DATABASE RESOURCES PRICING ABOUT US

{"id": "UBUNTU_USN-3361-1.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerabilities (USN-3361-1)", "description": "USN-3358-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04.\nThis update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Please note that this update changes the Linux HWE kernel to the 4.10 based kernel from Ubuntu 17.04, superseding the 4.8 based HWE kernel from Ubuntu 16.10.\n\nBen Harris discovered that the Linux kernel would strip extended privilege attributes of files when performing a failed unprivileged system call. A local attacker could use this to cause a denial of service. (CVE-2015-1350)\n\nRalf Spenneberg discovered that the ext4 implementation in the Linux kernel did not properly validate meta block groups. An attacker with physical access could use this to specially craft an ext4 image that causes a denial of service (system crash). (CVE-2016-10208)\n\nPeter Pi discovered that the colormap handling for frame buffer devices in the Linux kernel contained an integer overflow. A local attacker could use this to disclose sensitive information (kernel memory). (CVE-2016-8405)\n\nIt was discovered that an integer overflow existed in the InfiniBand RDMA over ethernet (RXE) transport implementation in the Linux kernel.\nA local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-8636)\n\nVlad Tsyrklevich discovered an integer overflow vulnerability in the VFIO PCI driver for the Linux kernel. A local attacker with access to a vfio PCI device file could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-9083, CVE-2016-9084)\n\nCAI Qian discovered that the sysctl implementation in the Linux kernel did not properly perform reference counting in some situations. An unprivileged attacker could use this to cause a denial of service (system hang). (CVE-2016-9191)\n\nIt was discovered that the keyring implementation in the Linux kernel in some situations did not prevent special internal keyrings from being joined by userspace keyrings. A privileged local attacker could use this to bypass module verification. (CVE-2016-9604)\n\nDmitry Vyukov, Andrey Konovalov, Florian Westphal, and Eric Dumazet discovered that the netfiler subsystem in the Linux kernel mishandled IPv6 packet reassembly. A local user could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2016-9755)\n\nAndy Lutomirski and Willy Tarreau discovered that the KVM implementation in the Linux kernel did not properly emulate instructions on the SS segment register. A local attacker in a guest virtual machine could use this to cause a denial of service (guest OS crash) or possibly gain administrative privileges in the guest OS.\n(CVE-2017-2583)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux kernel improperly emulated certain instructions. A local attacker could use this to obtain sensitive information (kernel memory).\n(CVE-2017-2584)\n\nDmitry Vyukov discovered that KVM implementation in the Linux kernel improperly emulated the VMXON instruction. A local attacker in a guest OS could use this to cause a denial of service (memory consumption) in the host OS. (CVE-2017-2596)\n\nIt was discovered that SELinux in the Linux kernel did not properly handle empty writes to /proc/pid/attr. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-2618)\n\nDaniel Jiang discovered that a race condition existed in the ipv4 ping socket implementation in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash).\n(CVE-2017-2671)\n\nIt was discovered that the freelist-randomization in the SLAB memory allocator allowed duplicate freelist entries. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-5546)\n\nIt was discovered that the KLSI KL5KUSB105 serial-to-USB device driver in the Linux kernel did not properly initialize memory related to logging. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-5549)\n\nIt was discovered that a fencepost error existed in the pipe_advance() function in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-5550)\n\nIt was discovered that the Linux kernel did not clear the setgid bit during a setxattr call on a tmpfs filesystem. A local attacker could use this to gain elevated group privileges. (CVE-2017-5551)\n\nMurray McAllister discovered that an integer overflow existed in the VideoCore DRM driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-5576)\n\nGareth Evans discovered that the shm IPC subsystem in the Linux kernel did not properly restrict mapping page zero. A local privileged attacker could use this to execute arbitrary code. (CVE-2017-5669)\n\nAndrey Konovalov discovered an out-of-bounds access in the IPv6 Generic Routing Encapsulation (GRE) tunneling implementation in the Linux kernel. An attacker could use this to possibly expose sensitive information. (CVE-2017-5897)\n\nAndrey Konovalov discovered that the IPv4 implementation in the Linux kernel did not properly handle invalid IP options in some situations.\nAn attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2017-5970)\n\nDi Shen discovered that a race condition existed in the perf subsystem of the Linux kernel. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. (CVE-2017-6001)\n\nDmitry Vyukov discovered that the Linux kernel did not properly handle TCP packets with the URG flag. A remote attacker could use this to cause a denial of service. (CVE-2017-6214)\n\nAndrey Konovalov discovered that the LLC subsytem in the Linux kernel did not properly set up a destructor in certain situations. A local attacker could use this to cause a denial of service (system crash).\n(CVE-2017-6345)\n\nIt was discovered that a race condition existed in the AF_PACKET handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-6346)\n\nAndrey Konovalov discovered that the IP layer in the Linux kernel made improper assumptions about internal data layout when performing checksums. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-6347)\n\nDmitry Vyukov discovered race conditions in the Infrared (IrDA) subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (deadlock). (CVE-2017-6348)\n\nDmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux kernel contained a stack-based buffer overflow. A local attacker with access to an sg device could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-7187)\n\nIt was discovered that a NULL pointer dereference existed in the Direct Rendering Manager (DRM) driver for VMware devices in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7261)\n\nIt was discovered that the USB Cypress HID drivers for the Linux kernel did not properly validate reported information from the device.\nAn attacker with physical access could use this to expose sensitive information (kernel memory). (CVE-2017-7273)\n\nEric Biggers discovered a memory leak in the keyring implementation in the Linux kernel. A local attacker could use this to cause a denial of service (memory consumption). (CVE-2017-7472)\n\nIt was discovered that an information leak existed in the set_mempolicy and mbind compat syscalls in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-7616)\n\nSabrina Dubroca discovered that the asynchronous cryptographic hash (ahash) implementation in the Linux kernel did not properly handle a full request queue. A local attacker could use this to cause a denial of service (infinite recursion). (CVE-2017-7618)\n\nTuomas Haanpaa and Ari Kauppi discovered that the NFSv2 and NFSv3 server implementations in the Linux kernel did not properly handle certain long RPC replies. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-7645)\n\nTommi Rantala and Brad Spengler discovered that the memory manager in the Linux kernel did not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism. A local attacker with access to /dev/mem could use this to expose sensitive information or possibly execute arbitrary code. (CVE-2017-7889)\n\nTuomas Haanpaa and Ari Kauppi discovered that the NFSv2 and NFSv3 server implementations in the Linux kernel did not properly check for the end of buffer. A remote attacker could use this to craft requests that cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7895)\n\nIt was discovered that an integer underflow existed in the Edgeport USB Serial Converter device driver of the Linux kernel. An attacker with physical access could use this to expose sensitive information (kernel memory). (CVE-2017-8924)\n\nIt was discovered that the USB ZyXEL omni.net LCD PLUS driver in the Linux kernel did not properly perform reference counting. A local attacker could use this to cause a denial of service (tty exhaustion).\n(CVE-2017-8925)\n\nJann Horn discovered that bpf in Linux kernel does not restrict the output of the print_bpf_insn function. A local attacker could use this to obtain sensitive address information. (CVE-2017-9150).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2017-07-24T00:00:00", "modified": "2023-10-23T00:00:00", "epss": [{"cve": "CVE-2015-1350", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}, {"cve": "CVE-2016-10208", "epss": 0.00062, "percentile": 0.24893, "modified": "2023-12-06"}, {"cve": "CVE-2016-8405", "epss": 0.00079, "percentile": 0.3296, "modified": "2023-12-06"}, {"cve": "CVE-2016-8636", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}, {"cve": "CVE-2016-9083", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}, {"cve": "CVE-2016-9084", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}, {"cve": "CVE-2016-9191", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}, {"cve": "CVE-2016-9604", "epss": 0.00062, "percentile": 0.2451, "modified": "2023-12-06"}, {"cve": "CVE-2016-9755", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}, {"cve": "CVE-2017-2583", "epss": 0.00181, "percentile": 0.55124, "modified": "2023-12-06"}, {"cve": "CVE-2017-2584", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}, {"cve": "CVE-2017-2596", "epss": 0.00062, "percentile": 0.24893, "modified": "2023-12-06"}, {"cve": "CVE-2017-2618", "epss": 0.00062, "percentile": 0.24893, "modified": "2023-12-06"}, {"cve": "CVE-2017-2671", "epss": 0.00045, "percentile": 0.12615, "modified": "2023-12-06"}, {"cve": "CVE-2017-5546", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}, {"cve": "CVE-2017-5549", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}, {"cve": "CVE-2017-5550", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}, {"cve": "CVE-2017-5551", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}, {"cve": "CVE-2017-5576", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}, {"cve": "CVE-2017-5669", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}, {"cve": "CVE-2017-5897", "epss": 0.01336, "percentile": 0.84504, "modified": "2023-12-06"}, {"cve": "CVE-2017-5970", "epss": 0.00683, "percentile": 0.77706, "modified": "2023-12-06"}, {"cve": "CVE-2017-6001", "epss": 0.00107, "percentile": 0.43029, "modified": "2023-12-06"}, {"cve": "CVE-2017-6214", "epss": 0.02496, "percentile": 0.88919, "modified": "2023-12-06"}, {"cve": "CVE-2017-6345", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}, {"cve": "CVE-2017-6346", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}, {"cve": "CVE-2017-6347", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}, {"cve": "CVE-2017-6348", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}, {"cve": "CVE-2017-7187", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}, {"cve": "CVE-2017-7261", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}, {"cve": "CVE-2017-7273", "epss": 0.00062, "percentile": 0.24893, "modified": "2023-12-06"}, {"cve": "CVE-2017-7472", "epss": 0.00042, "percentile": 0.00446, "modified": "2023-12-06"}, {"cve": "CVE-2017-7616", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}, {"cve": "CVE-2017-7618", "epss": 0.00244, "percentile": 0.62117, "modified": "2023-12-06"}, {"cve": "CVE-2017-7645", "epss": 0.16889, "percentile": 0.95523, "modified": "2023-12-06"}, {"cve": "CVE-2017-7889", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}, {"cve": "CVE-2017-7895", "epss": 0.90467, "percentile": 0.98526, "modified": "2023-12-06"}, {"cve": "CVE-2017-8924", "epss": 0.0006, "percentile": 0.23657, "modified": "2023-12-06"}, {"cve": "CVE-2017-8925", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}, {"cve": "CVE-2017-9150", "epss": 0.00053, "percentile": 0.18704, "modified": "2023-12-06"}], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/101929", "reporter": "Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10208", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8925", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9755", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2618", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5551", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7187", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1350", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2584", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2596", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2671", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6348", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8405", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2583", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5970", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9083", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5669", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7273", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6345", "https://ubuntu.com/security/notices/USN-3361-1", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6001", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6347", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5546", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7889", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7895", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7261", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9084", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6214", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5576", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9150", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6346", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9604", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5549", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7472", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9191", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8636", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5550", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7645", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8924", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7616", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7618", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5897"], "cvelist": ["CVE-2015-1350", "CVE-2016-10208", "CVE-2016-8405", "CVE-2016-8636", "CVE-2016-9083", "CVE-2016-9084", "CVE-2016-9191", "CVE-2016-9604", "CVE-2016-9755", "CVE-2017-2583", "CVE-2017-2584", "CVE-2017-2596", "CVE-2017-2618", "CVE-2017-2671", "CVE-2017-5546", "CVE-2017-5549", "CVE-2017-5550", "CVE-2017-5551", "CVE-2017-5576", "CVE-2017-5669", "CVE-2017-5897", "CVE-2017-5970", "CVE-2017-6001", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-6346", "CVE-2017-6347", "CVE-2017-6348", "CVE-2017-7187", "CVE-2017-7261", "CVE-2017-7273", "CVE-2017-7472", "CVE-2017-7616", "CVE-2017-7618", "CVE-2017-7645", "CVE-2017-7889", "CVE-2017-7895", "CVE-2017-8924", "CVE-2017-8925", "CVE-2017-9150"], "immutableFields": [], "lastseen": "2023-12-08T14:57:40", "viewCount": 28, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2016-772", "ALAS-2017-805", "ALAS-2017-811", "ALAS-2017-814", "ALAS-2017-828"]}, {"type": "androidsecurity", "idList": ["ANDROID:2016-12-01", "ANDROID:2017-07-01", "ANDROID:2017-09-01", "ANDROID:2017-10-01", "ANDROID:2017-11-01"]}, {"type": "archlinux", "idList": ["ASA-201701-32", "ASA-201701-35", "ASA-201701-38"]}, {"type": "avleonov", "idList": ["AVLEONOV:B1FBE34AF90D9EFE8FB00EA97D833417"]}, {"type": "centos", "idList": ["CESA-2017:0386", "CESA-2017:0817", "CESA-2017:0933", "CESA-2017:1308", "CESA-2017:1372", "CESA-2017:1615", "CESA-2017:1723", "CESA-2017:1842", "CESA-2018:0151", "CESA-2018:1319", "CESA-2018:1854"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:357A3D675E310E16A6C343FB03145CD4", "CFOUNDRY:4A4E5BB1A59DD906E5D792B48A62CB13", "CFOUNDRY:59BA3F002F833C86F9D716E2A3575DCB", "CFOUNDRY:DFAB11FD33D131C30AACDE9F4864FC0F", "CFOUNDRY:EA45FD03FD447E186F125FC46918DCD9", "CFOUNDRY:FC25CD097476B12ED115E08FD50F00D3"]}, {"type": "cloudlinux", "idList": ["CLSA-2022:1650576075"]}, {"type": "cve", "idList": ["CVE-2015-1350", "CVE-2016-10208", "CVE-2016-8405", "CVE-2016-8636", "CVE-2016-9083", "CVE-2016-9084", "CVE-2016-9191", "CVE-2016-9604", "CVE-2016-9755", "CVE-2017-15649", "CVE-2017-2583", "CVE-2017-2584", "CVE-2017-2596", "CVE-2017-2618", "CVE-2017-2671", "CVE-2017-5546", "CVE-2017-5549", "CVE-2017-5550", "CVE-2017-5551", "CVE-2017-5576", "CVE-2017-5669", "CVE-2017-5897", "CVE-2017-5970", "CVE-2017-6001", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-6346", "CVE-2017-6347", "CVE-2017-6348", "CVE-2017-7187", "CVE-2017-7261", "CVE-2017-7273", "CVE-2017-7472", "CVE-2017-7616", "CVE-2017-7618", "CVE-2017-7645", "CVE-2017-7889", "CVE-2017-7895", "CVE-2017-8924", "CVE-2017-8925", "CVE-2017-9150"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1099-1:57108", "DEBIAN:DLA-1200-1:A0B61", "DEBIAN:DLA-772-1:EB721", "DEBIAN:DLA-833-1:91DAA", "DEBIAN:DLA-849-1:12807", "DEBIAN:DLA-922-1:854C7", "DEBIAN:DLA-993-1:71AF5", "DEBIAN:DSA-3791-1:0D4D5", "DEBIAN:DSA-3791-1:AE0FD", "DEBIAN:DSA-3804-1:0976E", "DEBIAN:DSA-3804-1:E7F94", "DEBIAN:DSA-3886-1:89166", "DEBIAN:DSA-3886-1:F6458", "DEBIAN:DSA-3945-1:532A6", "DEBIAN:DSA-3945-1:A4CC7"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2015-1350", "DEBIANCVE:CVE-2016-10208", "DEBIANCVE:CVE-2016-8405", "DEBIANCVE:CVE-2016-8636", "DEBIANCVE:CVE-2016-9083", "DEBIANCVE:CVE-2016-9084", "DEBIANCVE:CVE-2016-9191", "DEBIANCVE:CVE-2016-9604", "DEBIANCVE:CVE-2016-9755", "DEBIANCVE:CVE-2017-15649", "DEBIANCVE:CVE-2017-2583", "DEBIANCVE:CVE-2017-2584", "DEBIANCVE:CVE-2017-2596", "DEBIANCVE:CVE-2017-2618", "DEBIANCVE:CVE-2017-2671", "DEBIANCVE:CVE-2017-5546", "DEBIANCVE:CVE-2017-5549", "DEBIANCVE:CVE-2017-5550", "DEBIANCVE:CVE-2017-5551", "DEBIANCVE:CVE-2017-5576", "DEBIANCVE:CVE-2017-5669", "DEBIANCVE:CVE-2017-5897", "DEBIANCVE:CVE-2017-5970", "DEBIANCVE:CVE-2017-6001", "DEBIANCVE:CVE-2017-6214", "DEBIANCVE:CVE-2017-6345", "DEBIANCVE:CVE-2017-6346", "DEBIANCVE:CVE-2017-6347", "DEBIANCVE:CVE-2017-6348", "DEBIANCVE:CVE-2017-7187", "DEBIANCVE:CVE-2017-7261", "DEBIANCVE:CVE-2017-7273", "DEBIANCVE:CVE-2017-7472", "DEBIANCVE:CVE-2017-7616", "DEBIANCVE:CVE-2017-7618", "DEBIANCVE:CVE-2017-7645", "DEBIANCVE:CVE-2017-7889", "DEBIANCVE:CVE-2017-7895", "DEBIANCVE:CVE-2017-8924", "DEBIANCVE:CVE-2017-8925", "DEBIANCVE:CVE-2017-9150"]}, {"type": "exploitdb", "idList": ["EDB-ID:42136"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:8A56E1C4D18EC6E5D9443B5BD5864C74"]}, {"type": "f5", "idList": ["F5:K08478022", "F5:K11023978", "F5:K15004519", "F5:K22012502", "F5:K24578092", "F5:K30737254", "F5:K31209433", "F5:K48281956", "F5:K60104355", "F5:K63771715", "F5:K80440915", "F5:K81172534", "F5:K81211720"]}, {"type": "fedora", "idList": ["FEDORA:042FF6294018", "FEDORA:0DC87601457E", "FEDORA:25B9E61491E0", "FEDORA:2AD3261A18E6", "FEDORA:2CC39660F53B", "FEDORA:3D3EF633571E", "FEDORA:3D4286087E43", "FEDORA:4BDD56194B95", "FEDORA:4E39C608F49D", "FEDORA:50F586057156", "FEDORA:5160A6047324", "FEDORA:553DD615C92C", "FEDORA:56CBF60C3443", "FEDORA:5931760652B6", "FEDORA:5E6FC604AF75", "FEDORA:65FAD61713B3", "FEDORA:76A6A60C79DB", "FEDORA:79A0B6175384", "FEDORA:804CC6092211", "FEDORA:8CDBE6067306", "FEDORA:A5F35607D661", "FEDORA:B872461491E6", "FEDORA:BE101604CBF2", "FEDORA:C44336087E4E", "FEDORA:C8F1260321CA", "FEDORA:CD2C9609392A", "FEDORA:D6CE3608F49C", "FEDORA:D89B960F8CA9", "FEDORA:D953C601BFE1", "FEDORA:E736B60877BC", "FEDORA:EEB386177DBB"]}, {"type": "ibm", "idList": ["091C926DD3372A48BCEFCA3A598C2A54BAEA4FF0AC1ADA170D539846CF9E0B12", "0D95BD029EF7D61B7C200E5DCF5114404F54883607A0E5A132C410EA37160E69", "1D8744BF536D5B133A0AEB6D2969DFF11DFBADCEF06C768998622BB424AF6C06", "289F46B747F4C8F26E8F8D17623E34EDE1DB7595184FCDCC87FEDCC356AC9965", "3225590ACA91E6DF0E178DA31C2E57BF8B7009899CBDD520B86DCF5F0582D254", "475B1D5AA0EDB6A4A0012EA2C2D64B9388A6ACC5779414E8E1A98AC9B641F6AF", "568AFE5262E7EC0E8EE6E14FF1C1D694651A8AE220CF4FA741D1505E390F16A1", "61EAA34D5E4645B71F124164E8135272DB3119CF3ABDC2864377B692FCF87527", "6B8D264C112CFCDDCE94E39A330DF7082557BFFF177349A0F825B791060643AF", "72A14F3E1A05E87987247C3A94DA37A971910E734C842EA2FD4E32CE8B24FCF5", "75F4CE8201FAA026B444CA3308E12CA9B1FBD302D6BDA963D3635F7318CA3ADB", "8A124739D0569E6C53A7C49B272231FD95577DB912C506F171888BA4DA4E27BE", "96B683CDF0F8F80CEAD97593A6461520A4EA4F7D0C5E1136D74257ADE7C15BD8", "A0B51C5217767E75AB974BA93584FB1F969514BA8D7EE9EDD025C20F274C1D2F", "AF6E3EC9D5A5C3CF688EF87142347E0688A4AE1CB6831F92326966B86BF2D9C1", "B13E9CABE04A3A8E052E5DD7075F194AB2BDBB1AA759BCA55EBEBB657F688C5F", "B6840CECFB480133167DC8D6DBBFA04BC02F46001609AF3201683057583646BD", "CD9B5BF488F3327F1A5D08B8A25E9EF90D7304376F44A16FB3F05E06566E80FF", "F3D623A09E7D0F54DD4072DEEB91BB4360FCB6F12BC404A385E6347E729DB982"]}, {"type": "lenovo", "idList": ["LENOVO:PS500321-NOSID"]}, {"type": "mageia", "idList": ["MGASA-2017-0063", "MGASA-2017-0064", "MGASA-2017-0065", "MGASA-2017-0088", "MGASA-2017-0089", "MGASA-2017-0090", "MGASA-2017-0136", "MGASA-2017-0147", "MGASA-2017-0148", "MGASA-2017-0149"]}, {"type": "myhack58", "idList": ["MYHACK58:62201787550"]}, {"type": "nessus", "idList": ["ALA_ALAS-2016-772.NASL", "ALA_ALAS-2017-805.NASL", "ALA_ALAS-2017-811.NASL", "ALA_ALAS-2017-814.NASL", "ALA_ALAS-2017-828.NASL", "CENTOS_RHSA-2017-0386.NASL", "CENTOS_RHSA-2017-0933.NASL", "CENTOS_RHSA-2017-1308.NASL", "CENTOS_RHSA-2017-1372.NASL", "CENTOS_RHSA-2017-1615.NASL", "CENTOS_RHSA-2017-1723.NASL", "CENTOS_RHSA-2017-1842.NASL", "CENTOS_RHSA-2018-0151.NASL", "CENTOS_RHSA-2018-1319.NASL", "CENTOS_RHSA-2018-1854.NASL", "DEBIAN_DLA-1099.NASL", "DEBIAN_DLA-1200.NASL", "DEBIAN_DLA-772.NASL", "DEBIAN_DLA-833.NASL", "DEBIAN_DLA-849.NASL", "DEBIAN_DLA-922.NASL", "DEBIAN_DLA-993.NASL", "DEBIAN_DSA-3791.NASL", "DEBIAN_DSA-3804.NASL", "DEBIAN_DSA-3886.NASL", "DEBIAN_DSA-3945.NASL", "EULEROS_SA-2017-1056.NASL", "EULEROS_SA-2017-1057.NASL", "EULEROS_SA-2017-1071.NASL", "EULEROS_SA-2017-1072.NASL", "EULEROS_SA-2017-1122.NASL", "EULEROS_SA-2017-1123.NASL", "EULEROS_SA-2017-1159.NASL", "EULEROS_SA-2017-1271.NASL", "EULEROS_SA-2019-1062.NASL", "EULEROS_SA-2019-1450.NASL", "EULEROS_SA-2019-1471.NASL", "EULEROS_SA-2019-1472.NASL", "EULEROS_SA-2019-1476.NASL", "EULEROS_SA-2019-1478.NASL", "EULEROS_SA-2019-1482.NASL", "EULEROS_SA-2019-1484.NASL", "EULEROS_SA-2019-1486.NASL", "EULEROS_SA-2019-1491.NASL", "EULEROS_SA-2019-1496.NASL", "EULEROS_SA-2019-1502.NASL", "EULEROS_SA-2019-1503.NASL", "EULEROS_SA-2019-1504.NASL", "EULEROS_SA-2019-1506.NASL", "EULEROS_SA-2019-1508.NASL", "EULEROS_SA-2019-1516.NASL", "EULEROS_SA-2019-1517.NASL", "EULEROS_SA-2019-1518.NASL", "EULEROS_SA-2019-1519.NASL", "EULEROS_SA-2019-1521.NASL", "EULEROS_SA-2019-1522.NASL", "EULEROS_SA-2019-1524.NASL", "EULEROS_SA-2019-1525.NASL", "EULEROS_SA-2019-1530.NASL", "EULEROS_SA-2019-1532.NASL", "EULEROS_SA-2019-1533.NASL", "EULEROS_SA-2019-1536.NASL", "EULEROS_SA-2019-2274.NASL", "EULEROS_SA-2019-2353.NASL", "EULEROS_SA-2019-2531.NASL", "EULEROS_SA-2019-2599.NASL", "EULEROS_SA-2019-2693.NASL", "EULEROS_SA-2020-1269.NASL", "EULEROS_SA-2021-2392.NASL", "F5_BIGIP_SOL11023978.NASL", "F5_BIGIP_SOL22012502.NASL", "F5_BIGIP_SOL24578092.NASL", "F5_BIGIP_SOL60104355.NASL", "F5_BIGIP_SOL80440915.NASL", "F5_BIGIP_SOL81211720.NASL", "FEDORA_2016-5EC2475E3F.NASL", "FEDORA_2016-96D276367E.NASL", "FEDORA_2016-9C17CB9648.NASL", "FEDORA_2016-BBE98C341C.NASL", "FEDORA_2016-EE3A114958.NASL", "FEDORA_2017-0054C7B1F0.NASL", "FEDORA_2017-02174DF32F.NASL", "FEDORA_2017-0AA0F69E0C.NASL", "FEDORA_2017-17D1C05236.NASL", "FEDORA_2017-18CE368BA3.NASL", "FEDORA_2017-26C9ECD7A4.NASL", "FEDORA_2017-2E1F3694B2.NASL", "FEDORA_2017-3456BA4C93.NASL", "FEDORA_2017-387FF46A66.NASL", "FEDORA_2017-392B319BB5.NASL", "FEDORA_2017-3A9EC92DD6.NASL", "FEDORA_2017-472052EBE5.NASL", "FEDORA_2017-502CF68D68.NASL", "FEDORA_2017-6CC158C193.NASL", "FEDORA_2017-7462231059.NASL", "FEDORA_2017-787BC0D5B4.NASL", "FEDORA_2017-81FBD592D4.NASL", "FEDORA_2017-8E7549FB91.NASL", "FEDORA_2017-92D84F68CF.NASL", "FEDORA_2017-93DEC9EBA5.NASL", "FEDORA_2017-AD045F80AC.NASL", "FEDORA_2017-AD67543FC5.NASL", "FEDORA_2017-B9B1AC0D15.NASL", "FEDORA_2017-D875AE8299.NASL", "FEDORA_2017-E6012E74B6.NASL", "FEDORA_2017-FB89CA752A.NASL", "NEWSTART_CGSL_NS-SA-2019-0014_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0099_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0152_KERNEL.NASL", "OPENSUSE-2016-1426.NASL", "OPENSUSE-2016-1428.NASL", "OPENSUSE-2017-1194.NASL", "OPENSUSE-2017-1224.NASL", "OPENSUSE-2017-245.NASL", "OPENSUSE-2017-246.NASL", "OPENSUSE-2017-286.NASL", "OPENSUSE-2017-287.NASL", "OPENSUSE-2017-418.NASL", "OPENSUSE-2017-419.NASL", "OPENSUSE-2017-532.NASL", "OPENSUSE-2017-562.NASL", "OPENSUSE-2017-666.NASL", "ORACLELINUX_ELSA-2017-0386.NASL", "ORACLELINUX_ELSA-2017-03861.NASL", "ORACLELINUX_ELSA-2017-0817.NASL", "ORACLELINUX_ELSA-2017-0933-1.NASL", "ORACLELINUX_ELSA-2017-0933.NASL", "ORACLELINUX_ELSA-2017-09331.NASL", "ORACLELINUX_ELSA-2017-1308-1.NASL", "ORACLELINUX_ELSA-2017-1308.NASL", "ORACLELINUX_ELSA-2017-13081.NASL", "ORACLELINUX_ELSA-2017-1372.NASL", "ORACLELINUX_ELSA-2017-1615-1.NASL", "ORACLELINUX_ELSA-2017-1615.NASL", "ORACLELINUX_ELSA-2017-16151.NASL", "ORACLELINUX_ELSA-2017-1723.NASL", "ORACLELINUX_ELSA-2017-1842-1.NASL", "ORACLELINUX_ELSA-2017-1842.NASL", "ORACLELINUX_ELSA-2017-18421.NASL", "ORACLELINUX_ELSA-2017-2412.NASL", "ORACLELINUX_ELSA-2017-3514.NASL", "ORACLELINUX_ELSA-2017-3533.NASL", "ORACLELINUX_ELSA-2017-3534.NASL", "ORACLELINUX_ELSA-2017-3535.NASL", "ORACLELINUX_ELSA-2017-3539.NASL", "ORACLELINUX_ELSA-2017-3565.NASL", "ORACLELINUX_ELSA-2017-3566.NASL", "ORACLELINUX_ELSA-2017-3567.NASL", "ORACLELINUX_ELSA-2017-3576.NASL", "ORACLELINUX_ELSA-2017-3589.NASL", "ORACLELINUX_ELSA-2017-3590.NASL", "ORACLELINUX_ELSA-2017-3591.NASL", "ORACLELINUX_ELSA-2017-3595.NASL", "ORACLELINUX_ELSA-2017-3597.NASL", "ORACLELINUX_ELSA-2017-3605.NASL", "ORACLELINUX_ELSA-2017-3606.NASL", "ORACLELINUX_ELSA-2017-3607.NASL", "ORACLELINUX_ELSA-2017-3609.NASL", "ORACLELINUX_ELSA-2017-3635.NASL", "ORACLELINUX_ELSA-2017-3636.NASL", "ORACLELINUX_ELSA-2017-3640.NASL", "ORACLELINUX_ELSA-2017-3651.NASL", "ORACLELINUX_ELSA-2017-3657.NASL", "ORACLELINUX_ELSA-2017-3658.NASL", "ORACLELINUX_ELSA-2017-3659.NASL", "ORACLELINUX_ELSA-2018-0151.NASL", "ORACLELINUX_ELSA-2018-1319.NASL", "ORACLELINUX_ELSA-2018-1854.NASL", "ORACLELINUX_ELSA-2018-4071.NASL", "ORACLELINUX_ELSA-2018-4161.NASL", "ORACLELINUX_ELSA-2018-4164.NASL", "ORACLELINUX_ELSA-2018-4172.NASL", "ORACLELINUX_ELSA-2020-5671.NASL", "ORACLELINUX_ELSA-2020-5866.NASL", "ORACLELINUX_ELSA-2020-5879.NASL", "ORACLELINUX_ELSA-2020-5881.NASL", "ORACLELINUX_ELSA-2020-5936.NASL", "ORACLELINUX_ELSA-2022-9852.NASL", "ORACLELINUX_ELSA-2022-9969.NASL", "ORACLEVM_OVMSA-2017-0039.NASL", "ORACLEVM_OVMSA-2017-0056.NASL", "ORACLEVM_OVMSA-2017-0057.NASL", "ORACLEVM_OVMSA-2017-0058.NASL", "ORACLEVM_OVMSA-2017-0062.NASL", "ORACLEVM_OVMSA-2017-0104.NASL", "ORACLEVM_OVMSA-2017-0105.NASL", "ORACLEVM_OVMSA-2017-0106.NASL", "ORACLEVM_OVMSA-2017-0119.NASL", "ORACLEVM_OVMSA-2017-0120.NASL", "ORACLEVM_OVMSA-2017-0121.NASL", "ORACLEVM_OVMSA-2017-0126.NASL", "ORACLEVM_OVMSA-2017-0143.NASL", "ORACLEVM_OVMSA-2017-0144.NASL", "ORACLEVM_OVMSA-2017-0145.NASL", "ORACLEVM_OVMSA-2017-0167.NASL", "ORACLEVM_OVMSA-2017-0168.NASL", "ORACLEVM_OVMSA-2017-0169.NASL", "ORACLEVM_OVMSA-2017-0172.NASL", "ORACLEVM_OVMSA-2017-0173.NASL", "ORACLEVM_OVMSA-2017-0174.NASL", "ORACLEVM_OVMSA-2018-0015.NASL", "ORACLEVM_OVMSA-2018-0035.NASL", "ORACLEVM_OVMSA-2018-0236.NASL", "ORACLEVM_OVMSA-2018-0237.NASL", "ORACLEVM_OVMSA-2020-0044.NASL", "ORACLEVM_OVMSA-2022-0026.NASL", "PHOTONOS_PHSA-2016-0012.NASL", "PHOTONOS_PHSA-2016-0012_LINUX.NASL", "PHOTONOS_PHSA-2017-0008.NASL", "PHOTONOS_PHSA-2017-0011.NASL", "PHOTONOS_PHSA-2017-0011_LINUX.NASL", "PHOTONOS_PHSA-2017-0014.NASL", "PHOTONOS_PHSA-2017-0014_LINUX.NASL", "PHOTONOS_PHSA-2017-0015.NASL", "PHOTONOS_PHSA-2017-0015_LINUX.NASL", "PHOTONOS_PHSA-2017-0016.NASL", "PHOTONOS_PHSA-2017-0016_LINUX.NASL", "REDHAT-RHSA-2017-0386.NASL", "REDHAT-RHSA-2017-0387.NASL", "REDHAT-RHSA-2017-0817.NASL", "REDHAT-RHSA-2017-0931.NASL", "REDHAT-RHSA-2017-0932.NASL", "REDHAT-RHSA-2017-0933.NASL", "REDHAT-RHSA-2017-1297.NASL", "REDHAT-RHSA-2017-1298.NASL", "REDHAT-RHSA-2017-1308.NASL", "REDHAT-RHSA-2017-1372.NASL", "REDHAT-RHSA-2017-1615.NASL", "REDHAT-RHSA-2017-1616.NASL", "REDHAT-RHSA-2017-1647.NASL", "REDHAT-RHSA-2017-1715.NASL", "REDHAT-RHSA-2017-1723.NASL", "REDHAT-RHSA-2017-1766.NASL", "REDHAT-RHSA-2017-1798.NASL", "REDHAT-RHSA-2017-1842.NASL", "REDHAT-RHSA-2017-2077.NASL", "REDHAT-RHSA-2017-2412.NASL", "REDHAT-RHSA-2017-2428.NASL", "REDHAT-RHSA-2017-2429.NASL", "REDHAT-RHSA-2017-2669.NASL", "REDHAT-RHSA-2017-2732.NASL", "REDHAT-RHSA-2018-0151.NASL", "REDHAT-RHSA-2018-0152.NASL", "REDHAT-RHSA-2018-0181.NASL", "REDHAT-RHSA-2018-1319.NASL", "REDHAT-RHSA-2018-1854.NASL", "SL_20170302_KERNEL_ON_SL7_X.NASL", "SL_20170412_KERNEL_ON_SL7_X.NASL", "SL_20170525_KERNEL_ON_SL7_X.NASL", "SL_20170531_KERNEL_ON_SL6_X.NASL", "SL_20170628_KERNEL_ON_SL7_X.NASL", "SL_20170711_KERNEL_ON_SL6_X.NASL", "SL_20170801_KERNEL_ON_SL7_X.NASL", "SL_20180125_KERNEL_ON_SL7_X.NASL", "SL_20180508_KERNEL_ON_SL6_X.NASL", "SL_20180619_KERNEL_ON_SL6_X.NASL", "SUSE_SU-2017-0181-1.NASL", "SUSE_SU-2017-0333-1.NASL", "SUSE_SU-2017-0437-1.NASL", "SUSE_SU-2017-0464-1.NASL", "SUSE_SU-2017-0471-1.NASL", "SUSE_SU-2017-0494-1.NASL", "SUSE_SU-2017-0517-1.NASL", "SUSE_SU-2017-0575-1.NASL", "SUSE_SU-2017-0769-1.NASL", "SUSE_SU-2017-0770-1.NASL", "SUSE_SU-2017-0771-1.NASL", "SUSE_SU-2017-0772-1.NASL", "SUSE_SU-2017-0780-1.NASL", "SUSE_SU-2017-1183-1.NASL", "SUSE_SU-2017-1247-1.NASL", "SUSE_SU-2017-1281-1.NASL", "SUSE_SU-2017-1301-1.NASL", "SUSE_SU-2017-1360-1.NASL", "SUSE_SU-2017-1853-1.NASL", "SUSE_SU-2017-2049-1.NASL", "SUSE_SU-2017-2060-1.NASL", "SUSE_SU-2017-2061-1.NASL", "SUSE_SU-2017-2072-1.NASL", "SUSE_SU-2017-2073-1.NASL", "SUSE_SU-2017-2088-1.NASL", "SUSE_SU-2017-2091-1.NASL", "SUSE_SU-2017-2092-1.NASL", "SUSE_SU-2017-2093-1.NASL", "SUSE_SU-2017-2095-1.NASL", "SUSE_SU-2017-2096-1.NASL", "SUSE_SU-2017-2098-1.NASL", "SUSE_SU-2017-2099-1.NASL", "SUSE_SU-2017-2100-1.NASL", "SUSE_SU-2017-2102-1.NASL", "SUSE_SU-2017-2103-1.NASL", "SUSE_SU-2017-2389-1.NASL", "SUSE_SU-2017-2475-1.NASL", "SUSE_SU-2017-2476-1.NASL", "SUSE_SU-2017-2497-1.NASL", "SUSE_SU-2017-2525-1.NASL", "SUSE_SU-2017-2775-1.NASL", "SUSE_SU-2017-2847-1.NASL", "SUSE_SU-2017-2869-1.NASL", "SUSE_SU-2017-2908-1.NASL", "SUSE_SU-2017-2920-1.NASL", "SUSE_SU-2017-3103-1.NASL", "SUSE_SU-2017-3117-1.NASL", "SUSE_SU-2017-3118-1.NASL", "SUSE_SU-2017-3119-1.NASL", "SUSE_SU-2017-3123-1.NASL", "SUSE_SU-2017-3124-1.NASL", "SUSE_SU-2017-3125-1.NASL", "SUSE_SU-2017-3127-1.NASL", "SUSE_SU-2017-3130-1.NASL", "SUSE_SU-2017-3131-1.NASL", "SUSE_SU-2017-3132-1.NASL", "SUSE_SU-2017-3145-1.NASL", "SUSE_SU-2017-3146-1.NASL", "SUSE_SU-2017-3147-1.NASL", "SUSE_SU-2017-3148-1.NASL", "SUSE_SU-2017-3149-1.NASL", "SUSE_SU-2017-3150-1.NASL", "SUSE_SU-2017-3151-1.NASL", "SUSE_SU-2017-3152-1.NASL", "SUSE_SU-2017-3153-1.NASL", "SUSE_SU-2017-3154-1.NASL", "SUSE_SU-2017-3157-1.NASL", "SUSE_SU-2017-3158-1.NASL", "SUSE_SU-2017-3160-1.NASL", "SUSE_SU-2017-3315-1.NASL", "SUSE_SU-2018-0011-1.NASL", "SUSE_SU-2018-0040-1.NASL", "SUSE_SU-2018-0562-1.NASL", "SUSE_SU-2018-0664-1.NASL", "SUSE_SU-2018-2332-1.NASL", "SUSE_SU-2018-2366-1.NASL", "SUSE_SU-2018-3746-1.NASL", "SUSE_SU-2019-1287-1.NASL", "SUSE_SU-2019-1289-1.NASL", "SUSE_SU-2019-13937-1.NASL", "UBUNTU_USN-3208-1.NASL", "UBUNTU_USN-3208-2.NASL", "UBUNTU_USN-3234-1.NASL", "UBUNTU_USN-3234-2.NASL", "UBUNTU_USN-3265-1.NASL", "UBUNTU_USN-3265-2.NASL", "UBUNTU_USN-3291-1.NASL", "UBUNTU_USN-3291-2.NASL", "UBUNTU_USN-3291-3.NASL", "UBUNTU_USN-3293-1.NASL", "UBUNTU_USN-3312-1.NASL", "UBUNTU_USN-3312-2.NASL", "UBUNTU_USN-3314-1.NASL", "UBUNTU_USN-3324-1.NASL", "UBUNTU_USN-3325-1.NASL", "UBUNTU_USN-3345-1.NASL", "UBUNTU_USN-3359-1.NASL", "UBUNTU_USN-3360-1.NASL", "UBUNTU_USN-3364-1.NASL", "UBUNTU_USN-3364-2.NASL", "UBUNTU_USN-3364-3.NASL", "UBUNTU_USN-3381-1.NASL", "UBUNTU_USN-3406-1.NASL", "UBUNTU_USN-3422-1.NASL", "UBUNTU_USN-3583-1.NASL", "UBUNTU_USN-3754-1.NASL", "UBUNTU_USN-4904-1.NASL", "VIRTUOZZO_VZA-2017-004.NASL", "VIRTUOZZO_VZA-2017-010.NASL", "VIRTUOZZO_VZA-2017-025.NASL", "VIRTUOZZO_VZA-2017-029.NASL", "VIRTUOZZO_VZA-2017-031.NASL", "VIRTUOZZO_VZA-2017-032.NASL", "VIRTUOZZO_VZA-2017-037.NASL", "VIRTUOZZO_VZA-2017-038.NASL", "VIRTUOZZO_VZA-2017-042.NASL", "VIRTUOZZO_VZA-2018-041.NASL", "VIRTUOZZO_VZLSA-2017-0386.NASL", "VIRTUOZZO_VZLSA-2017-0933.NASL", "VIRTUOZZO_VZLSA-2017-1308.NASL", "VIRTUOZZO_VZLSA-2017-1372.