could allow a local, unprivileged user to eventually\n cause a denial of service. (CVE-2010-4250, Moderate)\n\n * A missing validation of a null-terminated string data structure element\n in bnep_sock_ioctl() could allow a local user to cause an information leak\n or a denial of service. (CVE-2011-1079, Moderate)\n\n * An information leak in bcm_connect() in the Controller Area Network (CAN)\n Broadcast Manager implementation could allow a local, unprivileged user to\n leak kernel mode addresses in '/proc/net/can-bcm'. (CVE-2010-4565, Low)\n\n * A flaw was found in the Linux kernel's Integrity Measurement Architecture\n (IMA) implementation. When SELinux was disabled, adding an IMA rule which\n was supposed to be processed by SELinux would cause ima_match_rules() to\n always succeed, ignoring any remaining rules. (CVE-2011-0006, Low)\n\n * A missing initialization flaw in the XFS file system implementation could\n lead to an information leak. (CVE-2011-0711, Low)\n\n * Buffer overflow flaws in snd_usb_caiaq_audio_init() and\n snd_usb_caiaq_midi_init() could allow a l ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-i686\", rpm:\"kernel-debuginfo-common-i686~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2018-01-02T10:57:55", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2012-06-06T00:00:00", "type": "openvas", "title": "RedHat Update for kernel RHSA-2011:0498-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4649", "CVE-2011-1573", "CVE-2011-0006", "CVE-2011-0711", "CVE-2011-1079", "CVE-2011-1044", "CVE-2011-0712", "CVE-2011-1019", "CVE-2011-1013", "CVE-2010-4250", "CVE-2011-1093", "CVE-2011-1016", "CVE-2011-0726", "CVE-2010-4565", "CVE-2011-1080"], "modified": "2017-12-28T00:00:00", "id": "OPENVAS:870632", "href": "http://plugins.openvas.org/nasl.php?oid=870632", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2011:0498-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n Security fixes:\n\n * An integer overflow flaw in ib_uverbs_poll_cq() could allow a local,\n unprivileged user to cause a denial of service or escalate their\n privileges. (CVE-2010-4649, Important)\n\n * An integer signedness flaw in drm_modeset_ctl() could allow a local,\n unprivileged user to cause a denial of service or escalate their\n privileges. (CVE-2011-1013, Important)\n\n * The Radeon GPU drivers in the Linux kernel were missing sanity checks for\n the Anti Aliasing (AA) resolve register values which could allow a local,\n unprivileged user to cause a denial of service or escalate their privileges\n on systems using a graphics card from the ATI Radeon R300, R400, or R500\n family of cards. (CVE-2011-1016, Important)\n\n * A flaw in dccp_rcv_state_process() could allow a remote attacker to\n cause a denial of service, even when the socket was already closed.\n (CVE-2011-1093, Important)\n\n * A flaw in the Linux kernel's Stream Control Transmission Protocol (SCTP)\n implementation could allow a remote attacker to cause a denial of service\n if the sysctl "net.sctp.addip_enable" and "auth_enable" variables were\n turned on (they are off by default). (CVE-2011-1573, Important)\n\n * A memory leak in the inotify_init() system call. In some cases, it could\n leak a group, which could allow a local, unprivileged user to eventually\n cause a denial of service. (CVE-2010-4250, Moderate)\n\n * A missing validation of a null-terminated string data structure element\n in bnep_sock_ioctl() could allow a local user to cause an information leak\n or a denial of service. (CVE-2011-1079, Moderate)\n\n * An information leak in bcm_connect() in the Controller Area Network (CAN)\n Broadcast Manager implementation could allow a local, unprivileged user to\n leak kernel mode addresses in "/proc/net/can-bcm". (CVE-2010-4565, Low)\n\n * A flaw was found in the Linux kernel's Integrity Measurement Architecture\n (IMA) implementation. When SELinux was disabled, adding an IMA rule which\n was supposed to be processed by SELinux would cause ima_match_rules() to\n always succeed, ignoring any remaining rules. (CVE-2011-0006, Low)\n\n * A missing initialization flaw in the XFS file system implementation could\n lead to an information leak. (CVE-2011-0711, Low)\n\n * Buffer overflow flaws in snd_usb_caiaq_audio_init() and\n snd_usb_caiaq_midi_init() could allow a l ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"kernel on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-May/msg00008.html\");\n script_id(870632);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-06 10:37:21 +0530 (Wed, 06 Jun 2012)\");\n script_cve_id(\"CVE-2010-4250\", \"CVE-2010-4565\", \"CVE-2010-4649\", \"CVE-2011-0006\",\n \"CVE-2011-0711\", \"CVE-2011-0712\", \"CVE-2011-0726\", \"CVE-2011-1013\",\n \"CVE-2011-1016\", \"CVE-2011-1019\", \"CVE-2011-1044\", \"CVE-2011-1079\",\n \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1573\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"RHSA\", value: \"2011:0498-01\");\n script_name(\"RedHat Update for kernel RHSA-2011:0498-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-i686\", rpm:\"kernel-debuginfo-common-i686~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~2.6.32~71.29.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:56", "description": "Oracle Linux Local Security Checks ELSA-2011-0498", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-0498", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4649", "CVE-2011-1573", "CVE-2011-0006", "CVE-2011-0711", "CVE-2011-1079", "CVE-2011-1044", "CVE-2011-0712", "CVE-2011-1019", "CVE-2011-1013", "CVE-2010-4250", "CVE-2011-1093", "CVE-2011-1016", "CVE-2011-0726", "CVE-2010-4565", "CVE-2011-1080"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122179", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122179", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-0498.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122179\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:14:20 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-0498\");\n script_tag(name:\"insight\", value:\"ELSA-2011-0498 - kernel security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-0498\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-0498.html\");\n script_cve_id(\"CVE-2010-4250\", \"CVE-2010-4565\", \"CVE-2010-4649\", \"CVE-2011-0006\", \"CVE-2011-0711\", \"CVE-2011-0712\", \"CVE-2011-0726\", \"CVE-2011-1013\", \"CVE-2011-1016\", \"CVE-2011-1019\", \"CVE-2011-1044\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1573\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~71.29.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~71.29.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~71.29.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~71.29.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~71.29.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~71.29.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~71.29.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~71.29.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-12-04T11:26:44", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1159-1", "cvss3": {}, "published": "2011-07-18T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-mvl-dove USN-1159-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1017", "CVE-2010-4529", "CVE-2011-1746", "CVE-2011-0695", "CVE-2011-1494", "CVE-2011-1598", "CVE-2011-1173", "CVE-2011-0463", "CVE-2011-0711", "CVE-2011-2022", "CVE-2010-4263", "CVE-2011-1770", "CVE-2011-1747", "CVE-2011-1019", "CVE-2011-1495", "CVE-2010-4243", "CVE-2011-1163", "CVE-2011-1013", "CVE-2010-4342", "CVE-2011-1016", "CVE-2011-1593", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1748", "CVE-2011-1171", "CVE-2011-2534", "CVE-2011-0726", "CVE-2011-1745", "CVE-2011-1182", "CVE-2011-1090", "CVE-2010-4565"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840700", "href": "http://plugins.openvas.org/nasl.php?oid=840700", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1159_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux-mvl-dove USN-1159-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Brad Spengler discovered that the kernel did not correctly account for\n userspace memory allocations during exec() calls. A local attacker could\n exploit this to consume all system memory, leading to a denial of service.\n (CVE-2010-4243)\n\n Alexander Duyck discovered that the Intel Gigabit Ethernet driver did not\n correctly handle certain configurations. If such a device was configured\n without VLANs, a remote attacker could crash the system, leading to a\n denial of service. (CVE-2010-4263)\n \n Nelson Elhage discovered that Econet did not correctly handle AUN packets\n over UDP. A local attacker could send specially crafted traffic to crash\n the system, leading to a denial of service. (CVE-2010-4342)\n \n Dan Rosenberg discovered that IRDA did not correctly check the size of\n buffers. On non-x86 systems, a local attacker could exploit this to read\n kernel heap memory, leading to a loss of privacy. (CVE-2010-4529)\n \n Dan Rosenburg discovered that the CAN subsystem leaked kernel addresses\n into the /proc filesystem. A local attacker could use this to increase the\n chances of a successful memory corruption exploit. (CVE-2010-4565)\n \n Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly\n clear memory when writing certain file holes. A local attacker could\n exploit this to read uninitialized data from the disk, leading to a loss of\n privacy. (CVE-2011-0463)\n \n Jens Kuehnel discovered that the InfiniBand driver contained a race\n condition. On systems using InfiniBand, a local attacker could send\n specially crafted requests to crash the system, leading to a denial of\n service. (CVE-2011-0695)\n \n Dan Rosenberg discovered that XFS did not correctly initialize memory. A\n local attacker could make crafted ioctl calls to leak portions of kernel\n stack memory, leading to a loss of privacy. (CVE-2011-0711)\n \n Kees Cook reported that /proc/pid/stat did not correctly filter certain\n memory locations. A local attacker could determine the memory layout of\n processes in an attempt to increase the chances of a successful memory\n corruption exploit. (CVE-2011-0726)\n \n Matthiew Herrb discovered that the drm modeset interface did not correctly\n handle a signed comparison. A local attacker could exploit this to crash\n the system or possibly gain root privileges. (CVE-2011-1013)\n \n Marek Olšák discovered that the Radeon GPU drivers did not correctly\n validate certain registers. On systems with specific hardware, a local\n attacker could exploit this to write to arbitrary video memory.\n (CVE-2011-1016)\n \n Timo Warns discovered that the L ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1159-1\";\ntag_affected = \"linux-mvl-dove on Ubuntu 10.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1159-1/\");\n script_id(840700);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-18 15:23:56 +0200 (Mon, 18 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"USN\", value: \"1159-1\");\n script_cve_id(\"CVE-2010-4243\", \"CVE-2010-4263\", \"CVE-2010-4342\", \"CVE-2010-4529\", \"CVE-2010-4565\", \"CVE-2011-0463\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-0726\", \"CVE-2011-1013\", \"CVE-2011-1016\", \"CVE-2011-1017\", \"CVE-2011-1019\", \"CVE-2011-1090\", \"CVE-2011-1163\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-2534\", \"CVE-2011-1173\", \"CVE-2011-1182\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1593\", \"CVE-2011-1598\", \"CVE-2011-1748\", \"CVE-2011-1745\", \"CVE-2011-2022\", \"CVE-2011-1746\", \"CVE-2011-1747\", \"CVE-2011-1770\");\n script_name(\"Ubuntu Update for linux-mvl-dove USN-1159-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-417-dove\", ver:\"2.6.32-417.34\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2020-08-08T14:25:21", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1159-1", "cvss3": {}, "published": "2011-07-18T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-mvl-dove USN-1159-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1017", "CVE-2010-4529", "CVE-2011-1746", "CVE-2011-0695", "CVE-2011-1494", "CVE-2011-1598", "CVE-2011-1173", "CVE-2011-0463", "CVE-2011-0711", "CVE-2011-2022", "CVE-2010-4263", "CVE-2011-1770", "CVE-2011-1747", "CVE-2011-1019", "CVE-2011-1495", "CVE-2010-4243", "CVE-2011-1163", "CVE-2011-1013", "CVE-2010-4342", "CVE-2011-1016", "CVE-2011-1593", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1748", "CVE-2011-1171", "CVE-2011-2534", "CVE-2011-0726", "CVE-2011-1745", "CVE-2011-1182", "CVE-2011-1090", "CVE-2010-4565"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840700", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840700", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1159_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-mvl-dove USN-1159-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1159-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840700\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-18 15:23:56 +0200 (Mon, 18 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"USN\", value:\"1159-1\");\n script_cve_id(\"CVE-2010-4243\", \"CVE-2010-4263\", \"CVE-2010-4342\", \"CVE-2010-4529\", \"CVE-2010-4565\", \"CVE-2011-0463\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-0726\", \"CVE-2011-1013\", \"CVE-2011-1016\", \"CVE-2011-1017\", \"CVE-2011-1019\", \"CVE-2011-1090\", \"CVE-2011-1163\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-2534\", \"CVE-2011-1173\", \"CVE-2011-1182\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1593\", \"CVE-2011-1598\", \"CVE-2011-1748\", \"CVE-2011-1745\", \"CVE-2011-2022\", \"CVE-2011-1746\", \"CVE-2011-1747\", \"CVE-2011-1770\");\n script_name(\"Ubuntu Update for linux-mvl-dove USN-1159-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.10\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1159-1\");\n script_tag(name:\"affected\", value:\"linux-mvl-dove on Ubuntu 10.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Brad Spengler discovered that the kernel did not correctly account for\n userspace memory allocations during exec() calls. A local attacker could\n exploit this to consume all system memory, leading to a denial of service.\n (CVE-2010-4243)\n\n Alexander Duyck discovered that the Intel Gigabit Ethernet driver did not\n correctly handle certain configurations. If such a device was configured\n without VLANs, a remote attacker could crash the system, leading to a\n denial of service. (CVE-2010-4263)\n\n Nelson Elhage discovered that Econet did not correctly handle AUN packets\n over UDP. A local attacker could send specially crafted traffic to crash\n the system, leading to a denial of service. (CVE-2010-4342)\n\n Dan Rosenberg discovered that IRDA did not correctly check the size of\n buffers. On non-x86 systems, a local attacker could exploit this to read\n kernel heap memory, leading to a loss of privacy. (CVE-2010-4529)\n\n Dan Rosenburg discovered that the CAN subsystem leaked kernel addresses\n into the /proc filesystem. A local attacker could use this to increase the\n chances of a successful memory corruption exploit. (CVE-2010-4565)\n\n Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly\n clear memory when writing certain file holes. A local attacker could\n exploit this to read uninitialized data from the disk, leading to a loss of\n privacy. (CVE-2011-0463)\n\n Jens Kuehnel discovered that the InfiniBand driver contained a race\n condition. On systems using InfiniBand, a local attacker could send\n specially crafted requests to crash the system, leading to a denial of\n service. (CVE-2011-0695)\n\n Dan Rosenberg discovered that XFS did not correctly initialize memory. A\n local attacker could make crafted ioctl calls to leak portions of kernel\n stack memory, leading to a loss of privacy. (CVE-2011-0711)\n\n Kees Cook reported that /proc/pid/stat did not correctly filter certain\n memory locations. A local attacker could determine the memory layout of\n processes in an attempt to increase the chances of a successful memory\n corruption exploit. (CVE-2011-0726)\n\n Matthiew Herrb discovered that the drm modeset interface did not correctly\n handle a signed comparison. A local attacker could exploit this to crash\n the system or possibly gain root privileges. (CVE-2011-1013)\n\n Marek Olsaak discovered that the Radeon GPU drivers did not correctly\n validate certain registers. On systems with specific hardware, a local\n attacker could exploit this to write to arbitrary video memory.\n (CVE-2011-1016)\n\n Timo Warns discovered that the L ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-417-dove\", ver:\"2.6.32-417.34\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:34", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1170-1", "cvss3": {}, "published": "2011-07-18T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1170-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1746", "CVE-2010-4526", "CVE-2011-2022", "CVE-2010-4247", "CVE-2011-1747", "CVE-2011-1163", "CVE-2011-0726", "CVE-2011-1745", "CVE-2010-4077", "CVE-2011-1577", "CVE-2010-4076"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840703", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840703", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1170_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux USN-1170-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1170-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840703\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-18 15:23:56 +0200 (Mon, 18 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"USN\", value:\"1170-1\");\n script_cve_id(\"CVE-2010-4076\", \"CVE-2010-4077\", \"CVE-2010-4247\", \"CVE-2010-4526\", \"CVE-2011-0726\", \"CVE-2011-1163\", \"CVE-2011-1577\", \"CVE-2011-1745\", \"CVE-2011-2022\", \"CVE-2011-1746\", \"CVE-2011-1747\");\n script_name(\"Ubuntu Update for linux USN-1170-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU8\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1170-1\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 8.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Dan Rosenberg discovered that multiple terminal ioctls did not correctly\n initialize structure memory. A local attacker could exploit this to read\n portions of kernel stack memory, leading to a loss of privacy.\n (CVE-2010-4076, CVE-2010-4077)\n\n It was discovered that Xen did not correctly handle certain block requests.\n A local attacker in a Xen guest could cause the Xen host to use all\n available CPU resources, leading to a denial of service. (CVE-2010-4247)\n\n It was discovered that the ICMP stack did not correctly handle certain\n unreachable messages. If a remote attacker were able to acquire a socket\n lock, they could send specially crafted traffic that would crash the\n system, leading to a denial of service. (CVE-2010-4526)\n\n Kees Cook reported that /proc/pid/stat did not correctly filter certain\n memory locations. A local attacker could determine the memory layout of\n processes in an attempt to increase the chances of a successful memory\n corruption exploit. (CVE-2011-0726)\n\n Timo Warns discovered that OSF partition parsing routines did not correctly\n clear memory. A local attacker with physical access could plug in a\n specially crafted block device to read kernel memory, leading to a loss of\n privacy. (CVE-2011-1163)\n\n Timo Warns discovered that the GUID partition parsing routines did not\n correctly validate certain structures. A local attacker with physical\n access could plug in a specially crafted block device to crash the system,\n leading to a denial of service. (CVE-2011-1577)\n\n Vasiliy Kulikov discovered that the AGP driver did not check certain ioctl\n values. A local attacker with access to the video subsystem could exploit\n this to crash the system, leading to a denial of service, or possibly gain\n root privileges. (CVE-2011-1745, CVE-2011-2022)\n\n Vasiliy Kulikov discovered that the AGP driver did not check the size of\n certain memory allocations. A local attacker with access to the video\n subsystem could exploit this to run the system out of memory, leading to a\n denial of service. (CVE-2011-1746, CVE-2011-1747)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-386\", ver:\"2.6.24-29.91\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-generic\", ver:\"2.6.24-29.91\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-hppa32\", ver:\"2.6.24-29.91\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-hppa64\", ver:\"2.6.24-29.91\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-itanium\", ver:\"2.6.24-29.91\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-lpia\", ver:\"2.6.24-29.91\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-lpiacompat\", ver:\"2.6.24-29.91\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-mckinley\", ver:\"2.6.24-29.91\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-openvz\", ver:\"2.6.24-29.91\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-powerpc\", ver:\"2.6.24-29.91\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-powerpc-smp\", ver:\"2.6.24-29.91\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-powerpc64-smp\", ver:\"2.6.24-29.91\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-rt\", ver:\"2.6.24-29.91\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-server\", ver:\"2.6.24-29.91\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-sparc64\", ver:\"2.6.24-29.91\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-sparc64-smp\", ver:\"2.6.24-29.91\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-virtual\", ver:\"2.6.24-29.91\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-xen\", ver:\"2.6.24-29.91\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-12-04T11:27:11", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1170-1", "cvss3": {}, "published": "2011-07-18T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1170-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1746", "CVE-2010-4526", "CVE-2011-2022", "CVE-2010-4247", "CVE-2011-1747", "CVE-2011-1163", "CVE-2011-0726", "CVE-2011-1745", "CVE-2010-4077", "CVE-2011-1577", "CVE-2010-4076"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840703", "href": "http://plugins.openvas.org/nasl.php?oid=840703", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1170_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux USN-1170-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Dan Rosenberg discovered that multiple terminal ioctls did not correctly\n initialize structure memory. A local attacker could exploit this to read\n portions of kernel stack memory, leading to a loss of privacy.\n (CVE-2010-4076, CVE-2010-4077)\n\n It was discovered that Xen did not correctly handle certain block requests.\n A local attacker in a Xen guest could cause the Xen host to use all\n available CPU resources, leading to a denial of service. (CVE-2010-4247)\n \n It was discovered that the ICMP stack did not correctly handle certain\n unreachable messages. If a remote attacker were able to acquire a socket\n lock, they could send specially crafted traffic that would crash the\n system, leading to a denial of service. (CVE-2010-4526)\n \n Kees Cook reported that /proc/pid/stat did not correctly filter certain\n memory locations. A local attacker could determine the memory layout of\n processes in an attempt to increase the chances of a successful memory\n corruption exploit. (CVE-2011-0726)\n \n Timo Warns discovered that OSF partition parsing routines did not correctly\n clear memory. A local attacker with physical access could plug in a\n specially crafted block device to read kernel memory, leading to a loss of\n privacy. (CVE-2011-1163)\n \n Timo Warns discovered that the GUID partition parsing routines did not\n correctly validate certain structures. A local attacker with physical\n access could plug in a specially crafted block device to crash the system,\n leading to a denial of service. (CVE-2011-1577)\n \n Vasiliy Kulikov discovered that the AGP driver did not check certain ioctl\n values. A local attacker with access to the video subsystem could exploit\n this to crash the system, leading to a denial of service, or possibly gain\n root privileges. (CVE-2011-1745, CVE-2011-2022)\n \n Vasiliy Kulikov discovered that the AGP driver did not check the size of\n certain memory allocations. A local attacker with access to the video\n subsystem could exploit this to run the system out of memory, leading to a\n denial of service. (CVE-2011-1746, CVE-2011-1747)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1170-1\";\ntag_affected = \"linux on Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1170-1/\");\n script_id(840703);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-18 15:23:56 +0200 (Mon, 18 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"USN\", value: \"1170-1\");\n script_cve_id(\"CVE-2010-4076\", \"CVE-2010-4077\", \"CVE-2010-4247\", \"CVE-2010-4526\", \"CVE-2011-0726\", \"CVE-2011-1163\", \"CVE-2011-1577\", \"CVE-2011-1745\", \"CVE-2011-2022\", \"CVE-2011-1746\", \"CVE-2011-1747\");\n script_name(\"Ubuntu Update for linux USN-1170-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-386\", ver:\"2.6.24-29.91\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-generic\", ver:\"2.6.24-29.91\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-hppa32\", ver:\"2.6.24-29.91\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-hppa64\", ver:\"2.6.24-29.91\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-itanium\", ver:\"2.6.24-29.91\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-lpia\", ver:\"2.6.24-29.91\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-lpiacompat\", ver:\"2.6.24-29.91\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-mckinley\", ver:\"2.6.24-29.91\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-openvz\", ver:\"2.6.24-29.91\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-powerpc\", ver:\"2.6.24-29.91\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-powerpc-smp\", ver:\"2.6.24-29.91\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-powerpc64-smp\", ver:\"2.6.24-29.91\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-rt\", ver:\"2.6.24-29.91\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-server\", ver:\"2.6.24-29.91\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-sparc64\", ver:\"2.6.24-29.91\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-sparc64-smp\", ver:\"2.6.24-29.91\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-virtual\", ver:\"2.6.24-29.91\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-xen\", ver:\"2.6.24-29.91\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-08-07T15:17:58", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1204-1", "cvss3": {}, "published": "2011-09-16T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-fsl-imx51 USN-1204-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4242", "CVE-2010-4163", "CVE-2011-2918", "CVE-2010-4668", "CVE-2011-1160", "CVE-2011-1078", "CVE-2010-4649", "CVE-2011-1478", "CVE-2010-3859", "CVE-2011-1012", "CVE-2011-1598", "CVE-2011-2492", "CVE-2010-4251", "CVE-2011-1173", "CVE-2011-2699", "CVE-2010-4158", "CVE-2011-2484", "CVE-2010-4526", "CVE-2010-4162", "CVE-2011-1180", "CVE-2011-1079", "CVE-2011-1044", "CVE-2011-1770", "CVE-2010-4805", "CVE-2010-4243", "CVE-2011-1163", "CVE-2011-1013", "CVE-2011-1833", "CVE-2010-4160", "CVE-2011-1093", "CVE-2011-1010", "CVE-2011-1020", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1171", "CVE-2011-1082", "CVE-2011-1493", "CVE-2011-2534", "CVE-2011-0726", "CVE-2011-1090", "CVE-2010-4175", "CVE-2011-1080", "CVE-2010-4077", "CVE-2010-4075", "CVE-2011-1577", "CVE-2010-4076"], "modified": "2019-08-06T00:00:00", "id": "OPENVAS:1361412562310840744", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840744", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-fsl-imx51 USN-1204-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1204-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840744\");\n script_version(\"2019-08-06T11:17:21+0000\");\n script_tag(name:\"last_modification\", value:\"2019-08-06 11:17:21 +0000 (Tue, 06 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2011-09-16 17:22:17 +0200 (Fri, 16 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"USN\", value:\"1204-1\");\n script_cve_id(\"CVE-2010-3859\", \"CVE-2010-4075\", \"CVE-2010-4076\", \"CVE-2010-4077\", \"CVE-2010-4158\", \"CVE-2010-4160\", \"CVE-2010-4162\", \"CVE-2010-4163\", \"CVE-2010-4668\", \"CVE-2010-4175\", \"CVE-2010-4242\", \"CVE-2010-4243\", \"CVE-2010-4251\", \"CVE-2010-4805\", \"CVE-2010-4526\", \"CVE-2010-4649\", \"CVE-2011-1044\", \"CVE-2011-0726\", \"CVE-2011-1010\", \"CVE-2011-1012\", \"CVE-2011-1013\", \"CVE-2011-1020\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1082\", \"CVE-2011-1090\", \"CVE-2011-1093\", \"CVE-2011-1160\", \"CVE-2011-1163\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-2534\", \"CVE-2011-1173\", \"CVE-2011-1180\", \"CVE-2011-1478\", \"CVE-2011-1493\", \"CVE-2011-1577\", \"CVE-2011-1598\", \"CVE-2011-1770\", \"CVE-2011-1833\", \"CVE-2011-2484\", \"CVE-2011-2492\", \"CVE-2011-2699\", \"CVE-2011-2918\");\n script_name(\"Ubuntu Update for linux-fsl-imx51 USN-1204-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1204-1\");\n script_tag(name:\"affected\", value:\"linux-fsl-imx51 on Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Dan Rosenberg discovered that the Linux kernel TIPC implementation\n contained multiple integer signedness errors. A local attacker could\n exploit this to gain root privileges. (CVE-2010-3859)\n\n Dan Rosenberg discovered that multiple terminal ioctls did not correctly\n initialize structure memory. A local attacker could exploit this to read\n portions of kernel stack memory, leading to a loss of privacy.\n (CVE-2010-4075, CVE-2010-4076, CVE-2010-4077)\n\n Dan Rosenberg discovered that the socket filters did not correctly\n initialize structure memory. A local attacker could create malicious\n filters to read portions of kernel stack memory, leading to a loss of\n privacy. (CVE-2010-4158)\n\n Dan Rosenberg discovered that the Linux kernel L2TP implementation\n contained multiple integer signedness errors. A local attacker could\n exploit this to crash the kernel, or possibly gain root privileges.\n (CVE-2010-4160)\n\n Dan Rosenberg discovered that certain iovec operations did not calculate\n page counts correctly. A local attacker could exploit this to crash the\n system, leading to a denial of service. (CVE-2010-4162)\n\n Dan Rosenberg discovered that the SCSI subsystem did not correctly validate\n iov segments. A local attacker with access to a SCSI device could send\n specially crafted requests to crash the system, leading to a denial of\n service. (CVE-2010-4163, CVE-2010-4668)\n\n Dan Rosenberg discovered that the RDS protocol did not correctly check\n ioctl arguments. A local attacker could exploit this to crash the system,\n leading to a denial of service. (CVE-2010-4175)\n\n Alan Cox discovered that the HCI UART driver did not correctly check if a\n write operation was available. If the mmap_min-addr sysctl was changed from\n the Ubuntu default to a value of 0, a local attacker could exploit this\n flaw to gain root privileges. (CVE-2010-4242)\n\n Brad Spengler discovered that the kernel did not correctly account for\n userspace memory allocations during exec() calls. A local attacker could\n exploit this to consume all system memory, leading to a denial of service.\n (CVE-2010-4243)\n\n Alex Shi and Eric Dumazet discovered that the network stack did not\n correctly handle packet backlogs. A remote attacker could exploit this by\n sending a large amount of network traffic to cause the system to run out of\n memory, leading to a denial of service. (CVE-2010-4251, CVE-2010-4805)\n\n It was discovered that the ICMP stack did not correctly handle certain\n unreachable messages. If a remote attacker were able to acquire a socket\n lock, they could send specially ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.31-610-imx51\", ver:\"2.6.31-610.28\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-12-04T11:26:51", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1204-1", "cvss3": {}, "published": "2011-09-16T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-fsl-imx51 USN-1204-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4242", "CVE-2010-4163", "CVE-2011-2918", "CVE-2010-4668", "CVE-2011-1160", "CVE-2011-1078", "CVE-2010-4649", "CVE-2011-1478", "CVE-2010-3859", "CVE-2011-1012", "CVE-2011-1598", "CVE-2011-2492", "CVE-2010-4251", "CVE-2011-1173", "CVE-2011-2699", "CVE-2010-4158", "CVE-2011-2484", "CVE-2010-4526", "CVE-2010-4162", "CVE-2011-1180", "CVE-2011-1079", "CVE-2011-1044", "CVE-2011-1770", "CVE-2010-4805", "CVE-2010-4243", "CVE-2011-1163", "CVE-2011-1013", "CVE-2011-1833", "CVE-2010-4160", "CVE-2011-1093", "CVE-2011-1010", "CVE-2011-1020", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1171", "CVE-2011-1082", "CVE-2011-1493", "CVE-2011-2534", "CVE-2011-0726", "CVE-2011-1090", "CVE-2010-4175", "CVE-2011-1080", "CVE-2010-4077", "CVE-2010-4075", "CVE-2011-1577", "CVE-2010-4076"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840744", "href": "http://plugins.openvas.org/nasl.php?oid=840744", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1204_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux-fsl-imx51 USN-1204-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Dan Rosenberg discovered that the Linux kernel TIPC implementation\n contained multiple integer signedness errors. A local attacker could\n exploit this to gain root privileges. (CVE-2010-3859)\n\n Dan Rosenberg discovered that multiple terminal ioctls did not correctly\n initialize structure memory. A local attacker could exploit this to read\n portions of kernel stack memory, leading to a loss of privacy.\n (CVE-2010-4075, CVE-2010-4076, CVE-2010-4077)\n \n Dan Rosenberg discovered that the socket filters did not correctly\n initialize structure memory. A local attacker could create malicious\n filters to read portions of kernel stack memory, leading to a loss of\n privacy. (CVE-2010-4158)\n \n Dan Rosenberg discovered that the Linux kernel L2TP implementation\n contained multiple integer signedness errors. A local attacker could\n exploit this to to crash the kernel, or possibly gain root privileges.