Lucene search
This script is Copyright (C) 2014-2023 Tenable Network Security, Inc.SUSE_11_KERNEL-140513.NASLHistoryMay 16, 2014 - 12:00 a.m.
SuSE 11.3 Security Update : Linux Kernel (SAT Patch Numbers 9233 / 9236 / 9237)
2014-05-1600:00:00
This script is Copyright (C) 2014-2023 Tenable Network Security, Inc.
www.tenable.com
26
The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix the following severe security issues :
-
The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device. (bnc#875798).
(CVE-2014-1737) -
The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device.
(bnc#875798). (CVE-2014-1738) -
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the ‘LECHO & !OPOST’ case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings. (bnc#875690).
(CVE-2014-0196)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#
if (NASL_LEVEL < 3000) exit(0);
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(74033);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/05/14");
script_cve_id("CVE-2014-0196", "CVE-2014-1737", "CVE-2014-1738");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2023/06/02");
script_name(english:"SuSE 11.3 Security Update : Linux Kernel (SAT Patch Numbers 9233 / 9236 / 9237)");
script_set_attribute(attribute:"synopsis", value:
"The remote SuSE 11 host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix
the following severe security issues :
- The raw_cmd_copyin function in drivers/block/floppy.c in
the Linux kernel through 3.14.3 does not properly handle
error conditions during processing of an FDRAWCMD ioctl
call, which allows local users to trigger kfree
operations and gain privileges by leveraging write
access to a /dev/fd device. (bnc#875798).
(CVE-2014-1737)
- The raw_cmd_copyout function in drivers/block/floppy.c
in the Linux kernel through 3.14.3 does not properly
restrict access to certain pointers during processing of
an FDRAWCMD ioctl call, which allows local users to
obtain sensitive information from kernel heap memory by
leveraging write access to a /dev/fd device.
(bnc#875798). (CVE-2014-1738)
- The n_tty_write function in drivers/tty/n_tty.c in the
Linux kernel through 3.14.3 does not properly manage tty
driver access in the 'LECHO & !OPOST' case, which
allows local users to cause a denial of service (memory
corruption and system crash) or gain privileges by
triggering a race condition involving read and write
operations with long strings. (bnc#875690).
(CVE-2014-0196)");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=875690");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=875798");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-0196.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1737.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1738.html");
script_set_attribute(attribute:"solution", value:
"Apply SAT patch number 9233 / 9236 / 9237 as appropriate.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:"CANVAS");
script_set_attribute(attribute:"patch_publication_date", value:"2014/05/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/16");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-man");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-source");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-syms");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-pae");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2014-2023 Tenable Network Security, Inc.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
pl = get_kb_item("Host/SuSE/patchlevel");
if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3");
flag = 0;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-default-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-default-base-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-default-devel-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-default-extra-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-pae-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-pae-base-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-pae-devel-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-pae-extra-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-source-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-syms-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-trace-devel-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-xen-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-xen-base-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-xen-devel-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-xen-extra-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"xen-kmp-default-4.2.4_02_3.0.101_0.29-0.7.24")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"xen-kmp-pae-4.2.4_02_3.0.101_0.29-0.7.24")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-default-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-default-base-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-default-devel-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-default-extra-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-source-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-syms-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-trace-devel-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-xen-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-xen-base-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-xen-devel-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-xen-extra-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"xen-kmp-default-4.2.4_02_3.0.101_0.29-0.7.24")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"kernel-default-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"kernel-default-base-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"kernel-default-devel-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"kernel-source-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"kernel-syms-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"kernel-trace-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