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310703791", "OPENVAS:1361412562310703804", "OPENVAS:1361412562310703886", "OPENVAS:1361412562310703945", "OPENVAS:1361412562310810159", "OPENVAS:1361412562310810170", "OPENVAS:1361412562310843061", "OPENVAS:1361412562310843062", "OPENVAS:1361412562310843095", "OPENVAS:1361412562310843096", "OPENVAS:1361412562310843139", "OPENVAS:1361412562310843140", "OPENVAS:1361412562310843164", "OPENVAS:1361412562310843165", "OPENVAS:1361412562310843175", "OPENVAS:1361412562310843176", "OPENVAS:1361412562310843198", "OPENVAS:1361412562310843199", "OPENVAS:1361412562310843200", "OPENVAS:1361412562310843210", "OPENVAS:1361412562310843220", "OPENVAS:1361412562310843234", "OPENVAS:1361412562310843247", "OPENVAS:1361412562310843249", "OPENVAS:1361412562310843250", "OPENVAS:1361412562310843252", "OPENVAS:1361412562310843254", "OPENVAS:1361412562310843255", "OPENVAS:1361412562310843273", "OPENVAS:1361412562310843297", "OPENVAS:1361412562310843312", "OPENVAS:1361412562310843461", "OPENVAS:1361412562310843628", "OPENVAS:1361412562310851449", "OPENVAS:1361412562310851489", "OPENVAS:1361412562310851506", "OPENVAS:1361412562310851513", "OPENVAS:1361412562310851515", "OPENVAS:1361412562310851516", "OPENVAS:1361412562310851529", "OPENVAS:1361412562310851530", "OPENVAS:1361412562310851544", "OPENVAS:1361412562310851548", "OPENVAS:1361412562310851566", "OPENVAS:1361412562310851632", "OPENVAS:1361412562310851638", "OPENVAS:1361412562310871768", "OPENVAS:1361412562310871796", "OPENVAS:1361412562310871823", "OPENVAS:1361412562310871827", "OPENVAS:1361412562310871838", "OPENVAS:1361412562310871842", "OPENVAS:1361412562310871855", "OPENVAS:1361412562310872105", "OPENVAS:1361412562310872111", "OPENVAS:1361412562310872115", "OPENVAS:1361412562310872292", "OPENVAS:1361412562310872293", "OPENVAS:1361412562310872320", "OPENVAS:1361412562310872326", "OPENVAS:1361412562310872344", "OPENVAS:1361412562310872370", "OPENVAS:1361412562310872371", "OPENVAS:1361412562310872383", "OPENVAS:1361412562310872391", "OPENVAS:1361412562310872392", "OPENVAS:1361412562310872432", "OPENVAS:1361412562310872433", "OPENVAS:1361412562310872473", "OPENVAS:1361412562310872476", "OPENVAS:1361412562310872547", "OPENVAS:1361412562310872548", "OPENVAS:1361412562310872568", "OPENVAS:1361412562310872569", "OPENVAS:1361412562310872575", "OPENVAS:1361412562310872578", "OPENVAS:1361412562310872626", "OPENVAS:1361412562310872634", "OPENVAS:1361412562310872640", "OPENVAS:1361412562310872655", "OPENVAS:1361412562310872656", "OPENVAS:1361412562310882673", "OPENVAS:1361412562310882694", "OPENVAS:1361412562310882725", "OPENVAS:1361412562310882728", "OPENVAS:1361412562310882747", "OPENVAS:1361412562310882752", "OPENVAS:1361412562310882836", "OPENVAS:1361412562310882875", "OPENVAS:1361412562310890833", "OPENVAS:1361412562310890849", "OPENVAS:1361412562310890922", "OPENVAS:1361412562310891099", "OPENVAS:1361412562311220171056", "OPENVAS:1361412562311220171057", "OPENVAS:1361412562311220171071", "OPENVAS:1361412562311220171072", "OPENVAS:1361412562311220171122", "OPENVAS:1361412562311220171123", "OPENVAS:1361412562311220171159", "OPENVAS:1361412562311220171271", "OPENVAS:1361412562311220191062", "OPENVAS:1361412562311220191450", "OPENVAS:1361412562311220191471", "OPENVAS:1361412562311220191472", "OPENVAS:1361412562311220191476", "OPENVAS:1361412562311220191478", "OPENVAS:1361412562311220191482", "OPENVAS:1361412562311220191484", "OPENVAS:1361412562311220191486", "OPENVAS:1361412562311220191491", "OPENVAS:1361412562311220191496", "OPENVAS:1361412562311220191502", "OPENVAS:1361412562311220191503", "OPENVAS:1361412562311220191504", "OPENVAS:1361412562311220191506", "OPENVAS:1361412562311220191508", "OPENVAS:1361412562311220191516", "OPENVAS:1361412562311220191517", "OPENVAS:1361412562311220191518", "OPENVAS:1361412562311220191519", "OPENVAS:1361412562311220191521", "OPENVAS:1361412562311220191522", "OPENVAS:1361412562311220191524", "OPENVAS:1361412562311220191525", "OPENVAS:1361412562311220191530", "OPENVAS:1361412562311220191532", "OPENVAS:1361412562311220191533", "OPENVAS:1361412562311220191536", "OPENVAS:1361412562311220192274", "OPENVAS:1361412562311220192353", "OPENVAS:1361412562311220192531", "OPENVAS:1361412562311220192599", "OPENVAS:1361412562311220192693", "OPENVAS:1361412562311220201269", "OPENVAS:703791", "OPENVAS:703804", "OPENVAS:703886"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-0386", "ELSA-2017-0386-1", "ELSA-2017-0933", "ELSA-2017-0933-1", "ELSA-2017-1308", "ELSA-2017-1308-1", "ELSA-2017-1372", "ELSA-2017-1615", "ELSA-2017-1615-1", "ELSA-2017-1723", "ELSA-2017-1842", "ELSA-2017-1842-1", "ELSA-2017-2412", "ELSA-2017-2801", "ELSA-2017-3514", "ELSA-2017-3533", "ELSA-2017-3534", "ELSA-2017-3535", "ELSA-2017-3539", "ELSA-2017-3565", "ELSA-2017-3566", "ELSA-2017-3567", "ELSA-2017-3576", "ELSA-2017-3589", "ELSA-2017-3590", "ELSA-2017-3591", "ELSA-2017-3595", "ELSA-2017-3597", "ELSA-2017-3605", "ELSA-2017-3606", "ELSA-2017-3607", "ELSA-2017-3609", "ELSA-2017-3635", "ELSA-2017-3636", "ELSA-2017-3640", "ELSA-2017-3651", "ELSA-2017-3657", "ELSA-2017-3658", "ELSA-2017-3659", "ELSA-2018-0151", "ELSA-2018-1319", "ELSA-2018-1854", "ELSA-2018-4021", "ELSA-2018-4071", "ELSA-2018-4161", "ELSA-2018-4164", "ELSA-2018-4172", "ELSA-2019-4702", "ELSA-2019-4732", "ELSA-2020-5671", "ELSA-2020-5866", "ELSA-2020-5879", "ELSA-2020-5881", "ELSA-2020-5936", "ELSA-2022-9852", "ELSA-2022-9969"]}, {"type": "osv", "idList": ["OSV:DLA-1099-1", "OSV:DLA-1200-1", "OSV:DLA-772-1", "OSV:DLA-833-1", "OSV:DLA-849-1", "OSV:DLA-922-1", "OSV:DLA-993-1", "OSV:DSA-3791-1", "OSV:DSA-3804-1", "OSV:DSA-3886-1", "OSV:DSA-3886-2", "OSV:DSA-3945-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:142871", "PACKETSTORM:142872"]}, {"type": "photon", "idList": ["PHSA-2016-0012", "PHSA-2017-0011", "PHSA-2017-0014", "PHSA-2017-0015", "PHSA-2017-0026", "PHSA-2017-0035", "PHSA-2017-0038", "PHSA-2017-0040", "PHSA-2017-0091", "PHSA-2018-0031", "PHSA-2019-0122", "PHSA-2019-0178"]}, {"type": "prion", "idList": ["PRION:CVE-2015-1350", "PRION:CVE-2016-10208", "PRION:CVE-2016-8405", "PRION:CVE-2016-8636", "PRION:CVE-2016-9083", "PRION:CVE-2016-9084", "PRION:CVE-2016-9191", "PRION:CVE-2016-9604", "PRION:CVE-2016-9755", "PRION:CVE-2017-15649", "PRION:CVE-2017-2583", "PRION:CVE-2017-2584", "PRION:CVE-2017-2596", "PRION:CVE-2017-2618", "PRION:CVE-2017-2671", "PRION:CVE-2017-5546", "PRION:CVE-2017-5549", "PRION:CVE-2017-5550", "PRION:CVE-2017-5551", "PRION:CVE-2017-5576", "PRION:CVE-2017-5669", "PRION:CVE-2017-5897", "PRION:CVE-2017-5970", "PRION:CVE-2017-6001", "PRION:CVE-2017-6214", "PRION:CVE-2017-6345", "PRION:CVE-2017-6346", "PRION:CVE-2017-6347", "PRION:CVE-2017-6348", "PRION:CVE-2017-7187", "PRION:CVE-2017-7261", "PRION:CVE-2017-7273", "PRION:CVE-2017-7472", "PRION:CVE-2017-7616", "PRION:CVE-2017-7618", "PRION:CVE-2017-7645", "PRION:CVE-2017-7889", "PRION:CVE-2017-7895", "PRION:CVE-2017-8924", "PRION:CVE-2017-8925", "PRION:CVE-2017-9150"]}, {"type": "redhat", "idList": ["RHSA-2017:0386", "RHSA-2017:0387", "RHSA-2017:0817", "RHSA-2017:0931", "RHSA-2017:0932", "RHSA-2017:0933", "RHSA-2017:1297", "RHSA-2017:1298", "RHSA-2017:1308", "RHSA-2017:1372", "RHSA-2017:1615", "RHSA-2017:1616", "RHSA-2017:1647", "RHSA-2017:1715", "RHSA-2017:1723", "RHSA-2017:1766", "RHSA-2017:1798", "RHSA-2017:1842", "RHSA-2017:2077", "RHSA-2017:2412", "RHSA-2017:2428", "RHSA-2017:2429", "RHSA-2017:2472", "RHSA-2017:2669", "RHSA-2017:2732", "RHSA-2018:0151", "RHSA-2018:0152", "RHSA-2018:0181", "RHSA-2018:1319", "RHSA-2018:1854"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-10208", "RH:CVE-2016-8405", "RH:CVE-2016-8636", "RH:CVE-2016-9191", "RH:CVE-2016-9604", "RH:CVE-2016-9755", "RH:CVE-2017-2583", "RH:CVE-2017-2584", "RH:CVE-2017-2596", "RH:CVE-2017-2618", "RH:CVE-2017-2671", "RH:CVE-2017-5546", "RH:CVE-2017-5549", "RH:CVE-2017-5550", "RH:CVE-2017-5551", "RH:CVE-2017-5576", "RH:CVE-2017-5669", "RH:CVE-2017-5897", "RH:CVE-2017-5970", "RH:CVE-2017-6001", "RH:CVE-2017-6214", "RH:CVE-2017-6345", "RH:CVE-2017-6346", "RH:CVE-2017-6347", "RH:CVE-2017-6348", "RH:CVE-2017-7187", "RH:CVE-2017-7261", "RH:CVE-2017-7273", "RH:CVE-2017-7472", "RH:CVE-2017-7616", "RH:CVE-2017-7618", "RH:CVE-2017-7645", "RH:CVE-2017-7889", "RH:CVE-2017-8924", "RH:CVE-2017-8925", "RH:CVE-2017-9150"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:3050-1", "OPENSUSE-SU-2016:3058-1", "OPENSUSE-SU-2017:0456-1", "OPENSUSE-SU-2017:0458-1", "OPENSUSE-SU-2017:0541-1", "OPENSUSE-SU-2017:0547-1", "OPENSUSE-SU-2017:0906-1", "OPENSUSE-SU-2017:0907-1", "OPENSUSE-SU-2017:1140-1", "OPENSUSE-SU-2017:1215-1", "OPENSUSE-SU-2017:1513-1", "OPENSUSE-SU-2017:2846-1", "OPENSUSE-SU-2017:2905-1", "SUSE-SU-2017:0181-1", "SUSE-SU-2017:0333-1", "SUSE-SU-2017:0407-1", "SUSE-SU-2017:0437-1", "SUSE-SU-2017:0464-1", "SUSE-SU-2017:0471-1", "SUSE-SU-2017:0494-1", "SUSE-SU-2017:0517-1", "SUSE-SU-2017:0575-1", "SUSE-SU-2017:0759-1", "SUSE-SU-2017:0760-1", "SUSE-SU-2017:0762-1", "SUSE-SU-2017:0763-1", "SUSE-SU-2017:0764-1", "SUSE-SU-2017:0766-1", "SUSE-SU-2017:0767-1", "SUSE-SU-2017:0768-1", "SUSE-SU-2017:0769-1", "SUSE-SU-2017:0770-1", "SUSE-SU-2017:0771-1", "SUSE-SU-2017:0772-1", "SUSE-SU-2017:0773-1", "SUSE-SU-2017:0774-1", "SUSE-SU-2017:0775-1", "SUSE-SU-2017:0776-1", "SUSE-SU-2017:0777-1", "SUSE-SU-2017:0778-1", "SUSE-SU-2017:0779-1", "SUSE-SU-2017:0780-1", "SUSE-SU-2017:0781-1", "SUSE-SU-2017:0786-1", "SUSE-SU-2017:1102-1", "SUSE-SU-2017:1183-1", "SUSE-SU-2017:1247-1", "SUSE-SU-2017:1281-1", "SUSE-SU-2017:1301-1", "SUSE-SU-2017:1360-1", "SUSE-SU-2017:1853-1", "SUSE-SU-2017:1990-1", "SUSE-SU-2017:2043-1", "SUSE-SU-2017:2046-1", "SUSE-SU-2017:2049-1", "SUSE-SU-2017:2060-1", "SUSE-SU-2017:2062-1", "SUSE-SU-2017:2064-1", "SUSE-SU-2017:2065-1", "SUSE-SU-2017:2066-1", "SUSE-SU-2017:2067-1", "SUSE-SU-2017:2070-1", "SUSE-SU-2017:2072-1", "SUSE-SU-2017:2088-1", "SUSE-SU-2017:2091-1", "SUSE-SU-2017:2092-1", "SUSE-SU-2017:2095-1", "SUSE-SU-2017:2096-1", "SUSE-SU-2017:2098-1", "SUSE-SU-2017:2099-1", "SUSE-SU-2017:2102-1", "SUSE-SU-2017:2103-1", "SUSE-SU-2017:2342-1", "SUSE-SU-2017:2389-1", "SUSE-SU-2017:2475-1", "SUSE-SU-2017:2476-1", "SUSE-SU-2017:2497-1", "SUSE-SU-2017:2525-1", "SUSE-SU-2017:2775-1", "SUSE-SU-2017:2847-1", "SUSE-SU-2017:2869-1", "SUSE-SU-2017:2908-1", "SUSE-SU-2017:2920-1", "SUSE-SU-2017:3072-1", "SUSE-SU-2017:3074-1", "SUSE-SU-2017:3076-1", "SUSE-SU-2017:3103-1", "SUSE-SU-2017:3116-1", "SUSE-SU-2017:3117-1", "SUSE-SU-2017:3118-1", "SUSE-SU-2017:3119-1", "SUSE-SU-2017:3120-1", "SUSE-SU-2017:3121-1", "SUSE-SU-2017:3122-1", "SUSE-SU-2017:3123-1", "SUSE-SU-2017:3124-1", "SUSE-SU-2017:3125-1", "SUSE-SU-2017:3126-1", "SUSE-SU-2017:3127-1", "SUSE-SU-2017:3128-1", "SUSE-SU-2017:3129-1", "SUSE-SU-2017:3130-1", "SUSE-SU-2017:3131-1", "SUSE-SU-2017:3132-1", "SUSE-SU-2017:3134-1", "SUSE-SU-2017:3136-1", "SUSE-SU-2017:3139-1", "SUSE-SU-2017:3145-1", "SUSE-SU-2017:3146-1", "SUSE-SU-2017:3147-1", "SUSE-SU-2017:3148-1", "SUSE-SU-2017:3149-1", "SUSE-SU-2017:3150-1", "SUSE-SU-2017:3151-1", "SUSE-SU-2017:3152-1", "SUSE-SU-2017:3153-1", "SUSE-SU-2017:3154-1", "SUSE-SU-2017:3156-1", "SUSE-SU-2017:3157-1", "SUSE-SU-2017:3158-1", "SUSE-SU-2017:3159-1", "SUSE-SU-2017:3160-1", "SUSE-SU-2017:3267-1", "SUSE-SU-2017:3315-1", "SUSE-SU-2018:0011-1", "SUSE-SU-2018:0040-1", "SUSE-SU-2018:0180-1", "SUSE-SU-2018:0562-1", "SUSE-SU-2018:0664-1"]}, {"type": "symantec", "idList": ["SMNTC-1404"]}, {"type": "ubuntu", "idList": ["USN-3208-1", "USN-3208-2", "USN-3234-1", "USN-3234-2", "USN-3265-1", "USN-3265-2", "USN-3291-1", "USN-3291-2", "USN-3291-3", "USN-3293-1", "USN-3312-1", "USN-3312-2", "USN-3314-1", "USN-3345-1", "USN-3359-1", "USN-3360-1", "USN-3360-2", "USN-3361-1", "USN-3364-1", "USN-3364-2", "USN-3364-3", "USN-3381-1", "USN-3381-2", "USN-3406-1", "USN-3406-2", "USN-3422-1", "USN-3422-2", "USN-3583-1", "USN-3583-2", "USN-3754-1", "USN-4904-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-1350", "UB:CVE-2016-10208", "UB:CVE-2016-6786", "UB:CVE-2016-8405", "UB:CVE-2016-8636", "UB:CVE-2016-9083", "UB:CVE-2016-9084", "UB:CVE-2016-9191", "UB:CVE-2016-9604", "UB:CVE-2016-9755", "UB:CVE-2017-15649", "UB:CVE-2017-2583", "UB:CVE-2017-2584", "UB:CVE-2017-2596", "UB:CVE-2017-2618", "UB:CVE-2017-2671", "UB:CVE-2017-5546", "UB:CVE-2017-5549", "UB:CVE-2017-5550", "UB:CVE-2017-5551", "UB:CVE-2017-5576", "UB:CVE-2017-5669", "UB:CVE-2017-5897", "UB:CVE-2017-5970", "UB:CVE-2017-6001", "UB:CVE-2017-6214", "UB:CVE-2017-6345", "UB:CVE-2017-6346", "UB:CVE-2017-6347", "UB:CVE-2017-6348", "UB:CVE-2017-7187", "UB:CVE-2017-7261", "UB:CVE-2017-7273", "UB:CVE-2017-7472", "UB:CVE-2017-7616", "UB:CVE-2017-7618", "UB:CVE-2017-7645", "UB:CVE-2017-7889", "UB:CVE-2017-7895", "UB:CVE-2017-8924", "UB:CVE-2017-8925", "UB:CVE-2017-9150"]}, {"type": "veracode", "idList": ["VERACODE:12423", "VERACODE:12427", "VERACODE:12506", "VERACODE:17719", "VERACODE:17861", "VERACODE:18129", "VERACODE:18131", "VERACODE:18219", "VERACODE:18220", "VERACODE:18237", "VERACODE:18240", "VERACODE:18241", "VERACODE:18243", "VERACODE:18245", "VERACODE:18246", "VERACODE:18248", "VERACODE:18250", "VERACODE:18251", "VERACODE:18890"]}, {"type": "virtuozzo", "idList": ["VZA-2017-004", "VZA-2017-010", "VZA-2017-024", "VZA-2017-025", "VZA-2017-029", "VZA-2017-030", "VZA-2017-031", "VZA-2017-032", "VZA-2017-036", "VZA-2017-037", "VZA-2017-038", "VZA-2017-042", "VZA-2018-040", "VZA-2018-041"]}, {"type": "zdt", "idList": ["1337DAY-ID-27913", "1337DAY-ID-27914"]}]}, "score": {"value": 8.8, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2017-811", "ALAS-2017-814", "ALAS-2017-828"]}, {"type": "androidsecurity", "idList": ["ANDROID:2017-09-01"]}, {"type": "archlinux", "idList": ["ASA-201701-32", "ASA-201701-35"]}, {"type": "centos", "idList": ["CESA-2017:0933", "CESA-2017:1372", "CESA-2017:1615", "CESA-2017:1723"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:4A4E5BB1A59DD906E5D792B48A62CB13", "CFOUNDRY:59BA3F002F833C86F9D716E2A3575DCB", "CFOUNDRY:DFAB11FD33D131C30AACDE9F4864FC0F", "CFOUNDRY:FC25CD097476B12ED115E08FD50F00D3"]}, {"type": "cve", "idList": ["CVE-2015-1350", "CVE-2016-10208", "CVE-2017-2583", "CVE-2017-2596", "CVE-2017-2671", "CVE-2017-5546", "CVE-2017-5549", "CVE-2017-5550", "CVE-2017-5576", "CVE-2017-5669", "CVE-2017-5897", "CVE-2017-5970", "CVE-2017-6001", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-6346", "CVE-2017-6347", "CVE-2017-6348", "CVE-2017-7187", "CVE-2017-7261", "CVE-2017-7273", "CVE-2017-7472", "CVE-2017-7616", "CVE-2017-7618", "CVE-2017-7889", "CVE-2017-8924", "CVE-2017-8925", "CVE-2017-9150"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1099-1:57108", "DEBIAN:DLA-1200-1:A0B61", "DEBIAN:DLA-849-1:12807", "DEBIAN:DLA-993-1:71AF5", "DEBIAN:DSA-3791-1:AE0FD", "DEBIAN:DSA-3804-1:E7F94", "DEBIAN:DSA-3886-1:F6458", "DEBIAN:DSA-3945-1:532A6"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2015-1350", "DEBIANCVE:CVE-2016-10208", "DEBIANCVE:CVE-2016-8405", "DEBIANCVE:CVE-2016-8636", "DEBIANCVE:CVE-2016-9083", "DEBIANCVE:CVE-2016-9084", "DEBIANCVE:CVE-2016-9191", "DEBIANCVE:CVE-2016-9604", "DEBIANCVE:CVE-2016-9755", "DEBIANCVE:CVE-2017-2583", "DEBIANCVE:CVE-2017-2584", "DEBIANCVE:CVE-2017-2596", "DEBIANCVE:CVE-2017-2618", "DEBIANCVE:CVE-2017-2671", "DEBIANCVE:CVE-2017-5546", "DEBIANCVE:CVE-2017-5549", "DEBIANCVE:CVE-2017-5550", "DEBIANCVE:CVE-2017-5551", "DEBIANCVE:CVE-2017-5576", "DEBIANCVE:CVE-2017-5669", "DEBIANCVE:CVE-2017-5897", "DEBIANCVE:CVE-2017-5970", "DEBIANCVE:CVE-2017-6001", "DEBIANCVE:CVE-2017-6214", "DEBIANCVE:CVE-2017-6345", "DEBIANCVE:CVE-2017-6346", "DEBIANCVE:CVE-2017-6347", "DEBIANCVE:CVE-2017-6348", "DEBIANCVE:CVE-2017-7187", "DEBIANCVE:CVE-2017-7261", "DEBIANCVE:CVE-2017-7273", "DEBIANCVE:CVE-2017-7472", "DEBIANCVE:CVE-2017-7616", "DEBIANCVE:CVE-2017-7618", "DEBIANCVE:CVE-2017-7645", "DEBIANCVE:CVE-2017-7889", "DEBIANCVE:CVE-2017-7895", "DEBIANCVE:CVE-2017-8924", "DEBIANCVE:CVE-2017-8925", "DEBIANCVE:CVE-2017-9150"]}, {"type": "exploitdb", "idList": ["EDB-ID:42136"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:8A56E1C4D18EC6E5D9443B5BD5864C74"]}, {"type": "f5", "idList": ["F5:K11023978", "F5:K31209433", "F5:K63771715", "F5:K81211720"]}, {"type": "fedora", "idList": ["FEDORA:042FF6294018", "FEDORA:0DC87601457E", "FEDORA:25B9E61491E0", "FEDORA:2AD3261A18E6", "FEDORA:2CC39660F53B", "FEDORA:3D3EF633571E", "FEDORA:4BDD56194B95", "FEDORA:4E39C608F49D", "FEDORA:50F586057156", "FEDORA:553DD615C92C", "FEDORA:56CBF60C3443", "FEDORA:5931760652B6", "FEDORA:5E6FC604AF75", "FEDORA:65FAD61713B3", "FEDORA:76A6A60C79DB", "FEDORA:79A0B6175384", "FEDORA:804CC6092211", "FEDORA:8CDBE6067306", "FEDORA:A5F35607D661", "FEDORA:B872461491E6", "FEDORA:BE101604CBF2", "FEDORA:C44336087E4E", "FEDORA:C8F1260321CA", "FEDORA:D6CE3608F49C", "FEDORA:D953C601BFE1", "FEDORA:E736B60877BC", "FEDORA:EEB386177DBB"]}, {"type": "ibm", "idList": ["475B1D5AA0EDB6A4A0012EA2C2D64B9388A6ACC5779414E8E1A98AC9B641F6AF", "6B8D264C112CFCDDCE94E39A330DF7082557BFFF177349A0F825B791060643AF"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/DEBIAN-CVE-2017-5669/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP1-CVE-2016-9604/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP1-CVE-2017-5669/"]}, {"type": "myhack58", "idList": ["MYHACK58:62201787550"]}, {"type": "nessus", "idList": ["ALA_ALAS-2017-811.NASL", "CENTOS_RHSA-2017-0933.NASL", "CENTOS_RHSA-2017-1372.NASL", "CENTOS_RHSA-2017-1615.NASL", "DEBIAN_DLA-849.NASL", "DEBIAN_DLA-993.NASL", "DEBIAN_DSA-3791.NASL", "DEBIAN_DSA-3804.NASL", "DEBIAN_DSA-3886.NASL", "FEDORA_2016-96D276367E.NASL", "FEDORA_2017-0054C7B1F0.NASL", "FEDORA_2017-02174DF32F.NASL", "FEDORA_2017-2E1F3694B2.NASL", "FEDORA_2017-387FF46A66.NASL", "FEDORA_2017-392B319BB5.NASL", "FEDORA_2017-3A9EC92DD6.NASL", "FEDORA_2017-472052EBE5.NASL", "FEDORA_2017-502CF68D68.NASL", "FEDORA_2017-6CC158C193.NASL", "FEDORA_2017-787BC0D5B4.NASL", "FEDORA_2017-81FBD592D4.NASL", "FEDORA_2017-92D84F68CF.NASL", "FEDORA_2017-93DEC9EBA5.NASL", "FEDORA_2017-AD67543FC5.NASL", "FEDORA_2017-D875AE8299.NASL", "FEDORA_2017-FB89CA752A.NASL", "OPENSUSE-2017-286.NASL", "OPENSUSE-2017-287.NASL", "OPENSUSE-2017-666.NASL", "ORACLELINUX_ELSA-2017-0933-1.NASL", "ORACLELINUX_ELSA-2017-0933.NASL", "ORACLELINUX_ELSA-2017-1372.NASL", "ORACLELINUX_ELSA-2017-1615-1.NASL", "ORACLELINUX_ELSA-2017-1615.NASL", "ORACLELINUX_ELSA-2017-3565.NASL", "ORACLELINUX_ELSA-2017-3576.NASL", "ORACLEVM_OVMSA-2017-0104.NASL", "REDHAT-RHSA-2017-0931.NASL", "REDHAT-RHSA-2017-0932.NASL", "REDHAT-RHSA-2017-0933.NASL", "REDHAT-RHSA-2017-1372.NASL", "REDHAT-RHSA-2017-1615.NASL", "REDHAT-RHSA-2017-1616.NASL", "REDHAT-RHSA-2017-1647.NASL", "SL_20170412_KERNEL_ON_SL7_X.NASL", "SL_20170531_KERNEL_ON_SL6_X.NASL", "SL_20170628_KERNEL_ON_SL7_X.NASL", "SUSE_SU-2017-0517-1.NASL", "SUSE_SU-2017-0769-1.NASL", "SUSE_SU-2017-0770-1.NASL", "SUSE_SU-2017-0771-1.NASL", "SUSE_SU-2017-0772-1.NASL", "SUSE_SU-2017-0780-1.NASL", "SUSE_SU-2017-1281-1.NASL", "SUSE_SU-2018-0040-1.NASL", "SUSE_SU-2019-1287-1.NASL", "SUSE_SU-2019-1289-1.NASL", "UBUNTU_USN-3208-1.NASL", "UBUNTU_USN-3208-2.NASL", "UBUNTU_USN-3234-1.NASL", "UBUNTU_USN-3234-2.NASL", "UBUNTU_USN-3291-1.NASL", "UBUNTU_USN-3291-2.NASL", "UBUNTU_USN-3291-3.NASL", "UBUNTU_USN-3293-1.NASL", "UBUNTU_USN-3314-1.NASL", "UBUNTU_USN-3324-1.NASL", "UBUNTU_USN-3325-1.NASL", "UBUNTU_USN-3345-1.NASL", "UBUNTU_USN-3583-1.NASL", "UBUNTU_USN-4904-1.NASL", "VIRTUOZZO_VZA-2017-004.NASL", "VIRTUOZZO_VZA-2017-010.NASL", "VIRTUOZZO_VZA-2017-037.NASL", "VIRTUOZZO_VZA-2017-038.NASL", "VIRTUOZZO_VZA-2017-042.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310843461", "OPENVAS:1361412562310872105", "OPENVAS:1361412562310872111", "OPENVAS:1361412562310872115", "OPENVAS:1361412562310891099"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-0933", "ELSA-2017-0933-1", "ELSA-2017-1372", "ELSA-2017-1615", "ELSA-2017-1615-1", "ELSA-2017-2801", "ELSA-2017-3565", "ELSA-2017-3576", "ELSA-2017-3589", "ELSA-2017-3591"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:142871", "PACKETSTORM:142872"]}, {"type": "photon", "idList": ["PHSA-2017-0014", "PHSA-2017-0026", "PHSA-2017-0035", "PHSA-2017-0038", "PHSA-2017-0040"]}, {"type": "redhat", "idList": ["RHSA-2017:0931", "RHSA-2017:0932", "RHSA-2017:1615", "RHSA-2017:1616", "RHSA-2017:1647"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-10208", "RH:CVE-2016-8405", "RH:CVE-2016-8636", "RH:CVE-2016-9191", "RH:CVE-2016-9604", "RH:CVE-2016-9755", "RH:CVE-2017-2583", "RH:CVE-2017-2584", "RH:CVE-2017-2596", "RH:CVE-2017-2618", "RH:CVE-2017-2671", "RH:CVE-2017-5546", "RH:CVE-2017-5549", "RH:CVE-2017-5550", "RH:CVE-2017-5576", "RH:CVE-2017-5669", "RH:CVE-2017-5897", "RH:CVE-2017-5970", "RH:CVE-2017-6001", "RH:CVE-2017-6214", "RH:CVE-2017-6345", "RH:CVE-2017-6346", "RH:CVE-2017-6347", "RH:CVE-2017-6348", "RH:CVE-2017-7187", "RH:CVE-2017-7261", "RH:CVE-2017-7273", "RH:CVE-2017-7472", "RH:CVE-2017-7616", "RH:CVE-2017-7618", "RH:CVE-2017-7645", "RH:CVE-2017-7889", "RH:CVE-2017-8924", "RH:CVE-2017-8925", "RH:CVE-2017-9150"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:0541-1", "OPENSUSE-SU-2017:0547-1", "OPENSUSE-SU-2017:1513-1", "SUSE-SU-2017:0517-1", "SUSE-SU-2017:0759-1", "SUSE-SU-2017:0760-1", "SUSE-SU-2017:0762-1", "SUSE-SU-2017:0763-1", "SUSE-SU-2017:0764-1", "SUSE-SU-2017:0766-1", "SUSE-SU-2017:0767-1", "SUSE-SU-2017:0768-1", "SUSE-SU-2017:0769-1", "SUSE-SU-2017:0770-1", "SUSE-SU-2017:0771-1", "SUSE-SU-2017:0772-1", "SUSE-SU-2017:0773-1", "SUSE-SU-2017:0774-1", "SUSE-SU-2017:0775-1", "SUSE-SU-2017:0776-1", "SUSE-SU-2017:0777-1", "SUSE-SU-2017:0778-1", "SUSE-SU-2017:0779-1", "SUSE-SU-2017:0780-1", "SUSE-SU-2017:0781-1", "SUSE-SU-2017:0786-1", "SUSE-SU-2017:1281-1", "SUSE-SU-2018:0040-1", "SUSE-SU-2018:0562-1"]}, {"type": "symantec", "idList": ["SMNTC-1404"]}, {"type": "ubuntu", "idList": ["USN-3208-2", "USN-3265-2", "USN-3291-1", "USN-3291-3", "USN-3314-1", "USN-3381-1", "USN-3381-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-10208", "UB:CVE-2016-8405", "UB:CVE-2016-8636", "UB:CVE-2016-9191", "UB:CVE-2016-9604", "UB:CVE-2016-9755", "UB:CVE-2017-2583", "UB:CVE-2017-2584", "UB:CVE-2017-2596", "UB:CVE-2017-2618", "UB:CVE-2017-2671", "UB:CVE-2017-5546", "UB:CVE-2017-5549", "UB:CVE-2017-5550", "UB:CVE-2017-5576", "UB:CVE-2017-5669", "UB:CVE-2017-5897", "UB:CVE-2017-5970", "UB:CVE-2017-6001", "UB:CVE-2017-6214", "UB:CVE-2017-6345", "UB:CVE-2017-6346", "UB:CVE-2017-6347", "UB:CVE-2017-6348", "UB:CVE-2017-7187", "UB:CVE-2017-7261", "UB:CVE-2017-7273", "UB:CVE-2017-7472", "UB:CVE-2017-7616", "UB:CVE-2017-7618", "UB:CVE-2017-7645", "UB:CVE-2017-7889", "UB:CVE-2017-7895", "UB:CVE-2017-8924", "UB:CVE-2017-8925", "UB:CVE-2017-9150"]}, {"type": "virtuozzo", "idList": ["VZA-2017-004", "VZA-2017-010", "VZA-2017-029", "VZA-2017-030", "VZA-2017-031", "VZA-2017-032", "VZA-2017-036", "VZA-2017-037", "VZA-2017-038", "VZA-2017-042"]}, {"type": "zdt", "idList": ["1337DAY-ID-27913"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2015-1350", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2016-10208", "epss": 0.00062, "percentile": 0.24605, "modified": "2023-05-06"}, {"cve": "CVE-2016-8405", "epss": 0.00079, "percentile": 0.32435, "modified": "2023-05-06"}, {"cve": "CVE-2016-8636", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2016-9083", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2016-9084", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2016-9191", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2016-9604", "epss": 0.00049, "percentile": 0.15325, "modified": "2023-05-06"}, {"cve": "CVE-2016-9755", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2017-2583", "epss": 0.00181, "percentile": 0.53796, "modified": "2023-05-06"}, {"cve": "CVE-2017-2584", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2017-2596", "epss": 0.00062, "percentile": 0.24605, "modified": "2023-05-06"}, {"cve": "CVE-2017-2618", "epss": 0.00045, "percentile": 0.12286, "modified": "2023-05-06"}, {"cve": "CVE-2017-2671", "epss": 0.00045, "percentile": 0.12489, "modified": "2023-05-06"}, {"cve": "CVE-2017-5546", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2017-5549", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2017-5550", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2017-5551", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2017-5576", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2017-5669", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2017-5897", "epss": 0.02027, "percentile": 0.87207, "modified": "2023-05-06"}, {"cve": "CVE-2017-5970", "epss": 0.00663, "percentile": 0.76657, "modified": "2023-05-06"}, {"cve": "CVE-2017-6001", "epss": 0.00107, "percentile": 0.42111, "modified": "2023-05-06"}, {"cve": "CVE-2017-6214", "epss": 0.02496, "percentile": 0.88489, "modified": "2023-05-06"}, {"cve": "CVE-2017-6345", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2017-6346", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2017-6347", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2017-6348", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2017-7187", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2017-7261", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2017-7273", "epss": 0.00062, "percentile": 0.24605, "modified": "2023-05-06"}, {"cve": "CVE-2017-7472", "epss": 0.00043, "percentile": 0.07492, "modified": "2023-05-06"}, {"cve": "CVE-2017-7616", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2017-7618", "epss": 0.00186, "percentile": 0.54355, "modified": "2023-05-06"}, {"cve": "CVE-2017-7645", "epss": 0.13403, "percentile": 0.94714, "modified": "2023-05-06"}, {"cve": "CVE-2017-7889", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2017-7895", "epss": 0.92105, "percentile": 0.98424, "modified": "2023-05-06"}, {"cve": "CVE-2017-8924", "epss": 0.00064, "percentile": 0.26028, "modified": "2023-05-06"}, {"cve": "CVE-2017-8925", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2017-9150", "epss": 0.00076, "percentile": 0.30875, "modified": "2023-05-06"}], "vulnersScore": 8.8}, "_state": {"dependencies": 1702069560, "score": 1702068971, "epss": 0}, "_internal": {"score_hash": "953d80032fe03e1e03f3cd85baa7bd9e"}, "pluginID": "101929", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3361-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101929);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/23\");\n\n script_cve_id(\n \"CVE-2015-1350\",\n \"CVE-2016-10208\",\n \"CVE-2016-8405\",\n \"CVE-2016-8636\",\n \"CVE-2016-9083\",\n \"CVE-2016-9084\",\n \"CVE-2016-9191\",\n \"CVE-2016-9604\",\n \"CVE-2016-9755\",\n \"CVE-2017-2583\",\n \"CVE-2017-2584\",\n \"CVE-2017-2596\",\n \"CVE-2017-2618\",\n \"CVE-2017-2671\",\n \"CVE-2017-5546\",\n \"CVE-2017-5549\",\n \"CVE-2017-5550\",\n \"CVE-2017-5551\",\n \"CVE-2017-5576\",\n \"CVE-2017-5669\",\n \"CVE-2017-5897\",\n \"CVE-2017-5970\",\n \"CVE-2017-6001\",\n \"CVE-2017-6214\",\n \"CVE-2017-6345\",\n \"CVE-2017-6346\",\n \"CVE-2017-6347\",\n \"CVE-2017-6348\",\n \"CVE-2017-7187\",\n \"CVE-2017-7261\",\n \"CVE-2017-7273\",\n \"CVE-2017-7472\",\n \"CVE-2017-7616\",\n \"CVE-2017-7618\",\n \"CVE-2017-7645\",\n \"CVE-2017-7889\",\n \"CVE-2017-7895\",\n \"CVE-2017-8924\",\n \"CVE-2017-8925\",\n \"CVE-2017-9150\"\n );\n script_xref(name:\"USN\", value:\"3361-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerabilities (USN-3361-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"USN-3358-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04.\nThis update provides the corresponding updates for the Linux Hardware\nEnablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Please\nnote that this update changes the Linux HWE kernel to the 4.10 based\nkernel from Ubuntu 17.04, superseding the 4.8 based HWE kernel from\nUbuntu 16.10.\n\nBen Harris discovered that the Linux kernel would strip extended\nprivilege attributes of files when performing a failed unprivileged\nsystem call. A local attacker could use this to cause a denial of\nservice. (CVE-2015-1350)\n\nRalf Spenneberg discovered that the ext4 implementation in the Linux\nkernel did not properly validate meta block groups. An attacker with\nphysical access could use this to specially craft an ext4 image that\ncauses a denial of service (system crash). (CVE-2016-10208)\n\nPeter Pi discovered that the colormap handling for frame buffer\ndevices in the Linux kernel contained an integer overflow. A local\nattacker could use this to disclose sensitive information (kernel\nmemory). (CVE-2016-8405)\n\nIt was discovered that an integer overflow existed in the InfiniBand\nRDMA over ethernet (RXE) transport implementation in the Linux kernel.\nA local attacker could use this to cause a denial of service (system\ncrash) or possibly execute arbitrary code. (CVE-2016-8636)\n\nVlad Tsyrklevich discovered an integer overflow vulnerability in the\nVFIO PCI driver for the Linux kernel. A local attacker with access to\na vfio PCI device file could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2016-9083,\nCVE-2016-9084)\n\nCAI Qian discovered that the sysctl implementation in the Linux kernel\ndid not properly perform reference counting in some situations. An\nunprivileged attacker could use this to cause a denial of service\n(system hang). (CVE-2016-9191)\n\nIt was discovered that the keyring implementation in the Linux kernel\nin some situations did not prevent special internal keyrings from\nbeing joined by userspace keyrings. A privileged local attacker could\nuse this to bypass module verification. (CVE-2016-9604)\n\nDmitry Vyukov, Andrey Konovalov, Florian Westphal, and Eric Dumazet\ndiscovered that the netfiler subsystem in the Linux kernel mishandled\nIPv6 packet reassembly. A local user could use this to cause a denial\nof service (system crash) or possibly execute arbitrary code.\n(CVE-2016-9755)\n\nAndy Lutomirski and Willy Tarreau discovered that the KVM\nimplementation in the Linux kernel did not properly emulate\ninstructions on the SS segment register. A local attacker in a guest\nvirtual machine could use this to cause a denial of service (guest OS\ncrash) or possibly gain administrative privileges in the guest OS.\n(CVE-2017-2583)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux\nkernel improperly emulated certain instructions. A local attacker\ncould use this to obtain sensitive information (kernel memory).\n(CVE-2017-2584)\n\nDmitry Vyukov discovered that KVM implementation in the Linux kernel\nimproperly emulated the VMXON instruction. A local attacker in a guest\nOS could use this to cause a denial of service (memory consumption) in\nthe host OS. (CVE-2017-2596)\n\nIt was discovered that SELinux in the Linux kernel did not properly\nhandle empty writes to /proc/pid/attr. A local attacker could use this\nto cause a denial of service (system crash). (CVE-2017-2618)\n\nDaniel Jiang discovered that a race condition existed in the ipv4 ping\nsocket implementation in the Linux kernel. A local privileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2017-2671)\n\nIt was discovered that the freelist-randomization in the SLAB memory\nallocator allowed duplicate freelist entries. A local attacker could\nuse this to cause a denial of service (system crash). (CVE-2017-5546)\n\nIt was discovered that the KLSI KL5KUSB105 serial-to-USB device driver\nin the Linux kernel did not properly initialize memory related to\nlogging. A local attacker could use this to expose sensitive\ninformation (kernel memory). (CVE-2017-5549)\n\nIt was discovered that a fencepost error existed in the pipe_advance()\nfunction in the Linux kernel. A local attacker could use this to\nexpose sensitive information (kernel memory). (CVE-2017-5550)\n\nIt was discovered that the Linux kernel did not clear the setgid bit\nduring a setxattr call on a tmpfs filesystem. A local attacker could\nuse this to gain elevated group privileges. (CVE-2017-5551)\n\nMurray McAllister discovered that an integer overflow existed in the\nVideoCore DRM driver of the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2017-5576)\n\nGareth Evans discovered that the shm IPC subsystem in the Linux kernel\ndid not properly restrict mapping page zero. A local privileged\nattacker could use this to execute arbitrary code. (CVE-2017-5669)\n\nAndrey Konovalov discovered an out-of-bounds access in the IPv6\nGeneric Routing Encapsulation (GRE) tunneling implementation in the\nLinux kernel. An attacker could use this to possibly expose sensitive\ninformation. (CVE-2017-5897)\n\nAndrey Konovalov discovered that the IPv4 implementation in the Linux\nkernel did not properly handle invalid IP options in some situations.