\n (CVE-2010-4160)\n \n Dan Rosenberg discovered that certain iovec operations did not calculate\n page counts correctly. A local attacker could exploit this to crash the\n system, leading to a denial of service. (CVE-2010-4162)\n \n Dan Rosenberg discovered that the SCSI subsystem did not correctly validate\n iov segments. A local attacker with access to a SCSI device could send\n specially crafted requests to crash the system, leading to a denial of\n service. (CVE-2010-4163, CVE-2010-4668)\n \n Dan Rosenberg discovered that the RDS protocol did not correctly check\n ioctl arguments. A local attacker could exploit this to crash the system,\n leading to a denial of service. (CVE-2010-4175)\n \n Alan Cox discovered that the HCI UART driver did not correctly check if a\n write operation was available. If the mmap_min-addr sysctl was changed from\n the Ubuntu default to a value of 0, a local attacker could exploit this\n flaw to gain root privileges. (CVE-2010-4242)\n \n Brad Spengler discovered that the kernel did not correctly account for\n userspace memory allocations during exec() calls. A local attacker could\n exploit this to consume all system memory, leading to a denial of service.\n (CVE-2010-4243)\n \n Alex Shi and Eric Dumazet discovered that the network stack did not\n correctly handle packet backlogs. A remote attacker could exploit this by\n sending a large amount of network traffic to cause the system to run out of\n memory, leading to a denial of service. (CVE-2010-4251, CVE-2010-4805)\n \n It was discovered that the ICMP stack did not correctly handle certain\n unreachable messages. If a remote attacker were able to acquire a socket\n lock, they could send specially ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1204-1\";\ntag_affected = \"linux-fsl-imx51 on Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1204-1/\");\n script_id(840744);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-16 17:22:17 +0200 (Fri, 16 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"USN\", value: \"1204-1\");\n script_cve_id(\"CVE-2010-3859\", \"CVE-2010-4075\", \"CVE-2010-4076\", \"CVE-2010-4077\", \"CVE-2010-4158\", \"CVE-2010-4160\", \"CVE-2010-4162\", \"CVE-2010-4163\", \"CVE-2010-4668\", \"CVE-2010-4175\", \"CVE-2010-4242\", \"CVE-2010-4243\", \"CVE-2010-4251\", \"CVE-2010-4805\", \"CVE-2010-4526\", \"CVE-2010-4649\", \"CVE-2011-1044\", \"CVE-2011-0726\", \"CVE-2011-1010\", \"CVE-2011-1012\", \"CVE-2011-1013\", \"CVE-2011-1020\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1082\", \"CVE-2011-1090\", \"CVE-2011-1093\", \"CVE-2011-1160\", \"CVE-2011-1163\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-2534\", \"CVE-2011-1173\", \"CVE-2011-1180\", \"CVE-2011-1478\", \"CVE-2011-1493\", \"CVE-2011-1577\", \"CVE-2011-1598\", \"CVE-2011-1770\", \"CVE-2011-1833\", \"CVE-2011-2484\", \"CVE-2011-2492\", \"CVE-2011-2699\", \"CVE-2011-2918\");\n script_name(\"Ubuntu Update for linux-fsl-imx51 USN-1204-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.31-610-imx51\", ver:\"2.6.31-610.28\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-01-06T13:07:15", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2012-08-02T00:00:00", "type": "openvas", "title": "SuSE Update for kernel openSUSE-SU-2012:0236-1 (kernel)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4604", "CVE-2011-2723", "CVE-2011-4087", "CVE-2011-1173", "CVE-2011-2699", "CVE-2011-1770", "CVE-2010-3880", "CVE-2011-2203", "CVE-2011-2898", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1171", "CVE-2011-2213", "CVE-2011-2534", "CVE-2011-4081", "CVE-2011-1080"], "modified": "2018-01-05T00:00:00", "id": "OPENVAS:850211", "href": "http://plugins.openvas.org/nasl.php?oid=850211", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2012_0236_1.nasl 8295 2018-01-05 06:29:18Z teissa $\n#\n# SuSE Update for kernel openSUSE-SU-2012:0236-1 (kernel)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The openSUSE 11.4 kernel was updated to fix bugs and\n security issues.\n\n Following security issues have been fixed: CVE-2011-4604:\n If root does read() on a specific socket, it's possible to\n corrupt (kernel) memory over network, with an ICMP packet,\n if the B.A.T.M.A.N. mesh protocol is used.\n\n CVE-2011-2699: Fernando Gont discovered that the IPv6 stack\n used predictable fragment identification numbers. A remote\n attacker could exploit this to exhaust network resources,\n leading to a denial of service.\n\n CVE-2011-1173: A kernel information leak via ip6_tables was\n fixed.\n\n CVE-2011-1172: A kernel information leak via ip6_tables\n netfilter was fixed.\n\n CVE-2011-1171: A kernel information leak via ip_tables was\n fixed.\n\n CVE-2011-1170: A kernel information leak via arp_tables was\n fixed.\n\n CVE-2011-1080: A kernel information leak via netfilter was\n fixed.\n\n CVE-2011-2213: The inet_diag_bc_audit function in\n net/ipv4/inet_diag.c in the Linux kernel did not properly\n audit INET_DIAG bytecode, which allowed local users to\n cause a denial of service (kernel infinite loop) via\n crafted INET_DIAG_REQ_BYTECODE instructions in a netlink\n message, as demonstrated by an INET_DIAG_BC_JMP instruction\n with a zero yes value, a different vulnerability than\n CVE-2010-3880.\n\n CVE-2011-2534: Buffer overflow in the clusterip_proc_write\n function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux\n kernel might have allowed local users to cause a denial of\n service or have unspecified other impact via a crafted\n write operation, related to string data that lacks a\n terminating '\\0' character.\n\n CVE-2011-1770: Integer underflow in the dccp_parse_options\n function (net/dccp/options.c) in the Linux kernel allowed\n remote attackers to cause a denial of service via a\n Datagram Congestion Control Protocol (DCCP) packet with an\n invalid feature options length, which triggered a buffer\n over-read.\n\n CVE-2011-2723: The skb_gro_header_slow function in\n include/linux/netdevice.h in the Linux kernel, when Generic\n Receive Offload (GRO) is enabled, reset certain fields in\n incorrect situations, which allowed remote attackers to\n cause a denial of service (system crash) via crafted\n network traffic.\n\n CVE-2011-2898: A kernel information leak in the AF_PACKET\n protocol was fixed which might have allowed local attackers\n to read kernel memory.\n\n CVE-2011-4087: A local denial of service when using bridged\n networking via a flood ping was fixed.\n\n CVE-2011-2203: A NULL ptr dereference on mounting corrupt\n hfs filesystems was fixed which could be used by local\n attackers to cr ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"kernel on openSUSE 11.4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850211);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-02 20:47:46 +0530 (Thu, 02 Aug 2012)\");\n script_cve_id(\"CVE-2011-1080\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\",\n \"CVE-2011-1173\", \"CVE-2011-1770\", \"CVE-2011-2203\", \"CVE-2011-2213\",\n \"CVE-2011-2534\", \"CVE-2011-2699\", \"CVE-2011-2723\", \"CVE-2011-2898\",\n \"CVE-2011-4081\", \"CVE-2011-4087\", \"CVE-2011-4604\", \"CVE-2010-3880\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"openSUSE-SU\", value: \"2012:0236_1\");\n script_name(\"SuSE Update for kernel openSUSE-SU-2012:0236-1 (kernel)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.4\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop\", rpm:\"kernel-desktop~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop-base\", rpm:\"kernel-desktop-base~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop-devel\", rpm:\"kernel-desktop-devel~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-extra\", rpm:\"kernel-ec2-extra~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-devel\", rpm:\"kernel-trace-devel~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla-base\", rpm:\"kernel-vanilla-base~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"preload-kmp-default\", rpm:\"preload-kmp-default~1.2_k2.6.37.6_0.11~6.7.28\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"preload-kmp-desktop\", rpm:\"preload-kmp-desktop~1.2_k2.6.37.6_0.11~6.7.28\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vmi\", rpm:\"kernel-vmi~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vmi-base\", rpm:\"kernel-vmi-base~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vmi-devel\", rpm:\"kernel-vmi-devel~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2020-01-31T18:41:32", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-02T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2012:0236-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4604", "CVE-2011-2723", "CVE-2011-4087", "CVE-2011-1173", "CVE-2011-2699", "CVE-2011-1770", "CVE-2010-3880", "CVE-2011-2203", "CVE-2011-2898", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1171", "CVE-2011-2213", "CVE-2011-2534", "CVE-2011-4081", "CVE-2011-1080"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850211", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850211", "sourceData": "# Copyright (C) 2012 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850211\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-08-02 20:47:46 +0530 (Thu, 02 Aug 2012)\");\n script_cve_id(\"CVE-2011-1080\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\",\n \"CVE-2011-1173\", \"CVE-2011-1770\", \"CVE-2011-2203\", \"CVE-2011-2213\",\n \"CVE-2011-2534\", \"CVE-2011-2699\", \"CVE-2011-2723\", \"CVE-2011-2898\",\n \"CVE-2011-4081\", \"CVE-2011-4087\", \"CVE-2011-4604\", \"CVE-2010-3880\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"openSUSE-SU\", value:\"2012:0236-1\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2012:0236-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE11\\.4\");\n\n script_tag(name:\"affected\", value:\"kernel on openSUSE 11.4\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"insight\", value:\"The openSUSE 11.4 kernel was updated to fix bugs and\n security issues.\n\n The following security issues have been fixed: CVE-2011-4604:\n If root does read() on a specific socket, it's possible to\n corrupt (kernel) memory over network, with an ICMP packet,\n if the B.A.T.M.A.N. mesh protocol is used.\n\n CVE-2011-2699: Fernando Gont discovered that the IPv6 stack\n used predictable fragment identification numbers. A remote\n attacker could exploit this to exhaust network resources,\n leading to a denial of service.\n\n CVE-2011-1173: A kernel information leak via ip6_tables was\n fixed.\n\n CVE-2011-1172: A kernel information leak via ip6_tables\n netfilter was fixed.\n\n CVE-2011-1171: A kernel information leak via ip_tables was\n fixed.\n\n CVE-2011-1170: A kernel information leak via arp_tables was\n fixed.\n\n CVE-2011-1080: A kernel information leak via netfilter was\n fixed.\n\n CVE-2011-2213: The inet_diag_bc_audit function in\n net/ipv4/inet_diag.c in the Linux kernel did not properly\n audit INET_DIAG bytecode, which allowed local users to\n cause a denial of service (kernel infinite loop) via\n crafted INET_DIAG_REQ_BYTECODE instructions in a netlink\n message, as demonstrated by an INET_DIAG_BC_JMP instruction\n with a zero yes value, a different vulnerability than\n CVE-2010-3880.\n\n CVE-2011-2534: Buffer overflow in the clusterip_proc_write\n function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux\n kernel might have allowed local users to cause a denial of\n service or have unspecified other impact via a crafted\n write operation, related to string data that lacks a\n terminating '\\0' character.\n\n CVE-2011-1770: Integer underflow in the dccp_parse_options\n function (net/dccp/options.c) in the Linux kernel allowed\n remote attackers to cause a denial of service via a\n Datagram Congestion Control Protocol (DCCP) packet with an\n invalid feature options length, which triggered a buffer\n over-read.\n\n CVE-2011-2723: The skb_gro_header_slow function in\n include/linux/netdevice.h in the Linux kernel, when Generic\n Receive Offload (GRO) is enabled, reset certain fields in\n incorrect situations, which allowed remote attackers to\n cause a denial of service (system crash) via crafted\n network traffic.\n\n CVE-2011-2898: A kernel information leak in the AF_PACKET\n protocol was fixed which might have allowed local attackers\n to read kernel memory.\n\n CVE-2011-4087: A local denial of service when using bridged\n networking via a flood ping was fixed.\n\n CVE-2011-2203: A NULL ptr dereference on mounting corrupt\n hfs filesystems was fixed which could be used by local\n attackers to cr ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE11.4\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop\", rpm:\"kernel-desktop~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-base\", rpm:\"kernel-desktop-base~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-devel\", rpm:\"kernel-desktop-devel~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-extra\", rpm:\"kernel-ec2-extra~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-devel\", rpm:\"kernel-trace-devel~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base\", rpm:\"kernel-vanilla-base~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"preload-kmp-default\", rpm:\"preload-kmp-default~1.2_k2.6.37.6_0.11~6.7.28\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"preload-kmp-desktop\", rpm:\"preload-kmp-desktop~1.2_k2.6.37.6_0.11~6.7.28\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vmi\", rpm:\"kernel-vmi~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vmi-base\", rpm:\"kernel-vmi-base~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vmi-devel\", rpm:\"kernel-vmi-devel~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-12-04T11:26:37", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1187-1", "cvss3": {}, "published": "2011-08-12T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-backport-maverick USN-1187-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1017", "CVE-2011-0521", "CVE-2010-4163", "CVE-2010-3865", "CVE-2010-4529", "CVE-2010-4668", "CVE-2010-3881", "CVE-2010-4346", "CVE-2011-1746", "CVE-2011-0695", "CVE-2011-1160", "CVE-2010-4527", "CVE-2010-4083", "CVE-2011-1078", "CVE-2011-1494", "CVE-2010-4649", "CVE-2011-1478", "CVE-2011-1012", "CVE-2011-1598", "CVE-2010-3877", "CVE-2010-3875", "CVE-2011-1173", "CVE-2010-4656", "CVE-2010-3876", "CVE-2011-0463", "CVE-2010-3698", "CVE-2011-0711", "CVE-2011-2022", "CVE-2011-1180", "CVE-2011-1079", "CVE-2011-1044", "CVE-2011-0712", "CVE-2011-1019", "CVE-2010-4248", "CVE-2011-1495", "CVE-2011-1163", "CVE-2011-1169", "CVE-2011-1013", "CVE-2010-4079", "CVE-2010-3880", "CVE-2010-4342", "CVE-2011-1093", "CVE-2011-1010", "CVE-2011-1016", "CVE-2011-1593", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1748", "CVE-2011-1171", "CVE-2011-1082", "CVE-2011-2534", "CVE-2011-0726", "CVE-2011-1745", "CVE-2011-1182", "CVE-2011-1090", "CVE-2010-4565", "CVE-2011-1080", "CVE-2010-4077", "CVE-2010-4075", "CVE-2011-1577", "CVE-2010-4076"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840718", "href": "http://plugins.openvas.org/nasl.php?oid=840718", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1187_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux-lts-backport-maverick USN-1187-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that KVM did not correctly initialize certain CPU\n registers. A local attacker could exploit this to crash the system, leading\n to a denial of service. (CVE-2010-3698)\n\n Thomas Pollet discovered that the RDS network protocol did not check\n certain iovec buffers. A local attacker could exploit this to crash the\n system or possibly execute arbitrary code as the root user. (CVE-2010-3865)\n \n Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did\n not correctly clear kernel memory. A local attacker could exploit this to\n read kernel stack memory, leading to a loss of privacy. (CVE-2010-3875)\n \n Vasiliy Kulikov discovered that the Linux kernel sockets implementation did\n not properly initialize certain structures. A local attacker could exploit\n this to read kernel stack memory, leading to a loss of privacy.\n (CVE-2010-3876)\n \n Vasiliy Kulikov discovered that the TIPC interface did not correctly\n initialize certain structures. A local attacker could exploit this to read\n kernel stack memory, leading to a loss of privacy. (CVE-2010-3877)\n \n Nelson Elhage discovered that the Linux kernel IPv4 implementation did not\n properly audit certain bytecodes in netlink messages. A local attacker\n could exploit this to cause the kernel to hang, leading to a denial of\n service. (CVE-2010-3880)\n \n Vasiliy Kulikov discovered that kvm did not correctly clear memory. A local\n attacker could exploit this to read portions of the kernel stack, leading\n to a loss of privacy. (CVE-2010-3881)\n \n Dan Rosenberg discovered that multiple terminal ioctls did not correctly\n initialize structure memory. A local attacker could exploit this to read\n portions of kernel stack memory, leading to a loss of privacy.\n (CVE-2010-4075, CVE-2010-4076, CVE-2010-4077)\n \n Dan Rosenberg discovered that the ivtv V4L driver did not correctly\n initialize certain structures. A local attacker could exploit this to read\n kernel stack memory, leading to a loss of privacy. (CVE-2010-4079)\n \n Dan Rosenberg discovered that the semctl syscall did not correctly clear\n kernel memory. A local attacker could exploit this to read kernel stack\n memory, leading to a loss of privacy. (CVE-2010-4083)\n \n Dan Rosenberg discovered that the SCSI subsystem did not correctly validate\n iov segments. A local attacker with access to a SCSI device could send\n specially crafted requests to crash the system, leading to a denial of\n service. (CVE-2010-4163, CVE-2010-4668)\n \n It was discovered that multithreaded exec did not handle CPU timers\n correctly. A local attac ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1187-1\";\ntag_affected = \"linux-lts-backport-maverick on Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1187-1/\");\n script_id(840718);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-12 15:49:01 +0200 (Fri, 12 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"USN\", value: \"1187-1\");\n script_cve_id(\"CVE-2010-3698\", \"CVE-2010-3865\", \"CVE-2010-3875\", \"CVE-2010-3876\", \"CVE-2010-3877\", \"CVE-2010-3880\", \"CVE-2010-3881\", \"CVE-2010-4075\", \"CVE-2010-4076\", \"CVE-2010-4077\", \"CVE-2010-4079\", \"CVE-2010-4083\", \"CVE-2010-4163\", \"CVE-2010-4668\", \"CVE-2010-4248\", \"CVE-2010-4342\", \"CVE-2010-4346\", \"CVE-2010-4527\", \"CVE-2010-4529\", \"CVE-2010-4565\", \"CVE-2010-4649\", \"CVE-2011-1044\", \"CVE-2010-4656\", \"CVE-2011-0463\", \"CVE-2011-0521\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-0712\", \"CVE-2011-0726\", \"CVE-2011-1010\", \"CVE-2011-1012\", \"CVE-2011-1013\", \"CVE-2011-1016\", \"CVE-2011-1017\", \"CVE-2011-1019\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1082\", \"CVE-2011-1090\", \"CVE-2011-1093\", \"CVE-2011-1160\", \"CVE-2011-1163\", \"CVE-2011-1169\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-2534\", \"CVE-2011-1173\", \"CVE-2011-1180\", \"CVE-2011-1182\", \"CVE-2011-1478\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1577\", \"CVE-2011-1593\", \"CVE-2011-1598\", \"CVE-2011-1748\", \"CVE-2011-1745\", \"CVE-2011-2022\", \"CVE-2011-1746\");\n script_name(\"Ubuntu Update for linux-lts-backport-maverick USN-1187-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-generic\", ver:\"2.6.35-30.56~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-generic-pae\", ver:\"2.6.35-30.56~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-server\", ver:\"2.6.35-30.56~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-virtual\", ver:\"2.6.35-30.56~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:00", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1187-1", "cvss3": {}, "published": "2011-08-12T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-backport-maverick USN-1187-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1017", "CVE-2011-0521", "CVE-2010-4163", "CVE-2010-3865", "CVE-2010-4529", "CVE-2010-4668", "CVE-2010-3881", "CVE-2010-4346", "CVE-2011-1746", "CVE-2011-0695", "CVE-2011-1160", "CVE-2010-4527", "CVE-2010-4083", "CVE-2011-1078", "CVE-2011-1494", "CVE-2010-4649", "CVE-2011-1478", "CVE-2011-1012", "CVE-2011-1598", "CVE-2010-3877", "CVE-2010-3875", "CVE-2011-1173", "CVE-2010-4656", "CVE-2010-3876", "CVE-2011-0463", "CVE-2010-3698", "CVE-2011-0711", "CVE-2011-2022", "CVE-2011-1180", "CVE-2011-1079", "CVE-2011-1044", "CVE-2011-0712", "CVE-2011-1019", "CVE-2010-4248", "CVE-2011-1495", "CVE-2011-1163", "CVE-2011-1169", "CVE-2011-1013", "CVE-2010-4079", "CVE-2010-3880", "CVE-2010-4342", "CVE-2011-1093", "CVE-2011-1010", "CVE-2011-1016", "CVE-2011-1593", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1748", "CVE-2011-1171", "CVE-2011-1082", "CVE-2011-2534", "CVE-2011-0726", "CVE-2011-1745", "CVE-2011-1182", "CVE-2011-1090", "CVE-2010-4565", "CVE-2011-1080", "CVE-2010-4077", "CVE-2010-4075", "CVE-2011-1577", "CVE-2010-4076"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840718", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840718", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1187_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-lts-backport-maverick USN-1187-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1187-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840718\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-12 15:49:01 +0200 (Fri, 12 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"USN\", value:\"1187-1\");\n script_cve_id(\"CVE-2010-3698\", \"CVE-2010-3865\", \"CVE-2010-3875\", \"CVE-2010-3876\", \"CVE-2010-3877\", \"CVE-2010-3880\", \"CVE-2010-3881\", \"CVE-2010-4075\", \"CVE-2010-4076\", \"CVE-2010-4077\", \"CVE-2010-4079\", \"CVE-2010-4083\", \"CVE-2010-4163\", \"CVE-2010-4668\", \"CVE-2010-4248\", \"CVE-2010-4342\", \"CVE-2010-4346\", \"CVE-2010-4527\", \"CVE-2010-4529\", \"CVE-2010-4565\", \"CVE-2010-4649\", \"CVE-2011-1044\", \"CVE-2010-4656\", \"CVE-2011-0463\", \"CVE-2011-0521\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-0712\", \"CVE-2011-0726\", \"CVE-2011-1010\", \"CVE-2011-1012\", \"CVE-2011-1013\", \"CVE-2011-1016\", \"CVE-2011-1017\", \"CVE-2011-1019\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1082\", \"CVE-2011-1090\", \"CVE-2011-1093\", \"CVE-2011-1160\", \"CVE-2011-1163\", \"CVE-2011-1169\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-2534\", \"CVE-2011-1173\", \"CVE-2011-1180\", \"CVE-2011-1182\", \"CVE-2011-1478\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1577\", \"CVE-2011-1593\", \"CVE-2011-1598\", \"CVE-2011-1748\", \"CVE-2011-1745\", \"CVE-2011-2022\", \"CVE-2011-1746\");\n script_name(\"Ubuntu Update for linux-lts-backport-maverick USN-1187-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1187-1\");\n script_tag(name:\"affected\", value:\"linux-lts-backport-maverick on Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that KVM did not correctly initialize certain CPU\n registers. A local attacker could exploit this to crash the system, leading\n to a denial of service. (CVE-2010-3698)\n\n Thomas Pollet discovered that the RDS network protocol did not check\n certain iovec buffers. A local attacker could exploit this to crash the\n system or possibly execute arbitrary code as the root user. (CVE-2010-3865)\n\n Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did\n not correctly clear kernel memory. A local attacker could exploit this to\n read kernel stack memory, leading to a loss of privacy. (CVE-2010-3875)\n\n Vasiliy Kulikov discovered that the Linux kernel sockets implementation did\n not properly initialize certain structures. A local attacker could exploit\n this to read kernel stack memory, leading to a loss of privacy.\n (CVE-2010-3876)\n\n Vasiliy Kulikov discovered that the TIPC interface did not correctly\n initialize certain structures. A local attacker could exploit this to read\n kernel stack memory, leading to a loss of privacy. (CVE-2010-3877)\n\n Nelson Elhage discovered that the Linux kernel IPv4 implementation did not\n properly audit certain bytecodes in netlink messages. A local attacker\n could exploit this to cause the kernel to hang, leading to a denial of\n service. (CVE-2010-3880)\n\n Vasiliy Kulikov discovered that kvm did not correctly clear memory. A local\n attacker could exploit this to read portions of the kernel stack, leading\n to a loss of privacy. (CVE-2010-3881)\n\n Dan Rosenberg discovered that multiple terminal ioctls did not correctly\n initialize structure memory. A local attacker could exploit this to read\n portions of kernel stack memory, leading to a loss of privacy.\n (CVE-2010-4075, CVE-2010-4076, CVE-2010-4077)\n\n Dan Rosenberg discovered that the ivtv V4L driver did not correctly\n initialize certain structures. A local attacker could exploit this to read\n kernel stack memory, leading to a loss of privacy. (CVE-2010-4079)\n\n Dan Rosenberg discovered that the semctl syscall did not correctly clear\n kernel memory. A local attacker could exploit this to read kernel stack\n memory, leading to a loss of privacy. (CVE-2010-4083)\n\n Dan Rosenberg discovered that the SCSI subsystem did not correctly validate\n iov segments. A local attacker with access to a SCSI device could send\n specially crafted requests to crash the system, leading to a denial of\n service. (CVE-2010-4163, CVE-2010-4668)\n\n It was discovered that multithreaded exec did not handle CPU timers\n correctly. A local attac ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-generic\", ver:\"2.6.35-30.56~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-generic-pae\", ver:\"2.6.35-30.56~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-server\", ver:\"2.6.35-30.56~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-virtual\", ver:\"2.6.35-30.56~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-12-04T11:27:28", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1183-1", "cvss3": {}, "published": "2011-08-12T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1183-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1746", "CVE-2011-1598", "CVE-2011-1163", "CVE-2011-1090", "CVE-2010-4077", "CVE-2011-1577", "CVE-2010-4076"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840716", "href": "http://plugins.openvas.org/nasl.php?oid=840716", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1183_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux USN-1183-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Dan Rosenberg discovered that multiple terminal ioctls did not correctly\n initialize structure memory. A local attacker could exploit this to read\n portions of kernel stack memory, leading to a loss of privacy.\n (CVE-2010-4076, CVE-2010-4077)\n\n Neil Horman discovered that NFSv4 did not correctly handle certain orders\n of operation with ACL data. A remote attacker with access to an NFSv4 mount\n could exploit this to crash the system, leading to a denial of service.\n (CVE-2011-1090)\n \n Timo Warns discovered that OSF partition parsing routines did not correctly\n clear memory. A local attacker with physical access could plug in a\n specially crafted block device to read kernel memory, leading to a loss of\n privacy. (CVE-2011-1163)\n \n Timo Warns discovered that the GUID partition parsing routines did not\n correctly validate certain structures. A local attacker with physical\n access could plug in a specially crafted block device to crash the system,\n leading to a denial of service. (CVE-2011-1577)\n \n Oliver Hartkopp and Dave Jones discovered that the CAN network driver did\n not correctly validate certain socket structures. If this driver was\n loaded, a local attacker could crash the system, leading to a denial of\n service. (CVE-2011-1598)\n \n Vasiliy Kulikov discovered that the AGP driver did not check the size of\n certain memory allocations. A local attacker with access to the video\n subsystem could exploit this to run the system out of memory, leading to a\n denial of service. (CVE-2011-1746)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1183-1\";\ntag_affected = \"linux on Ubuntu 10.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1183-1/\");\n script_id(840716);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-12 15:49:01 +0200 (Fri, 12 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1183-1\");\n script_cve_id(\"CVE-2010-4076\", \"CVE-2010-4077\", \"CVE-2011-1090\", \"CVE-2011-1163\", \"CVE-2011-1577\", \"CVE-2011-1598\", \"CVE-2011-1746\");\n script_name(\"Ubuntu Update for linux USN-1183-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-generic\", ver:\"2.6.35-30.56\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-generic-pae\", ver:\"2.6.35-30.56\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-omap\", ver:\"2.6.35-30.56\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-powerpc\", ver:\"2.6.35-30.56\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-powerpc-smp\", ver:\"2.6.35-30.56\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-powerpc64-smp\", ver:\"2.6.35-30.56\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-server\", ver:\"2.6.35-30.56\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-versatile\", ver:\"2.6.35-30.56\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-virtual\", ver:\"2.6.35-30.56\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:28", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1183-1", "cvss3": {}, "published": "2011-08-12T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1183-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1746", "CVE-2011-1598", "CVE-2011-1163", "CVE-2011-1090", "CVE-2010-4077", "CVE-2011-1577", "CVE-2010-4076"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840716", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840716", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1183_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux USN-1183-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1183-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840716\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-12 15:49:01 +0200 (Fri, 12 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1183-1\");\n script_cve_id(\"CVE-2010-4076\", \"CVE-2010-4077\", \"CVE-2011-1090\", \"CVE-2011-1163\", \"CVE-2011-1577\", \"CVE-2011-1598\", \"CVE-2011-1746\");\n script_name(\"Ubuntu Update for linux USN-1183-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.10\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1183-1\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 10.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Dan Rosenberg discovered that multiple terminal ioctls did not correctly\n initialize structure memory. A local attacker could exploit this to read\n portions of kernel stack memory, leading to a loss of privacy.\n (CVE-2010-4076, CVE-2010-4077)\n\n Neil Horman discovered that NFSv4 did not correctly handle certain orders\n of operation with ACL data. A remote attacker with access to an NFSv4 mount\n could exploit this to crash the system, leading to a denial of service.\n (CVE-2011-1090)\n\n Timo Warns discovered that OSF partition parsing routines did not correctly\n clear memory. A local attacker with physical access could plug in a\n specially crafted block device to read kernel memory, leading to a loss of\n privacy. (CVE-2011-1163)\n\n Timo Warns discovered that the GUID partition parsing routines did not\n correctly validate certain structures. A local attacker with physical\n access could plug in a specially crafted block device to crash the system,\n leading to a denial of service. (CVE-2011-1577)\n\n Oliver Hartkopp and Dave Jones discovered that the CAN network driver did\n not correctly validate certain socket structures. If this driver was\n loaded, a local attacker could crash the system, leading to a denial of\n service. (CVE-2011-1598)\n\n Vasiliy Kulikov discovered that the AGP driver did not check the size of\n certain memory allocations. A local attacker with access to the video\n subsystem could exploit this to run the system out of memory, leading to a\n denial of service. (CVE-2011-1746)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-generic\", ver:\"2.6.35-30.56\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-generic-pae\", ver:\"2.6.35-30.56\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-omap\", ver:\"2.6.35-30.56\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-powerpc\", ver:\"2.6.35-30.56\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-powerpc-smp\", ver:\"2.6.35-30.56\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-powerpc64-smp\", ver:\"2.6.35-30.56\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-server\", ver:\"2.6.35-30.56\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-versatile\", ver:\"2.6.35-30.56\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-virtual\", ver:\"2.6.35-30.56\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:27:24", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1168-1", "cvss3": {}, "published": "2011-07-18T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1168-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1017", "CVE-2011-1746", "CVE-2011-1494", "CVE-2011-1598", "CVE-2011-2022", "CVE-2011-1770", "CVE-2011-1747", "CVE-2011-1495", "CVE-2011-1163", "CVE-2011-1593", "CVE-2011-1748", "CVE-2011-1745", "CVE-2011-1090"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840704", "href": "http://plugins.openvas.org/nasl.php?oid=840704", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1168_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux USN-1168-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Timo Warns discovered that the LDM disk partition handling code did not\n correctly handle certain values. By inserting a specially crafted disk\n device, a local attacker could exploit this to gain root privileges.\n (CVE-2011-1017)\n\n Neil Horman discovered that NFSv4 did not correctly handle certain orders\n of operation with ACL data. A remote attacker with access to an NFSv4 mount\n could exploit this to crash the system, leading to a denial of service.