"kernel-trace-base-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"kernel-trace-devel-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-ec2-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-ec2-base-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-ec2-devel-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-pae-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-pae-base-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-pae-devel-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-xen-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-xen-base-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-xen-devel-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"xen-kmp-default-4.2.4_02_3.0.101_0.29-0.7.24")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"xen-kmp-pae-4.2.4_02_3.0.101_0.29-0.7.24")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-default-man-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"kernel-ec2-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"kernel-ec2-base-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"kernel-ec2-devel-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"kernel-xen-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"kernel-xen-base-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"kernel-xen-devel-3.0.101-0.29.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"xen-kmp-default-4.2.4_02_3.0.101_0.29-0.7.24")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | suse_linux | 11 | p-cpe:/a:novell:suse_linux:11:kernel-default |
| novell | suse_linux | 11 | p-cpe:/a:novell:suse_linux:11:kernel-default-base |
| novell | suse_linux | 11 | p-cpe:/a:novell:suse_linux:11:kernel-default-devel |
| novell | suse_linux | 11 | p-cpe:/a:novell:suse_linux:11:kernel-default-extra |
| novell | suse_linux | 11 | p-cpe:/a:novell:suse_linux:11:kernel-default-man |
| novell | suse_linux | 11 | p-cpe:/a:novell:suse_linux:11:kernel-ec2 |
| novell | suse_linux | 11 | p-cpe:/a:novell:suse_linux:11:kernel-ec2-base |
| novell | suse_linux | 11 | p-cpe:/a:novell:suse_linux:11:kernel-ec2-devel |
| novell | suse_linux | 11 | p-cpe:/a:novell:suse_linux:11:kernel-pae |
| novell | suse_linux | 11 | p-cpe:/a:novell:suse_linux:11:kernel-pae-base |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0196
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1737
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1738
support.novell.com/security/cve/CVE-2014-0196.html
support.novell.com/security/cve/CVE-2014-1737.html
support.novell.com/security/cve/CVE-2014-1738.html
bugzilla.novell.com/show_bug.cgi?id=875690
bugzilla.novell.com/show_bug.cgi?id=875798
Related
openvas
openvas
Debian: Security Advisory (DSA-2928-1)
2014-05-13 00:00:00
Debian Security Advisory DSA 2928-1 (linux-2.6 - privilege escalation/denial of service/information leak)
2014-05-14 00:00:00
SUSE: Security Advisory for Linux (SUSE-SU-2014:0667-1)
2015-10-13 00:00:00
debian
debian
[SECURITY] [DSA 2928-1] linux-2.6 security update
2014-05-14 18:21:22
[SECURITY] [DSA 2926-1] linux security update
2014-05-12 15:59:46
suse
suse
Security update for Linux kernel (important)
2014-05-20 19:04:37
Security update for Linux Kernel (important)
2014-05-16 03:04:20
kernel: security and bugfix update (important)
2014-05-19 14:04:14
osv
osv
linux-2.6 - security update
2014-05-14 00:00:00
linux - security update
2014-05-12 00:00:00
nessus
nessus
Debian DSA-2928-1 : linux-2.6 - privilege escalation/denial of service/information leak
2014-05-16 00:00:00
Oracle Linux 6 : unbreakable enterprise kernel (ELSA-2014-3041)
2014-06-23 00:00:00
RHEL 5 : kernel (RHSA-2014:0801)
2014-11-17 00:00:00
mageia
mageia
Updated kernel-linus packages fix multiple vulnerabilities
2014-05-19 22:30:17
Updated kernel-rt packages fix multiple vulnerabilities
2014-05-19 22:30:17
Updated kernel packages fix multiple vulnerabilities
2014-05-18 03:41:52
oraclelinux
oraclelinux
unbreakable enterprise kernel security update
2014-06-20 00:00:00
kernel security and bug fix update
2014-06-11 00:00:00
kernel security and bug fix update
2014-06-11 00:00:00
redhat
redhat
(RHSA-2014:0801) Important: kernel security update
2014-06-26 00:00:00
(RHSA-2014:0800) Important: kernel security update
2014-06-26 00:00:00
(RHSA-2014:0772) Important: kernel security and bug fix update
2014-06-19 00:00:00
securityvulns
securityvulns
[oss-security] Linux kernel floppy ioctl kernel code execution
2014-05-10 00:00:00
[SECURITY] [DSA 2926-1] linux security update
2014-05-15 00:00:00
[USN-2196-1] Linux kernel vulnerability
2014-05-07 00:00:00
centos
centos
kernel security update
2014-06-11 11:01:17
kernel, perf, python security update
2014-06-20 10:10:41
ubuntu
ubuntu
Linux kernel vulnerabilities
2014-05-26 00:00:00
Linux kernel (EC2) vulnerabilities
2014-05-26 00:00:00
Linux kernel vulnerability
2014-05-06 00:00:00
altlinux
altlinux
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:03:26
Information Disclosure
2019-05-02 05:03:25
Null Pointer Dereference
2019-05-02 05:03:26
zdt
zdt
Linux Kernel 3.15-rc4 PTY Race Condition Exploit
2014-05-14 00:00:00
attackerkb
attackerkb
CVE-2014-0196
2014-05-07 00:00:00
cve
cve
ubuntucve
ubuntucve
debiancve
debiancve
android
android
pty race
2014-04-30 00:00:00
canvas
canvas
Immunity Canvas: LINUX_TTY_RACE
2014-05-07 10:55:00
exploitpack
exploitpack
f5
f5
SOL15319 - Linux kernel TTY vulnerability CVE-2014-0196
2014-06-05 00:00:00
K15319 : Linux kernel TTY vulnerability CVE-2014-0196
2014-12-04 00:00:00
prion
prion
Design/Logic Flaw
2014-05-11 21:55:00
Input validation
2014-05-11 21:55:00
Race condition
2014-05-07 10:55:00
seebug
seebug
amazon
amazon
Medium: kernel
2014-05-13 16:40:00
Medium: kernel
2014-08-21 11:03:00
threatpost
threatpost
Five Year Old Security Vulnerability Patched in Linux Kernel
2014-05-15 11:05:41
cisa_kev
cisa_kev
Linux Kernel Race Condition Vulnerability
2023-05-12 00:00:00
exploitdb
exploitdb
Related for SUSE_11_KERNEL-140513.NASL