\nAn attacker could use this to cause a denial of service or possibly\nexecute arbitrary code. (CVE-2017-5970)\n\nDi Shen discovered that a race condition existed in the perf subsystem\nof the Linux kernel. A local attacker could use this to cause a denial\nof service or possibly gain administrative privileges. (CVE-2017-6001)\n\nDmitry Vyukov discovered that the Linux kernel did not properly handle\nTCP packets with the URG flag. A remote attacker could use this to\ncause a denial of service. (CVE-2017-6214)\n\nAndrey Konovalov discovered that the LLC subsytem in the Linux kernel\ndid not properly set up a destructor in certain situations. A local\nattacker could use this to cause a denial of service (system crash).\n(CVE-2017-6345)\n\nIt was discovered that a race condition existed in the AF_PACKET\nhandling code in the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2017-6346)\n\nAndrey Konovalov discovered that the IP layer in the Linux kernel made\nimproper assumptions about internal data layout when performing\nchecksums. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2017-6347)\n\nDmitry Vyukov discovered race conditions in the Infrared (IrDA)\nsubsystem in the Linux kernel. A local attacker could use this to\ncause a denial of service (deadlock). (CVE-2017-6348)\n\nDmitry Vyukov discovered that the generic SCSI (sg) subsystem in the\nLinux kernel contained a stack-based buffer overflow. A local attacker\nwith access to an sg device could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2017-7187)\n\nIt was discovered that a NULL pointer dereference existed in the\nDirect Rendering Manager (DRM) driver for VMware devices in the Linux\nkernel. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2017-7261)\n\nIt was discovered that the USB Cypress HID drivers for the Linux\nkernel did not properly validate reported information from the device.\nAn attacker with physical access could use this to expose sensitive\ninformation (kernel memory). (CVE-2017-7273)\n\nEric Biggers discovered a memory leak in the keyring implementation in\nthe Linux kernel. A local attacker could use this to cause a denial of\nservice (memory consumption). (CVE-2017-7472)\n\nIt was discovered that an information leak existed in the\nset_mempolicy and mbind compat syscalls in the Linux kernel. A local\nattacker could use this to expose sensitive information (kernel\nmemory). (CVE-2017-7616)\n\nSabrina Dubroca discovered that the asynchronous cryptographic hash\n(ahash) implementation in the Linux kernel did not properly handle a\nfull request queue. A local attacker could use this to cause a denial\nof service (infinite recursion). (CVE-2017-7618)\n\nTuomas Haanpaa and Ari Kauppi discovered that the NFSv2 and NFSv3\nserver implementations in the Linux kernel did not properly handle\ncertain long RPC replies. A remote attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-7645)\n\nTommi Rantala and Brad Spengler discovered that the memory manager in\nthe Linux kernel did not properly enforce the CONFIG_STRICT_DEVMEM\nprotection mechanism. A local attacker with access to /dev/mem could\nuse this to expose sensitive information or possibly execute arbitrary\ncode. (CVE-2017-7889)\n\nTuomas Haanpaa and Ari Kauppi discovered that the NFSv2 and NFSv3\nserver implementations in the Linux kernel did not properly check for\nthe end of buffer. A remote attacker could use this to craft requests\nthat cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2017-7895)\n\nIt was discovered that an integer underflow existed in the Edgeport\nUSB Serial Converter device driver of the Linux kernel. An attacker\nwith physical access could use this to expose sensitive information\n(kernel memory). (CVE-2017-8924)\n\nIt was discovered that the USB ZyXEL omni.net LCD PLUS driver in the\nLinux kernel did not properly perform reference counting. A local\nattacker could use this to cause a denial of service (tty exhaustion).\n(CVE-2017-8925)\n\nJann Horn discovered that bpf in Linux kernel does not restrict the\noutput of the print_bpf_insn function. A local attacker could use this\nto obtain sensitive address information. (CVE-2017-9150).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-3361-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7895\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10.0-27-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10.0-27-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10.0-27-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '16.04': {\n '4.10.0': {\n 'generic': '4.10.0-27',\n 'generic-lpae': '4.10.0-27',\n 'lowlatency': '4.10.0-27'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-3361-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2015-1350', 'CVE-2016-8405', 'CVE-2016-8636', 'CVE-2016-9083', 'CVE-2016-9084', 'CVE-2016-9191', 'CVE-2016-9604', 'CVE-2016-9755', 'CVE-2016-10208', 'CVE-2017-2583', 'CVE-2017-2584', 'CVE-2017-2596', 'CVE-2017-2618', 'CVE-2017-2671', 'CVE-2017-5546', 'CVE-2017-5549', 'CVE-2017-5550', 'CVE-2017-5551', 'CVE-2017-5576', 'CVE-2017-5669', 'CVE-2017-5897', 'CVE-2017-5970', 'CVE-2017-6001', 'CVE-2017-6214', 'CVE-2017-6345', 'CVE-2017-6346', 'CVE-2017-6347', 'CVE-2017-6348', 'CVE-2017-7187', 'CVE-2017-7261', 'CVE-2017-7273', 'CVE-2017-7472', 'CVE-2017-7616', 'CVE-2017-7618', 'CVE-2017-7645', 'CVE-2017-7889', 'CVE-2017-7895', 'CVE-2017-8924', 'CVE-2017-8925', 'CVE-2017-9150');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-3361-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "naslFamily": "Ubuntu Local Security Checks", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10.0-27-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10.0-27-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10.0-27-lowlatency", "cpe:/o:canonical:ubuntu_linux:16.04:-:lts"], "solution": "Update the affected kernel package.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2017-7895", "vendor_cvss2": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "vendor_cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "Medium", "score": "6.7"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2017-07-21T00:00:00", "vulnerabilityPublicationDate": "2016-05-02T00:00:00", "exploitableWith": []}

{"ubuntu": [{"lastseen": "2023-12-08T18:08:12", "description": "## Releases\n\n * Ubuntu 16.04 ESM\n\n## Packages\n\n * linux-hwe \\- Linux hardware enablement (HWE) kernel\n\nUSN-3358-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. \nThis update provides the corresponding updates for the Linux Hardware \nEnablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Please \nnote that this update changes the Linux HWE kernel to the 4.10 based \nkernel from Ubuntu 17.04, superseding the 4.8 based HWE kernel from \nUbuntu 16.10.\n\nBen Harris discovered that the Linux kernel would strip extended privilege \nattributes of files when performing a failed unprivileged system call. A \nlocal attacker could use this to cause a denial of service. (CVE-2015-1350)\n\nRalf Spenneberg discovered that the ext4 implementation in the Linux kernel \ndid not properly validate meta block groups. An attacker with physical \naccess could use this to specially craft an ext4 image that causes a denial \nof service (system crash). (CVE-2016-10208)\n\nPeter Pi discovered that the colormap handling for frame buffer devices in \nthe Linux kernel contained an integer overflow. A local attacker could use \nthis to disclose sensitive information (kernel memory). (CVE-2016-8405)\n\nIt was discovered that an integer overflow existed in the InfiniBand RDMA \nover ethernet (RXE) transport implementation in the Linux kernel. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2016-8636)\n\nVlad Tsyrklevich discovered an integer overflow vulnerability in the VFIO \nPCI driver for the Linux kernel. A local attacker with access to a vfio PCI \ndevice file could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2016-9083, CVE-2016-9084)\n\nCAI Qian discovered that the sysctl implementation in the Linux kernel did \nnot properly perform reference counting in some situations. An unprivileged \nattacker could use this to cause a denial of service (system hang). \n(CVE-2016-9191)\n\nIt was discovered that the keyring implementation in the Linux kernel in \nsome situations did not prevent special internal keyrings from being joined \nby userspace keyrings. A privileged local attacker could use this to bypass \nmodule verification. (CVE-2016-9604)\n\nDmitry Vyukov, Andrey Konovalov, Florian Westphal, and Eric Dumazet \ndiscovered that the netfiler subsystem in the Linux kernel mishandled IPv6 \npacket reassembly. A local user could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2016-9755)\n\nAndy Lutomirski and Willy Tarreau discovered that the KVM implementation in \nthe Linux kernel did not properly emulate instructions on the SS segment \nregister. A local attacker in a guest virtual machine could use this to \ncause a denial of service (guest OS crash) or possibly gain administrative \nprivileges in the guest OS. (CVE-2017-2583)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux kernel \nimproperly emulated certain instructions. A local attacker could use this \nto obtain sensitive information (kernel memory). (CVE-2017-2584)\n\nDmitry Vyukov discovered that KVM implementation in the Linux kernel \nimproperly emulated the VMXON instruction. A local attacker in a guest OS \ncould use this to cause a denial of service (memory consumption) in the \nhost OS. (CVE-2017-2596)\n\nIt was discovered that SELinux in the Linux kernel did not properly handle \nempty writes to /proc/pid/attr. A local attacker could use this to cause a \ndenial of service (system crash). (CVE-2017-2618)\n\nDaniel Jiang discovered that a race condition existed in the ipv4 ping \nsocket implementation in the Linux kernel. A local privileged attacker \ncould use this to cause a denial of service (system crash). (CVE-2017-2671)\n\nIt was discovered that the freelist-randomization in the SLAB memory \nallocator allowed duplicate freelist entries. A local attacker could use \nthis to cause a denial of service (system crash). (CVE-2017-5546)\n\nIt was discovered that the KLSI KL5KUSB105 serial-to-USB device driver in \nthe Linux kernel did not properly initialize memory related to logging. A \nlocal attacker could use this to expose sensitive information (kernel \nmemory). (CVE-2017-5549)\n\nIt was discovered that a fencepost error existed in the pipe_advance() \nfunction in the Linux kernel. A local attacker could use this to expose \nsensitive information (kernel memory). (CVE-2017-5550)\n\nIt was discovered that the Linux kernel did not clear the setgid bit during \na setxattr call on a tmpfs filesystem. A local attacker could use this to \ngain elevated group privileges. (CVE-2017-5551)\n\nMurray McAllister discovered that an integer overflow existed in the \nVideoCore DRM driver of the Linux kernel. A local attacker could use this \nto cause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2017-5576)\n\nGareth Evans discovered that the shm IPC subsystem in the Linux kernel did \nnot properly restrict mapping page zero. A local privileged attacker could \nuse this to execute arbitrary code. (CVE-2017-5669)\n\nAndrey Konovalov discovered an out-of-bounds access in the IPv6 Generic \nRouting Encapsulation (GRE) tunneling implementation in the Linux kernel. \nAn attacker could use this to possibly expose sensitive information. \n(CVE-2017-5897)\n\nAndrey Konovalov discovered that the IPv4 implementation in the Linux \nkernel did not properly handle invalid IP options in some situations. An \nattacker could use this to cause a denial of service or possibly execute \narbitrary code. (CVE-2017-5970)\n\nDi Shen discovered that a race condition existed in the perf subsystem of \nthe Linux kernel. A local attacker could use this to cause a denial of \nservice or possibly gain administrative privileges. (CVE-2017-6001)\n\nDmitry Vyukov discovered that the Linux kernel did not properly handle TCP \npackets with the URG flag. A remote attacker could use this to cause a \ndenial of service. (CVE-2017-6214)\n\nAndrey Konovalov discovered that the LLC subsytem in the Linux kernel did \nnot properly set up a destructor in certain situations. A local attacker \ncould use this to cause a denial of service (system crash). (CVE-2017-6345)\n\nIt was discovered that a race condition existed in the AF_PACKET handling \ncode in the Linux kernel. A local attacker could use this to cause a denial \nof service (system crash) or possibly execute arbitrary code. \n(CVE-2017-6346)\n\nAndrey Konovalov discovered that the IP layer in the Linux kernel made \nimproper assumptions about internal data layout when performing checksums. \nA local attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. (CVE-2017-6347)\n\nDmitry Vyukov discovered race conditions in the Infrared (IrDA) subsystem \nin the Linux kernel. A local attacker could use this to cause a denial of \nservice (deadlock). (CVE-2017-6348)\n\nDmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux \nkernel contained a stack-based buffer overflow. A local attacker with \naccess to an sg device could use this to cause a denial of service (system \ncrash) or possibly execute arbitrary code. (CVE-2017-7187)\n\nIt was discovered that a NULL pointer dereference existed in the Direct \nRendering Manager (DRM) driver for VMWare devices in the Linux kernel. A \nlocal attacker could use this to cause a denial of service (system crash). \n(CVE-2017-7261)\n\nIt was discovered that the USB Cypress HID drivers for the Linux kernel did \nnot properly validate reported information from the device. An attacker \nwith physical access could use this to expose sensitive information (kernel \nmemory). (CVE-2017-7273)\n\nEric Biggers discovered a memory leak in the keyring implementation in the \nLinux kernel. A local attacker could use this to cause a denial of service \n(memory consumption). (CVE-2017-7472)\n\nIt was discovered that an information leak existed in the set_mempolicy and \nmbind compat syscalls in the Linux kernel. A local attacker could use this \nto expose sensitive information (kernel memory). (CVE-2017-7616)\n\nSabrina Dubroca discovered that the asynchronous cryptographic hash (ahash) \nimplementation in the Linux kernel did not properly handle a full request \nqueue. A local attacker could use this to cause a denial of service \n(infinite recursion). (CVE-2017-7618)\n\nTuomas Haanp\u00e4\u00e4 and Ari Kauppi discovered that the NFSv2 and NFSv3 server \nimplementations in the Linux kernel did not properly handle certain long \nRPC replies. A remote attacker could use this to cause a denial of service \n(system crash). (CVE-2017-7645)\n\nTommi Rantala and Brad Spengler discovered that the memory manager in the \nLinux kernel did not properly enforce the CONFIG_STRICT_DEVMEM protection \nmechanism. A local attacker with access to /dev/mem could use this to \nexpose sensitive information or possibly execute arbitrary code. \n(CVE-2017-7889)\n\nTuomas Haanp\u00e4\u00e4 and Ari Kauppi discovered that the NFSv2 and NFSv3 server \nimplementations in the Linux kernel did not properly check for the end of \nbuffer. A remote attacker could use this to craft requests that cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2017-7895)\n\nIt was discovered that an integer underflow existed in the Edgeport USB \nSerial Converter device driver of the Linux kernel. An attacker with \nphysical access could use this to expose sensitive information (kernel \nmemory). (CVE-2017-8924)\n\nIt was discovered that the USB ZyXEL omni.net LCD PLUS driver in the Linux \nkernel did not properly perform reference counting. A local attacker could \nuse this to cause a denial of service (tty exhaustion). (CVE-2017-8925)\n\nJann Horn discovered that bpf in Linux kernel does not restrict the output \nof the print_bpf_insn function. A local attacker could use this to obtain \nsensitive address information. (CVE-2017-9150)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-07-21T00:00:00", "type": "ubuntu", "title": "Linux kernel (HWE) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1350", "CVE-2016-10208", "CVE-2016-8405", "CVE-2016-8636", "CVE-2016-9083", "CVE-2016-9084", "CVE-2016-9191", "CVE-2016-9604", "CVE-2016-9755", "CVE-2017-2583", "CVE-2017-2584", "CVE-2017-2596", "CVE-2017-2618", "CVE-2017-2671", "CVE-2017-5546", "CVE-2017-5549", "CVE-2017-5550", "CVE-2017-5551", "CVE-2017-5576", "CVE-2017-5669", "CVE-2017-5897", "CVE-2017-5970", "CVE-2017-6001", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-6346", "CVE-2017-6347", "CVE-2017-6348", "CVE-2017-7187", "CVE-2017-7261", "CVE-2017-7273", "CVE-2017-7472", "CVE-2017-7616", "CVE-2017-7618", "CVE-2017-7645", "CVE-2017-7889", "CVE-2017-7895", "CVE-2017-8924", "CVE-2017-8925", "CVE-2017-9150"], "modified": "2017-07-21T00:00:00", "id": "USN-3361-1", "href": "https://ubuntu.com/security/notices/USN-3361-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-08T18:20:08", "description": "## Releases\n\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * linux-lts-xenial \\- Linux hardware enablement kernel from Xenial for Trusty\n\nUSN-3312-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu \n14.04 LTS.