\n (CVE-2011-1090)\n \n Timo Warns discovered that OSF partition parsing routines did not correctly\n clear memory. A local attacker with physical access could plug in a\n specially crafted block device to read kernel memory, leading to a loss of\n privacy. (CVE-2011-1163)\n \n Dan Rosenberg discovered that MPT devices did not correctly validate\n certain values in ioctl calls. If these drivers were loaded, a local\n attacker could exploit this to read arbitrary kernel memory, leading to a\n loss of privacy. (CVE-2011-1494, CVE-2011-1495)\n \n Tavis Ormandy discovered that the pidmap function did not correctly handle\n large requests. A local attacker could exploit this to crash the system,\n leading to a denial of service. (CVE-2011-1593)\n \n Oliver Hartkopp and Dave Jones discovered that the CAN network driver did\n not correctly validate certain socket structures. If this driver was\n loaded, a local attacker could crash the system, leading to a denial of\n service. (CVE-2011-1598, CVE-2011-1748)\n \n Vasiliy Kulikov discovered that the AGP driver did not check certain ioctl\n values. A local attacker with access to the video subsystem could exploit\n this to crash the system, leading to a denial of service, or possibly gain\n root privileges. (CVE-2011-1745, CVE-2011-2022)\n \n Vasiliy Kulikov discovered that the AGP driver did not check the size of\n certain memory allocations. A local attacker with access to the video\n subsystem could exploit this to run the system out of memory, leading to a\n denial of service. (CVE-2011-1746, CVE-2011-1747)\n \n Dan Rosenberg discovered that the DCCP stack did not correctly handle\n certain packet structures. A remote attacker could exploit this to crash\n the system, leading to a denial of service. (CVE-2011-1770)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1168-1\";\ntag_affected = \"linux on Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1168-1/\");\n script_id(840704);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-18 15:23:56 +0200 (Mon, 18 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"USN\", value: \"1168-1\");\n script_cve_id(\"CVE-2011-1017\", \"CVE-2011-1090\", \"CVE-2011-1163\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1593\", \"CVE-2011-1598\", \"CVE-2011-1748\", \"CVE-2011-1745\", \"CVE-2011-2022\", \"CVE-2011-1746\", \"CVE-2011-1747\", \"CVE-2011-1770\");\n script_name(\"Ubuntu Update for linux USN-1168-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-33-386\", ver:\"2.6.32-33.70\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-33-generic\", ver:\"2.6.32-33.70\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-33-generic-pae\", ver:\"2.6.32-33.70\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-33-ia64\", ver:\"2.6.32-33.70\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-33-lpia\", ver:\"2.6.32-33.70\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-33-powerpc\", ver:\"2.6.32-33.70\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-33-powerpc-smp\", ver:\"2.6.32-33.70\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-33-powerpc64-smp\", ver:\"2.6.32-33.70\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-33-preempt\", ver:\"2.6.32-33.70\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-33-server\", ver:\"2.6.32-33.70\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-33-sparc64\", ver:\"2.6.32-33.70\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-33-sparc64-smp\", ver:\"2.6.32-33.70\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-33-versatile\", ver:\"2.6.32-33.70\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-33-virtual\", ver:\"2.6.32-33.70\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:25", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1168-1", "cvss3": {}, "published": "2011-07-18T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1168-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1017", "CVE-2011-1746", "CVE-2011-1494", "CVE-2011-1598", "CVE-2011-2022", "CVE-2011-1770", "CVE-2011-1747", "CVE-2011-1495", "CVE-2011-1163", "CVE-2011-1593", "CVE-2011-1748", "CVE-2011-1745", "CVE-2011-1090"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840704", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840704", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1168_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux USN-1168-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1168-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840704\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-18 15:23:56 +0200 (Mon, 18 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"USN\", value:\"1168-1\");\n script_cve_id(\"CVE-2011-1017\", \"CVE-2011-1090\", \"CVE-2011-1163\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1593\", \"CVE-2011-1598\", \"CVE-2011-1748\", \"CVE-2011-1745\", \"CVE-2011-2022\", \"CVE-2011-1746\", \"CVE-2011-1747\", \"CVE-2011-1770\");\n script_name(\"Ubuntu Update for linux USN-1168-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1168-1\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Timo Warns discovered that the LDM disk partition handling code did not\n correctly handle certain values. By inserting a specially crafted disk\n device, a local attacker could exploit this to gain root privileges.\n (CVE-2011-1017)\n\n Neil Horman discovered that NFSv4 did not correctly handle certain orders\n of operation with ACL data. A remote attacker with access to an NFSv4 mount\n could exploit this to crash the system, leading to a denial of service.\n (CVE-2011-1090)\n\n Timo Warns discovered that OSF partition parsing routines did not correctly\n clear memory. A local attacker with physical access could plug in a\n specially crafted block device to read kernel memory, leading to a loss of\n privacy. (CVE-2011-1163)\n\n Dan Rosenberg discovered that MPT devices did not correctly validate\n certain values in ioctl calls. If these drivers were loaded, a local\n attacker could exploit this to read arbitrary kernel memory, leading to a\n loss of privacy. (CVE-2011-1494, CVE-2011-1495)\n\n Tavis Ormandy discovered that the pidmap function did not correctly handle\n large requests. A local attacker could exploit this to crash the system,\n leading to a denial of service. (CVE-2011-1593)\n\n Oliver Hartkopp and Dave Jones discovered that the CAN network driver did\n not correctly validate certain socket structures. If this driver was\n loaded, a local attacker could crash the system, leading to a denial of\n service. (CVE-2011-1598, CVE-2011-1748)\n\n Vasiliy Kulikov discovered that the AGP driver did not check certain ioctl\n values. A local attacker with access to the video subsystem could exploit\n this to crash the system, leading to a denial of service, or possibly gain\n root privileges. (CVE-2011-1745, CVE-2011-2022)\n\n Vasiliy Kulikov discovered that the AGP driver did not check the size of\n certain memory allocations. A local attacker with access to the video\n subsystem could exploit this to run the system out of memory, leading to a\n denial of service. (CVE-2011-1746, CVE-2011-1747)\n\n Dan Rosenberg discovered that the DCCP stack did not correctly handle\n certain packet structures. A remote attacker could exploit this to crash\n the system, leading to a denial of service. (CVE-2011-1770)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-33-386\", ver:\"2.6.32-33.70\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-33-generic\", ver:\"2.6.32-33.70\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-33-generic-pae\", ver:\"2.6.32-33.70\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-33-ia64\", ver:\"2.6.32-33.70\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-33-lpia\", ver:\"2.6.32-33.70\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-33-powerpc\", ver:\"2.6.32-33.70\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-33-powerpc-smp\", ver:\"2.6.32-33.70\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-33-powerpc64-smp\", ver:\"2.6.32-33.70\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-33-preempt\", ver:\"2.6.32-33.70\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-33-server\", ver:\"2.6.32-33.70\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-33-sparc64\", ver:\"2.6.32-33.70\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-33-sparc64-smp\", ver:\"2.6.32-33.70\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-33-versatile\", ver:\"2.6.32-33.70\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-33-virtual\", ver:\"2.6.32-33.70\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2018-01-08T12:57:52", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2012-08-17T00:00:00", "type": "openvas", "title": "RedHat Update for kernel RHSA-2012:1156-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1078", "CVE-2012-2383"], "modified": "2018-01-08T00:00:00", "id": "OPENVAS:870808", "href": "http://plugins.openvas.org/nasl.php?oid=870808", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2012:1156-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n\n * An integer overflow flaw was found in the i915_gem_execbuffer2() function\n in the Intel i915 driver in the Linux kernel. A local, unprivileged user\n could use this flaw to cause a denial of service. This issue only affected\n 32-bit systems. (CVE-2012-2383, Moderate)\n\n * A missing initialization flaw was found in the sco_sock_getsockopt_old()\n function in the Linux kernel's Bluetooth implementation. A local,\n unprivileged user could use this flaw to cause an information leak.\n (CVE-2011-1078, Low)\n\n This update also fixes several bugs. Documentation for these changes will\n be available shortly from the Technical Notes document linked to in the\n References section.\n\n Users should upgrade to these updated packages, which contain backported\n patches to correct these issues, and fix the bugs noted in the Technical\n Notes. The system must be rebooted for this update to take effect.\";\n\ntag_affected = \"kernel on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-August/msg00012.html\");\n script_id(870808);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-17 10:20:57 +0530 (Fri, 17 Aug 2012)\");\n script_cve_id(\"CVE-2011-1078\", \"CVE-2012-2383\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"RHSA\", value: \"2012:1156-01\");\n script_name(\"RedHat Update for kernel RHSA-2012:1156-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~279.5.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~279.5.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.32~279.5.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~279.5.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.32~279.5.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-i686\", rpm:\"kernel-debuginfo-common-i686~2.6.32~279.5.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~279.5.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~279.5.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~279.5.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~2.6.32~279.5.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf-debuginfo\", rpm:\"python-perf-debuginfo~2.6.32~279.5.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~279.5.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~279.5.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~2.6.32~279.5.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:55", "description": "Oracle Linux Local Security Checks ELSA-2012-1156", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-1156", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1078", "CVE-2012-2383"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123845", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123845", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-1156.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123845\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:09:19 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-1156\");\n script_tag(name:\"insight\", value:\"ELSA-2012-1156 - kernel security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-1156\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-1156.html\");\n script_cve_id(\"CVE-2011-1078\", \"CVE-2012-2383\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~279.5.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~279.5.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~279.5.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~279.5.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~279.5.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~279.5.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~279.5.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~279.5.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~2.6.32~279.5.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:38:44", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-17T00:00:00", "type": "openvas", "title": "RedHat Update for kernel RHSA-2012:1156-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1078", "CVE-2012-2383"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870808", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870808", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2012:1156-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-August/msg00012.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870808\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-17 10:20:57 +0530 (Fri, 17 Aug 2012)\");\n script_cve_id(\"CVE-2011-1078\", \"CVE-2012-2383\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"RHSA\", value:\"2012:1156-01\");\n script_name(\"RedHat Update for kernel RHSA-2012:1156-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"kernel on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n\n * An integer overflow flaw was found in the i915_gem_execbuffer2() function\n in the Intel i915 driver in the Linux kernel. A local, unprivileged user\n could use this flaw to cause a denial of service. This issue only affected\n 32-bit systems. (CVE-2012-2383, Moderate)\n\n * A missing initialization flaw was found in the sco_sock_getsockopt_old()\n function in the Linux kernel's Bluetooth implementation. A local,\n unprivileged user could use this flaw to cause an information leak.\n (CVE-2011-1078, Low)\n\n This update also fixes several bugs. Documentation for these changes will\n be available shortly from the Technical Notes document linked to in the\n References section.\n\n Users should upgrade to these updated packages, which contain backported\n patches to correct these issues, and fix the bugs noted in the Technical\n Notes. The system must be rebooted for this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~279.5.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~279.5.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.32~279.5.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~279.5.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.32~279.5.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-i686\", rpm:\"kernel-debuginfo-common-i686~2.6.32~279.5.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~279.5.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~279.5.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~279.5.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~2.6.32~279.5.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf-debuginfo\", rpm:\"python-perf-debuginfo~2.6.32~279.5.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~279.5.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~279.5.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~2.6.32~279.5.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2018-01-11T11:07:38", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2012-08-17T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2012:1156 centos6 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1078", "CVE-2012-2383"], "modified": "2018-01-09T00:00:00", "id": "OPENVAS:881469", "href": "http://plugins.openvas.org/nasl.php?oid=881469", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2012:1156 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n \n * An integer overflow flaw was found in the i915_gem_execbuffer2() function\n in the Intel i915 driver in the Linux kernel. A local, unprivileged user\n could use this flaw to cause a denial of service. This issue only affected\n 32-bit systems. (CVE-2012-2383, Moderate)\n \n * A missing initialization flaw was found in the sco_sock_getsockopt_old()\n function in the Linux kernel's Bluetooth implementation. A local,\n unprivileged user could use this flaw to cause an information leak.\n (CVE-2011-1078, Low)\n \n Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting the\n CVE-2011-1078 issue.\n \n This update also fixes several bugs. Documentation for these changes will\n be available shortly from the Technical Notes document linked to in the\n References section.\n \n Users should upgrade to these updated packages, which contain backported\n patches to correct these issues, and fix the bugs noted in the Technical\n Notes. The system must be rebooted for this update to take effect.\";\n\ntag_affected = \"kernel on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-August/018803.html\");\n script_id(881469);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-17 10:21:26 +0530 (Fri, 17 Aug 2012)\");\n script_cve_id(\"CVE-2011-1078\", \"CVE-2012-2383\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"CESA\", value: \"2012:1156\");\n script_name(\"CentOS Update for kernel CESA-2012:1156 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~279.5.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~279.5.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~279.5.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~279.5.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~279.5.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~279.5.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~279.5.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~279.5.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~2.6.32~279.5.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:35", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-17T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2012:1156 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1078", "CVE-2012-2383"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881469", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881469", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2012:1156 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-August/018803.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881469\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-17 10:21:26 +0530 (Fri, 17 Aug 2012)\");\n script_cve_id(\"CVE-2011-1078\", \"CVE-2012-2383\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"CESA\", value:\"2012:1156\");\n script_name(\"CentOS Update for kernel CESA-2012:1156 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"kernel on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n\n * An integer overflow flaw was found in the i915_gem_execbuffer2() function\n in the Intel i915 driver in the Linux kernel. A local, unprivileged user\n could use this flaw to cause a denial of service. This issue only affected\n 32-bit systems. (CVE-2012-2383, Moderate)\n\n * A missing initialization flaw was found in the sco_sock_getsockopt_old()\n function in the Linux kernel's Bluetooth implementation. A local,\n unprivileged user could use this flaw to cause an information leak.\n (CVE-2011-1078, Low)\n\n Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting the\n CVE-2011-1078 issue.\n\n This update also fixes several bugs. Documentation for these changes will\n be available shortly from the Technical Notes document linked to in the\n References section.\n\n Users should upgrade to these updated packages, which contain backported\n patches to correct these issues, and fix the bugs noted in the Technical\n Notes. The system must be rebooted for this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~279.5.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~279.5.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~279.5.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~279.5.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~279.5.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~279.5.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~279.5.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~279.5.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~2.6.32~279.5.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-07-25T10:55:53", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2011-07-12T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2011-7823", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1770", "CVE-2011-1577"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863138", "href": "http://plugins.openvas.org/nasl.php?oid=863138", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2011-7823\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"kernel on Fedora 15\";\ntag_insight = \"The kernel package contains the Linux kernel (vmlinuz), the core of any\n Linux operating system. The kernel handles the basic functions\n of the operating system: memory allocation, process allocation, device\n input and output, etc.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061236.html\");\n script_id(863138);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-12 08:00:26 +0200 (Tue, 12 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-7823\");\n script_cve_id(\"CVE-2011-1770\", \"CVE-2011-1577\");\n script_name(\"Fedora Update for kernel FEDORA-2011-7823\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.38.7~30.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:55", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-07-12T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2011-7823", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1770", "CVE-2011-1577"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863138", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863138", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2011-7823\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061236.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863138\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-12 08:00:26 +0200 (Tue, 12 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"FEDORA\", value:\"2011-7823\");\n script_cve_id(\"CVE-2011-1770\", \"CVE-2011-1577\");\n script_name(\"Fedora Update for kernel FEDORA-2011-7823\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.38.7~30.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-07-25T10:55:55", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2011-05-17T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2011-6541", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3904", "CVE-2010-4073", "CVE-2010-4668", "CVE-2010-4072", "CVE-2011-1746", "CVE-2011-1494", "CVE-2011-1478", "CVE-2010-2963", "CVE-2010-3698", "CVE-2011-1079", "CVE-2011-1495", "CVE-2010-3880", "CVE-2010-2962", "CVE-2011-1745"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863087", "href": "http://plugins.openvas.org/nasl.php?oid=863087", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2011-6541\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"kernel on Fedora 14\";\ntag_insight = \"The kernel package contains the Linux kernel (vmlinuz), the core of any\n Linux operating system. The kernel handles the basic functions\n of the operating system: memory allocation, process allocation, device\n input and output, etc.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059860.html\");\n script_id(863087);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-17 15:58:48 +0200 (Tue, 17 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-6541\");\n script_cve_id(\"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2010-4668\", \"CVE-2010-4073\", \"CVE-2010-4072\", \"CVE-2010-3880\", \"CVE-2010-2962\", \"CVE-2010-3698\", \"CVE-2010-2963\", \"CVE-2010-3904\", \"CVE-2011-1478\", \"CVE-2011-1079\");\n script_name(\"Fedora Update for kernel FEDORA-2011-6541\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.35.13~91.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:03", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-05-17T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2011-6541", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3904", "CVE-2010-4073", "CVE-2010-4668", "CVE-2010-4072", "CVE-2011-1746", "CVE-2011-1494", "CVE-2011-1478", "CVE-2010-2963", "CVE-2010-3698", "CVE-2011-1079", "CVE-2011-1495", "CVE-2010-3880", "CVE-2010-2962", "CVE-2011-1745"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863087", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863087", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2011-6541\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059860.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863087\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-17 15:58:48 +0200 (Tue, 17 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2011-6541\");\n script_cve_id(\"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2010-4668\", \"CVE-2010-4073\", \"CVE-2010-4072\", \"CVE-2010-3880\", \"CVE-2010-2962\", \"CVE-2010-3698\", \"CVE-2010-2963\", \"CVE-2010-3904\", \"CVE-2011-1478\", \"CVE-2011-1079\");\n script_name(\"Fedora Update for kernel FEDORA-2011-6541\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC14\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 14\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.35.13~91.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:52", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1161-1", "cvss3": {}, "published": "2011-07-18T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-ec2 USN-1161-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1017", "CVE-2010-3881", "CVE-2011-1746", "CVE-2011-1494", "CVE-2011-1598", "CVE-2011-2022", "CVE-2011-1770", "CVE-2011-1747", "CVE-2011-1495", "CVE-2011-1163", "CVE-2011-1593", "CVE-2011-1748", "CVE-2011-1745", "CVE-2011-1090"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840698", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840698", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1161_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-ec2 USN-1161-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1161-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840698\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-18 15:23:56 +0200 (Mon, 18 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"USN\", value:\"1161-1\");\n script_cve_id(\"CVE-2010-3881\", \"CVE-2011-1017\", \"CVE-2011-1090\", \"CVE-2011-1163\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1593\", \"CVE-2011-1598\", \"CVE-2011-1748\", \"CVE-2011-1745\", \"CVE-2011-2022\", \"CVE-2011-1746\", \"CVE-2011-1747\", \"CVE-2011-1770\");\n script_name(\"Ubuntu Update for linux-ec2 USN-1161-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1161-1\");\n script_tag(name:\"affected\", value:\"linux-ec2 on Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Vasiliy Kulikov discovered that kvm did not correctly clear memory. A local\n attacker could exploit this to read portions of the kernel stack, leading\n to a loss of privacy. (CVE-2010-3881)\n\n Timo Warns discovered that the LDM disk partition handling code did not\n correctly handle certain values. By inserting a specially crafted disk\n device, a local attacker could exploit this to gain root privileges.\n (CVE-2011-1017)\n\n Neil Horman discovered that NFSv4 did not correctly handle certain orders\n of operation with ACL data. A remote attacker with access to an NFSv4 mount\n could exploit this to crash the system, leading to a denial of service.\n (CVE-2011-1090)\n\n Timo Warns discovered that OSF partition parsing routines did not correctly\n clear memory. A local attacker with physical access could plug in a\n specially crafted block device to read kernel memory, leading to a loss of\n privacy. (CVE-2011-1163)\n\n Dan Rosenberg discovered that MPT devices did not correctly validate\n certain values in ioctl calls. If these drivers were loaded, a local\n attacker could exploit this to read arbitrary kernel memory, leading to a\n loss of privacy. (CVE-2011-1494, CVE-2011-1495)\n\n Tavis Ormandy discovered that the pidmap function did not correctly handle\n large requests. A local attacker could exploit this to crash the system,\n leading to a denial of service. (CVE-2011-1593)\n\n Oliver Hartkopp and Dave Jones discovered that the CAN network driver did\n not correctly validate certain socket structures. If this driver was\n loaded, a local attacker could crash the system, leading to a denial of\n service. (CVE-2011-1598, CVE-2011-1748)\n\n Vasiliy Kulikov discovered that the AGP driver did not check certain ioctl\n values. A local attacker with access to the video subsystem could exploit\n this to crash the system, leading to a denial of service, or possibly gain\n root privileges. (CVE-2011-1745, CVE-2011-2022)\n\n Vasiliy Kulikov discovered that the AGP driver did not check the size of\n certain memory allocations. A local attacker with access to the video\n subsystem could exploit this to run the system out of memory, leading to a\n denial of service. (CVE-2011-1746, CVE-2011-1747)\n\n Dan Rosenberg discovered that the DCCP stack did not correctly handle\n certain packet structures. A remote attacker could exploit this to crash\n the system, leading to a denial of service. (CVE-2011-1770)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-317-ec2\", ver:\"2.6.32-317.36\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-12-04T11:27:17", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1161-1", "cvss3": {}, "published": "2011-07-18T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-ec2 USN-1161-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1017", "CVE-2010-3881", "CVE-2011-1746", "CVE-2011-1494", "CVE-2011-1598", "CVE-2011-2022", "CVE-2011-1770", "CVE-2011-1747", "CVE-2011-1495", "CVE-2011-1163", "CVE-2011-1593", "CVE-2011-1748", "CVE-2011-1745", "CVE-2011-1090"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840698", "href": "http://plugins.openvas.org/nasl.php?oid=840698", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1161_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux-ec2 USN-1161-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Vasiliy Kulikov discovered that kvm did not correctly clear memory. A local\n attacker could exploit this to read portions of the kernel stack, leading\n to a loss of privacy. (CVE-2010-3881)\n\n Timo Warns discovered that the LDM disk partition handling code did not\n correctly handle certain values. By inserting a specially crafted disk\n device, a local attacker could exploit this to gain root privileges.\n (CVE-2011-1017)\n \n Neil Horman discovered that NFSv4 did not correctly handle certain orders\n of operation with ACL data. A remote attacker with access to an NFSv4 mount\n could exploit this to crash the system, leading to a denial of service.\n (CVE-2011-1090)\n \n Timo Warns discovered that OSF partition parsing routines did not correctly\n clear memory. A local attacker with physical access could plug in a\n specially crafted block device to read kernel memory, leading to a loss of\n privacy. (CVE-2011-1163)\n \n Dan Rosenberg discovered that MPT devices did not correctly validate\n certain values in ioctl calls. If these drivers were loaded, a local\n attacker could exploit this to read arbitrary kernel memory, leading to a\n loss of privacy. (CVE-2011-1494, CVE-2011-1495)\n \n Tavis Ormandy discovered that the pidmap function did not correctly handle\n large requests. A local attacker could exploit this to crash the system,\n leading to a denial of service. (CVE-2011-1593)\n \n Oliver Hartkopp and Dave Jones discovered that the CAN network driver did\n not correctly validate certain socket structures. If this driver was\n loaded, a local attacker could crash the system, leading to a denial of\n service. (CVE-2011-1598, CVE-2011-1748)\n \n Vasiliy Kulikov discovered that the AGP driver did not check certain ioctl\n values. A local attacker with access to the video subsystem could exploit\n this to crash the system, leading to a denial of service, or possibly gain\n root privileges. (CVE-2011-1745, CVE-2011-2022)\n \n Vasiliy Kulikov discovered that the AGP driver did not check the size of\n certain memory allocations. A local attacker with access to the video\n subsystem could exploit this to run the system out of memory, leading to a\n denial of service. (CVE-2011-1746, CVE-2011-1747)\n \n Dan Rosenberg discovered that the DCCP stack did not correctly handle\n certain packet structures. A remote attacker could exploit this to crash\n the system, leading to a denial of service. (CVE-2011-1770)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1161-1\";\ntag_affected = \"linux-ec2 on Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1161-1/\");\n script_id(840698);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-18 15:23:56 +0200 (Mon, 18 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"USN\", value: \"1161-1\");\n script_cve_id(\"CVE-2010-3881\", \"CVE-2011-1017\", \"CVE-2011-1090\", \"CVE-2011-1163\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1593\", \"CVE-2011-1598\", \"CVE-2011-1748\", \"CVE-2011-1745\", \"CVE-2011-2022\", \"CVE-2011-1746\", \"CVE-2011-1747\", \"CVE-2011-1770\");\n script_name(\"Ubuntu Update for linux-ec2 USN-1161-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-317-ec2\", ver:\"2.6.32-317.36\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:27:17", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1186-1", "cvss3": {}, "published": "2011-08-12T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1186-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4073", "CVE-2010-4165", "CVE-2010-4649", "CVE-2011-1173", "CVE-2011-2484", "CVE-2011-0711", "CVE-2011-1044", "CVE-2010-4249", "CVE-2011-1010", "CVE-2011-1170", "CVE-2011-1172", "CVE-2010-4238", "CVE-2011-1171", "CVE-2011-2534", "CVE-2011-1090"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840720", "href": "http://plugins.openvas.org/nasl.php?oid=840720", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1186_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux USN-1186-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Dan Rosenberg discovered that IPC structures were not correctly initialized\n on 64bit systems. A local attacker could exploit this to read kernel stack\n memory, leading to a loss of privacy. (CVE-2010-4073)\n\n Steve Chen discovered that setsockopt did not correctly check MSS values. A\n local attacker could make a specially crafted socket call to crash the\n system, leading to a denial of service. (CVE-2010-4165)\n \n Vladymyr Denysov discovered that Xen virtual CD-ROM devices were not\n handled correctly. A local attacker in a guest could make crafted blkback\n requests that would crash the host, leading to a denial of service.