\n\nIt was discovered that the netfilter netlink implementation in the Linux \nkernel did not properly validate batch messages. A local attacker with the \nCAP_NET_ADMIN capability could use this to expose sensitive information or \ncause a denial of service. (CVE-2016-7917)\n\nQian Zhang discovered a heap-based buffer overflow in the tipc_msg_build() \nfunction in the Linux kernel. A local attacker could use to cause a denial \nof service (system crash) or possibly execute arbitrary code with \nadministrative privileges. (CVE-2016-8632)\n\nIt was discovered that the keyring implementation in the Linux kernel in \nsome situations did not prevent special internal keyrings from being joined \nby userspace keyrings. A privileged local attacker could use this to bypass \nmodule verification. (CVE-2016-9604)\n\nIt was discovered that a buffer overflow existed in the trace subsystem in \nthe Linux kernel. A privileged local attacker could use this to execute \narbitrary code. (CVE-2017-0605)\n\nDmitry Vyukov discovered that KVM implementation in the Linux kernel \nimproperly emulated the VMXON instruction. A local attacker in a guest OS \ncould use this to cause a denial of service (memory consumption) in the \nhost OS. (CVE-2017-2596)\n\nDaniel Jiang discovered that a race condition existed in the ipv4 ping \nsocket implementation in the Linux kernel. A local privileged attacker \ncould use this to cause a denial of service (system crash). (CVE-2017-2671)\n\nDi Shen discovered that a race condition existed in the perf subsystem of \nthe Linux kernel. A local attacker could use this to cause a denial of \nservice or possibly gain administrative privileges. (CVE-2017-6001)\n\nEric Biggers discovered a memory leak in the keyring implementation in the \nLinux kernel. A local attacker could use this to cause a denial of service \n(memory consumption). (CVE-2017-7472)\n\nSabrina Dubroca discovered that the asynchronous cryptographic hash (ahash) \nimplementation in the Linux kernel did not properly handle a full request \nqueue. A local attacker could use this to cause a denial of service \n(infinite recursion). (CVE-2017-7618)\n\nTuomas Haanp\u00e4\u00e4 and Ari Kauppi discovered that the NFSv2 and NFSv3 server \nimplementations in the Linux kernel did not properly handle certain long \nRPC replies. A remote attacker could use this to cause a denial of service \n(system crash). (CVE-2017-7645)\n\nTommi Rantala and Brad Spengler discovered that the memory manager in the \nLinux kernel did not properly enforce the CONFIG_STRICT_DEVMEM protection \nmechanism. A local attacker with access to /dev/mem could use this to \nexpose sensitive information or possibly execute arbitrary code. \n(CVE-2017-7889)\n\nTuomas Haanp\u00e4\u00e4 and Ari Kauppi discovered that the NFSv2 and NFSv3 server \nimplementations in the Linux kernel did not properly check for the end of \nbuffer. A remote attacker could use this to craft requests that cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2017-7895)\n\nIt was discovered that a use-after-free vulnerability existed in the device \ndriver for XCeive xc2028/xc3028 tuners in the Linux kernel. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2016-7913)\n\nVlad Tsyrklevich discovered an integer overflow vulnerability in the VFIO \nPCI driver for the Linux kernel. A local attacker with access to a vfio PCI \ndevice file could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2016-9083, CVE-2016-9084)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-06-07T00:00:00", "type": "ubuntu", "title": "Linux kernel (Xenial HWE) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7913", "CVE-2016-7917", "CVE-2016-8632", "CVE-2016-9083", "CVE-2016-9084", "CVE-2016-9604", "CVE-2017-0605", "CVE-2017-2596", "CVE-2017-2671", "CVE-2017-6001", "CVE-2017-7472", "CVE-2017-7618", "CVE-2017-7645", "CVE-2017-7889", "CVE-2017-7895"], "modified": "2017-06-07T00:00:00", "id": "USN-3312-2", "href": "https://ubuntu.com/security/notices/USN-3312-2", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-08T18:20:09", "description": "## Releases\n\n * Ubuntu 16.04 ESM\n\n## Packages\n\n * linux \\- Linux kernel\n * linux-aws \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-gke \\- Linux kernel for Google Container Engine (GKE) systems\n * linux-raspi2 \\- Linux kernel for Raspberry Pi 2\n * linux-snapdragon \\- Linux kernel for Snapdragon Processors\n\nIt was discovered that the netfilter netlink implementation in the Linux \nkernel did not properly validate batch messages. A local attacker with the \nCAP_NET_ADMIN capability could use this to expose sensitive information or \ncause a denial of service. (CVE-2016-7917)\n\nQian Zhang discovered a heap-based buffer overflow in the tipc_msg_build() \nfunction in the Linux kernel. A local attacker could use to cause a denial \nof service (system crash) or possibly execute arbitrary code with \nadministrative privileges. (CVE-2016-8632)\n\nIt was discovered that the keyring implementation in the Linux kernel in \nsome situations did not prevent special internal keyrings from being joined \nby userspace keyrings. A privileged local attacker could use this to bypass \nmodule verification. (CVE-2016-9604)\n\nIt was discovered that a buffer overflow existed in the trace subsystem in \nthe Linux kernel. A privileged local attacker could use this to execute \narbitrary code. (CVE-2017-0605)\n\nDmitry Vyukov discovered that KVM implementation in the Linux kernel \nimproperly emulated the VMXON instruction. A local attacker in a guest OS \ncould use this to cause a denial of service (memory consumption) in the \nhost OS. (CVE-2017-2596)\n\nDaniel Jiang discovered that a race condition existed in the ipv4 ping \nsocket implementation in the Linux kernel. A local privileged attacker \ncould use this to cause a denial of service (system crash). (CVE-2017-2671)\n\nDi Shen discovered that a race condition existed in the perf subsystem of \nthe Linux kernel. A local attacker could use this to cause a denial of \nservice or possibly gain administrative privileges. (CVE-2017-6001)\n\nEric Biggers discovered a memory leak in the keyring implementation in the \nLinux kernel. A local attacker could use this to cause a denial of service \n(memory consumption). (CVE-2017-7472)\n\nSabrina Dubroca discovered that the asynchronous cryptographic hash (ahash) \nimplementation in the Linux kernel did not properly handle a full request \nqueue. A local attacker could use this to cause a denial of service \n(infinite recursion). (CVE-2017-7618)\n\nTuomas Haanp\u00e4\u00e4 and Ari Kauppi discovered that the NFSv2 and NFSv3 server \nimplementations in the Linux kernel did not properly handle certain long \nRPC replies. A remote attacker could use this to cause a denial of service \n(system crash). (CVE-2017-7645)\n\nTommi Rantala and Brad Spengler discovered that the memory manager in the \nLinux kernel did not properly enforce the CONFIG_STRICT_DEVMEM protection \nmechanism. A local attacker with access to /dev/mem could use this to \nexpose sensitive information or possibly execute arbitrary code. \n(CVE-2017-7889)\n\nTuomas Haanp\u00e4\u00e4 and Ari Kauppi discovered that the NFSv2 and NFSv3 server \nimplementations in the Linux kernel did not properly check for the end of \nbuffer. A remote attacker could use this to craft requests that cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2017-7895)\n\nIt was discovered that a use-after-free vulnerability existed in the device \ndriver for XCeive xc2028/xc3028 tuners in the Linux kernel. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2016-7913)\n\nVlad Tsyrklevich discovered an integer overflow vulnerability in the VFIO \nPCI driver for the Linux kernel. A local attacker with access to a vfio PCI \ndevice file could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2016-9083, CVE-2016-9084)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-06-07T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7913", "CVE-2016-7917", "CVE-2016-8632", "CVE-2016-9083", "CVE-2016-9084", "CVE-2016-9604", "CVE-2017-0605", "CVE-2017-2596", "CVE-2017-2671", "CVE-2017-6001", "CVE-2017-7472", "CVE-2017-7618", "CVE-2017-7645", "CVE-2017-7889", "CVE-2017-7895"], "modified": "2017-06-07T00:00:00", "id": "USN-3312-1", "href": "https://ubuntu.com/security/notices/USN-3312-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-06T16:13:45", "description": "## Releases\n\n * Ubuntu 16.04 ESM\n\n## Packages\n\n * linux \\- Linux kernel\n * linux-aws \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-gke \\- Linux kernel for Google Container Engine (GKE) systems\n * linux-raspi2 \\- Linux kernel for Raspberry Pi 2\n * linux-snapdragon \\- Linux kernel for Snapdragon Processors\n\nIt was discovered that a use-after-free flaw existed in the filesystem \nencryption subsystem in the Linux kernel. A local attacker could use this \nto cause a denial of service (system crash). (CVE-2017-7374)\n\nAndrey Konovalov discovered an out-of-bounds access in the IPv6 Generic \nRouting Encapsulation (GRE) tunneling implementation in the Linux kernel. \nAn attacker could use this to possibly expose sensitive information. \n(CVE-2017-5897)\n\nAndrey Konovalov discovered that the IPv4 implementation in the Linux \nkernel did not properly handle invalid IP options in some situations. An \nattacker could use this to cause a denial of service or possibly execute \narbitrary code. (CVE-2017-5970)\n\nGareth Evans discovered that the shm IPC subsystem in the Linux kernel did \nnot properly restrict mapping page zero. A local privileged attacker could \nuse this to execute arbitrary code. (CVE-2017-5669)\n\nAlexander Popov discovered that a race condition existed in the Stream \nControl Transmission Protocol (SCTP) implementation in the Linux kernel. A \nlocal attacker could use this to cause a denial of service (system crash). \n(CVE-2017-5986)\n\nDmitry Vyukov discovered that the Linux kernel did not properly handle TCP \npackets with the URG flag. A remote attacker could use this to cause a \ndenial of service. (CVE-2017-6214)\n\nAndrey Konovalov discovered that the LLC subsytem in the Linux kernel did \nnot properly set up a destructor in certain situations. A local attacker \ncould use this to cause a denial of service (system crash). (CVE-2017-6345)\n\nIt was discovered that a race condition existed in the AF_PACKET handling \ncode in the Linux kernel. A local attacker could use this to cause a denial \nof service (system crash) or possibly execute arbitrary code. \n(CVE-2017-6346)\n\nAndrey Konovalov discovered that the IP layer in the Linux kernel made \nimproper assumptions about internal data layout when performing checksums. \nA local attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. (CVE-2017-6347)\n\nDmitry Vyukov discovered race conditions in the Infrared (IrDA) subsystem \nin the Linux kernel. A local attacker could use this to cause a denial of \nservice (deadlock). (CVE-2017-6348)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-04-25T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5669", "CVE-2017-5897", "CVE-2017-5970", "CVE-2017-5986", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-6346", "CVE-2017-6347", "CVE-2017-6348", "CVE-2017-7374"], "modified": "2017-04-25T00:00:00", "id": "USN-3265-1", "href": "https://ubuntu.com/security/notices/USN-3265-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T16:13:43", "description": "## Releases\n\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * linux-lts-xenial \\- Linux hardware enablement kernel from Xenial for Trusty\n\nUSN-3265-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu \n14.04 LTS.\n\nIt was discovered that a use-after-free flaw existed in the filesystem \nencryption subsystem in the Linux kernel. A local attacker could use this \nto cause a denial of service (system crash). (CVE-2017-7374)\n\nAndrey Konovalov discovered an out-of-bounds access in the IPv6 Generic \nRouting Encapsulation (GRE) tunneling implementation in the Linux kernel. \nAn attacker could use this to possibly expose sensitive information. \n(CVE-2017-5897)\n\nAndrey Konovalov discovered that the IPv4 implementation in the Linux \nkernel did not properly handle invalid IP options in some situations. An \nattacker could use this to cause a denial of service or possibly execute \narbitrary code. (CVE-2017-5970)\n\nGareth Evans discovered that the shm IPC subsystem in the Linux kernel did \nnot properly restrict mapping page zero. A local privileged attacker could \nuse this to execute arbitrary code. (CVE-2017-5669)\n\nAlexander Popov discovered that a race condition existed in the Stream \nControl Transmission Protocol (SCTP) implementation in the Linux kernel. A \nlocal attacker could use this to cause a denial of service (system crash). \n(CVE-2017-5986)\n\nDmitry Vyukov discovered that the Linux kernel did not properly handle TCP \npackets with the URG flag. A remote attacker could use this to cause a \ndenial of service. (CVE-2017-6214)\n\nAndrey Konovalov discovered that the LLC subsytem in the Linux kernel did \nnot properly set up a destructor in certain situations. A local attacker \ncould use this to cause a denial of service (system crash). (CVE-2017-6345)\n\nIt was discovered that a race condition existed in the AF_PACKET handling \ncode in the Linux kernel. A local attacker could use this to cause a denial \nof service (system crash) or possibly execute arbitrary code. \n(CVE-2017-6346)\n\nAndrey Konovalov discovered that the IP layer in the Linux kernel made \nimproper assumptions about internal data layout when performing checksums. \nA local attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. (CVE-2017-6347)\n\nDmitry Vyukov discovered race conditions in the Infrared (IrDA) subsystem \nin the Linux kernel. A local attacker could use this to cause a denial of \nservice (deadlock). (CVE-2017-6348)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-04-25T00:00:00", "type": "ubuntu", "title": "Linux kernel (Xenial HWE) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5669", "CVE-2017-5897", "CVE-2017-5970", "CVE-2017-5986", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-6346", "CVE-2017-6347", "CVE-2017-6348", "CVE-2017-7374"], "modified": "2017-04-25T00:00:00", "id": "USN-3265-2", "href": "https://ubuntu.com/security/notices/USN-3265-2", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-10-20T17:56:48", "description": "## Releases\n\n * Ubuntu 16.10 \n\n## Packages\n\n * linux \\- Linux kernel\n * linux-raspi2 \\- Linux kernel for Raspberry Pi 2\n\nIt was discovered that the Linux kernel did not properly initialize a Wake- \non-Lan data structure. A local attacker could use this to expose sensitive \ninformation (kernel memory). (CVE-2014-9900)\n\nDmitry Vyukov, Andrey Konovalov, Florian Westphal, and Eric Dumazet \ndiscovered that the netfiler subsystem in the Linux kernel mishandled IPv6 \npacket reassembly. A local user could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2016-9755)\n\nAlexander Potapenko discovered a race condition in the Advanced Linux Sound \nArchitecture (ALSA) subsystem in the Linux kernel. A local attacker could \nuse this to expose sensitive information (kernel memory). \n(CVE-2017-1000380)\n\nIt was discovered that the Linux kernel did not clear the setgid bit during \na setxattr call on a tmpfs filesystem. A local attacker could use this to \ngain elevated group privileges. (CVE-2017-5551)\n\nMurray McAllister discovered that an integer overflow existed in the \nVideoCore DRM driver of the Linux kernel. A local attacker could use this \nto cause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2017-5576)\n\nLi Qiang discovered that the DRM driver for VMware Virtual GPUs in the \nLinux kernel did not properly validate some ioctl arguments. A local \nattacker could use this to cause a denial of service (system crash). \n(CVE-2017-7346)\n\nTuomas Haanp\u00e4\u00e4 and Ari Kauppi discovered that the NFSv2 and NFSv3 server \nimplementations in the Linux kernel did not properly check for the end of \nbuffer. A remote attacker could use this to craft requests that cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2017-7895)\n\nIt was discovered that an integer underflow existed in the Edgeport USB \nSerial Converter device driver of the Linux kernel. An attacker with \nphysical access could use this to expose sensitive information (kernel \nmemory). (CVE-2017-8924)\n\nIt was discovered that the USB ZyXEL omni.net LCD PLUS driver in the Linux \nkernel did not properly perform reference counting. A local attacker could \nuse this to cause a denial of service (tty exhaustion). (CVE-2017-8925)\n\nJann Horn discovered that bpf in Linux kernel does not restrict the output \nof the print_bpf_insn function. A local attacker could use this to obtain \nsensitive address information. (CVE-2017-9150)\n\nMurray McAllister discovered that the DRM driver for VMware Virtual GPUs in \nthe Linux kernel did not properly initialize memory. A local attacker could \nuse this to expose sensitive information (kernel memory). (CVE-2017-9605)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-07-20T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9900", "CVE-2016-9755", "CVE-2017-1000380", "CVE-2017-5551", "CVE-2017-5576", "CVE-2017-7346", "CVE-2017-7895", "CVE-2017-8924", "CVE-2017-8925", "CVE-2017-9150", "CVE-2017-9605"], "modified": "2017-07-20T00:00:00", "id": "USN-3359-1", "href": "https://ubuntu.com/security/notices/USN-3359-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-10-20T17:55:42", "description": "## Releases\n\n * Ubuntu 12.04 \n\n## Packages\n\n * linux-lts-trusty \\- Linux hardware enablement kernel from Trusty for Precise ESM\n\nUSN-3422-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu \n12.04 LTS.\n\nIt was discovered that a buffer overflow existed in the Bluetooth stack of \nthe Linux kernel when handling L2CAP configuration responses. A physically \nproximate attacker could use this to cause a denial of service (system \ncrash). (CVE-2017-1000251)\n\nIt was discovered that the asynchronous I/O (aio) subsystem of the Linux \nkernel did not properly set permissions on aio memory mappings in some \nsituations. An attacker could use this to more easily exploit other \nvulnerabilities. (CVE-2016-10044)\n\nBaozeng Ding and Andrey Konovalov discovered a race condition in the L2TPv3 \nIP Encapsulation implementation in the Linux kernel. A local attacker could \nuse this to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2016-10200)\n\nAndreas Gruenbacher and Jan Kara discovered that the filesystem \nimplementation in the Linux kernel did not clear the setgid bit during a \nsetxattr call. A local attacker could use this to possibly elevate group \nprivileges. (CVE-2016-7097)\n\nSergej Schumilo, Ralf Spenneberg, and Hendrik Schwartke discovered that the \nkey management subsystem in the Linux kernel did not properly allocate \nmemory in some situations. A local attacker could use this to cause a \ndenial of service (system crash). (CVE-2016-8650)\n\nVlad Tsyrklevich discovered an integer overflow vulnerability in the VFIO \nPCI driver for the Linux kernel. A local attacker with access to a vfio PCI \ndevice file could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2016-9083, CVE-2016-9084)\n\nIt was discovered that an information leak existed in __get_user_asm_ex() \nin the Linux kernel. A local attacker could use this to expose sensitive \ninformation. (CVE-2016-9178)\n\nCAI Qian discovered that the sysctl implementation in the Linux kernel did \nnot properly perform reference counting in some situations. An unprivileged \nattacker could use this to cause a denial of service (system hang). \n(CVE-2016-9191)\n\nIt was discovered that the keyring implementation in the Linux kernel in \nsome situations did not prevent special internal keyrings from being joined \nby userspace keyrings. A privileged local attacker could use this to bypass \nmodule verification. (CVE-2016-9604)\n\nIt was discovered that an integer overflow existed in the trace subsystem \nof the Linux kernel. A local privileged attacker could use this to cause a \ndenial of service (system crash). (CVE-2016-9754)\n\nAndrey Konovalov discovered that the IPv4 implementation in the Linux \nkernel did not properly handle invalid IP options in some situations. An \nattacker could use this to cause a denial of service or possibly execute \narbitrary code. (CVE-2017-5970)\n\nDmitry Vyukov discovered that the Linux kernel did not properly handle TCP \npackets with the URG flag. A remote attacker could use this to cause a \ndenial of service. (CVE-2017-6214)\n\nIt was discovered that a race condition existed in the AF_PACKET handling \ncode in the Linux kernel. A local attacker could use this to cause a denial \nof service (system crash) or possibly execute arbitrary code. \n(CVE-2017-6346)\n\nIt was discovered that the keyring implementation in the Linux kernel did \nnot properly restrict searches for dead keys. A local attacker could use \nthis to cause a denial of service (system crash). (CVE-2017-6951)\n\nDmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux \nkernel contained a stack-based buffer overflow. A local attacker with \naccess to an sg device could use this to cause a denial of service (system \ncrash) or possibly execute arbitrary code. (CVE-2017-7187)\n\nEric Biggers discovered a memory leak in the keyring implementation in the \nLinux kernel. A local attacker could use this to cause a denial of service \n(memory consumption). (CVE-2017-7472)\n\nIt was discovered that a buffer overflow existed in the Broadcom FullMAC \nWLAN driver in the Linux kernel. A local attacker could use this to cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2017-7541)\n", "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.0, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-18T00:00:00", "type": "ubuntu", "title": "Linux kernel (Trusty HWE) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 5.1, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.7, "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10044", "CVE-2016-10200", "CVE-2016-7097", "CVE-2016-8650", "CVE-2016-9083", "CVE-2016-9084", "CVE-2016-9178", "CVE-2016-9191", "CVE-2016-9604", "CVE-2016-9754", "CVE-2017-1000251", "CVE-2017-5970", "CVE-2017-6214", "CVE-2017-6346", "CVE-2017-6951", "CVE-2017-7187", "CVE-2017-7472", "CVE-2017-7541"], "modified": "2017-09-18T00:00:00", "id": "USN-3422-2", "href": "https://ubuntu.com/security/notices/USN-3422-2", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-10-20T17:57:29", "description": "## Releases\n\n * Ubuntu 17.04 \n\n## Packages\n\n * linux \\- Linux kernel\n * linux-raspi2 \\- Linux kernel for Raspberry Pi 2\n\nIt was discovered that the keyring implementation in the Linux kernel in \nsome situations did not prevent special internal keyrings from being joined \nby userspace keyrings. A privileged local attacker could use this to bypass \nmodule verification. (CVE-2016-9604)\n\nIt was discovered that a buffer overflow existed in the trace subsystem in \nthe Linux kernel. A privileged local attacker could use this to execute \narbitrary code. (CVE-2017-0605)\n\nDaniel Jiang discovered that a race condition existed in the ipv4 ping \nsocket implementation in the Linux kernel. A local privileged attacker \ncould use this to cause a denial of service (system crash). (CVE-2017-2671)\n\nJongHwan Kim discovered an out-of-bounds read in the TCP stack of the Linux \nkernel. A local attacker could use this to cause a denial of service \n(system crash) or leak sensitive information. (CVE-2017-7277)\n\nEric Biggers discovered a memory leak in the keyring implementation in the \nLinux kernel. A local attacker could use this to cause a denial of service \n(memory consumption). (CVE-2017-7472)\n\nSabrina Dubroca discovered that the asynchronous cryptographic hash (ahash) \nimplementation in the Linux kernel did not properly handle a full request \nqueue. A local attacker could use this to cause a denial of service \n(infinite recursion). (CVE-2017-7618)\n\nTuomas Haanp\u00e4\u00e4 and Ari Kauppi discovered that the NFSv2 and NFSv3 server \nimplementations in the Linux kernel did not properly handle certain long \nRPC replies. A remote attacker could use this to cause a denial of service \n(system crash). (CVE-2017-7645)\n\nTommi Rantala and Brad Spengler discovered that the memory manager in the \nLinux kernel did not properly enforce the CONFIG_STRICT_DEVMEM protection \nmechanism. A local attacker with access to /dev/mem could use this to \nexpose sensitive information or possibly execute arbitrary code. \n(CVE-2017-7889)\n\nTuomas Haanp\u00e4\u00e4 and Ari Kauppi discovered that the NFSv2 and NFSv3 server \nimplementations in the Linux kernel did not properly check for the end of \nbuffer. A remote attacker could use this to craft requests that cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2017-7895)\n\nFabian Gr\u00fcnbichler discovered that the Packet action API implementation in \nthe Linux kernel improperly handled uninitialized data. A local attacker \ncould use this to cause a denial of service (system crash) or possibly \nexecute arbitrary code. (CVE-2017-7979)\n\nIt was discovered that the Conexant USB driver in the Linux kernel \nimproperly handled memory in some configurations. A local attacker could \nuse this to cause a denial of service (system crash). (CVE-2017-8063)\n\nIt was discovered that the DVD USB framework in the Linux kernel improperly \nhandled memory in some configurations. A local attacker could use this to \ncause a denial of service (system crash). (CVE-2017-8064)\n\nIt was discovered that the virtio console driver in the Linux kernel \nimproperly handled memory. A local attacker could use this to cause a \ndenial of service (system crash). (CVE-2017-8067)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-06-07T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9604", "CVE-2017-0605", "CVE-2017-2671", "CVE-2017-7277", "CVE-2017-7472", "CVE-2017-7618", "CVE-2017-7645", "CVE-2017-7889", "CVE-2017-7895", "CVE-2017-7979", "CVE-2017-8063", "CVE-2017-8064", "CVE-2017-8067"], "modified": "2017-06-07T00:00:00", "id": "USN-3314-1", "href": "https://ubuntu.com/security/notices/USN-3314-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-06T15:42:52", "description": "## Releases\n\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * linux \\- Linux kernel\n\nIt was discovered that a buffer overflow existed in the Bluetooth stack of \nthe Linux kernel when handling L2CAP configuration responses. A physically \nproximate attacker could use this to cause a denial of service (system \ncrash). (CVE-2017-1000251)\n\nIt was discovered that the asynchronous I/O (aio) subsystem of the Linux \nkernel did not properly set permissions on aio memory mappings in some \nsituations. An attacker could use this to more easily exploit other \nvulnerabilities. (CVE-2016-10044)\n\nBaozeng Ding and Andrey Konovalov discovered a race condition in the L2TPv3 \nIP Encapsulation implementation in the Linux kernel. A local attacker could \nuse this to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2016-10200)\n\nAndreas Gruenbacher and Jan Kara discovered that the filesystem \nimplementation in the Linux kernel did not clear the setgid bit during a \nsetxattr call. A local attacker could use this to possibly elevate group \nprivileges. (CVE-2016-7097)\n\nSergej Schumilo, Ralf Spenneberg, and Hendrik Schwartke discovered that the \nkey management subsystem in the Linux kernel did not properly allocate \nmemory in some situations. A local attacker could use this to cause a \ndenial of service (system crash). (CVE-2016-8650)\n\nVlad Tsyrklevich discovered an integer overflow vulnerability in the VFIO \nPCI driver for the Linux kernel. A local attacker with access to a vfio PCI \ndevice file could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2016-9083, CVE-2016-9084)\n\nIt was discovered that an information leak existed in __get_user_asm_ex() \nin the Linux kernel. A local attacker could use this to expose sensitive \ninformation. (CVE-2016-9178)\n\nCAI Qian discovered that the sysctl implementation in the Linux kernel did \nnot properly perform reference counting in some situations. An unprivileged \nattacker could use this to cause a denial of service (system hang). \n(CVE-2016-9191)\n\nIt was discovered that the keyring implementation in the Linux kernel in \nsome situations did not prevent special internal keyrings from being joined \nby userspace keyrings. A privileged local attacker could use this to bypass \nmodule verification. (CVE-2016-9604)\n\nIt was discovered that an integer overflow existed in the trace subsystem \nof the Linux kernel. A local privileged attacker could use this to cause a \ndenial of service (system crash). (CVE-2016-9754)\n\nAndrey Konovalov discovered that the IPv4 implementation in the Linux \nkernel did not properly handle invalid IP options in some situations. An \nattacker could use this to cause a denial of service or possibly execute \narbitrary code. (CVE-2017-5970)\n\nDmitry Vyukov discovered that the Linux kernel did not properly handle TCP \npackets with the URG flag. A remote attacker could use this to cause a \ndenial of service. (CVE-2017-6214)\n\nIt was discovered that a race condition existed in the AF_PACKET handling \ncode in the Linux kernel. A local attacker could use this to cause a denial \nof service (system crash) or possibly execute arbitrary code. \n(CVE-2017-6346)\n\nIt was discovered that the keyring implementation in the Linux kernel did \nnot properly restrict searches for dead keys. A local attacker could use \nthis to cause a denial of service (system crash). (CVE-2017-6951)\n\nDmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux \nkernel contained a stack-based buffer overflow. A local attacker with \naccess to an sg device could use this to cause a denial of service (system \ncrash) or possibly execute arbitrary code. (CVE-2017-7187)\n\nEric Biggers discovered a memory leak in the keyring implementation in the \nLinux kernel. A local attacker could use this to cause a denial of service \n(memory consumption). (CVE-2017-7472)\n\nIt was discovered that a buffer overflow existed in the Broadcom FullMAC \nWLAN driver in the Linux kernel. A local attacker could use this to cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2017-7541)\n", "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.0, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-18T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 5.1, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.7, "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10044", "CVE-2016-10200", "CVE-2016-7097", "CVE-2016-8650", "CVE-2016-9083", "CVE-2016-9084", "CVE-2016-9178", "CVE-2016-9191", "CVE-2016-9604", "CVE-2016-9754", "CVE-2017-1000251", "CVE-2017-5970", "CVE-2017-6214", "CVE-2017-6346", "CVE-2017-6951", "CVE-2017-7187", "CVE-2017-7472", "CVE-2017-7541"], "modified": "2017-09-18T00:00:00", "id": "USN-3422-1", "href": "https://ubuntu.com/security/notices/USN-3422-1", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-10-20T17:57:52", "description": "## Releases\n\n * Ubuntu 17.04 \n\n## Packages\n\n * linux \\- Linux kernel\n * linux-raspi2 \\- Linux kernel for Raspberry Pi 2\n\nDmitry Vyukov discovered that KVM implementation in the Linux kernel \nimproperly emulated the VMXON instruction. A local attacker in a guest OS \ncould use this to cause a denial of service (memory consumption) in the \nhost OS. (CVE-2017-2596)\n\nDmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux \nkernel contained a stack-based buffer overflow. A local attacker with \naccess to an sg device could use this to cause a denial of service (system \ncrash) or possibly execute arbitrary code. (CVE-2017-7187)\n\nIt was discovered that a NULL pointer dereference existed in the Direct \nRendering Manager (DRM) driver for VMWare devices in the Linux kernel. A \nlocal attacker could use this to cause a denial of service (system crash). \n(CVE-2017-7261)\n\nLi Qiang discovered that an integer overflow vulnerability existed in the \nDirect Rendering Manager (DRM) driver for VMWare devices in the Linux \nkernel. A local attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2017-7294)\n\nJason Donenfeld discovered a heap overflow in the MACsec module in the \nLinux kernel. An attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2017-7477)\n\nIt was discovered that an information leak existed in the set_mempolicy and \nmbind compat syscalls in the Linux kernel. A local attacker could use this \nto expose sensitive information (kernel memory). (CVE-2017-7616)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-17T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2596", "CVE-2017-7187", "CVE-2017-7261", "CVE-2017-7294", "CVE-2017-7477", "CVE-2017-7616"], "modified": "2017-05-17T00:00:00", "id": "USN-3293-1", "href": "https://ubuntu.com/security/notices/USN-3293-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-06T16:11:50", "description": "## Releases\n\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * linux-lts-xenial \\- Linux hardware enablement kernel from Xenial for Trusty\n\nUSN-3291-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu \n14.04 LTS.