\n (CVE-2010-4238)\n \n Vegard Nossum discovered that memory garbage collection was not handled\n correctly for active sockets. A local attacker could exploit this to\n allocate all available kernel memory, leading to a denial of service.\n (CVE-2010-4249)\n \n Dan Carpenter discovered that the Infiniband driver did not correctly\n handle certain requests. A local user could exploit this to crash the\n system or potentially gain root privileges. (CVE-2010-4649, CVE-2011-1044)\n \n Dan Rosenberg discovered that XFS did not correctly initialize memory. A\n local attacker could make crafted ioctl calls to leak portions of kernel\n stack memory, leading to a loss of privacy. (CVE-2011-0711)\n \n Timo Warns discovered that MAC partition parsing routines did not correctly\n calculate block counts. A local attacker with physical access could plug in\n a specially crafted block device to crash the system or potentially gain\n root privileges. (CVE-2011-1010)\n \n Neil Horman discovered that NFSv4 did not correctly handle certain orders\n of operation with ACL data. A remote attacker with access to an NFSv4 mount\n could exploit this to crash the system, leading to a denial of service.\n (CVE-2011-1090)\n \n Vasiliy Kulikov discovered that the netfilter code did not check certain\n strings copied from userspace. A local attacker with netfilter access could\n exploit this to read kernel memory or crash the system, leading to a denial\n of service. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-2534)\n \n Vasiliy Kulikov discovered that the Acorn Universal Networking driver did\n not correctly initialize memory. A remote attacker could send specially\n crafted traffic to read kernel stack memory, leading to a loss of privacy.\n (CVE-2011-1173)\n \n Vasiliy Kulikov discovered that taskstats listeners were not correctly\n handled. A local attacker could expoit this to exhaust memory and CPU\n resources, leading to a denial of service. (CVE-2011-2484)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1186-1\";\ntag_affected = \"linux on Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1186-1/\");\n script_id(840720);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-12 15:49:01 +0200 (Fri, 12 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1186-1\");\n script_cve_id(\"CVE-2010-4073\", \"CVE-2010-4165\", \"CVE-2010-4238\", \"CVE-2010-4249\", \"CVE-2010-4649\", \"CVE-2011-1044\", \"CVE-2011-0711\", \"CVE-2011-1010\", \"CVE-2011-1090\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-2534\", \"CVE-2011-1173\", \"CVE-2011-2484\");\n script_name(\"Ubuntu Update for linux USN-1186-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-386\", ver:\"2.6.24-29.92\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-generic\", ver:\"2.6.24-29.92\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-hppa32\", ver:\"2.6.24-29.92\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-hppa64\", ver:\"2.6.24-29.92\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-itanium\", ver:\"2.6.24-29.92\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-lpia\", ver:\"2.6.24-29.92\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-lpiacompat\", ver:\"2.6.24-29.92\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-mckinley\", ver:\"2.6.24-29.92\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-openvz\", ver:\"2.6.24-29.92\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-powerpc\", ver:\"2.6.24-29.92\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-powerpc-smp\", ver:\"2.6.24-29.92\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-powerpc64-smp\", ver:\"2.6.24-29.92\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-rt\", ver:\"2.6.24-29.92\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-server\", ver:\"2.6.24-29.92\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-sparc64\", ver:\"2.6.24-29.92\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-sparc64-smp\", ver:\"2.6.24-29.92\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-virtual\", ver:\"2.6.24-29.92\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-xen\", ver:\"2.6.24-29.92\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-07-28T14:07:55", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1186-1", "cvss3": {}, "published": "2011-08-12T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1186-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4073", "CVE-2010-4165", "CVE-2010-4649", "CVE-2011-1173", "CVE-2011-2484", "CVE-2011-0711", "CVE-2011-1044", "CVE-2010-4249", "CVE-2011-1010", "CVE-2011-1170", "CVE-2011-1172", "CVE-2010-4238", "CVE-2011-1171", "CVE-2011-2534", "CVE-2011-1090"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840720", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840720", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1186_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux USN-1186-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1186-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840720\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-12 15:49:01 +0200 (Fri, 12 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1186-1\");\n script_cve_id(\"CVE-2010-4073\", \"CVE-2010-4165\", \"CVE-2010-4238\", \"CVE-2010-4249\", \"CVE-2010-4649\", \"CVE-2011-1044\", \"CVE-2011-0711\", \"CVE-2011-1010\", \"CVE-2011-1090\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-2534\", \"CVE-2011-1173\", \"CVE-2011-2484\");\n script_name(\"Ubuntu Update for linux USN-1186-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU8\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1186-1\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 8.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Dan Rosenberg discovered that IPC structures were not correctly initialized\n on 64bit systems. A local attacker could exploit this to read kernel stack\n memory, leading to a loss of privacy. (CVE-2010-4073)\n\n Steve Chen discovered that setsockopt did not correctly check MSS values. A\n local attacker could make a specially crafted socket call to crash the\n system, leading to a denial of service. (CVE-2010-4165)\n\n Vladymyr Denysov discovered that Xen virtual CD-ROM devices were not\n handled correctly. A local attacker in a guest could make crafted blkback\n requests that would crash the host, leading to a denial of service.\n (CVE-2010-4238)\n\n Vegard Nossum discovered that memory garbage collection was not handled\n correctly for active sockets. A local attacker could exploit this to\n allocate all available kernel memory, leading to a denial of service.\n (CVE-2010-4249)\n\n Dan Carpenter discovered that the Infiniband driver did not correctly\n handle certain requests. A local user could exploit this to crash the\n system or potentially gain root privileges. (CVE-2010-4649, CVE-2011-1044)\n\n Dan Rosenberg discovered that XFS did not correctly initialize memory. A\n local attacker could make crafted ioctl calls to leak portions of kernel\n stack memory, leading to a loss of privacy. (CVE-2011-0711)\n\n Timo Warns discovered that MAC partition parsing routines did not correctly\n calculate block counts. A local attacker with physical access could plug in\n a specially crafted block device to crash the system or potentially gain\n root privileges. (CVE-2011-1010)\n\n Neil Horman discovered that NFSv4 did not correctly handle certain orders\n of operation with ACL data. A remote attacker with access to an NFSv4 mount\n could exploit this to crash the system, leading to a denial of service.\n (CVE-2011-1090)\n\n Vasiliy Kulikov discovered that the netfilter code did not check certain\n strings copied from userspace. A local attacker with netfilter access could\n exploit this to read kernel memory or crash the system, leading to a denial\n of service. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-2534)\n\n Vasiliy Kulikov discovered that the Acorn Universal Networking driver did\n not correctly initialize memory. A remote attacker could send specially\n crafted traffic to read kernel stack memory, leading to a loss of privacy.\n (CVE-2011-1173)\n\n Vasiliy Kulikov discovered that taskstats listeners were not correctly\n handled. A local attacker could expoit this to exhaust memory and CPU\n resources, leading to a denial of service. (CVE-2011-2484)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-386\", ver:\"2.6.24-29.92\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-generic\", ver:\"2.6.24-29.92\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-hppa32\", ver:\"2.6.24-29.92\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-hppa64\", ver:\"2.6.24-29.92\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-itanium\", ver:\"2.6.24-29.92\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-lpia\", ver:\"2.6.24-29.92\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-lpiacompat\", ver:\"2.6.24-29.92\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-mckinley\", ver:\"2.6.24-29.92\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-openvz\", ver:\"2.6.24-29.92\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-powerpc\", ver:\"2.6.24-29.92\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-powerpc-smp\", ver:\"2.6.24-29.92\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-powerpc64-smp\", ver:\"2.6.24-29.92\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-rt\", ver:\"2.6.24-29.92\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-server\", ver:\"2.6.24-29.92\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-sparc64\", ver:\"2.6.24-29.92\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-sparc64-smp\", ver:\"2.6.24-29.92\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-virtual\", ver:\"2.6.24-29.92\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-xen\", ver:\"2.6.24-29.92\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:26:35", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1202-1", "cvss3": {}, "published": "2011-09-16T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-1202-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4242", "CVE-2011-1017", "CVE-2011-0521", "CVE-2010-4163", "CVE-2011-2918", "CVE-2010-4081", "CVE-2010-3297", "CVE-2010-4073", "CVE-2010-4668", "CVE-2011-1746", "CVE-2011-0695", "CVE-2011-1160", "CVE-2010-4083", "CVE-2011-1078", "CVE-2010-4082", "CVE-2011-1494", "CVE-2010-4649", "CVE-2011-1478", "CVE-2010-3859", "CVE-2011-1012", "CVE-2011-1598", "CVE-2011-2492", "CVE-2010-4080", "CVE-2010-4169", "CVE-2011-1173", "CVE-2010-4656", "CVE-2011-2699", "CVE-2010-3296", "CVE-2011-0463", "CVE-2011-2484", "CVE-2011-0711", "CVE-2010-4162", "CVE-2011-2022", "CVE-2011-1180", "CVE-2011-1079", "CVE-2011-1044", "CVE-2011-1770", "CVE-2011-0712", "CVE-2011-1019", "CVE-2010-4248", "CVE-2011-1495", "CVE-2010-4243", "CVE-2011-1163", "CVE-2011-1169", "CVE-2011-1013", "CVE-2011-1833", "CVE-2010-3880", "CVE-2010-3874", "CVE-2010-4157", "CVE-2010-4160", "CVE-2011-1093", "CVE-2011-1010", "CVE-2011-1020", "CVE-2011-1016", "CVE-2011-1593", "CVE-2011-1170", "CVE-2010-3858", "CVE-2011-1172", "CVE-2011-1748", "CVE-2011-1171", "CVE-2011-1082", "CVE-2011-1493", "CVE-2010-4256", "CVE-2011-2534", "CVE-2011-0726", "CVE-2011-1745", "CVE-2011-1182", "CVE-2011-1090", "CVE-2010-4565", "CVE-2010-4175", "CVE-2011-1080", "CVE-2010-4077", "CVE-2010-4075", "CVE-2010-4655", "CVE-2011-1577", "CVE-2010-4076"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840745", "href": "http://plugins.openvas.org/nasl.php?oid=840745", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1202_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux-ti-omap4 USN-1202-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Dan Rosenberg discovered that several network ioctls did not clear kernel\n memory correctly. A local user could exploit this to read kernel stack\n memory, leading to a loss of privacy. (CVE-2010-3296, CVE-2010-3297)\n\n Brad Spengler discovered that stack memory for new a process was not\n correctly calculated. A local attacker could exploit this to crash the\n system, leading to a denial of service. (CVE-2010-3858)\n \n Dan Rosenberg discovered that the Linux kernel TIPC implementation\n contained multiple integer signedness errors. A local attacker could\n exploit this to gain root privileges. (CVE-2010-3859)\n \n Dan Rosenberg discovered that the CAN protocol on 64bit systems did not\n correctly calculate the size of certain buffers. A local attacker could\n exploit this to crash the system or possibly execute arbitrary code as the\n root user. (CVE-2010-3874)\n \n Nelson Elhage discovered that the Linux kernel IPv4 implementation did not\n properly audit certain bytecodes in netlink messages. A local attacker\n could exploit this to cause the kernel to hang, leading to a denial of\n service. (CVE-2010-3880)\n \n Dan Rosenberg discovered that IPC structures were not correctly initialized\n on 64bit systems. A local attacker could exploit this to read kernel stack\n memory, leading to a loss of privacy. (CVE-2010-4073)\n \n Dan Rosenberg discovered that multiple terminal ioctls did not correctly\n initialize structure memory. A local attacker could exploit this to read\n portions of kernel stack memory, leading to a loss of privacy.\n (CVE-2010-4075, CVE-2010-4076, CVE-2010-4077)\n \n Dan Rosenberg discovered that the RME Hammerfall DSP audio interface driver\n did not correctly clear kernel memory. A local attacker could exploit this\n to read kernel stack memory, leading to a loss of privacy. (CVE-2010-4080,\n CVE-2010-4081)\n \n Dan Rosenberg discovered that the VIA video driver did not correctly clear\n kernel memory. A local attacker could exploit this to read kernel stack\n memory, leading to a loss of privacy. (CVE-2010-4082)\n \n Dan Rosenberg discovered that the semctl syscall did not correctly clear\n kernel memory. A local attacker could exploit this to read kernel stack\n memory, leading to a loss of privacy. (CVE-2010-4083)\n \n James Bottomley discovered that the ICP vortex storage array controller\n driver did not validate certain sizes. A local attacker on a 64bit system\n could exploit this to crash the kernel, leading to a denial of service.\n (CVE-2010-4157)\n \n Dan Rosenberg discovered that the Linux kernel L2TP implementation\n contained multiple integer sign ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1202-1\";\ntag_affected = \"linux-ti-omap4 on Ubuntu 10.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1202-1/\");\n script_id(840745);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-16 17:22:17 +0200 (Fri, 16 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"USN\", value: \"1202-1\");\n script_cve_id(\"CVE-2010-3296\", \"CVE-2010-3297\", \"CVE-2010-3858\", \"CVE-2010-3859\", \"CVE-2010-3874\", \"CVE-2010-3880\", \"CVE-2010-4073\", \"CVE-2010-4075\", \"CVE-2010-4076\", \"CVE-2010-4077\", \"CVE-2010-4080\", \"CVE-2010-4081\", \"CVE-2010-4082\", \"CVE-2010-4083\", \"CVE-2010-4157\", \"CVE-2010-4160\", \"CVE-2010-4162\", \"CVE-2010-4163\", \"CVE-2010-4668\", \"CVE-2010-4169\", \"CVE-2010-4175\", \"CVE-2010-4242\", \"CVE-2010-4243\", \"CVE-2010-4248\", \"CVE-2010-4256\", \"CVE-2010-4565\", \"CVE-2010-4649\", \"CVE-2011-1044\", \"CVE-2010-4655\", \"CVE-2010-4656\", \"CVE-2011-0463\", \"CVE-2011-0521\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-0712\", \"CVE-2011-0726\", \"CVE-2011-1010\", \"CVE-2011-1012\", \"CVE-2011-1013\", \"CVE-2011-1016\", \"CVE-2011-1017\", \"CVE-2011-1019\", \"CVE-2011-1020\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1082\", \"CVE-2011-1090\", \"CVE-2011-1093\", \"CVE-2011-1160\", \"CVE-2011-1163\", \"CVE-2011-1169\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-2534\", \"CVE-2011-1173\", \"CVE-2011-1180\", \"CVE-2011-1182\", \"CVE-2011-1478\", \"CVE-2011-1493\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1577\", \"CVE-2011-1593\", \"CVE-2011-1598\", \"CVE-2011-1748\", \"CVE-2011-1745\", \"CVE-2011-2022\", \"CVE-2011-1746\", \"CVE-2011-1770\", \"CVE-2011-1833\", \"CVE-2011-2484\", \"CVE-2011-2492\", \"CVE-2011-2699\", \"CVE-2011-2918\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-1202-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-903-omap4\", ver:\"2.6.35-903.24\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:54", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1202-1", "cvss3": {}, "published": "2011-09-16T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-1202-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4242", "CVE-2011-1017", "CVE-2011-0521", "CVE-2010-4163", "CVE-2011-2918", "CVE-2010-4081", "CVE-2010-3297", "CVE-2010-4073", "CVE-2010-4668", "CVE-2011-1746", "CVE-2011-0695", "CVE-2011-1160", "CVE-2010-4083", "CVE-2011-1078", "CVE-2010-4082", "CVE-2011-1494", "CVE-2010-4649", "CVE-2011-1478", "CVE-2010-3859", "CVE-2011-1012", "CVE-2011-1598", "CVE-2011-2492", "CVE-2010-4080", "CVE-2010-4169", "CVE-2011-1173", "CVE-2010-4656", "CVE-2011-2699", "CVE-2010-3296", "CVE-2011-0463", "CVE-2011-2484", "CVE-2011-0711", "CVE-2010-4162", "CVE-2011-2022", "CVE-2011-1180", "CVE-2011-1079", "CVE-2011-1044", "CVE-2011-1770", "CVE-2011-0712", "CVE-2011-1019", "CVE-2010-4248", "CVE-2011-1495", "CVE-2010-4243", "CVE-2011-1163", "CVE-2011-1169", "CVE-2011-1013", "CVE-2011-1833", "CVE-2010-3880", "CVE-2010-3874", "CVE-2010-4157", "CVE-2010-4160", "CVE-2011-1093", "CVE-2011-1010", "CVE-2011-1020", "CVE-2011-1016", "CVE-2011-1593", "CVE-2011-1170", "CVE-2010-3858", "CVE-2011-1172", "CVE-2011-1748", "CVE-2011-1171", "CVE-2011-1082", "CVE-2011-1493", "CVE-2010-4256", "CVE-2011-2534", "CVE-2011-0726", "CVE-2011-1745", "CVE-2011-1182", "CVE-2011-1090", "CVE-2010-4565", "CVE-2010-4175", "CVE-2011-1080", "CVE-2010-4077", "CVE-2010-4075", "CVE-2010-4655", "CVE-2011-1577", "CVE-2010-4076"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840745", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840745", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1202_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-ti-omap4 USN-1202-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1202-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840745\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-16 17:22:17 +0200 (Fri, 16 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"USN\", value:\"1202-1\");\n script_cve_id(\"CVE-2010-3296\", \"CVE-2010-3297\", \"CVE-2010-3858\", \"CVE-2010-3859\", \"CVE-2010-3874\", \"CVE-2010-3880\", \"CVE-2010-4073\", \"CVE-2010-4075\", \"CVE-2010-4076\", \"CVE-2010-4077\", \"CVE-2010-4080\", \"CVE-2010-4081\", \"CVE-2010-4082\", \"CVE-2010-4083\", \"CVE-2010-4157\", \"CVE-2010-4160\", \"CVE-2010-4162\", \"CVE-2010-4163\", \"CVE-2010-4668\", \"CVE-2010-4169\", \"CVE-2010-4175\", \"CVE-2010-4242\", \"CVE-2010-4243\", \"CVE-2010-4248\", \"CVE-2010-4256\", \"CVE-2010-4565\", \"CVE-2010-4649\", \"CVE-2011-1044\", \"CVE-2010-4655\", \"CVE-2010-4656\", \"CVE-2011-0463\", \"CVE-2011-0521\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-0712\", \"CVE-2011-0726\", \"CVE-2011-1010\", \"CVE-2011-1012\", \"CVE-2011-1013\", \"CVE-2011-1016\", \"CVE-2011-1017\", \"CVE-2011-1019\", \"CVE-2011-1020\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1082\", \"CVE-2011-1090\", \"CVE-2011-1093\", \"CVE-2011-1160\", \"CVE-2011-1163\", \"CVE-2011-1169\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-2534\", \"CVE-2011-1173\", \"CVE-2011-1180\", \"CVE-2011-1182\", \"CVE-2011-1478\", \"CVE-2011-1493\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1577\", \"CVE-2011-1593\", \"CVE-2011-1598\", \"CVE-2011-1748\", \"CVE-2011-1745\", \"CVE-2011-2022\", \"CVE-2011-1746\", \"CVE-2011-1770\", \"CVE-2011-1833\", \"CVE-2011-2484\", \"CVE-2011-2492\", \"CVE-2011-2699\", \"CVE-2011-2918\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-1202-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.10\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1202-1\");\n script_tag(name:\"affected\", value:\"linux-ti-omap4 on Ubuntu 10.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Dan Rosenberg discovered that several network ioctls did not clear kernel\n memory correctly. A local user could exploit this to read kernel stack\n memory, leading to a loss of privacy. (CVE-2010-3296, CVE-2010-3297)\n\n Brad Spengler discovered that stack memory for new a process was not\n correctly calculated. A local attacker could exploit this to crash the\n system, leading to a denial of service. (CVE-2010-3858)\n\n Dan Rosenberg discovered that the Linux kernel TIPC implementation\n contained multiple integer signedness errors. A local attacker could\n exploit this to gain root privileges. (CVE-2010-3859)\n\n Dan Rosenberg discovered that the CAN protocol on 64bit systems did not\n correctly calculate the size of certain buffers. A local attacker could\n exploit this to crash the system or possibly execute arbitrary code as the\n root user. (CVE-2010-3874)\n\n Nelson Elhage discovered that the Linux kernel IPv4 implementation did not\n properly audit certain bytecodes in netlink messages. A local attacker\n could exploit this to cause the kernel to hang, leading to a denial of\n service. (CVE-2010-3880)\n\n Dan Rosenberg discovered that IPC structures were not correctly initialized\n on 64bit systems. A local attacker could exploit this to read kernel stack\n memory, leading to a loss of privacy. (CVE-2010-4073)\n\n Dan Rosenberg discovered that multiple terminal ioctls did not correctly\n initialize structure memory. A local attacker could exploit this to read\n portions of kernel stack memory, leading to a loss of privacy.\n (CVE-2010-4075, CVE-2010-4076, CVE-2010-4077)\n\n Dan Rosenberg discovered that the RME Hammerfall DSP audio interface driver\n did not correctly clear kernel memory. A local attacker could exploit this\n to read kernel stack memory, leading to a loss of privacy. (CVE-2010-4080,\n CVE-2010-4081)\n\n Dan Rosenberg discovered that the VIA video driver did not correctly clear\n kernel memory. A local attacker could exploit this to read kernel stack\n memory, leading to a loss of privacy. (CVE-2010-4082)\n\n Dan Rosenberg discovered that the semctl syscall did not correctly clear\n kernel memory. A local attacker could exploit this to read kernel stack\n memory, leading to a loss of privacy. (CVE-2010-4083)\n\n James Bottomley discovered that the ICP vortex storage array controller\n driver did not validate certain sizes. A local attacker on a 64bit system\n could exploit this to crash the kernel, leading to a denial of service.\n (CVE-2010-4157)\n\n Dan Rosenberg discovered that the Linux kernel L2TP implementation\n contained multiple integer sign ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-903-omap4\", ver:\"2.6.35-903.24\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-12-04T11:27:15", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1162-1", "cvss3": {}, "published": "2011-07-08T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-mvl-dove USN-1162-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1017", "CVE-2010-4529", "CVE-2011-1746", "CVE-2011-0695", "CVE-2011-1494", "CVE-2011-1598", "CVE-2011-0463", "CVE-2011-0711", "CVE-2011-2022", "CVE-2010-4263", "CVE-2011-1747", "CVE-2011-1019", "CVE-2011-1495", "CVE-2010-4243", "CVE-2011-1163", "CVE-2011-1013", "CVE-2010-4342", "CVE-2011-1016", "CVE-2011-1593", "CVE-2011-1748", "CVE-2011-0726", "CVE-2011-1745", "CVE-2011-1182", "CVE-2011-1090", "CVE-2010-4565"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840696", "href": "http://plugins.openvas.org/nasl.php?oid=840696", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1162_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux-mvl-dove USN-1162-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Brad Spengler discovered that the kernel did not correctly account for\n userspace memory allocations during exec() calls. A local attacker could\n exploit this to consume all system memory, leading to a denial of service.\n (CVE-2010-4243)\n\n Alexander Duyck discovered that the Intel Gigabit Ethernet driver did not\n correctly handle certain configurations. If such a device was configured\n without VLANs, a remote attacker could crash the system, leading to a\n denial of service. (CVE-2010-4263)\n \n Nelson Elhage discovered that Econet did not correctly handle AUN packets\n over UDP. A local attacker could send specially crafted traffic to crash\n the system, leading to a denial of service. (CVE-2010-4342)\n \n Dan Rosenberg discovered that IRDA did not correctly check the size of\n buffers. On non-x86 systems, a local attacker could exploit this to read\n kernel heap memory, leading to a loss of privacy. (CVE-2010-4529)\n \n Dan Rosenburg discovered that the CAN subsystem leaked kernel addresses\n into the /proc filesystem. A local attacker could use this to increase the\n chances of a successful memory corruption exploit. (CVE-2010-4565)\n \n Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly\n clear memory when writing certain file holes. A local attacker could\n exploit this to read uninitialized data from the disk, leading to a loss of\n privacy. (CVE-2011-0463)\n \n Jens Kuehnel discovered that the InfiniBand driver contained a race\n condition. On systems using InfiniBand, a local attacker could send\n specially crafted requests to crash the system, leading to a denial of\n service. (CVE-2011-0695)\n \n Dan Rosenberg discovered that XFS did not correctly initialize memory. A\n local attacker could make crafted ioctl calls to leak portions of kernel\n stack memory, leading to a loss of privacy. (CVE-2011-0711)\n \n Kees Cook reported that /proc/pid/stat did not correctly filter certain\n memory locations. A local attacker could determine the memory layout of\n processes in an attempt to increase the chances of a successful memory\n corruption exploit. (CVE-2011-0726)\n \n Matthiew Herrb discovered that the drm modeset interface did not correctly\n handle a signed comparison. A local attacker could exploit this to crash\n the system or possibly gain root privileges. (CVE-2011-1013)\n \n Marek Olšák discovered that the Radeon GPU drivers did not correctly\n validate certain registers. On systems with specific hardware, a local\n attacker could exploit this to write to arbitrary video memory.\n (CVE-2011-1016)\n \n Timo Warns discovered that t ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1162-1\";\ntag_affected = \"linux-mvl-dove on Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1162-1/\");\n script_id(840696);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-08 16:31:28 +0200 (Fri, 08 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1162-1\");\n script_cve_id(\"CVE-2010-4243\", \"CVE-2010-4263\", \"CVE-2010-4342\", \"CVE-2010-4529\", \"CVE-2010-4565\", \"CVE-2011-0463\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-0726\", \"CVE-2011-1013\", \"CVE-2011-1016\", \"CVE-2011-1017\", \"CVE-2011-1019\", \"CVE-2011-1090\", \"CVE-2011-1163\", \"CVE-2011-1182\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1593\", \"CVE-2011-1598\", \"CVE-2011-1748\", \"CVE-2011-1745\", \"CVE-2011-2022\", \"CVE-2011-1746\", \"CVE-2011-1747\");\n script_name(\"Ubuntu Update for linux-mvl-dove USN-1162-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-217-dove\", ver:\"2.6.32-217.34\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-08-08T14:24:13", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1162-1", "cvss3": {}, "published": "2011-07-08T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-mvl-dove USN-1162-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1017", "CVE-2010-4529", "CVE-2011-1746", "CVE-2011-0695", "CVE-2011-1494", "CVE-2011-1598", "CVE-2011-0463", "CVE-2011-0711", "CVE-2011-2022", "CVE-2010-4263", "CVE-2011-1747", "CVE-2011-1019", "CVE-2011-1495", "CVE-2010-4243", "CVE-2011-1163", "CVE-2011-1013", "CVE-2010-4342", "CVE-2011-1016", "CVE-2011-1593", "CVE-2011-1748", "CVE-2011-0726", "CVE-2011-1745", "CVE-2011-1182", "CVE-2011-1090", "CVE-2010-4565"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840696", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840696", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1162_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-mvl-dove USN-1162-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1162-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840696\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-08 16:31:28 +0200 (Fri, 08 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1162-1\");\n script_cve_id(\"CVE-2010-4243\", \"CVE-2010-4263\", \"CVE-2010-4342\", \"CVE-2010-4529\", \"CVE-2010-4565\", \"CVE-2011-0463\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-0726\", \"CVE-2011-1013\", \"CVE-2011-1016\", \"CVE-2011-1017\", \"CVE-2011-1019\", \"CVE-2011-1090\", \"CVE-2011-1163\", \"CVE-2011-1182\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1593\", \"CVE-2011-1598\", \"CVE-2011-1748\", \"CVE-2011-1745\", \"CVE-2011-2022\", \"CVE-2011-1746\", \"CVE-2011-1747\");\n script_name(\"Ubuntu Update for linux-mvl-dove USN-1162-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1162-1\");\n script_tag(name:\"affected\", value:\"linux-mvl-dove on Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Brad Spengler discovered that the kernel did not correctly account for\n userspace memory allocations during exec() calls. A local attacker could\n exploit this to consume all system memory, leading to a denial of service.\n (CVE-2010-4243)\n\n Alexander Duyck discovered that the Intel Gigabit Ethernet driver did not\n correctly handle certain configurations. If such a device was configured\n without VLANs, a remote attacker could crash the system, leading to a\n denial of service. (CVE-2010-4263)\n\n Nelson Elhage discovered that Econet did not correctly handle AUN packets\n over UDP. A local attacker could send specially crafted traffic to crash\n the system, leading to a denial of service. (CVE-2010-4342)\n\n Dan Rosenberg discovered that IRDA did not correctly check the size of\n buffers. On non-x86 systems, a local attacker could exploit this to read\n kernel heap memory, leading to a loss of privacy. (CVE-2010-4529)\n\n Dan Rosenburg discovered that the CAN subsystem leaked kernel addresses\n into the /proc filesystem. A local attacker could use this to increase the\n chances of a successful memory corruption exploit. (CVE-2010-4565)\n\n Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly\n clear memory when writing certain file holes. A local attacker could\n exploit this to read uninitialized data from the disk, leading to a loss of\n privacy. (CVE-2011-0463)\n\n Jens Kuehnel discovered that the InfiniBand driver contained a race\n condition. On systems using InfiniBand, a local attacker could send\n specially crafted requests to crash the system, leading to a denial of\n service. (CVE-2011-0695)\n\n Dan Rosenberg discovered that XFS did not correctly initialize memory. A\n local attacker could make crafted ioctl calls to leak portions of kernel\n stack memory, leading to a loss of privacy. (CVE-2011-0711)\n\n Kees Cook reported that /proc/pid/stat did not correctly filter certain\n memory locations. A local attacker could determine the memory layout of\n processes in an attempt to increase the chances of a successful memory\n corruption exploit. (CVE-2011-0726)\n\n Matthiew Herrb discovered that the drm modeset interface did not correctly\n handle a signed comparison. A local attacker could exploit this to crash\n the system or possibly gain root privileges. (CVE-2011-1013)\n\n Marek Olsaak discovered that the Radeon GPU drivers did not correctly\n validate certain registers. On systems with specific hardware, a local\n attacker could exploit this to write to arbitrary video memory.\n (CVE-2011-1016)\n\n Timo Warns discovered that t ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-217-dove\", ver:\"2.6.32-217.34\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:46", "description": "The remote host is missing an update to xen\nannounced via advisory DSA 2337-1.", "cvss3": {}, "published": "2012-02-11T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2337-1 (xen)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3262", "CVE-2011-1166", "CVE-2011-1583", "CVE-2011-1898"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:136141256231070551", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070551", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2337_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2337-1 (xen)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70551\");\n script_tag(name:\"cvss_base\", value:\"7.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-1166\", \"CVE-2011-1583\", \"CVE-2011-1898\", \"CVE-2011-3262\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 02:27:52 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2337-1 (xen)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202337-1\");\n script_tag(name:\"insight\", value:\"Several vulnerabilities were discovered in the Xen virtual machine\nhypervisor.\n\nCVE-2011-1166\n\nA 64-bit guest can get one of its vCPU'ss into non-kernel\nmode without first providing a valid non-kernel pagetable,\nthereby locking up the host system.\n\nCVE-2011-1583, CVE-2011-3262\n\nLocal users can cause a denial of service and possibly execute\narbitrary code via a crafted paravirtualised guest kernel image.\n\nCVE-2011-1898\n\nWhen using PCI passthrough on Intel VT-d chipsets that do not\nhave interrupt remapping, guest OS can users to gain host OS\nprivileges by writing to the interrupt injection registers.\n\nThe oldstable distribution (lenny) contains a different version of Xen\nnot affected by these problems.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 4.0.1-4.\n\nFor the testing (wheezy) and unstable distribution (sid), this problem\nhas been fixed in version 4.1.1-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your xen packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to xen\nannounced via advisory DSA 2337-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libxen-dev\", ver:\"4.0.1-4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxenstore3.0\", ver:\"4.0.1-4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-docs-4.0\", ver:\"4.0.1-4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-hypervisor-4.0-amd64\", ver:\"4.0.1-4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-hypervisor-4.0-i386\", ver:\"4.0.1-4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-utils-4.0\", ver:\"4.0.1-4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xenstore-utils\", ver:\"4.0.1-4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:51:01", "description": "The remote host is missing an update to xen\nannounced via advisory DSA 2337-1.", "cvss3": {}, "published": "2012-02-11T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2337-1 (xen)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3262", "CVE-2011-1166", "CVE-2011-1583", "CVE-2011-1898"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:70551", "href": "http://plugins.openvas.org/nasl.php?oid=70551", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2337_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2337-1 (xen)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities were discovered in the Xen virtual machine\nhypervisor.\n\nCVE-2011-1166\n\nA 64-bit guest can get one of its vCPU'ss into non-kernel\nmode without first providing a valid non-kernel pagetable,\nthereby locking up the host system.\n\nCVE-2011-1583, CVE-2011-3262\n\nLocal users can cause a denial of service and possibly execute\narbitrary code via a crafted paravirtualised guest kernel image.\n\nCVE-2011-1898\n\nWhen using PCI passthrough on Intel VT-d chipsets that do not\nhave interrupt remapping, guest OS can users to gain host OS\nprivileges by writing to the interrupt injection registers.\n\nThe oldstable distribution (lenny) contains a different version of Xen\nnot affected by these problems.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 4.0.1-4.\n\nFor the testing (wheezy) and unstable distribution (sid), this problem\nhas been fixed in version 4.1.1-1.\n\nWe recommend that you upgrade your xen packages.\";\ntag_summary = \"The remote host is missing an update to xen\nannounced via advisory DSA 2337-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202337-1\";\n\nif(description)\n{\n script_id(70551);\n script_tag(name:\"cvss_base\", value:\"7.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-1166\", \"CVE-2011-1583\", \"CVE-2011-1898\", \"CVE-2011-3262\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 02:27:52 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2337-1 (xen)\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libxen-dev\", ver:\"4.0.1-4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxenstore3.0\", ver:\"4.0.1-4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-docs-4.0\", ver:\"4.0.1-4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-hypervisor-4.0-amd64\", ver:\"4.0.1-4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-hypervisor-4.0-i386\", ver:\"4.0.1-4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-utils-4.0\", ver:\"4.0.1-4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xenstore-utils\", ver:\"4.0.1-4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.4, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2021-10-21T04:44:59", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* A flaw in the dccp_rcv_state_process() function could allow a remote\nattacker to cause a denial of service, even when the socket was already\nclosed. (CVE-2011-1093, Important)\n\n* Multiple buffer overflow flaws were found in the Linux kernel's\nManagement Module Support for Message Passing Technology (MPT) based\ncontrollers. A local, unprivileged user could use these flaws to cause a\ndenial of service, an information leak, or escalate their privileges.\n(CVE-2011-1494, CVE-2011-1495, Important)\n\n* A missing validation of a null-terminated string data structure element\nin the bnep_sock_ioctl() function could allow a local user to cause an\ninformation leak or a denial of service. (CVE-2011-1079, Moderate)\n\n* Missing error checking in the way page tables were handled in the Xen\nhypervisor implementation could allow a privileged guest user to cause the\nhost, and the guests, to lock up. (CVE-2011-1166, Moderate)\n\n* A flaw was found in the way the Xen hypervisor implementation checked for\nthe upper boundary when getting a new event channel port. A privileged\nguest user could use this flaw to cause a denial of service or escalate\ntheir privileges. (CVE-2011-1763, Moderate)\n\n* The start_code and end_code values in \"/proc/[pid]/stat\" were not\nprotected. In certain scenarios, this flaw could be used to defeat Address\nSpace Layout Randomization (ASLR). (CVE-2011-0726, Low)\n\n* A missing initialization flaw in the sco_sock_getsockopt() function could\nallow a local, unprivileged user to cause an information leak.\n(CVE-2011-1078, Low)\n\n* A missing validation of a null-terminated string data structure element\nin the do_replace() function could allow a local user who has the\nCAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1080, Low)\n\n* A buffer overflow flaw in the DEC Alpha OSF partition implementation in\nthe Linux kernel could allow a local attacker to cause an information leak\nby mounting a disk that contains specially-crafted partition tables.\n(CVE-2011-1163, Low)\n\n* Missing validations of null-terminated string data structure elements in\nthe do_replace(), compat_do_replace(), do_ipt_get_ctl(), do_ip6t_get_ctl(),\nand do_arpt_get_ctl() functions could allow a local user who has the\nCAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1170,\nCVE-2011-1171, CVE-2011-1172, Low)\n\n* A heap overflow flaw in the Linux kernel's EFI GUID Partition Table (GPT)\nimplementation could allow a local attacker to cause a denial of service\nby mounting a disk that contains specially-crafted partition tables.\n(CVE-2011-1577, Low)\n\nRed Hat would like to thank Dan Rosenberg for reporting CVE-2011-1494 and\nCVE-2011-1495; Vasiliy Kulikov for reporting CVE-2011-1079, CVE-2011-1078,\nCVE-2011-1080, CVE-2011-1170, CVE-2011-1171, and CVE-2011-1172; Kees Cook\nfor reporting CVE-2011-0726; and Timo Warns for reporting CVE-2011-1163\nand CVE-2011-1577.\n\nThis update also fixes several bugs. Documentation for these bug fixes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues, and fix the bugs noted in the Technical\nNotes. The system must be rebooted for this update to take effect.\n", "cvss3": {}, "published": "2011-05-31T00:00:00", "type": "redhat", "title": "(RHSA-2011:0833) Important: kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0726", "CVE-2011-1078", "CVE-2011-1079", "CVE-2011-1080", "CVE-2011-1093", "CVE-2011-1163", "CVE-2011-1166", "CVE-2011-1170", "CVE-2011-1171", "CVE-2011-1172", "CVE-2011-1494", "CVE-2011-1495", "CVE-2011-1577", "CVE-2011-1763"], "modified": "2017-09-08T08:14:44", "id": "RHSA-2011:0833", "href": "https://access.redhat.com/errata/RHSA-2011:0833", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-10-19T20:40:41", "description": "The kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* A race condition in the way the Linux kernel's InfiniBand implementation\nset up new connections could allow a remote user to cause a denial of\nservice. (CVE-2011-0695, Important)\n\n* An integer signedness flaw in drm_modeset_ctl() could allow a local,\nunprivileged user to cause a denial of service or escalate their\nprivileges. (CVE-2011-1013, Important)\n\n* A flaw in dccp_rcv_state_process() could allow a remote attacker to cause\na denial of service, even when the socket was already closed.\n(CVE-2011-1093, Important)\n\n* A missing validation of a null-terminated string data structure element\nin bnep_sock_ioctl() could allow a local user to cause an information leak\nor a denial of service. (CVE-2011-1079, Moderate)\n\n* A flaw in the Linux kernel's Event Poll (epoll) implementation could\nallow a local, unprivileged user to cause a denial of service.\n(CVE-2011-1082, Moderate)\n\n* A missing initialization flaw in the XFS file system implementation could\nlead to an information leak. (CVE-2011-0711, Low)\n\n* The start_code and end_code values in \"/proc/[pid]/stat\" were not\nprotected. In certain scenarios, this flaw could be used to defeat Address\nSpace Layout Randomization (ASLR). (CVE-2011-0726, Low)\n\n* A missing validation check in the Linux kernel's mac_partition()\nimplementation, used for supporting file systems created on Mac OS\noperating systems, could allow a local attacker to cause a denial of\nservice by mounting a disk that contains specially-crafted partitions.\n(CVE-2011-1010, Low)\n\n* A flaw in dev_load() could allow a local user who has the CAP_NET_ADMIN\ncapability to load arbitrary modules from \"/lib/modules/\", instead of only\nnetdev modules. (CVE-2011-1019, Low)\n\n* A missing initialization flaw in sco_sock_getsockopt_old() could allow a\nlocal, unprivileged user to cause an information leak. (CVE-2011-1078, Low)\n\n* A buffer overflow flaw in the DEC Alpha OSF partition implementation in\nthe Linux kernel could allow a local attacker to cause an information leak\nby mounting a disk that contains specially-crafted partition tables.\n(CVE-2011-1163, Low)\n\n* Missing validations of null-terminated string data structure elements\nin the do_replace(), compat_do_replace(), do_ipt_get_ctl(),\ndo_ip6t_get_ctl(), and do_arpt_get_ctl() functions could allow a local user\nwho has the CAP_NET_ADMIN capability to cause an information leak.\n(CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1080, Low)\n\nRed Hat would like to thank Jens Kuehnel for reporting CVE-2011-0695;\nVasiliy Kulikov for reporting CVE-2011-1079, CVE-2011-1019, CVE-2011-1078,\nCVE-2011-1170, CVE-2011-1171, CVE-2011-1172, and CVE-2011-1080; Nelson\nElhage for reporting CVE-2011-1082; Dan Rosenberg for reporting\nCVE-2011-0711; Kees Cook for reporting CVE-2011-0726; and Timo Warns for\nreporting CVE-2011-1010 and CVE-2011-1163.\n\nThis update also fixes various bugs. Documentation for these bug fixes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nUsers should upgrade to these updated packages, which upgrade the kernel-rt\nkernel to version 2.6.33.9-rt31, and correct these issues. The system must\nbe rebooted for this update to take effect.\n", "cvss3": {}, "published": "2011-05-10T00:00:00", "type": "redhat", "title": "(RHSA-2011:0500) Important: kernel-rt security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0695", "CVE-2011-0711", "CVE-2011-0726", "CVE-2011-1010", "CVE-2011-1013", "CVE-2011-1019", "CVE-2011-1078", "CVE-2011-1079", "CVE-2011-1080", "CVE-2011-1082", "CVE-2011-1093", "CVE-2011-1163", "CVE-2011-1170", "CVE-2011-1171", "CVE-2011-1172"], "modified": "2019-03-22T19:44:44", "id": "RHSA-2011:0500", "href": "https://access.redhat.com/errata/RHSA-2011:0500", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-10-19T18:36:52", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* Multiple buffer overflow flaws were found in the Linux kernel's\nManagement Module Support for Message Passing Technology (MPT) based\ncontrollers. A local, unprivileged user could use these flaws to cause a\ndenial of service, an information leak, or escalate their privileges.\n(CVE-2011-1494, CVE-2011-1495, Important)\n\n* A flaw was found in the Linux kernel's Ethernet bonding driver\nimplementation. Packets coming in from network devices that have more\nthan 16 receive queues to a bonding interface could cause a denial of\nservice. (CVE-2011-1581, Important)\n\n* A flaw was found in the Linux kernel's networking subsystem. If the\nnumber of packets received exceeded the receiver's buffer limit, they were\nqueued in a backlog, consuming memory, instead of being discarded. A remote\nattacker could abuse this flaw to cause a denial of service (out-of-memory\ncondition). (CVE-2010-4251, Moderate)\n\n* A flaw was found in the Linux kernel's Transparent Huge Pages (THP)\nimplementation. A local, unprivileged user could abuse this flaw to allow\nthe user stack (when it is using huge pages) to grow and cause a denial of\nservice. (CVE-2011-0999, Moderate)\n\n* A flaw was found in the transmit methods (xmit) for the loopback and\nInfiniBand transports in the Linux kernel's Reliable Datagram Sockets (RDS)\nimplementation. A local, unprivileged user could use this flaw to cause a\ndenial of service. (CVE-2011-1023, Moderate)\n\n* A flaw in the Linux kernel's Event Poll (epoll) implementation could\nallow a local, unprivileged user to cause a denial of service.\n(CVE-2011-1082, Moderate)\n\n* An inconsistency was found in the interaction between the Linux kernel's\nmethod for allocating NFSv4 (Network File System version 4) ACL data and\nthe method by which it was freed. This inconsistency led to a kernel panic\nwhich could be triggered by a local, unprivileged user with files owned by\nsaid user on an NFSv4 share. (CVE-2011-1090, Moderate)\n\n* A missing validation check was found in the Linux kernel's\nmac_partition() implementation, used for supporting file systems created\non Mac OS operating systems. A local attacker could use this flaw to cause\na denial of service by mounting a disk that contains specially-crafted\npartitions. (CVE-2011-1010, Low)\n\n* A buffer overflow flaw in the DEC Alpha OSF partition implementation in\nthe Linux kernel could allow a local attacker to cause an information leak\nby mounting a disk that contains specially-crafted partition tables.\n(CVE-2011-1163, Low)\n\n* Missing validations of null-terminated string data structure elements in\nthe do_replace(), compat_do_replace(), do_ipt_get_ctl(), do_ip6t_get_ctl(),\nand do_arpt_get_ctl() functions could allow a local user who has the\nCAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1170,\nCVE-2011-1171, CVE-2011-1172, Low)\n\nRed Hat would like to thank Dan Rosenberg for reporting CVE-2011-1494 and\nCVE-2011-1495; Nelson Elhage for reporting CVE-2011-1082; Timo Warns for\nreporting CVE-2011-1010 and CVE-2011-1163; and Vasiliy Kulikov for\nreporting CVE-2011-1170, CVE-2011-1171, and CVE-2011-1172.\n\nThis update also fixes several hundred bugs and adds enhancements. Refer to\nthe Red Hat Enterprise Linux 6.1 Release Notes for information on the most\nsignificant of these changes, and the Technical Notes for further\ninformation, both linked to in the References.\n\nAll Red Hat Enterprise Linux 6 users are advised to install these updated\npackages, which correct these issues, and fix the bugs and add the\nenhancements noted in the Red Hat Enterprise Linux 6.1 Release Notes and\nTechnical Notes. The system must be rebooted for this update to take\neffect.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2011-05-19T00:00:00", "type": "redhat", "title": "(RHSA-2011:0542) Important: Red Hat Enterprise Linux 6.1 kernel security, bug fix and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3881", "CVE-2010-4251", "CVE-2010-4805", "CVE-2011-0999", "CVE-2011-1010", "CVE-2011-1023", "CVE-2011-1082", "CVE-2011-1090", "CVE-2011-1163", "CVE-2011-1170", "CVE-2011-1171", "CVE-2011-1172", "CVE-2011-1494", "CVE-2011-1495", "CVE-2011-1581"], "modified": "2018-06-06T16:24:17", "id": "RHSA-2011:0542", "href": "https://access.redhat.com/errata/RHSA-2011:0542", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2021-10-19T18:40:11", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes:\n\n* An integer overflow flaw in ib_uverbs_poll_cq() could allow a local,\nunprivileged user to cause a denial of service or escalate their\nprivileges. (CVE-2010-4649, Important)\n\n* An integer signedness flaw in drm_modeset_ctl() could allow a local,\nunprivileged user to cause a denial of service or escalate their\nprivileges. (CVE-2011-1013, Important)\n\n* The Radeon GPU drivers in the Linux kernel were missing sanity checks for\nthe Anti Aliasing (AA) resolve register values which could allow a local,\nunprivileged user to cause a denial of service or escalate their privileges\non systems using a graphics card from the ATI Radeon R300, R400, or R500\nfamily of cards. (CVE-2011-1016, Important)\n\n* A flaw in dccp_rcv_state_process() could allow a remote attacker to\ncause a denial of service, even when the socket was already closed.\n(CVE-2011-1093, Important)\n\n* A flaw in the Linux kernel's Stream Control Transmission Protocol (SCTP)\nimplementation could allow a remote attacker to cause a denial of service\nif the sysctl \"net.sctp.addip_enable\" and \"auth_enable\" variables were\nturned on (they are off by default). (CVE-2011-1573, Important)\n\n* A memory leak in the inotify_init() system call. In some cases, it could\nleak a group, which could allow a local, unprivileged user to eventually\ncause a denial of service. (CVE-2010-4250, Moderate)\n\n* A missing validation of a null-terminated string data structure element\nin bnep_sock_ioctl() could allow a local user to cause an information leak\nor a denial of service. (CVE-2011-1079, Moderate)\n\n* An information leak in bcm_connect() in the Controller Area Network (CAN)\nBroadcast Manager implementation could allow a local, unprivileged user to\nleak kernel mode addresses in \"/proc/net/can-bcm\". (CVE-2010-4565, Low)\n\n* A flaw was found in the Linux kernel's Integrity Measurement Architecture\n(IMA) implementation. When SELinux was disabled, adding an IMA rule which\nwas supposed to be processed by SELinux would cause ima_match_rules() to\nalways succeed, ignoring any remaining rules. (CVE-2011-0006, Low)\n\n* A missing initialization flaw in the XFS file system implementation could\nlead to an information leak. (CVE-2011-0711, Low)\n\n* Buffer overflow flaws in snd_usb_caiaq_audio_init() and\nsnd_usb_caiaq_midi_init() could allow a local, unprivileged user with\naccess to a Native Instruments USB audio device to cause a denial of\nservice or escalate their privileges. (CVE-2011-0712, Low)\n\n* The start_code and end_code values in \"/proc/[pid]/stat\" were not\nprotected. In certain scenarios, this flaw could be used to defeat Address\nSpace Layout Randomization (ASLR). (CVE-2011-0726, Low)\n\n* A flaw in dev_load() could allow a local user who has the CAP_NET_ADMIN\ncapability to load arbitrary modules from \"/lib/modules/\", instead of only\nnetdev modules. (CVE-2011-1019, Low)\n\n* A flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to\ncause an information leak. (CVE-2011-1044, Low)\n\n* A missing validation of a null-terminated string data structure element\nin do_replace() could allow a local user who has the CAP_NET_ADMIN\ncapability to cause an information leak. (CVE-2011-1080, Low)\n\nRed Hat would like to thank Vegard Nossum for reporting CVE-2010-4250;\nVasiliy Kulikov for reporting CVE-2011-1079, CVE-2011-1019, and\nCVE-2011-1080; Dan Rosenberg for reporting CVE-2010-4565 and CVE-2011-0711;\nRafael Dominguez Vega for reporting CVE-2011-0712; and Kees Cook for\nreporting CVE-2011-0726.\n\nThis update also fixes various bugs and adds an enhancement. Documentation\nfor these changes will be available shortly from the Technical Notes\ndocument linked to in the References section.\n\nUsers should upgrade to these updated packages, which contain backported\npatches to resolve these issues, and fix the bugs and add the enhancement\nnoted in the Technical Notes. The system must be rebooted for this update\nto take effect.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2011-05-10T00:00:00", "type": "redhat", "title": "(RHSA-2011:0498) Important: kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4250", "CVE-2010-4565", "CVE-2010-4649", "CVE-2011-0006", "CVE-2011-0711", "CVE-2011-0712", "CVE-2011-0726", "CVE-2011-1013", "CVE-2011-1016", "CVE-2011-1019", "CVE-2011-1044", "CVE-2011-1079", "CVE-2011-1080", "CVE-2011-1093", "CVE-2011-1573"], "modified": "2018-06-06T16:24:11", "id": "RHSA-2011:0498", "href": "https://access.redhat.com/errata/RHSA-2011:0498", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-10-19T18:37:45", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* An integer overflow flaw was found in the i915_gem_execbuffer2() function\nin the Intel i915 driver in the Linux kernel. A local, unprivileged user\ncould use this flaw to cause a denial of service. This issue only affected\n32-bit systems. (CVE-2012-2383, Moderate)\n\n* A missing initialization flaw was found in the sco_sock_getsockopt_old()\nfunction in the Linux kernel's Bluetooth implementation. A local,\nunprivileged user could use this flaw to cause an information leak.\n(CVE-2011-1078, Low)\n\nRed Hat would like to thank Vasiliy Kulikov of Openwall for reporting the\nCVE-2011-1078 issue.\n\nThis update also fixes several bugs. Documentation for these changes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues, and fix the bugs noted in the Technical\nNotes. The system must be rebooted for this update to take effect.\n", "cvss3": {}, "published": "2012-08-14T00:00:00", "type": "redhat", "title": "(RHSA-2012:1156) Moderate: kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1078", "CVE-2012-2383"], "modified": "2018-06-06T16:24:15", "id": "RHSA-2012:1156", "href": "https://access.redhat.com/errata/RHSA-2012:1156", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2023-01-17T14:25:37", "description": "From Red Hat Security Advisory 2011:0833 :\n\nUpdated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* A flaw in the dccp_rcv_state_process() function could allow a remote attacker to cause a denial of service, even when the socket was already closed. (CVE-2011-1093, Important)\n\n* Multiple buffer overflow flaws were found in the Linux kernel's Management Module Support for Message Passing Technology (MPT) based controllers. A local, unprivileged user could use these flaws to cause a denial of service, an information leak, or escalate their privileges. (CVE-2011-1494, CVE-2011-1495, Important)\n\n* A missing validation of a null-terminated string data structure element in the bnep_sock_ioctl() function could allow a local user to cause an information leak or a denial of service. (CVE-2011-1079, Moderate)\n\n* Missing error checking in the way page tables were handled in the Xen hypervisor implementation could allow a privileged guest user to cause the host, and the guests, to lock up. (CVE-2011-1166, Moderate)\n\n* A flaw was found in the way the Xen hypervisor implementation checked for the upper boundary when getting a new event channel port.\nA privileged guest user could use this flaw to cause a denial of service or escalate their privileges. (CVE-2011-1763, Moderate)\n\n* The start_code and end_code values in '/proc/[pid]/stat' were not protected. In certain scenarios, this flaw could be used to defeat Address Space Layout Randomization (ASLR). (CVE-2011-0726, Low)\n\n* A missing initialization flaw in the sco_sock_getsockopt() function could allow a local, unprivileged user to cause an information leak.\n(CVE-2011-1078, Low)\n\n* A missing validation of a null-terminated string data structure element in the do_replace() function could allow a local user who has the CAP_NET_ADMIN capability to cause an information leak.\n(CVE-2011-1080, Low)\n\n* A buffer overflow flaw in the DEC Alpha OSF partition implementation in the Linux kernel could allow a local attacker to cause an information leak by mounting a disk that contains specially crafted partition tables. (CVE-2011-1163, Low)\n\n* Missing validations of null-terminated string data structure elements in the do_replace(), compat_do_replace(), do_ipt_get_ctl(), do_ip6t_get_ctl(), and do_arpt_get_ctl() functions could allow a local user who has the CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, Low)\n\n* A heap overflow flaw in the Linux kernel's EFI GUID Partition Table (GPT) implementation could allow a local attacker to cause a denial of service by mounting a disk that contains specially crafted partition tables. (CVE-2011-1577, Low)\n\nRed Hat would like to thank Dan Rosenberg for reporting CVE-2011-1494 and CVE-2011-1495; Vasiliy Kulikov for reporting CVE-2011-1079, CVE-2011-1078, CVE-2011-1080, CVE-2011-1170, CVE-2011-1171, and CVE-2011-1172; Kees Cook for reporting CVE-2011-0726; and Timo Warns for reporting CVE-2011-1163 and CVE-2011-1577.\n\nThis update also fixes several bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References section.\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : kernel (ELSA-2011-0833)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0726", "CVE-2011-1078", "CVE-2011-1079", "CVE-2011-1080", "CVE-2011-1093", "CVE-2011-1163", "CVE-2011-1166", "CVE-2011-1170", "CVE-2011-1171", "CVE-2011-1172", "CVE-2011-1494", "CVE-2011-1495", "CVE-2011-1577", "CVE-2011-1763"], "modified": "2021-08-24T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-PAE", "p-cpe:/a:oracle:linux:kernel-PAE-devel", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-doc", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-xen", "p-cpe:/a:oracle:linux:kernel-xen-devel", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2011-0833.NASL", "href": "https://www.tenable.com/plugins/nessus/68276", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:0833 and \n# Oracle Linux Security Advisory ELSA-2011-0833 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68276);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/24\");\n\n script_cve_id(\"CVE-2011-0726\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1163\", \"CVE-2011-1166\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1577\", \"CVE-2011-1763\");\n script_bugtraq_id(46616, 46793, 46878, 46919, 47185, 47343, 47791, 48048);\n script_xref(name:\"RHSA\", value:\"2011:0833\");\n\n script_name(english:\"Oracle Linux 5 : kernel (ELSA-2011-0833)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:0833 :\n\nUpdated kernel packages that fix multiple security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* A flaw in the dccp_rcv_state_process() function could allow a remote\nattacker to cause a denial of service, even when the socket was\nalready closed. (CVE-2011-1093, Important)\n\n* Multiple buffer overflow flaws were found in the Linux kernel's\nManagement Module Support for Message Passing Technology (MPT) based\ncontrollers. A local, unprivileged user could use these flaws to cause\na denial of service, an information leak, or escalate their\nprivileges. (CVE-2011-1494, CVE-2011-1495, Important)\n\n* A missing validation of a null-terminated string data structure\nelement in the bnep_sock_ioctl() function could allow a local user to\ncause an information leak or a denial of service. (CVE-2011-1079,\nModerate)\n\n* Missing error checking in the way page tables were handled in the\nXen hypervisor implementation could allow a privileged guest user to\ncause the host, and the guests, to lock up. (CVE-2011-1166, Moderate)\n\n* A flaw was found in the way the Xen hypervisor implementation\nchecked for the upper boundary when getting a new event channel port.\nA privileged guest user could use this flaw to cause a denial of\nservice or escalate their privileges. (CVE-2011-1763, Moderate)\n\n* The start_code and end_code values in '/proc/[pid]/stat' were not\nprotected. In certain scenarios, this flaw could be used to defeat\nAddress Space Layout Randomization (ASLR). (CVE-2011-0726, Low)\n\n* A missing initialization flaw in the sco_sock_getsockopt() function\ncould allow a local, unprivileged user to cause an information leak.\n(CVE-2011-1078, Low)\n\n* A missing validation of a null-terminated string data structure\nelement in the do_replace() function could allow a local user who has\nthe CAP_NET_ADMIN capability to cause an information leak.\n(CVE-2011-1080, Low)\n\n* A buffer overflow flaw in the DEC Alpha OSF partition implementation\nin the Linux kernel could allow a local attacker to cause an\ninformation leak by mounting a disk that contains specially crafted\npartition tables. (CVE-2011-1163, Low)\n\n* Missing validations of null-terminated string data structure\nelements in the do_replace(), compat_do_replace(), do_ipt_get_ctl(),\ndo_ip6t_get_ctl(), and do_arpt_get_ctl() functions could allow a local\nuser who has the CAP_NET_ADMIN capability to cause an information\nleak. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, Low)\n\n* A heap overflow flaw in the Linux kernel's EFI GUID Partition Table\n(GPT) implementation could allow a local attacker to cause a denial of\nservice by mounting a disk that contains specially crafted partition\ntables. (CVE-2011-1577, Low)\n\nRed Hat would like to thank Dan Rosenberg for reporting CVE-2011-1494\nand CVE-2011-1495; Vasiliy Kulikov for reporting CVE-2011-1079,\nCVE-2011-1078, CVE-2011-1080, CVE-2011-1170, CVE-2011-1171, and\nCVE-2011-1172; Kees Cook for reporting CVE-2011-0726; and Timo Warns\nfor reporting CVE-2011-1163 and CVE-2011-1577.\n\nThis update also fixes several bugs. Documentation for these bug fixes\nwill be available shortly from the Technical Notes document linked to\nin the References section.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues, and fix the bugs noted in\nthe Technical Notes. The system must be rebooted for this update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-June/002158.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n cve_list = make_list(\"CVE-2011-0726\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1163\", \"CVE-2011-1166\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1577\", \"CVE-2011-1763\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2011-0833\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-2.6.18-238.12.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-PAE-2.6.18\") && rpm_check(release:\"EL5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-238.12.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-PAE-devel-2.6.18\") && rpm_check(release:\"EL5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-238.12.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-debug-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-debug-2.6.18-238.12.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-debug-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-debug-devel-2.6.18-238.12.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-devel-2.6.18-238.12.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-doc-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-doc-2.6.18-238.12.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-headers-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-headers-2.6.18-238.12.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-xen-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-xen-2.6.18-238.12.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-xen-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-xen-devel-2.6.18-238.12.1.0.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-17T14:21:26", "description": "Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* A flaw in the dccp_rcv_state_process() function could allow a remote attacker to cause a denial of service, even when the socket was already closed. (CVE-2011-1093, Important)\n\n* Multiple buffer overflow flaws were found in the Linux kernel's Management Module Support for Message Passing Technology (MPT) based controllers. A local, unprivileged user could use these flaws to cause a denial of service, an information leak, or escalate their privileges. (CVE-2011-1494, CVE-2011-1495, Important)\n\n* A missing validation of a null-terminated string data structure element in the bnep_sock_ioctl() function could allow a local user to cause an information leak or a denial of service. (CVE-2011-1079, Moderate)\n\n* Missing error checking in the way page tables were handled in the Xen hypervisor implementation could allow a privileged guest user to cause the host, and the guests, to lock up. (CVE-2011-1166, Moderate)\n\n* A flaw was found in the way the Xen hypervisor implementation checked for the upper boundary when getting a new event channel port.\nA privileged guest user could use this flaw to cause a denial of service or escalate their privileges. (CVE-2011-1763, Moderate)\n\n* The start_code and end_code values in '/proc/[pid]/stat' were not protected. In certain scenarios, this flaw could be used to defeat Address Space Layout Randomization (ASLR). (CVE-2011-0726, Low)\n\n* A missing initialization flaw in the sco_sock_getsockopt() function could allow a local, unprivileged user to cause an information leak.\n(CVE-2011-1078, Low)\n\n* A missing validation of a null-terminated string data structure element in the do_replace() function could allow a local user who has the CAP_NET_ADMIN capability to cause an information leak.\n(CVE-2011-1080, Low)\n\n* A buffer overflow flaw in the DEC Alpha OSF partition implementation in the Linux kernel could allow a local attacker to cause an information leak by mounting a disk that contains specially crafted partition tables. (CVE-2011-1163, Low)\n\n* Missing validations of null-terminated string data structure elements in the do_replace(), compat_do_replace(), do_ipt_get_ctl(), do_ip6t_get_ctl(), and do_arpt_get_ctl() functions could allow a local user who has the CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, Low)\n\n* A heap overflow flaw in the Linux kernel's EFI GUID Partition Table (GPT) implementation could allow a local attacker to cause a denial of service by mounting a disk that contains specially crafted partition tables. (CVE-2011-1577, Low)\n\nRed Hat would like to thank Dan Rosenberg for reporting CVE-2011-1494 and CVE-2011-1495; Vasiliy Kulikov for reporting CVE-2011-1079, CVE-2011-1078, CVE-2011-1080, CVE-2011-1170, CVE-2011-1171, and CVE-2011-1172; Kees Cook for reporting CVE-2011-0726; and Timo Warns for reporting CVE-2011-1163 and CVE-2011-1577.\n\nThis update also fixes several bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References section.\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2011-06-01T00:00:00", "type": "nessus", "title": "RHEL 5 : kernel (RHSA-2011:0833)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0726", "CVE-2011-1078", "CVE-2011-1079", "CVE-2011-1080", "CVE-2011-1093", "CVE-2011-1163", "CVE-2011-1166", "CVE-2011-1170", "CVE-2011-1171", "CVE-2011-1172", "CVE-2011-1494", "CVE-2011-1495", "CVE-2011-1577", "CVE-2011-1763"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-xen", "p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.6"], "id": "REDHAT-RHSA-2011-0833.NASL", "href": "https://www.tenable.com/plugins/nessus/54925", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0833. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(54925);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0726\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1163\", \"CVE-2011-1166\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1577\", \"CVE-2011-1763\");\n script_bugtraq_id(46616, 46793, 46878, 46919, 47185, 47343, 47791, 48048);\n script_xref(name:\"RHSA\", value:\"2011:0833\");\n\n script_name(english:\"RHEL 5 : kernel (RHSA-2011:0833)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix multiple security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* A flaw in the dccp_rcv_state_process() function could allow a remote\nattacker to cause a denial of service, even when the socket was\nalready closed. (CVE-2011-1093, Important)\n\n* Multiple buffer overflow flaws were found in the Linux kernel's\nManagement Module Support for Message Passing Technology (MPT) based\ncontrollers. A local, unprivileged user could use these flaws to cause\na denial of service, an information leak, or escalate their\nprivileges. (CVE-2011-1494, CVE-2011-1495, Important)\n\n* A missing validation of a null-terminated string data structure\nelement in the bnep_sock_ioctl() function could allow a local user to\ncause an information leak or a denial of service. (CVE-2011-1079,\nModerate)\n\n* Missing error checking in the way page tables were handled in the\nXen hypervisor implementation could allow a privileged guest user to\ncause the host, and the guests, to lock up. (CVE-2011-1166, Moderate)\n\n* A flaw was found in the way the Xen hypervisor implementation\nchecked for the upper boundary when getting a new event channel port.\nA privileged guest user could use this flaw to cause a denial of\nservice or escalate their privileges. (CVE-2011-1763, Moderate)\n\n* The start_code and end_code values in '/proc/[pid]/stat' were not\nprotected. In certain scenarios, this flaw could be used to defeat\nAddress Space Layout Randomization (ASLR). (CVE-2011-0726, Low)\n\n* A missing initialization flaw in the sco_sock_getsockopt() function\ncould allow a local, unprivileged user to cause an information leak.\n(CVE-2011-1078, Low)\n\n* A missing validation of a null-terminated string data structure\nelement in the do_replace() function could allow a local user who has\nthe CAP_NET_ADMIN capability to cause an information leak.\n(CVE-2011-1080, Low)\n\n* A buffer overflow flaw in the DEC Alpha OSF partition implementation\nin the Linux kernel could allow a local attacker to cause an\ninformation leak by mounting a disk that contains specially crafted\npartition tables. (CVE-2011-1163, Low)\n\n* Missing validations of null-terminated string data structure\nelements in the do_replace(), compat_do_replace(), do_ipt_get_ctl(),\ndo_ip6t_get_ctl(), and do_arpt_get_ctl() functions could allow a local\nuser who has the CAP_NET_ADMIN capability to cause an information\nleak. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, Low)\n\n* A heap overflow flaw in the Linux kernel's EFI GUID Partition Table\n(GPT) implementation could allow a local attacker to cause a denial of\nservice by mounting a disk that contains specially crafted partition\ntables. (CVE-2011-1577, Low)\n\nRed Hat would like to thank Dan Rosenberg for reporting CVE-2011-1494\nand CVE-2011-1495; Vasiliy Kulikov for reporting CVE-2011-1079,\nCVE-2011-1078, CVE-2011-1080, CVE-2011-1170, CVE-2011-1171, and\nCVE-2011-1172; Kees Cook for reporting CVE-2011-0726; and Timo Warns\nfor reporting CVE-2011-1163 and CVE-2011-1577.\n\nThis update also fixes several bugs. Documentation for these bug fixes\nwill be available shortly from the Technical Notes document linked to\nin the References section.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues, and fix the bugs noted in\nthe Technical Notes. The system must be rebooted for this update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1093\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1171\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1494\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1763\"\n );\n # http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?056c0c27\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0833\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-0726\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1163\", \"CVE-2011-1166\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1577\", \"CVE-2011-1763\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2011:0833\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0833\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-2.6.18-238.12.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-2.6.18-238.12.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-2.6.18-238.12.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-2.6.18-238.12.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-devel-2.6.18-238.12.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-2.6.18-238.12.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-2.6.18-238.12.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.18-238.12.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.18-238.12.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.18-238.12.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.18-238.12.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-devel-2.6.18-238.12.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-devel-2.6.18-238.12.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.18-238.12.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"kernel-doc-2.6.18-238.12.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"kernel-headers-2.6.18-238.12.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-headers-2.6.18-238.12.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.18-238.12.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.18-238.12.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.18-238.12.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-2.6.18-238.12.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-2.6.18-238.12.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-devel-2.6.18-238.12.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.18-238.12.1.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-16T14:44:14", "description": "Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* A flaw in the dccp_rcv_state_process() function could allow a remote attacker to cause a denial of service, even when the socket was already closed. (CVE-2011-1093, Important)\n\n* Multiple buffer overflow flaws were found in the Linux kernel's Management Module Support for Message Passing Technology (MPT) based controllers. A local, unprivileged user could use these flaws to cause a denial of service, an information leak, or escalate their privileges. (CVE-2011-1494, CVE-2011-1495, Important)\n\n* A missing validation of a null-terminated string data structure element in the bnep_sock_ioctl() function could allow a local user to cause an information leak or a denial of service. (CVE-2011-1079, Moderate)\n\n* Missing error checking in the way page tables were handled in the Xen hypervisor implementation could allow a privileged guest user to cause the host, and the guests, to lock up. (CVE-2011-1166, Moderate)\n\n* A flaw was found in the way the Xen hypervisor implementation checked for the upper boundary when getting a new event channel port.\nA privileged guest user could use this flaw to cause a denial of service or escalate their privileges. (CVE-2011-1763, Moderate)\n\n* The start_code and end_code values in '/proc/[pid]/stat' were not protected. In certain scenarios, this flaw could be used to defeat Address Space Layout Randomization (ASLR). (CVE-2011-0726, Low)\n\n* A missing initialization flaw in the sco_sock_getsockopt() function could allow a local, unprivileged user to cause an information leak.\n(CVE-2011-1078, Low)\n\n* A missing validation of a null-terminated string data structure element in the do_replace() function could allow a local user who has the CAP_NET_ADMIN capability to cause an information leak.\n(CVE-2011-1080, Low)\n\n* A buffer overflow flaw in the DEC Alpha OSF partition implementation in the Linux kernel could allow a local attacker to cause an information leak by mounting a disk that contains specially crafted partition tables. (CVE-2011-1163, Low)\n\n* Missing validations of null-terminated string data structure elements in the do_replace(), compat_do_replace(), do_ipt_get_ctl(), do_ip6t_get_ctl(), and do_arpt_get_ctl() functions could allow a local user who has the CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, Low)\n\n* A heap overflow flaw in the Linux kernel's EFI GUID Partition Table (GPT) implementation could allow a local attacker to cause a denial of service by mounting a disk that contains specially crafted partition tables. (CVE-2011-1577, Low)\n\nRed Hat would like to thank Dan Rosenberg for reporting CVE-2011-1494 and CVE-2011-1495; Vasiliy Kulikov for reporting CVE-2011-1079, CVE-2011-1078, CVE-2011-1080, CVE-2011-1170, CVE-2011-1171, and CVE-2011-1172; Kees Cook for reporting CVE-2011-0726; and Timo Warns for reporting CVE-2011-1163 and CVE-2011-1577.\n\nThis update also fixes several bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References section.\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2013-06-29T00:00:00", "type": "nessus", "title": "CentOS 5 : kernel (CESA-2011:0833)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0726", "CVE-2011-1078", "CVE-2011-1079", "CVE-2011-1080", "CVE-2011-1093", "CVE-2011-1163", "CVE-2011-1166", "CVE-2011-1170", "CVE-2011-1171", "CVE-2011-1172", "CVE-2011-1494", "CVE-2011-1495", "CVE-2011-1577", "CVE-2011-1763"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-PAE", "p-cpe:/a:centos:centos:kernel-PAE-devel", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-xen", "p-cpe:/a:centos:centos:kernel-xen-devel", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2011-0833.NASL", "href": "https://www.tenable.com/plugins/nessus/67081", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0833 and \n# CentOS Errata and Security Advisory 2011:0833 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67081);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-0726\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1163\", \"CVE-2011-1166\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1577\", \"CVE-2011-1763\");\n script_bugtraq_id(46616, 46793, 46878, 46919, 47185, 47343, 47791, 48048);\n script_xref(name:\"RHSA\", value:\"2011:0833\");\n\n script_name(english:\"CentOS 5 : kernel (CESA-2011:0833)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix multiple security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* A flaw in the dccp_rcv_state_process() function could allow a remote\nattacker to cause a denial of service, even when the socket was\nalready closed. (CVE-2011-1093, Important)\n\n* Multiple buffer overflow flaws were found in the Linux kernel's\nManagement Module Support for Message Passing Technology (MPT) based\ncontrollers. A local, unprivileged user could use these flaws to cause\na denial of service, an information leak, or escalate their\nprivileges. (CVE-2011-1494, CVE-2011-1495, Important)\n\n* A missing validation of a null-terminated string data structure\nelement in the bnep_sock_ioctl() function could allow a local user to\ncause an information leak or a denial of service. (CVE-2011-1079,\nModerate)\n\n* Missing error checking in the way page tables were handled in the\nXen hypervisor implementation could allow a privileged guest user to\ncause the host, and the guests, to lock up. (CVE-2011-1166, Moderate)\n\n* A flaw was found in the way the Xen hypervisor implementation\nchecked for the upper boundary when getting a new event channel port.\nA privileged guest user could use this flaw to cause a denial of\nservice or escalate their privileges. (CVE-2011-1763, Moderate)\n\n* The start_code and end_code values in '/proc/[pid]/stat' were not\nprotected. In certain scenarios, this flaw could be used to defeat\nAddress Space Layout Randomization (ASLR). (CVE-2011-0726, Low)\n\n* A missing initialization flaw in the sco_sock_getsockopt() function\ncould allow a local, unprivileged user to cause an information leak.\n(CVE-2011-1078, Low)\n\n* A missing validation of a null-terminated string data structure\nelement in the do_replace() function could allow a local user who has\nthe CAP_NET_ADMIN capability to cause an information leak.\n(CVE-2011-1080, Low)\n\n* A buffer overflow flaw in the DEC Alpha OSF partition implementation\nin the Linux kernel could allow a local attacker to cause an\ninformation leak by mounting a disk that contains specially crafted\npartition tables. (CVE-2011-1163, Low)\n\n* Missing validations of null-terminated string data structure\nelements in the do_replace(), compat_do_replace(), do_ipt_get_ctl(),\ndo_ip6t_get_ctl(), and do_arpt_get_ctl() functions could allow a local\nuser who has the CAP_NET_ADMIN capability to cause an information\nleak. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, Low)\n\n* A heap overflow flaw in the Linux kernel's EFI GUID Partition Table\n(GPT) implementation could allow a local attacker to cause a denial of\nservice by mounting a disk that contains specially crafted partition\ntables. (CVE-2011-1577, Low)\n\nRed Hat would like to thank Dan Rosenberg for reporting CVE-2011-1494\nand CVE-2011-1495; Vasiliy Kulikov for reporting CVE-2011-1079,\nCVE-2011-1078, CVE-2011-1080, CVE-2011-1170, CVE-2011-1171, and\nCVE-2011-1172; Kees Cook for reporting CVE-2011-0726; and Timo Warns\nfor reporting CVE-2011-1163 and CVE-2011-1577.\n\nThis update also fixes several bugs. Documentation for these bug fixes\nwill be available shortly from the Technical Notes document linked to\nin the References section.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues, and fix the bugs noted in\nthe Technical Notes. The system must be rebooted for this update to\ntake effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-May/017609.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2ad5c8d8\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-May/017610.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d109830b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-2.6.18-238.12.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-238.12.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-238.12.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-debug-2.6.18-238.12.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-debug-devel-2.6.18-238.12.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-devel-2.6.18-238.12.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-doc-2.6.18-238.12.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-headers-2.6.18-238.12.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-2.6.18-238.12.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-devel-2.6.18-238.12.1.el5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-17T14:25:39", "description": "The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-2016 advisory.\n\n - The socket implementation in net/core/sock.c in the Linux kernel before 2.6.34 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service (memory consumption) by sending a large amount of network traffic, as demonstrated by netperf UDP tests.\n (CVE-2010-4251)\n\n - The Reliable Datagram Sockets (RDS) subsystem in the Linux kernel before 2.6.38 does not properly handle congestion map updates, which allows local users to cause a denial of service (BUG_ON and system crash) via vectors involving (1) a loopback (aka loop) transmit operation or (2) an InfiniBand (aka ib) transmit operation. (CVE-2011-1023)\n\n - fs/eventpoll.c in the Linux kernel before 2.6.38 places epoll file descriptors within other epoll data structures without properly checking for (1) closed loops or (2) deep chains, which allows local users to cause a denial of service (deadlock or stack memory consumption) via a crafted application that makes epoll_create and epoll_ctl system calls. (CVE-2011-1082)\n\n - The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing. (CVE-2011-1163)\n\n - net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process. (CVE-2011-1170)\n\n - net/ipv4/netfilter/ip_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process. (CVE-2011-1171)\n\n - net/ipv6/netfilter/ip6_tables.c in the IPv6 implementation in the Linux kernel before 2.6.39 does not place the expected '\\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process. (CVE-2011-1172)\n\n - Integer overflow in the _ctl_do_mpt_command function in drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier might allow local users to gain privileges or cause a denial of service (memory corruption) via an ioctl call specifying a crafted value that triggers a heap-based buffer overflow.\n (CVE-2011-1494)\n\n - drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier does not validate (1) length and (2) offset values before performing memory copy operations, which might allow local users to gain privileges, cause a denial of service (memory corruption), or obtain sensitive information from kernel memory via a crafted ioctl call, related to the _ctl_do_mpt_command and _ctl_diag_read_buffer functions.\n (CVE-2011-1495)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2011-2016)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4251", "CVE-2011-1023", "CVE-2011-1082", "CVE-2011-1163", "CVE-2011-1170", "CVE-2011-1171", "CVE-2011-1172", "CVE-2011-1494", "CVE-2011-1495"], "modified": "2022-01-26T00:00:00", "cpe": ["cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:ofa-2.6.32-100.28.17.el5", "p-cpe:/a:oracle:linux:ofa-2.6.32-100.28.17.el5debug"], "id": "ORACLELINUX_ELSA-2011-2016.NASL", "href": "https://www.tenable.com/plugins/nessus/68417", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2011-2016.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68417);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\n \"CVE-2010-4251\",\n \"CVE-2011-1023\",\n \"CVE-2011-1082\",\n \"CVE-2011-1163\",\n \"CVE-2011-1170\",\n \"CVE-2011-1171\",\n \"CVE-2011-1172\",\n \"CVE-2011-1494\",\n \"CVE-2011-1495\"\n );\n script_xref(name:\"IAVA\", value:\"2011-A-0147-S\");\n script_xref(name:\"IAVA\", value:\"2012-A-0020-S\");\n\n script_name(english:\"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2011-2016)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2011-2016 advisory.\n\n - The socket implementation in net/core/sock.c in the Linux kernel before 2.6.34 does not properly manage a\n backlog of received packets, which allows remote attackers to cause a denial of service (memory\n consumption) by sending a large amount of network traffic, as demonstrated by netperf UDP tests.\n (CVE-2010-4251)\n\n - The Reliable Datagram Sockets (RDS) subsystem in the Linux kernel before 2.6.38 does not properly handle\n congestion map updates, which allows local users to cause a denial of service (BUG_ON and system crash)\n via vectors involving (1) a loopback (aka loop) transmit operation or (2) an InfiniBand (aka ib) transmit\n operation. (CVE-2011-1023)\n\n - fs/eventpoll.c in the Linux kernel before 2.6.38 places epoll file descriptors within other epoll data\n structures without properly checking for (1) closed loops or (2) deep chains, which allows local users to\n cause a denial of service (deadlock or stack memory consumption) via a crafted application that makes\n epoll_create and epoll_ctl system calls. (CVE-2011-1082)\n\n - The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly\n handle an invalid number of partitions, which might allow local users to obtain potentially sensitive\n information from kernel heap memory via vectors related to partition-table parsing. (CVE-2011-1163)\n\n - net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not\n place the expected '\\0' character at the end of string data in the values of certain structure members,\n which allows local users to obtain potentially sensitive information from kernel memory by leveraging the\n CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting\n modprobe process. (CVE-2011-1170)\n\n - net/ipv4/netfilter/ip_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place\n the expected '\\0' character at the end of string data in the values of certain structure members, which\n allows local users to obtain potentially sensitive information from kernel memory by leveraging the\n CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting\n modprobe process. (CVE-2011-1171)\n\n - net/ipv6/netfilter/ip6_tables.c in the IPv6 implementation in the Linux kernel before 2.6.39 does not\n place the expected '\\0' character at the end of string data in the values of certain structure members,\n which allows local users to obtain potentially sensitive information from kernel memory by leveraging the\n CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting\n modprobe process. (CVE-2011-1172)\n\n - Integer overflow in the _ctl_do_mpt_command function in drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux\n kernel 2.6.38 and earlier might allow local users to gain privileges or cause a denial of service (memory\n corruption) via an ioctl call specifying a crafted value that triggers a heap-based buffer overflow.\n (CVE-2011-1494)\n\n - drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier does not validate (1) length and\n (2) offset values before performing memory copy operations, which might allow local users to gain\n privileges, cause a denial of service (memory corruption), or obtain sensitive information from kernel\n memory via a crafted ioctl call, related to the _ctl_do_mpt_command and _ctl_diag_read_buffer functions.\n (CVE-2011-1495)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2011-2016.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-1495\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/03/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-100.28.17.el5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-100.28.17.el5debug\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 5 / 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.32-100.28.17.el5', '2.6.32-100.28.17.el6'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2011-2016');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-2.6.32-100.28.17.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-100.28.17.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-100.28.17.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-100.28.17.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-doc-2.6.32-100.28.17.el5', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.32'},\n {'reference':'kernel-uek-firmware-2.6.32-100.28.17.el5', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.32'},\n {'reference':'kernel-uek-headers-2.6.32-100.28.17.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-2.6.32'},\n {'reference':'ofa-2.6.32-100.28.17.el5-1.5.1-4.0.28', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-100.28.17.el5debug-1.5.1-4.0.28', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-2.6.32-100.28.17.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-100.28.17.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-100.28.17.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-100.28.17.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-doc-2.6.32-100.28.17.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.32'},\n {'reference':'kernel-uek-firmware-2.6.32-100.28.17.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.32'},\n {'reference':'kernel-uek-headers-2.6.32-100.28.17.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-2.6.32'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:28:23", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n - Multiple buffer overflow flaws were found in the Linux kernel's Management Module Support for Message Passing Technology (MPT) based controllers. A local, unprivileged user could use these flaws to cause a denial of service, an information leak, or escalate their privileges. (CVE-2011-1494, CVE-2011-1495, Important)\n\n - A flaw was found in the Linux kernel's Ethernet bonding driver implementation. Packets coming in from network devices that have more than 16 receive queues to a bonding interface could cause a denial of service.\n (CVE-2011-1581, Important)\n\n - A flaw was found in the Linux kernel's networking subsystem. If the number of packets received exceeded the receiver's buffer limit, they were queued in a backlog, consuming memory, instead of being discarded. A remote attacker could abuse this flaw to cause a denial of service (out-of-memory condition). (CVE-2010-4251, Moderate)\n\n - A flaw was found in the Linux kernel's Transparent Huge Pages (THP) implementation. A local, unprivileged user could abuse this flaw to allow the user stack (when it is using huge pages) to grow and cause a denial of service. (CVE-2011-0999, Moderate)\n\n - A flaw was found in the transmit methods (xmit) for the loopback and InfiniBand transports in the Linux kernel's Reliable Datagram Sockets (RDS) implementation. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2011-1023, Moderate)\n\n - A flaw in the Linux kernel's Event Poll (epoll) implementation could allow a local, unprivileged user to cause a denial of service. (CVE-2011-1082, Moderate)\n\n - An inconsistency was found in the interaction between the Linux kernel's method for allocating NFSv4 (Network File System version 4) ACL data and the method by which it was freed. This inconsistency led to a kernel panic which could be triggered by a local, unprivileged user with files owned by said user on an NFSv4 share.\n (CVE-2011-1090, Moderate)\n\n - A missing validation check was found in the Linux kernel's mac_partition() implementation, used for supporting file systems created on Mac OS operating systems. A local attacker could use this flaw to cause a denial of service by mounting a disk that contains specially crafted partitions. (CVE-2011-1010, Low)\n\n - A buffer overflow flaw in the DEC Alpha OSF partition implementation in the Linux kernel could allow a local attacker to cause an information leak by mounting a disk that contains specially crafted partition tables.\n (CVE-2011-1163, Low)\n\n - Missing validations of null-terminated string data structure elements in the do_replace(), compat_do_replace(), do_ipt_get_ctl(), do_ip6t_get_ctl(), and do_arpt_get_ctl() functions could allow a local user who has the CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, Low)\n\nThis update also fixes several hundred bugs and adds enhancements.\n\nThe system must be rebooted for this update to take effect.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL6.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 8.5, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4251", "CVE-2011-0999", "CVE-2011-1010", "CVE-2011-1023", "CVE-2011-1082", "CVE-2011-1090", "CVE-2011-1163", "CVE-2011-1170", "CVE-2011-1171", "CVE-2011-1172", "CVE-2011-1494", "CVE-2011-1495", "CVE-2011-1581"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110519_KERNEL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61041", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61041);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-4251\", \"CVE-2011-0999\", \"CVE-2011-1010\", \"CVE-2011-1023\", \"CVE-2011-1082\", \"CVE-2011-1090\", \"CVE-2011-1163\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1494\", \"CVE-2011-1581\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n - Multiple buffer overflow flaws were found in the Linux\n kernel's Management Module Support for Message Passing\n Technology (MPT) based controllers. A local,\n unprivileged user could use these flaws to cause a\n denial of service, an information leak, or escalate\n their privileges. (CVE-2011-1494, CVE-2011-1495,\n Important)\n\n - A flaw was found in the Linux kernel's Ethernet bonding\n driver implementation. Packets coming in from network\n devices that have more than 16 receive queues to a\n bonding interface could cause a denial of service.\n (CVE-2011-1581, Important)\n\n - A flaw was found in the Linux kernel's networking\n subsystem. If the number of packets received exceeded\n the receiver's buffer limit, they were queued in a\n backlog, consuming memory, instead of being discarded. A\n remote attacker could abuse this flaw to cause a denial\n of service (out-of-memory condition). (CVE-2010-4251,\n Moderate)\n\n - A flaw was found in the Linux kernel's Transparent Huge\n Pages (THP) implementation. A local, unprivileged user\n could abuse this flaw to allow the user stack (when it\n is using huge pages) to grow and cause a denial of\n service. (CVE-2011-0999, Moderate)\n\n - A flaw was found in the transmit methods (xmit) for the\n loopback and InfiniBand transports in the Linux kernel's\n Reliable Datagram Sockets (RDS) implementation. A local,\n unprivileged user could use this flaw to cause a denial\n of service. (CVE-2011-1023, Moderate)\n\n - A flaw in the Linux kernel's Event Poll (epoll)\n implementation could allow a local, unprivileged user to\n cause a denial of service. (CVE-2011-1082, Moderate)\n\n - An inconsistency was found in the interaction between\n the Linux kernel's method for allocating NFSv4 (Network\n File System version 4) ACL data and the method by which\n it was freed. This inconsistency led to a kernel panic\n which could be triggered by a local, unprivileged user\n with files owned by said user on an NFSv4 share.\n (CVE-2011-1090, Moderate)\n\n - A missing validation check was found in the Linux\n kernel's mac_partition() implementation, used for\n supporting file systems created on Mac OS operating\n systems. A local attacker could use this flaw to cause a\n denial of service by mounting a disk that contains\n specially crafted partitions. (CVE-2011-1010, Low)\n\n - A buffer overflow flaw in the DEC Alpha OSF partition\n implementation in the Linux kernel could allow a local\n attacker to cause an information leak by mounting a disk\n that contains specially crafted partition tables.\n (CVE-2011-1163, Low)\n\n - Missing validations of null-terminated string data\n structure elements in the do_replace(),\n compat_do_replace(), do_ipt_get_ctl(),\n do_ip6t_get_ctl(), and do_arpt_get_ctl() functions could\n allow a local user who has the CAP_NET_ADMIN capability\n to cause an information leak. (CVE-2011-1170,\n CVE-2011-1171, CVE-2011-1172, Low)\n\nThis update also fixes several hundred bugs and adds enhancements.\n\nThe system must be rebooted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1106&L=scientific-linux-errata&T=0&P=2604\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6e61972e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"kernel-2.6.32-131.0.15.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-2.6.32-131.0.15.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-debuginfo-2.6.32-131.0.15.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-devel-2.6.32-131.0.15.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debuginfo-2.6.32-131.0.15.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"i386\", reference:\"kernel-debuginfo-common-i686-2.6.32-131.0.15.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-131.0.15.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-devel-2.6.32-131.0.15.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-doc-2.6.32-131.0.15.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-firmware-2.6.32-131.0.15.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-headers-2.6.32-131.0.15.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-2.6.32-131.0.15.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-debuginfo-2.6.32-131.0.15.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2023-01-17T14:12:09", "description": "Updated kernel packages that fix several security issues and three bugs are now available for Red Hat Enterprise Linux 6.0 Extended Update Support.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update includes backported fixes for security issues. These issues, except for CVE-2011-1182, only affected users of Red Hat Enterprise Linux 6.0 Extended Update Support as they have already been addressed for users of Red Hat Enterprise Linux 6 in the 6.1 update, RHSA-2011:0542.\n\nSecurity fixes :\n\n* Buffer overflow flaws were found in the Linux kernel's Management Module Support for Message Passing Technology (MPT) based controllers.\nA local, unprivileged user could use these flaws to cause a denial of service, an information leak, or escalate their privileges.\n(CVE-2011-1494, CVE-2011-1495, Important)\n\n* A flaw was found in the Linux kernel's networking subsystem. If the number of packets received exceeded the receiver's buffer limit, they were queued in a backlog, consuming memory, instead of being discarded. A remote attacker could abuse this flaw to cause a denial of service (out-of-memory condition). (CVE-2010-4251, CVE-2010-4805, Moderate)\n\n* A flaw was found in the Linux kernel's Transparent Huge Pages (THP) implementation. A local, unprivileged user could abuse this flaw to allow the user stack (when it is using huge pages) to grow and cause a denial of service. (CVE-2011-0999, Moderate)\n\n* A flaw in the Linux kernel's Event Poll (epoll) implementation could allow a local, unprivileged user to cause a denial of service.\n(CVE-2011-1082, Moderate)\n\n* An inconsistency was found in the interaction between the Linux kernel's method for allocating NFSv4 (Network File System version 4) ACL data and the method by which it was freed. This inconsistency led to a kernel panic which could be triggered by a local, unprivileged user with files owned by said user on an NFSv4 share. (CVE-2011-1090, Moderate)\n\n* It was found that some structure padding and reserved fields in certain data structures in KVM (Kernel-based Virtual Machine) were not initialized properly before being copied to user-space. A privileged host user with access to '/dev/kvm' could use this flaw to leak kernel stack memory to user-space. (CVE-2010-3881, Low)\n\n* A missing validation check was found in the Linux kernel's mac_partition() implementation, used for supporting file systems created on Mac OS operating systems. A local attacker could use this flaw to cause a denial of service by mounting a disk that contains specially crafted partitions. (CVE-2011-1010, Low)\n\n* A buffer overflow flaw in the DEC Alpha OSF partition implementation in the Linux kernel could allow a local attacker to cause an information leak by mounting a disk that contains specially crafted partition tables. (CVE-2011-1163, Low)\n\n* Missing validations of null-terminated string data structure elements in the do_replace(), compat_do_replace(), do_ipt_get_ctl(), do_ip6t_get_ctl(), and do_arpt_get_ctl() functions could allow a local user who has the CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, Low)\n\n* A missing validation check was found in the Linux kernel's signals implementation. A local, unprivileged user could use this flaw to send signals via the sigqueueinfo system call, with the si_code set to SI_TKILL and with spoofed process and user IDs, to other processes.\nNote: This flaw does not allow existing permission checks to be bypassed; signals can only be sent if your privileges allow you to already do so. (CVE-2011-1182, Low)\n\nRed Hat would like to thank Dan Rosenberg for reporting CVE-2011-1494 and CVE-2011-1495; Nelson Elhage for reporting CVE-2011-1082; Vasiliy Kulikov for reporting CVE-2010-3881, CVE-2011-1170, CVE-2011-1171, and CVE-2011-1172; Timo Warns for reporting CVE-2011-1010 and CVE-2011-1163; and Julien Tinnes of the Google Security Team for reporting CVE-2011-1182.\n\nThis update also fixes three bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2013-01-24T00:00:00", "type": "nessus", "title": "RHEL 6 : kernel (RHSA-2011:0883)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3881", "CVE-2010-4251", "CVE-2010-4805", "CVE-2011-0999", "CVE-2011-1010", "CVE-2011-1082", "CVE-2011-1090", "CVE-2011-1163", "CVE-2011-1170", "CVE-2011-1171", "CVE-2011-1172", "CVE-2011-1182", "CVE-2011-1494", "CVE-2011-1495"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "cpe:/o:redhat:enterprise_linux:6.0"], "id": "REDHAT-RHSA-2011-0883.NASL", "href": "https://www.tenable.com/plugins/nessus/63986", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0883. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63986);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3881\", \"CVE-2010-4251\", \"CVE-2010-4805\", \"CVE-2011-0999\", \"CVE-2011-1010\", \"CVE-2011-1082\", \"CVE-2011-1090\", \"CVE-2011-1163\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1182\", \"CVE-2011-1494\", \"CVE-2011-1495\");\n script_bugtraq_id(44666, 46442, 46492, 46630, 46637, 46766, 46878, 46919, 47003, 47185);\n script_xref(name:\"RHSA\", value:\"2011:0883\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2011:0883)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix several security issues and three\nbugs are now available for Red Hat Enterprise Linux 6.0 Extended\nUpdate Support.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update includes backported fixes for security issues. These\nissues, except for CVE-2011-1182, only affected users of Red Hat\nEnterprise Linux 6.0 Extended Update Support as they have already been\naddressed for users of Red Hat Enterprise Linux 6 in the 6.1 update,\nRHSA-2011:0542.\n\nSecurity fixes :\n\n* Buffer overflow flaws were found in the Linux kernel's Management\nModule Support for Message Passing Technology (MPT) based controllers.\nA local, unprivileged user could use these flaws to cause a denial of\nservice, an information leak, or escalate their privileges.\n(CVE-2011-1494, CVE-2011-1495, Important)\n\n* A flaw was found in the Linux kernel's networking subsystem. If the\nnumber of packets received exceeded the receiver's buffer limit, they\nwere queued in a backlog, consuming memory, instead of being\ndiscarded. A remote attacker could abuse this flaw to cause a denial\nof service (out-of-memory condition). (CVE-2010-4251, CVE-2010-4805,\nModerate)\n\n* A flaw was found in the Linux kernel's Transparent Huge Pages (THP)\nimplementation. A local, unprivileged user could abuse this flaw to\nallow the user stack (when it is using huge pages) to grow and cause a\ndenial of service. (CVE-2011-0999, Moderate)\n\n* A flaw in the Linux kernel's Event Poll (epoll) implementation could\nallow a local, unprivileged user to cause a denial of service.\n(CVE-2011-1082, Moderate)\n\n* An inconsistency was found in the interaction between the Linux\nkernel's method for allocating NFSv4 (Network File System version 4)\nACL data and the method by which it was freed. This inconsistency led\nto a kernel panic which could be triggered by a local, unprivileged\nuser with files owned by said user on an NFSv4 share. (CVE-2011-1090,\nModerate)\n\n* It was found that some structure padding and reserved fields in\ncertain data structures in KVM (Kernel-based Virtual Machine) were not\ninitialized properly before being copied to user-space. A privileged\nhost user with access to '/dev/kvm' could use this flaw to leak kernel\nstack memory to user-space. (CVE-2010-3881, Low)\n\n* A missing validation check was found in the Linux kernel's\nmac_partition() implementation, used for supporting file systems\ncreated on Mac OS operating systems. A local attacker could use this\nflaw to cause a denial of service by mounting a disk that contains\nspecially crafted partitions. (CVE-2011-1010, Low)\n\n* A buffer overflow flaw in the DEC Alpha OSF partition implementation\nin the Linux kernel could allow a local attacker to cause an\ninformation leak by mounting a disk that contains specially crafted\npartition tables. (CVE-2011-1163, Low)\n\n* Missing validations of null-terminated string data structure\nelements in the do_replace(), compat_do_replace(), do_ipt_get_ctl(),\ndo_ip6t_get_ctl(), and do_arpt_get_ctl() functions could allow a local\nuser who has the CAP_NET_ADMIN capability to cause an information\nleak. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, Low)\n\n* A missing validation check was found in the Linux kernel's signals\nimplementation. A local, unprivileged user could use this flaw to send\nsignals via the sigqueueinfo system call, with the si_code set to\nSI_TKILL and with spoofed process and user IDs, to other processes.\nNote: This flaw does not allow existing permission checks to be\nbypassed; signals can only be sent if your privileges allow you to\nalready do so. (CVE-2011-1182, Low)\n\nRed Hat would like to thank Dan Rosenberg for reporting CVE-2011-1494\nand CVE-2011-1495; Nelson Elhage for reporting CVE-2011-1082; Vasiliy\nKulikov for reporting CVE-2010-3881, CVE-2011-1170, CVE-2011-1171, and\nCVE-2011-1172; Timo Warns for reporting CVE-2011-1010 and\nCVE-2011-1163; and Julien Tinnes of the Google Security Team for\nreporting CVE-2011-1182.\n\nThis update also fixes three bugs. Documentation for these changes\nwill be available shortly from the Technical Notes document linked to\nin the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-3881.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-4251.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-4805.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-0999.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-1010.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-1082.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-1090.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-1163.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-1170.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-1171.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-1172.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-1182.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-1494.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-1495.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://rhn.redhat.com/errata/RHSA-2011-0542.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2011-0883.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-2.6.32-71.31.1.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-2.6.32-71.31.1.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-2.6.32-71.31.1.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-2.6.32-71.31.1.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-2.6.32-71.31.1.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-71.31.1.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-2.6.32-71.31.1.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-2.6.32-71.31.1.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-71.31.1.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.32-71.31.1.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.32-71.31.1.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-71.31.1.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-2.6.32-71.31.1.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-2.6.32-71.31.1.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-71.31.1.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-2.6.32-71.31.1.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-2.6.32-71.31.1.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-71.31.1.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-devel-2.6.32-71.31.1.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-devel-2.6.32-71.31.1.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-71.31.1.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"kernel-doc-2.6.32-71.31.1.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"kernel-firmware-2.6.32-71.31.1.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-headers-2.6.32-71.31.1.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-headers-2.6.32-71.31.1.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-71.31.1.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.32-71.31.1.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-2.6.32-71.31.1.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.32-71.31.1.el6\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"perf-2.6.32-71.31.1.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-17T14:19:37", "description": "Updated kernel packages that fix multiple security issues, address several hundred bugs and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 6. This is the first regular update.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* Multiple buffer overflow flaws were found in the Linux kernel's Management Module Support for Message Passing Technology (MPT) based controllers. A local, unprivileged user could use these flaws to cause a denial of service, an information leak, or escalate their privileges. (CVE-2011-1494, CVE-2011-1495, Important)\n\n* A flaw was found in the Linux kernel's Ethernet bonding driver implementation. Packets coming in from network devices that have more than 16 receive queues to a bonding interface could cause a denial of service. (CVE-2011-1581, Important)\n\n* A flaw was found in the Linux kernel's networking subsystem. If the number of packets received exceeded the receiver's buffer limit, they were queued in a backlog, consuming memory, instead of being discarded. A remote attacker could abuse this flaw to cause a denial of service (out-of-memory condition). (CVE-2010-4251, Moderate)\n\n* A flaw was found in the Linux kernel's Transparent Huge Pages (THP) implementation. A local, unprivileged user could abuse this flaw to allow the user stack (when it is using huge pages) to grow and cause a denial of service. (CVE-2011-0999, Moderate)\n\n* A flaw was found in the transmit methods (xmit) for the loopback and InfiniBand transports in the Linux kernel's Reliable Datagram Sockets (RDS) implementation. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2011-1023, Moderate)\n\n* A flaw in the Linux kernel's Event Poll (epoll) implementation could allow a local, unprivileged user to cause a denial of service.\n(CVE-2011-1082, Moderate)\n\n* An inconsistency was found in the interaction between the Linux kernel's method for allocating NFSv4 (Network File System version 4) ACL data and the method by which it was freed. This inconsistency led to a kernel panic which could be triggered by a local, unprivileged user with files owned by said user on an NFSv4 share. (CVE-2011-1090, Moderate)\n\n* A missing validation check was found in the Linux kernel's mac_partition() implementation, used for supporting file systems created on Mac OS operating systems. A local attacker could use this flaw to cause a denial of service by mounting a disk that contains specially crafted partitions. (CVE-2011-1010, Low)\n\n* A buffer overflow flaw in the DEC Alpha OSF partition implementation in the Linux kernel could allow a local attacker to cause an information leak by mounting a disk that contains specially crafted partition tables. (CVE-2011-1163, Low)\n\n* Missing validations of null-terminated string data structure elements in the do_replace(), compat_do_replace(), do_ipt_get_ctl(), do_ip6t_get_ctl(), and do_arpt_get_ctl() functions could allow a local user who has the CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, Low)\n\nRed Hat would like to thank Dan Rosenberg for reporting CVE-2011-1494 and CVE-2011-1495; Nelson Elhage for reporting CVE-2011-1082; Timo Warns for reporting CVE-2011-1010 and CVE-2011-1163; and Vasiliy Kulikov for reporting CVE-2011-1170, CVE-2011-1171, and CVE-2011-1172.\n\nThis update also fixes several hundred bugs and adds enhancements.\nRefer to the Red Hat Enterprise Linux 6.1 Release Notes for information on the most significant of these changes, and the Technical Notes for further information, both linked to in the References.\n\nAll Red Hat Enterprise Linux 6 users are advised to install these updated packages, which correct these issues, and fix the bugs and add the enhancements noted in the Red Hat Enterprise Linux 6.1 Release Notes and Technical Notes. The system must be rebooted for this update to take effect.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2011-05-20T00:00:00", "type": "nessus", "title": "RHEL 6 : kernel (RHSA-2011:0542)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 8.5, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3881", "CVE-2010-4251", "CVE-2010-4805", "CVE-2011-0999", "CVE-2011-1010", "CVE-2011-1023", "CVE-2011-1082", "CVE-2011-1090", "CVE-2011-1163", "CVE-2011-1170", "CVE-2011-1171", "CVE-2011-1172", "CVE-2011-1494", "CVE-2011-1495", "CVE-2011-1581"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2011-0542.NASL", "href": "https://www.tenable.com/plugins/nessus/54590", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0542. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(54590);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3881\", \"CVE-2010-4251\", \"CVE-2010-4805\", \"CVE-2011-0999\", \"CVE-2011-1010\", \"CVE-2011-1023\", \"CVE-2011-1082\", \"CVE-2011-1090\", \"CVE-2011-1163\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1581\");\n script_bugtraq_id(46442, 46492, 46630, 46637, 46676, 46766, 46878, 46919, 47185);\n script_xref(name:\"RHSA\", value:\"2011:0542\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2011:0542)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix multiple security issues, address\nseveral hundred bugs and add numerous enhancements are now available\nas part of the ongoing support and maintenance of Red Hat Enterprise\nLinux version 6. This is the first regular update.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* Multiple buffer overflow flaws were found in the Linux kernel's\nManagement Module Support for Message Passing Technology (MPT) based\ncontrollers. A local, unprivileged user could use these flaws to cause\na denial of service, an information leak, or escalate their\nprivileges. (CVE-2011-1494, CVE-2011-1495, Important)\n\n* A flaw was found in the Linux kernel's Ethernet bonding driver\nimplementation. Packets coming in from network devices that have more\nthan 16 receive queues to a bonding interface could cause a denial of\nservice. (CVE-2011-1581, Important)\n\n* A flaw was found in the Linux kernel's networking subsystem. If the\nnumber of packets received exceeded the receiver's buffer limit, they\nwere queued in a backlog, consuming memory, instead of being\ndiscarded. A remote attacker could abuse this flaw to cause a denial\nof service (out-of-memory condition). (CVE-2010-4251, Moderate)\n\n* A flaw was found in the Linux kernel's Transparent Huge Pages (THP)\nimplementation. A local, unprivileged user could abuse this flaw to\nallow the user stack (when it is using huge pages) to grow and cause a\ndenial of service. (CVE-2011-0999, Moderate)\n\n* A flaw was found in the transmit methods (xmit) for the loopback and\nInfiniBand transports in the Linux kernel's Reliable Datagram Sockets\n(RDS) implementation. A local, unprivileged user could use this flaw\nto cause a denial of service. (CVE-2011-1023, Moderate)\n\n* A flaw in the Linux kernel's Event Poll (epoll) implementation could\nallow a local, unprivileged user to cause a denial of service.\n(CVE-2011-1082, Moderate)\n\n* An inconsistency was found in the interaction between the Linux\nkernel's method for allocating NFSv4 (Network File System version 4)\nACL data and the method by which it was freed. This inconsistency led\nto a kernel panic which could be triggered by a local, unprivileged\nuser with files owned by said user on an NFSv4 share. (CVE-2011-1090,\nModerate)\n\n* A missing validation check was found in the Linux kernel's\nmac_partition() implementation, used for supporting file systems\ncreated on Mac OS operating systems. A local attacker could use this\nflaw to cause a denial of service by mounting a disk that contains\nspecially crafted partitions. (CVE-2011-1010, Low)\n\n* A buffer overflow flaw in the DEC Alpha OSF partition implementation\nin the Linux kernel could allow a local attacker to cause an\ninformation leak by mounting a disk that contains specially crafted\npartition tables. (CVE-2011-1163, Low)\n\n* Missing validations of null-terminated string data structure\nelements in the do_replace(), compat_do_replace(), do_ipt_get_ctl(),\ndo_ip6t_get_ctl(), and do_arpt_get_ctl() functions could allow a local\nuser who has the CAP_NET_ADMIN capability to cause an information\nleak. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, Low)\n\nRed Hat would like to thank Dan Rosenberg for reporting CVE-2011-1494\nand CVE-2011-1495; Nelson Elhage for reporting CVE-2011-1082; Timo\nWarns for reporting CVE-2011-1010 and CVE-2011-1163; and Vasiliy\nKulikov for reporting CVE-2011-1170, CVE-2011-1171, and CVE-2011-1172.\n\nThis update also fixes several hundred bugs and adds enhancements.\nRefer to the Red Hat Enterprise Linux 6.1 Release Notes for\ninformation on the most significant of these changes, and the\nTechnical Notes for further information, both linked to in the\nReferences.\n\nAll Red Hat Enterprise Linux 6 users are advised to install these\nupdated packages, which correct these issues, and fix the bugs and add\nthe enhancements noted in the Red Hat Enterprise Linux 6.1 Release\nNotes and Technical Notes. The system must be rebooted for this update\nto take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3881\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4251\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0999\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1023\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1082\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1090\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1171\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1494\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1581\"\n );\n # http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d2334068\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0542\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/12/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2010-3881\", \"CVE-2010-4251\", \"CVE-2010-4805\", \"CVE-2011-0999\", \"CVE-2011-1010\", \"CVE-2011-1023\", \"CVE-2011-1082\", \"CVE-2011-1090\", \"CVE-2011-1163\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1581\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2011:0542\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0542\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-2.6.32-131.0.15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-2.6.32-131.0.15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-2.6.32-131.0.15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-2.6.32-131.0.15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-2.6.32-131.0.15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-131.0.15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-2.6.32-131.0.15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-2.6.32-131.0.15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-131.0.15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.32-131.0.15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.32-131.0.15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-131.0.15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-2.6.32-131.0.15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-2.6.32-131.0.15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-131.0.15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-2.6.32-131.0.15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-2.6.32-131.0.15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-131.0.15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-devel-2.6.32-131.0.15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-devel-2.6.32-131.0.15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-131.0.15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-doc-2.6.32-131.0.15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-firmware-2.6.32-131.0.15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-headers-2.6.32-131.0.15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-headers-2.6.32-131.0.15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-131.0.15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.32-131.0.15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-2.6.32-131.0.15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.32-131.0.15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-2.6.32-131.0.15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-2.6.32-131.0.15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-2.6.32-131.0.15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-debuginfo-2.6.32-131.0.15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-debuginfo-2.6.32-131.0.15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-131.0.15.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debug / kernel-debug-debuginfo / kernel-debug-devel / etc\");\n }\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2023-01-18T14:25:06", "description": "Update to kernel 2.6.35.13 :\n\nhttp://ftp.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.35/ChangeLog\n-2.6.35.13\n\nPlus additional security fixes that will appear in 2.6.35.14\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-05-10T00:00:00", "type": "nessus", "title": "Fedora 14 : kernel-2.6.35.13-91.fc14 (2011-6541)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1079", "CVE-2011-1478", "CVE-2011-1494", "CVE-2011-1495", "CVE-2011-1745", "CVE-2011-1746"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2011-6541.NASL", "href": "https://www.tenable.com/plugins/nessus/53850", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-6541.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53850);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-1079\", \"CVE-2011-1478\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1745\", \"CVE-2011-1746\");\n script_bugtraq_id(46616, 47056, 47185, 47534, 47535);\n script_xref(name:\"FEDORA\", value:\"2011-6541\");\n\n script_name(english:\"Fedora 14 : kernel-2.6.35.13-91.fc14 (2011-6541)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to kernel 2.6.35.13 :\n\nhttp://ftp.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.35/ChangeLog\n-2.6.35.13\n\nPlus additional security fixes that will appear in 2.6.35.14\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://ftp.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.35/ChangeLog-2.6.35.13\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?32ba0551\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=681260\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=691270\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=694021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=698996\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=698998\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-May/059860.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b0649555\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"kernel-2.6.35.13-91.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-16T14:35:22", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2010-3875 Vasiliy Kulikov discovered an issue in the Linux implementation of the Amateur Radio AX.25 Level 2 protocol. Local users may obtain access to sensitive kernel memory.\n\n - CVE-2011-0695 Jens Kuehnel reported an issue in the InfiniBand stack.\n Remote attackers can exploit a race condition to cause a denial of service (kernel panic).\n\n - CVE-2011-0711 Dan Rosenberg reported an issue in the XFS filesystem.\n Local users may obtain access to sensitive kernel memory.\n\n - CVE-2011-0726 Kees Cook reported an issue in the /proc/pid/stat implementation. Local users could learn the text location of a process, defeating protections provided by address space layout randomization (ASLR).\n\n - CVE-2011-1016 Marek Olsak discovered an issue in the driver for ATI/AMD Radeon video chips. Local users could pass arbitrary values to video memory and the graphics translation table, resulting in denial of service or escalated privileges. On default Debian installations, this is exploitable only by members of the 'video' group.\n\n - CVE-2011-1078 Vasiliy Kulikov discovered an issue in the Bluetooth subsystem. Local users can obtain access to sensitive kernel memory.\n\n - CVE-2011-1079 Vasiliy Kulikov discovered an issue in the Bluetooth subsystem. Local users with the CAP_NET_ADMIN capability can cause a denial of service (kernel Oops).\n\n - CVE-2011-1080 Vasiliy Kulikov discovered an issue in the Netfilter subsystem. Local users can obtain access to sensitive kernel memory.\n\n - CVE-2011-1090 Neil Horman discovered a memory leak in the setacl() call on NFSv4 filesystems. Local users can exploit this to cause a denial of service (Oops).\n\n - CVE-2011-1160 Peter Huewe reported an issue in the Linux kernel's support for TPM security chips. Local users with permission to open the device can gain access to sensitive kernel memory.\n\n - CVE-2011-1163 Timo Warns reported an issue in the kernel support for Alpha OSF format disk partitions. Users with physical access can gain access to sensitive kernel memory by adding a storage device with a specially crafted OSF partition.\n\n - CVE-2011-1170 Vasiliy Kulikov reported an issue in the Netfilter ARP table implementation. Local users with the CAP_NET_ADMIN capability can gain access to sensitive kernel memory.\n\n - CVE-2011-1171 Vasiliy Kulikov reported an issue in the Netfilter IP table implementation. Local users with the CAP_NET_ADMIN capability can gain access to sensitive kernel memory.\n\n - CVE-2011-1172 Vasiliy Kulikov reported an issue in the Netfilter IPv6 table implementation. Local users with the CAP_NET_ADMIN capability can gain access to sensitive kernel memory.\n\n - CVE-2011-1173 Vasiliy Kulikov reported an issue in the Acorn Econet protocol implementation. Local users can obtain access to sensitive kernel memory on systems that use this rare hardware.\n\n - CVE-2011-1180 Dan Rosenberg reported a buffer overflow in the Information Access Service of the IrDA protocol, used for Infrared devices. Remote attackers within IR device range can cause a denial of service or possibly gain elevated privileges.\n\n - CVE-2011-1182 Julien Tinnes reported an issue in the rt_sigqueueinfo interface. Local users can generate signals with falsified source pid and uid information.\n\n - CVE-2011-1476 Dan Rosenberg reported issues in the Open Sound System MIDI interface that allow local users to cause a denial of service. This issue does not affect official Debian Linux image packages as they no longer provide support for OSS. However, custom kernels built from Debian's linux-source-2.6.32 may have enabled this configuration and would therefore be vulnerable.\n\n - CVE-2011-1477 Dan Rosenberg reported issues in the Open Sound System driver for cards that include a Yamaha FM synthesizer chip. Local users can cause memory corruption resulting in a denial of service. This issue does not affect official Debian Linux image packages as they no longer provide support for OSS. However, custom kernels built from Debian's linux-source-2.6.32 may have enabled this configuration and would therefore be vulnerable.\n\n - CVE-2011-1478 Ryan Sweat reported an issue in the Generic Receive Offload (GRO) support in the Linux networking subsystem.\n If an interface has GRO enabled and is running in promiscuous mode, remote users can cause a denial of service (NULL pointer dereference) by sending packets on an unknown VLAN.\n\n - CVE-2011-1493 Dan Rosenburg reported two issues in the Linux implementation of the Amateur Radio X.25 PLP (Rose) protocol. A remote user can cause a denial of service by providing specially crafted facilities fields.\n\n - CVE-2011-1494 Dan Rosenberg reported an issue in the /dev/mpt2ctl interface provided by the driver for LSI MPT Fusion SAS 2.0 controllers. Local users can obtain elevated privileges by specially crafted ioctl calls. On default Debian installations this is not exploitable as this interface is only accessible to root.\n\n - CVE-2011-1495 Dan Rosenberg reported two additional issues in the /dev/mpt2ctl interface provided by the driver for LSI MPT Fusion SAS 2.0 controllers. Local users can obtain elevated privileges and read arbitrary kernel memory by using specially crafted ioctl calls. On default Debian installations this is not exploitable as this interface is only accessible to root.\n\n - CVE-2011-1585 Jeff Layton reported an issue in the Common Internet File System (CIFS). Local users can bypass authentication requirements for shares that are already mounted by another user.\n\n - CVE-2011-1593 Robert Swiecki reported a signedness issue in the next_pidmap() function, which can be exploited by local users to cause a denial of service.\n\n - CVE-2011-1598 Dave Jones reported an issue in the Broadcast Manager Controller Area Network (CAN/BCM) protocol that may allow local users to cause a NULL pointer dereference, resulting in a denial of service.\n\n - CVE-2011-1745 Vasiliy Kulikov reported an issue in the Linux support for AGP devices. Local users can obtain elevated privileges or cause a denial of service due to missing bounds checking in the AGPIOC_BIND ioctl. On default Debian installations, this is exploitable only by users in the 'video' group.\n\n - CVE-2011-1746 Vasiliy Kulikov reported an issue in the Linux support for AGP devices. Local users can obtain elevated privileges or cause a denial of service due to missing bounds checking in the agp_allocate_memory and agp_create_user_memory routines. On default Debian installations, this is exploitable only by users in the 'video' group.\n\n - CVE-2011-1748 Oliver Kartkopp reported an issue in the Controller Area Network (CAN) raw socket implementation which permits local users to cause a NULL pointer dereference, resulting in a denial of service.\n\n - CVE-2011-1759 Dan Rosenberg reported an issue in the support for executing 'old ABI' binaries on ARM processors. Local users can obtain elevated privileges due to insufficient bounds checking in the semtimedop system call.\n\n - CVE-2011-1767 Alexecy Dobriyan reported an issue in the GRE over IP implementation. Remote users can cause a denial of service by sending a packet during module initialization.\n\n - CVE-2011-1770 Dan Rosenberg reported an issue in the Datagram Congestion Control Protocol (DCCP). Remote users can cause a denial of service or potentially obtain access to sensitive kernel memory.\n\n - CVE-2011-1776 Timo Warns reported an issue in the Linux implementation for GUID partitions. Users with physical access can gain access to sensitive kernel memory by adding a storage device with a specially crafted corrupted invalid partition table.\n\n - CVE-2011-2022 Vasiliy Kulikov reported an issue in the Linux support for AGP devices. Local users can obtain elevated privileges or cause a denial of service due to missing bounds checking in the AGPIOC_UNBIND ioctl. On default Debian installations, this is exploitable only by users in the video group.\n\nThis update also includes changes queued for the next point release of Debian 6.0, which also fix various non-security issues. These additional changes are described in the package changelog.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2011-06-10T00:00:00", "type": "nessus", "title": "Debian DSA-2240-1 : linux-2.6 - privilege escalation/denial of service/information leak", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3875", "CVE-2011-0695", "CVE-2011-0711", "CVE-2011-0726", "CVE-2011-1016", "CVE-2011-1078", "CVE-2011-1079", "CVE-2011-1080", "CVE-2011-1090", "CVE-2011-1160", "CVE-2011-1163", "CVE-2011-1170", "CVE-2011-1171", "CVE-2011-1172", "CVE-2011-1173", "CVE-2011-1180", "CVE-2011-1182", "CVE-2011-1476", "CVE-2011-1477", "CVE-2011-1478", "CVE-2011-1493", "CVE-2011-1494", "CVE-2011-1495", "CVE-2011-1585", "CVE-2011-1593", "CVE-2011-1598", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1748", "CVE-2011-1759", "CVE-2011-1767", "CVE-2011-1770", "CVE-2011-1776", "CVE-2011-2022"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-2.6", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2240.NASL", "href": "https://www.tenable.com/plugins/nessus/55028", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2240. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55028);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-3875\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-0726\", \"CVE-2011-1016\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1090\", \"CVE-2011-1160\", \"CVE-2011-1163\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1173\", \"CVE-2011-1180\", \"CVE-2011-1182\", \"CVE-2011-1476\", \"CVE-2011-1477\", \"CVE-2011-1478\", \"CVE-2011-1493\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1585\", \"CVE-2011-1593\", \"CVE-2011-1598\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1748\", \"CVE-2011-1759\", \"CVE-2011-1767\", \"CVE-2011-1770\", \"CVE-2011-1776\", \"CVE-2011-2022\");\n script_bugtraq_id(44630, 46417, 46557, 46616, 46766, 46839, 46866, 46878, 46919, 46935, 46980, 47003, 47007, 47009, 47056, 47185, 47381, 47497, 47503, 47534, 47535, 47645, 47769, 47791, 47796, 47835, 47843, 47852);\n script_xref(name:\"DSA\", value:\"2240\");\n\n script_name(english:\"Debian DSA-2240-1 : linux-2.6 - privilege escalation/denial of service/information leak\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2010-3875\n Vasiliy Kulikov discovered an issue in the Linux\n implementation of the Amateur Radio AX.25 Level 2\n protocol. Local users may obtain access to sensitive\n kernel memory.\n\n - CVE-2011-0695\n Jens Kuehnel reported an issue in the InfiniBand stack.\n Remote attackers can exploit a race condition to cause a\n denial of service (kernel panic).\n\n - CVE-2011-0711\n Dan Rosenberg reported an issue in the XFS filesystem.\n Local users may obtain access to sensitive kernel\n memory.\n\n - CVE-2011-0726\n Kees Cook reported an issue in the /proc/pid/stat\n implementation. Local users could learn the text\n location of a process, defeating protections provided by\n address space layout randomization (ASLR).\n\n - CVE-2011-1016\n Marek Olsak discovered an issue in the driver for\n ATI/AMD Radeon video chips. Local users could pass\n arbitrary values to video memory and the graphics\n translation table, resulting in denial of service or\n escalated privileges. On default Debian installations,\n this is exploitable only by members of the 'video'\n group.\n\n - CVE-2011-1078\n Vasiliy Kulikov discovered an issue in the Bluetooth\n subsystem. Local users can obtain access to sensitive\n kernel memory.\n\n - CVE-2011-1079\n Vasiliy Kulikov discovered an issue in the Bluetooth\n subsystem. Local users with the CAP_NET_ADMIN capability\n can cause a denial of service (kernel Oops).\n\n - CVE-2011-1080\n Vasiliy Kulikov discovered an issue in the Netfilter\n subsystem. Local users can obtain access to sensitive\n kernel memory.\n\n - CVE-2011-1090\n Neil Horman discovered a memory leak in the setacl()\n call on NFSv4 filesystems. Local users can exploit this\n to cause a denial of service (Oops).\n\n - CVE-2011-1160\n Peter Huewe reported an issue in the Linux kernel's\n support for TPM security chips. Local users with\n permission to open the device can gain access to\n sensitive kernel memory.\n\n - CVE-2011-1163\n Timo Warns reported an issue in the kernel support for\n Alpha OSF format disk partitions. Users with physical\n access can gain access to sensitive kernel memory by\n adding a storage device with a specially crafted OSF\n partition.\n\n - CVE-2011-1170\n Vasiliy Kulikov reported an issue in the Netfilter ARP\n table implementation. Local users with the CAP_NET_ADMIN\n capability can gain access to sensitive kernel memory.\n\n - CVE-2011-1171\n Vasiliy Kulikov reported an issue in the Netfilter IP\n table implementation. Local users with the CAP_NET_ADMIN\n capability can gain access to sensitive kernel memory.\n\n - CVE-2011-1172\n Vasiliy Kulikov reported an issue in the Netfilter IPv6\n table implementation. Local users with the CAP_NET_ADMIN\n capability can gain access to sensitive kernel memory.\n\n - CVE-2011-1173\n Vasiliy Kulikov reported an issue in the Acorn Econet\n protocol implementation. Local users can obtain access\n to sensitive kernel memory on systems that use this rare\n hardware.\n\n - CVE-2011-1180\n Dan Rosenberg reported a buffer overflow in the\n Information Access Service of the IrDA protocol, used\n for Infrared devices. Remote attackers within IR device\n range can cause a denial of service or possibly gain\n elevated privileges.\n\n - CVE-2011-1182\n Julien Tinnes reported an issue in the rt_sigqueueinfo\n interface. Local users can generate signals with\n falsified source pid and uid information.\n\n - CVE-2011-1476\n Dan Rosenberg reported issues in the Open Sound System\n MIDI interface that allow local users to cause a denial\n of service. This issue does not affect official Debian\n Linux image packages as they no longer provide support\n for OSS. However, custom kernels built from Debian's\n linux-source-2.6.32 may have enabled this configuration\n and would therefore be vulnerable.\n\n - CVE-2011-1477\n Dan Rosenberg reported issues in the Open Sound System\n driver for cards that include a Yamaha FM synthesizer\n chip. Local users can cause memory corruption resulting\n in a denial of service. This issue does not affect\n official Debian Linux image packages as they no longer\n provide support for OSS. However, custom kernels built\n from Debian's linux-source-2.6.32 may have enabled this\n configuration and would therefore be vulnerable.\n\n - CVE-2011-1478\n Ryan Sweat reported an issue in the Generic Receive\n Offload (GRO) support in the Linux networking subsystem.\n If an interface has GRO enabled and is running in\n promiscuous mode, remote users can cause a denial of\n service (NULL pointer dereference) by sending packets on\n an unknown VLAN.\n\n - CVE-2011-1493\n Dan Rosenburg reported two issues in the Linux\n implementation of the Amateur Radio X.25 PLP (Rose)\n protocol. A remote user can cause a denial of service by\n providing specially crafted facilities fields.\n\n - CVE-2011-1494\n Dan Rosenberg reported an issue in the /dev/mpt2ctl\n interface provided by the driver for LSI MPT Fusion SAS\n 2.0 controllers. Local users can obtain elevated\n privileges by specially crafted ioctl calls. On default\n Debian installations this is not exploitable as this\n interface is only accessible to root.\n\n - CVE-2011-1495\n Dan Rosenberg reported two additional issues in the\n /dev/mpt2ctl interface provided by the driver for LSI\n MPT Fusion SAS 2.0 controllers. Local users can obtain\n elevated privileges and read arbitrary kernel memory by\n using specially crafted ioctl calls. On default Debian\n installations this is not exploitable as this interface\n is only accessible to root.\n\n - CVE-2011-1585\n Jeff Layton reported an issue in the Common Internet\n File System (CIFS). Local users can bypass\n authentication requirements for shares that are already\n mounted by another user.\n\n - CVE-2011-1593\n Robert Swiecki reported a signedness issue in the\n next_pidmap() function, which can be exploited by local\n users to cause a denial of service.\n\n - CVE-2011-1598\n Dave Jones reported an issue in the Broadcast Manager\n Controller Area Network (CAN/BCM) protocol that may\n allow local users to cause a NULL pointer dereference,\n resulting in a denial of service.\n\n - CVE-2011-1745\n Vasiliy Kulikov reported an issue in the Linux support\n for AGP devices. Local users can obtain elevated\n privileges or cause a denial of service due to missing\n bounds checking in the AGPIOC_BIND ioctl. On default\n Debian installations, this is exploitable only by users\n in the 'video' group.\n\n - CVE-2011-1746\n Vasiliy Kulikov reported an issue in the Linux support\n for AGP devices. Local users can obtain elevated\n privileges or cause a denial of service due to missing\n bounds checking in the agp_allocate_memory and\n agp_create_user_memory routines. On default Debian\n installations, this is exploitable only by users in the\n 'video' group.\n\n - CVE-2011-1748\n Oliver Kartkopp reported an issue in the Controller Area\n Network (CAN) raw socket implementation which permits\n local users to cause a NULL pointer dereference,\n resulting in a denial of service.\n\n - CVE-2011-1759\n Dan Rosenberg reported an issue in the support for\n executing 'old ABI' binaries on ARM processors. Local\n users can obtain elevated privileges due to insufficient\n bounds checking in the semtimedop system call.\n\n - CVE-2011-1767\n Alexecy Dobriyan reported an issue in the GRE over IP\n implementation. Remote users can cause a denial of\n service by sending a packet during module\n initialization.\n\n - CVE-2011-1770\n Dan Rosenberg reported an issue in the Datagram\n Congestion Control Protocol (DCCP). Remote users can\n cause a denial of service or potentially obtain access\n to sensitive kernel memory.\n\n - CVE-2011-1776\n Timo Warns reported an issue in the Linux implementation\n for GUID partitions. Users with physical access can gain\n access to sensitive kernel memory by adding a storage\n device with a specially crafted corrupted invalid\n partition table.\n\n - CVE-2011-2022\n Vasiliy Kulikov reported an issue in the Linux support\n for AGP devices. Local users can obtain elevated\n privileges or cause a denial of service due to missing\n bounds checking in the AGPIOC_UNBIND ioctl. On default\n Debian installations, this is exploitable only by users\n in the video group.\n\nThis update also includes changes queued for the next point release of\nDebian 6.0, which also fix various non-security issues. These\nadditional changes are described in the package changelog.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-3875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1016\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1090\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1171\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1173\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1180\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1476\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1493\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1494\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1585\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1598\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1748\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1759\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1767\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1776\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2022\"\n );\n # https://packages.debian.org/changelogs/pool/main/l/linux-2.6/linux-2.6_2.6.32-34/changelog\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?761a8c38\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/linux-2.6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2240\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux-2.6 and user-mode-linux packages.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 2.6.32-34squeeze1. Updates for issues impacting the\noldstable distribution (lenny) will be available soon.\n\nThe following matrix lists additional source packages that were\nrebuilt for compatibility with or to take advantage of this update :\n\n Debian 6.0 (squeeze) \n user-mode-linux 2.6.32-1um-4+34squeeze1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"firmware-linux-free\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-base\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-doc-2.6.32\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-486\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-4kc-malta\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-5kc-malta\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-686\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-686-bigmem\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-amd64\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-armel\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-i386\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-ia64\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-mips\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-mipsel\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-powerpc\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-s390\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-sparc\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-amd64\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-openvz\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-vserver\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-xen\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-iop32x\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-itanium\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-ixp4xx\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-kirkwood\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-mckinley\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-openvz-686\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-openvz-amd64\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-orion5x\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc-smp\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc64\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r4k-ip22\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r5k-cobalt\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r5k-ip32\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-s390x\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sb1-bcm91250a\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sb1a-bcm91480b\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sparc64\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sparc64-smp\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-versatile\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-686\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-686-bigmem\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-amd64\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-itanium\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-mckinley\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-powerpc\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-powerpc64\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-s390x\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-sparc64\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-xen-686\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-xen-amd64\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-486\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-4kc-malta\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-5kc-malta\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686-bigmem\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686-bigmem-dbg\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-amd64\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-amd64-dbg\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-iop32x\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-itanium\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-ixp4xx\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-kirkwood\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-mckinley\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-686\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-686-dbg\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-amd64\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-amd64-dbg\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-orion5x\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc-smp\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc64\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r4k-ip22\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r5k-cobalt\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r5k-ip32\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-s390x\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-s390x-tape\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sb1-bcm91250a\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sb1a-bcm91480b\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sparc64\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sparc64-smp\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-versatile\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686-bigmem\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686-bigmem-dbg\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-amd64\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-amd64-dbg\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-itanium\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-mckinley\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-powerpc\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-powerpc64\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-s390x\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-sparc64\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-686\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-686-dbg\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-amd64\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-amd64-dbg\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-libc-dev\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-manual-2.6.32\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-patch-debian-2.6.32\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-source-2.6.32\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-support-2.6.32-5\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-tools-2.6.32\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-linux-system-2.6.32-5-xen-686\", reference:\"2.6.32-34squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-linux-system-2.6.32-5-xen-amd64\", reference:\"2.6.32-34squeeze1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:35:26", "description": "It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. (CVE-2011-1020)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-1078)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly check that device name strings were NULL terminated. A local attacker could exploit this to crash the system, leading to a denial of service, or leak contents of kernel stack memory, leading to a loss of privacy. (CVE-2011-1079)\n\nVasiliy Kulikov discovered that bridge network filtering did not check that name fields were NULL terminated. A local attacker could exploit this to leak contents of kernel stack memory, leading to a loss of privacy. (CVE-2011-1080)\n\nJohan Hovold discovered that the DCCP network stack did not correctly handle certain packet combinations. A remote attacker could send specially crafted network traffic that would crash the system, leading to a denial of service. (CVE-2011-1093)\n\nPeter Huewe discovered that the TPM device did not correctly initialize memory. A local attacker could exploit this to read kernel heap memory contents, leading to a loss of privacy. (CVE-2011-1160)\n\nDan Rosenberg discovered that the IRDA subsystem did not correctly check certain field sizes. If a system was using IRDA, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-1180)\n\nDan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. (CVE-2011-1493)\n\nIt was discovered that Bluetooth l2cap and rfcomm did not correctly initialize structures. A local attacker could exploit this to read portions of the kernel stack, leading to a loss of privacy.\n(CVE-2011-2492)\n\nDan Rosenberg discovered flaws in the linux Rose (X.25 PLP) layer used by amateur radio. A local user or a remote user on an X.25 network could exploit these flaws to execute arbitrary code as root.\n(CVE-2011-4913)\n\nBen Hutchings discovered several flaws in the Linux Rose (X.25 PLP) layer. A local user or a remote user on an X.25 network could exploit these flaws to execute arbitrary code as root. (CVE-2011-4914).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2011-08-20T00:00:00", "type": "nessus", "title": "Ubuntu 8.04 LTS : linux vulnerabilities (USN-1189-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1020", "CVE-2011-1078", "CVE-2011-1079", "CVE-2011-1080", "CVE-2011-1093", "CVE-2011-1160", "CVE-2011-1180", "CVE-2011-1493", "CVE-2011-2492", "CVE-2011-4913", "CVE-2011-4914"], "modified": "2019-10-16T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpiacompat", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-openvz", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-rt", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-xen", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts"], "id": "UBUNTU_USN-1189-1.NASL", "href": "https://www.tenable.com/plugins/nessus/55922", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1189-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55922);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/10/16 10:34:22\");\n\n script_cve_id(\"CVE-2011-1020\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1160\", \"CVE-2011-1180\", \"CVE-2011-1493\", \"CVE-2011-2492\", \"CVE-2011-4913\", \"CVE-2011-4914\");\n script_bugtraq_id(46567, 46616, 46793, 46866, 46935, 46980, 48441);\n script_xref(name:\"USN\", value:\"1189-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS : linux vulnerabilities (USN-1189-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the /proc filesystem did not correctly handle\npermission changes when programs executed. A local attacker could hold\nopen files to examine details about programs running with higher\nprivileges, potentially increasing the chances of exploiting\nadditional vulnerabilities. (CVE-2011-1020)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly\nclear memory. A local attacker could exploit this to read kernel stack\nmemory, leading to a loss of privacy. (CVE-2011-1078)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly\ncheck that device name strings were NULL terminated. A local attacker\ncould exploit this to crash the system, leading to a denial of\nservice, or leak contents of kernel stack memory, leading to a loss of\nprivacy. (CVE-2011-1079)\n\nVasiliy Kulikov discovered that bridge network filtering did not check\nthat name fields were NULL terminated. A local attacker could exploit\nthis to leak contents of kernel stack memory, leading to a loss of\nprivacy. (CVE-2011-1080)\n\nJohan Hovold discovered that the DCCP network stack did not correctly\nhandle certain packet combinations. A remote attacker could send\nspecially crafted network traffic that would crash the system, leading\nto a denial of service. (CVE-2011-1093)\n\nPeter Huewe discovered that the TPM device did not correctly\ninitialize memory. A local attacker could exploit this to read kernel\nheap memory contents, leading to a loss of privacy. (CVE-2011-1160)\n\nDan Rosenberg discovered that the IRDA subsystem did not correctly\ncheck certain field sizes. If a system was using IRDA, a remote\nattacker could send specially crafted traffic to crash the system or\ngain root privileges. (CVE-2011-1180)\n\nDan Rosenberg discovered that the X.25 Rose network stack did not\ncorrectly handle certain fields. If a system was running with Rose\nenabled, a remote attacker could send specially crafted traffic to\ngain root privileges. (CVE-2011-1493)\n\nIt was discovered that Bluetooth l2cap and rfcomm did not correctly\ninitialize structures. A local attacker could exploit this to read\nportions of the kernel stack, leading to a loss of privacy.\n(CVE-2011-2492)\n\nDan Rosenberg discovered flaws in the linux Rose (X.25 PLP) layer used\nby amateur radio. A local user or a remote user on an X.25 network\ncould exploit these flaws to execute arbitrary code as root.\n(CVE-2011-4913)\n\nBen Hutchings discovered several flaws in the Linux Rose (X.25 PLP)\nlayer. A local user or a remote user on an X.25 network could exploit\nthese flaws to execute arbitrary code as root. (CVE-2011-4914).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1189-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpiacompat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-openvz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-1020\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1160\", \"CVE-2011-1180\", \"CVE-2011-1493\", \"CVE-2011-2492\", \"CVE-2011-4913\", \"CVE-2011-4914\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1189-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-29-386\", pkgver:\"2.6.24-29.93\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-29-generic\", pkgver:\"2.6.24-29.93\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-29-lpia\", pkgver:\"2.6.24-29.93\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-29-lpiacompat\", pkgver:\"2.6.24-29.93\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-29-openvz\", pkgver:\"2.6.24-29.93\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-29-rt\", pkgver:\"2.6.24-29.93\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-29-server\", pkgver:\"2.6.24-29.93\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-29-virtual\", pkgver:\"2.6.24-29.93\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-29-xen\", pkgver:\"2.6.24-29.93\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-386 / linux-image-2.6-generic / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T16:33:50", "description": "The remote VMware ESX / ESXi host is missing a security-related patch.\nIt is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party libraries :\n\n - COS kernel\n - cURL\n - python\n - rpm", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-03-03T00:00:00", "type": "nessus", "title": "VMware ESX / ESXi Service Console and Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0001) (remote check)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3560", "CVE-2009-3720", "CVE-2010-0547", "CVE-2010-0787", "CVE-2010-1634", "CVE-2010-2059", "CVE-2010-2089", "CVE-2010-3493", "CVE-2010-4649", "CVE-2011-0695", "CVE-2011-0711", "CVE-2011-0726", "CVE-2011-1015", "CVE-2011-1044", "CVE-2011-1078", "CVE-2011-1079", "CVE-2011-1080", "CVE-2011-1093", "CVE-2011-1163", "CVE-2011-1166", "CVE-2011-1170", "CVE-2011-1171", "CVE-2011-1172", "CVE-2011-1182", "CVE-2011-1494", "CVE-2011-1495", "CVE-2011-1521", "CVE-2011-1573", "CVE-2011-1576", "CVE-2011-1577", "CVE-2011-1593", "CVE-2011-1678", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1763", "CVE-2011-1776", "CVE-2011-1780", "CVE-2011-1936", "CVE-2011-2022", "CVE-2011-2192", "CVE-2011-2213", "CVE-2011-2482", "CVE-2011-2491", "CVE-2011-2492", "CVE-2011-2495", "CVE-2011-2517", "CVE-2011-2519", "CVE-2011-2522", "CVE-2011-2525", "CVE-2011-2689", "CVE-2011-2694", "CVE-2011-2901", "CVE-2011-3378"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:vmware:esx", "cpe:/o:vmware:esxi"], "id": "VMWARE_VMSA-2012-0001_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/89105", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89105);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2009-3560\",\n \"CVE-2009-3720\",\n \"CVE-2010-0547\",\n \"CVE-2010-0787\",\n \"CVE-2010-1634\",\n \"CVE-2010-2059\",\n \"CVE-2010-2089\",\n \"CVE-2010-3493\",\n \"CVE-2010-4649\",\n \"CVE-2011-0695\",\n \"CVE-2011-0711\",\n \"CVE-2011-0726\",\n \"CVE-2011-1015\",\n \"CVE-2011-1044\",\n \"CVE-2011-1078\",\n \"CVE-2011-1079\",\n \"CVE-2011-1080\",\n \"CVE-2011-1093\",\n \"CVE-2011-1163\",\n \"CVE-2011-1166\",\n \"CVE-2011-1170\",\n \"CVE-2011-1171\",\n \"CVE-2011-1172\",\n \"CVE-2011-1182\",\n \"CVE-2011-1494\",\n \"CVE-2011-1495\",\n \"CVE-2011-1521\",\n \"CVE-2011-1573\",\n \"CVE-2011-1576\",\n \"CVE-2011-1577\",\n \"CVE-2011-1593\",\n \"CVE-2011-1678\",\n \"CVE-2011-1745\",\n \"CVE-2011-1746\",\n \"CVE-2011-1763\",\n \"CVE-2011-1776\",\n \"CVE-2011-1780\",\n \"CVE-2011-1936\",\n \"CVE-2011-2022\",\n \"CVE-2011-2192\",\n \"CVE-2011-2213\",\n \"CVE-2011-2482\",\n \"CVE-2011-2491\",\n \"CVE-2011-2492\",\n \"CVE-2011-2495\",\n \"CVE-2011-2517\",\n \"CVE-2011-2519\",\n \"CVE-2011-2522\",\n \"CVE-2011-2525\",\n \"CVE-2011-2689\",\n \"CVE-2011-2694\",\n \"CVE-2011-2901\",\n \"CVE-2011-3378\"\n );\n script_bugtraq_id(\n 36097,\n 37203,\n 37992,\n 38326,\n 40370,\n 40863,\n 44533,\n 46073,\n 46417,\n 46488,\n 46541,\n 46616,\n 46793,\n 46839,\n 46878,\n 46919,\n 47003,\n 47024,\n 47308,\n 47343,\n 47497,\n 47534,\n 47535,\n 47791,\n 47796,\n 47843,\n 48048,\n 48058,\n 48333,\n 48441,\n 48538,\n 48641,\n 48677,\n 48899,\n 48901,\n 49141,\n 49370,\n 49373,\n 49375,\n 49408,\n 49939\n );\n script_xref(name:\"VMSA\", value:\"2012-0001\");\n\n script_name(english:\"VMware ESX / ESXi Service Console and Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0001) (remote check)\");\n script_summary(english:\"Checks the remote ESX/ESXi host's version and build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESXi / ESX host is missing a security-related patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESX / ESXi host is missing a security-related patch.\nIt is, therefore, affected by multiple vulnerabilities, including\nremote code execution vulnerabilities, in several third-party\nlibraries :\n\n - COS kernel\n - cURL\n - python\n - rpm\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2012-0001.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(20, 59, 119);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Misc.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n script_require_ports(\"Host/VMware/vsphere\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/VMware/version\");\nrel = get_kb_item_or_exit(\"Host/VMware/release\");\nport = get_kb_item_or_exit(\"Host/VMware/vsphere\");\n\nesx = \"ESX/ESXi\";\n\nextract = eregmatch(pattern:\"^(ESXi?) (\\d\\.\\d).*$\", string:ver);\nif (isnull(extract))\n audit(AUDIT_UNKNOWN_APP_VER, esx);\nelse\n{\n esx = extract[1];\n ver = extract[2];\n}\n\nproduct = \"VMware \" + esx;\n\n# fix builds\nfixes = make_array(\n \"ESX 4.0\", 660575,\n \"ESXi 4.0\", 660575,\n \"ESX 4.1\", 582267,\n \"ESXi 4.1\", 582267,\n \"ESXi 5.0\", 623860\n);\n\n# security-only fix builds\nsec_only_builds = make_array(\n \"ESXi 5.0\", 608089\n);\n\nkey = esx + ' ' + ver;\nfix = NULL;\nfix = fixes[key];\nsec_fix = NULL;\nsec_fix = sec_only_builds[key];\n\nbmatch = eregmatch(pattern:'^VMware ESXi?.*build-([0-9]+)$', string:rel);\nif (empty_or_null(bmatch))\n audit(AUDIT_UNKNOWN_BUILD, product, ver);\n\nbuild = int(bmatch[1]);\n\nif (!fix)\n audit(AUDIT_INST_VER_NOT_VULN, product, ver, build);\n\nif (build < fix && build != sec_fix)\n{\n # if there is a security fix\n if (sec_fix)\n fix = fix + \" / \" + sec_fix;\n\n # properly spaced label\n if (\"ESXi\" >< esx) ver_label = ' version : ';\n else ver_label = ' version : ';\n report = '\\n ' + esx + ver_label + ver +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fix +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n}\nelse\n audit(AUDIT_INST_VER_NOT_VULN, product, ver, build);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:19:39", "description": "a. ESX third-party update for Service Console kernel The ESX Service Console Operating System (COS) kernel is updated to kernel-2.6.18-274.3.1.el5 to fix multiple security issues in the COS kernel.\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-0726, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1093, CVE-2011-1163, CVE-2011-1166, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1494, CVE-2011-1495, CVE-2011-1577, CVE-2011-1763, CVE-2010-4649, CVE-2011-0695, CVE-2011-0711, CVE-2011-1044, CVE-2011-1182, CVE-2011-1573, CVE-2011-1576, CVE-2011-1593, CVE-2011-1745, CVE-2011-1746, CVE-2011-1776, CVE-2011-1936, CVE-2011-2022, CVE-2011-2213, CVE-2011-2492, CVE-2011-1780, CVE-2011-2525, CVE-2011-2689, CVE-2011-2482, CVE-2011-2491, CVE-2011-2495, CVE-2011-2517, CVE-2011-2519, CVE-2011-2901 to these issues.\n b. ESX third-party update for Service Console cURL RPM The ESX Service Console (COS) curl RPM is updated to cURL-7.15.5.9 resolving a security issues.\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2011-2192 to this issue.\n c. ESX third-party update for Service Console nspr and nss RPMs The ESX Service Console (COS) nspr and nss RPMs are updated to nspr-4.8.8-1.el5_7 and nss-3.12.10-4.el5_7 respectively resolving a security issues.\n A Certificate Authority (CA) issued fraudulent SSL certificates and Netscape Portable Runtime (NSPR) and Network Security Services (NSS) contain the built-in tokens of this fraudulent Certificate Authority. This update renders all SSL certificates signed by the fraudulent CA as untrusted for all uses.\n d. ESX third-party update for Service Console rpm RPMs The ESX Service Console Operating System (COS) rpm packages are updated to popt-1.10.2.3-22.el5_7.2, rpm-4.4.2.3-22.el5_7.2, rpm-libs-4.4.2.3-22.el5_7.2 and rpm-python-4.4.2.3-22.el5_7.2 which fixes multiple security issues.\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-2059 and CVE-2011-3378 to these issues.\n e. ESX third-party update for Service Console samba RPMs The ESX Service Console Operating System (COS) samba packages are updated to samba-client-3.0.33-3.29.el5_7.4, samba-common-3.0.33-3.29.el5_7.4 and libsmbclient-3.0.33-3.29.el5_7.4 which fixes multiple security issues in the Samba client.\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0547, CVE-2010-0787, CVE-2011-1678, CVE-2011-2522 and CVE-2011-2694 to these issues.\n Note that ESX does not include the Samba Web Administration Tool (SWAT) and therefore ESX COS is not affected by CVE-2011-2522 and CVE-2011-2694.\n f. ESX third-party update for Service Console python package The ESX Service Console (COS) python package is updated to 2.4.3-44 which fixes multiple security issues.\n The Common Vulner