\n\nDmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux \nkernel contained a stack-based buffer overflow. A local attacker with \naccess to an sg device could use this to cause a denial of service (system \ncrash) or possibly execute arbitrary code. (CVE-2017-7187)\n\nIt was discovered that a NULL pointer dereference existed in the Direct \nRendering Manager (DRM) driver for VMWare devices in the Linux kernel. A \nlocal attacker could use this to cause a denial of service (system crash). \n(CVE-2017-7261)\n\nLi Qiang discovered that an integer overflow vulnerability existed in the \nDirect Rendering Manager (DRM) driver for VMWare devices in the Linux \nkernel. A local attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2017-7294)\n\nIt was discovered that an information leak existed in the set_mempolicy and \nmbind compat syscalls in the Linux kernel. A local attacker could use this \nto expose sensitive information (kernel memory). (CVE-2017-7616)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-17T00:00:00", "type": "ubuntu", "title": "Linux kernel (Xenial HWE) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7187", "CVE-2017-7261", "CVE-2017-7294", "CVE-2017-7616"], "modified": "2017-05-17T00:00:00", "id": "USN-3291-3", "href": "https://ubuntu.com/security/notices/USN-3291-3", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-08T18:23:53", "description": "## Releases\n\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * linux-lts-xenial \\- Linux hardware enablement kernel from Xenial for Trusty\n\nUSN-3208-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu \n14.04 LTS.\n\nIt was discovered that the generic SCSI block layer in the Linux kernel did \nnot properly restrict write operations in certain situations. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly gain administrative privileges. (CVE-2016-10088)\n\nCAI Qian discovered that the sysctl implementation in the Linux kernel did \nnot properly perform reference counting in some situations. An unprivileged \nattacker could use this to cause a denial of service (system hang). \n(CVE-2016-9191)\n\nJim Mattson discovered that the KVM implementation in the Linux kernel \nmismanages the #BP and #OF exceptions. A local attacker in a guest virtual \nmachine could use this to cause a denial of service (guest OS crash). \n(CVE-2016-9588)\n\nAndy Lutomirski and Willy Tarreau discovered that the KVM implementation in \nthe Linux kernel did not properly emulate instructions on the SS segment \nregister. A local attacker in a guest virtual machine could use this to \ncause a denial of service (guest OS crash) or possibly gain administrative \nprivileges in the guest OS. (CVE-2017-2583)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux kernel \nimproperly emulated certain instructions. A local attacker could use this \nto obtain sensitive information (kernel memory). (CVE-2017-2584)\n\nIt was discovered that the KLSI KL5KUSB105 serial-to-USB device driver in \nthe Linux kernel did not properly initialize memory related to logging. A \nlocal attacker could use this to expose sensitive information (kernel \nmemory). (CVE-2017-5549)\n\nAndrey Konovalov discovered a use-after-free vulnerability in the DCCP \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash) or possibly gain administrative \nprivileges. (CVE-2017-6074)\n", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.4, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-02-22T00:00:00", "type": "ubuntu", "title": "Linux kernel (Xenial HWE) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10088", "CVE-2016-9191", "CVE-2016-9588", "CVE-2017-2583", "CVE-2017-2584", "CVE-2017-5549", "CVE-2017-6074"], "modified": "2017-02-22T00:00:00", "id": "USN-3208-2", "href": "https://ubuntu.com/security/notices/USN-3208-2", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-08T18:23:55", "description": "## Releases\n\n * Ubuntu 16.04 ESM\n\n## Packages\n\n * linux \\- Linux kernel\n * linux-snapdragon \\- Linux kernel for Snapdragon Processors\n\nIt was discovered that the generic SCSI block layer in the Linux kernel did \nnot properly restrict write operations in certain situations. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly gain administrative privileges. (CVE-2016-10088)\n\nCAI Qian discovered that the sysctl implementation in the Linux kernel did \nnot properly perform reference counting in some situations. An unprivileged \nattacker could use this to cause a denial of service (system hang). \n(CVE-2016-9191)\n\nJim Mattson discovered that the KVM implementation in the Linux kernel \nmismanages the #BP and #OF exceptions. A local attacker in a guest virtual \nmachine could use this to cause a denial of service (guest OS crash). \n(CVE-2016-9588)\n\nAndy Lutomirski and Willy Tarreau discovered that the KVM implementation in \nthe Linux kernel did not properly emulate instructions on the SS segment \nregister. A local attacker in a guest virtual machine could use this to \ncause a denial of service (guest OS crash) or possibly gain administrative \nprivileges in the guest OS. (CVE-2017-2583)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux kernel \nimproperly emulated certain instructions. A local attacker could use this \nto obtain sensitive information (kernel memory). (CVE-2017-2584)\n\nIt was discovered that the KLSI KL5KUSB105 serial-to-USB device driver in \nthe Linux kernel did not properly initialize memory related to logging. A \nlocal attacker could use this to expose sensitive information (kernel \nmemory). (CVE-2017-5549)\n\nAndrey Konovalov discovered a use-after-free vulnerability in the DCCP \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash) or possibly gain administrative \nprivileges. (CVE-2017-6074)\n", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.4, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-02-22T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10088", "CVE-2016-9191", "CVE-2016-9588", "CVE-2017-2583", "CVE-2017-2584", "CVE-2017-5549", "CVE-2017-6074"], "modified": "2017-02-22T00:00:00", "id": "USN-3208-1", "href": "https://ubuntu.com/security/notices/USN-3208-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-06T16:12:29", "description": "## Releases\n\n * Ubuntu 16.04 ESM\n\n## Packages\n\n * linux \\- Linux kernel\n\nDmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux \nkernel contained a stack-based buffer overflow. A local attacker with \naccess to an sg device could use this to cause a denial of service (system \ncrash) or possibly execute arbitrary code. (CVE-2017-7187)\n\nIt was discovered that a NULL pointer dereference existed in the Direct \nRendering Manager (DRM) driver for VMWare devices in the Linux kernel. A \nlocal attacker could use this to cause a denial of service (system crash). \n(CVE-2017-7261)\n\nLi Qiang discovered that an integer overflow vulnerability existed in the \nDirect Rendering Manager (DRM) driver for VMWare devices in the Linux \nkernel. A local attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2017-7294)\n\nIt was discovered that an information leak existed in the set_mempolicy and \nmbind compat syscalls in the Linux kernel. A local attacker could use this \nto expose sensitive information (kernel memory). (CVE-2017-7616)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-17T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7187", "CVE-2017-7261", "CVE-2017-7294", "CVE-2017-7616"], "modified": "2017-05-17T00:00:00", "id": "USN-3291-1", "href": "https://ubuntu.com/security/notices/USN-3291-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-06T16:11:46", "description": "## Releases\n\n * Ubuntu 16.04 ESM\n\n## Packages\n\n * linux-aws \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-gke \\- Linux kernel for Google Container Engine (GKE) systems\n * linux-raspi2 \\- Linux kernel for Raspberry Pi 2\n * linux-snapdragon \\- Linux kernel for Snapdragon Processors\n\nUSN-3291-1 fixed vulnerabilities in the generic Linux kernel. \nThis update provides the corresponding updates for the Linux kernel \nbuilt for specific processors and cloud environments.\n\nDmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux \nkernel contained a stack-based buffer overflow. A local attacker with \naccess to an sg device could use this to cause a denial of service (system \ncrash) or possibly execute arbitrary code. (CVE-2017-7187)\n\nIt was discovered that a NULL pointer dereference existed in the Direct \nRendering Manager (DRM) driver for VMWare devices in the Linux kernel. A \nlocal attacker could use this to cause a denial of service (system crash). \n(CVE-2017-7261)\n\nLi Qiang discovered that an integer overflow vulnerability existed in the \nDirect Rendering Manager (DRM) driver for VMWare devices in the Linux \nkernel. A local attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2017-7294)\n\nIt was discovered that an information leak existed in the set_mempolicy and \nmbind compat syscalls in the Linux kernel. A local attacker could use this \nto expose sensitive information (kernel memory). (CVE-2017-7616)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-17T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7187", "CVE-2017-7261", "CVE-2017-7294", "CVE-2017-7616"], "modified": "2017-05-17T00:00:00", "id": "USN-3291-2", "href": "https://ubuntu.com/security/notices/USN-3291-2", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-08T18:23:30", "description": "## Releases\n\n * Ubuntu 16.04 ESM\n\n## Packages\n\n * linux \\- Linux kernel\n * linux-aws \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-gke \\- Linux kernel for Google Container Engine (GKE) systems\n * linux-raspi2 \\- Linux kernel for Raspberry Pi 2\n * linux-snapdragon \\- Linux kernel for Snapdragon Processors\n\nRalf Spenneberg discovered that the ext4 implementation in the Linux kernel \ndid not properly validate meta block groups. An attacker with physical \naccess could use this to specially craft an ext4 image that causes a denial \nof service (system crash). (CVE-2016-10208)\n\nIt was discovered that the Linux kernel did not clear the setgid bit during \na setxattr call on a tmpfs filesystem. A local attacker could use this to \ngain elevated group privileges. (CVE-2017-5551)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 4.4, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 2.5}, "published": "2017-03-15T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10208", "CVE-2017-5551"], "modified": "2017-03-15T00:00:00", "id": "USN-3234-1", "href": "https://ubuntu.com/security/notices/USN-3234-1", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-08T18:23:25", "description": "## Releases\n\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * linux-lts-xenial \\- Linux hardware enablement kernel from Xenial for Trusty\n\nUSN-3234-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu \n14.04 LTS.\n\nRalf Spenneberg discovered that the ext4 implementation in the Linux kernel \ndid not properly validate meta block groups. An attacker with physical \naccess could use this to specially craft an ext4 image that causes a denial \nof service (system crash). (CVE-2016-10208)\n\nIt was discovered that the Linux kernel did not clear the setgid bit during \na setxattr call on a tmpfs filesystem. A local attacker could use this to \ngain elevated group privileges. (CVE-2017-5551)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 4.4, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 2.5}, "published": "2017-03-15T00:00:00", "type": "ubuntu", "title": "Linux kernel (Xenial HWE) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10208", "CVE-2017-5551"], "modified": "2017-03-15T00:00:00", "id": "USN-3234-2", "href": "https://ubuntu.com/security/notices/USN-3234-2", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-10-20T17:55:56", "description": "## Releases\n\n * Ubuntu 12.04 \n\n## Packages\n\n * linux-lts-trusty \\- Linux hardware enablement kernel from Trusty for Precise ESM\n\nUSN-3406-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu \n12.04 ESM.\n\nIt was discovered that an out of bounds read vulnerability existed in the \nassociative array implementation in the Linux kernel. A local attacker \ncould use this to cause a denial of service (system crash) or expose \nsensitive information. (CVE-2016-7914)\n\nIt was discovered that a NULL pointer dereference existed in the Direct \nRendering Manager (DRM) driver for VMWare devices in the Linux kernel. A \nlocal attacker could use this to cause a denial of service (system crash). \n(CVE-2017-7261)\n\nIt was discovered that the USB Cypress HID drivers for the Linux kernel did \nnot properly validate reported information from the device. An attacker \nwith physical access could use this to expose sensitive information (kernel \nmemory). (CVE-2017-7273)\n\nA reference count bug was discovered in the Linux kernel ipx protocol \nstack. A local attacker could exploit this flaw to cause a denial of \nservice or possibly other unspecified problems. (CVE-2017-7487)\n\nHuang Weller discovered that the ext4 filesystem implementation in the \nLinux kernel mishandled a needs-flushing-before-commit list. A local \nattacker could use this to expose sensitive information. (CVE-2017-7495)\n\nIt was discovered that an information leak existed in the set_mempolicy and \nmbind compat syscalls in the Linux kernel. A local attacker could use this \nto expose sensitive information (kernel memory). (CVE-2017-7616)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-08-29T00:00:00", "type": "ubuntu", "title": "Linux kernel (Trusty HWE) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7914", "CVE-2017-7261", "CVE-2017-7273", "CVE-2017-7487", "CVE-2017-7495", "CVE-2017-7616"], "modified": "2017-08-29T00:00:00", "id": "USN-3406-2", "href": "https://ubuntu.com/security/notices/USN-3406-2", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-06T15:44:49", "description": "## Releases\n\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * linux \\- Linux kernel\n\nIt was discovered that an out of bounds read vulnerability existed in the \nassociative array implementation in the Linux kernel. A local attacker \ncould use this to cause a denial of service (system crash) or expose \nsensitive information. (CVE-2016-7914)\n\nIt was discovered that a NULL pointer dereference existed in the Direct \nRendering Manager (DRM) driver for VMWare devices in the Linux kernel. A \nlocal attacker could use this to cause a denial of service (system crash). \n(CVE-2017-7261)\n\nIt was discovered that the USB Cypress HID drivers for the Linux kernel did \nnot properly validate reported information from the device. An attacker \nwith physical access could use this to expose sensitive information (kernel \nmemory). (CVE-2017-7273)\n\nA reference count bug was discovered in the Linux kernel ipx protocol \nstack. A local attacker could exploit this flaw to cause a denial of \nservice or possibly other unspecified problems. (CVE-2017-7487)\n\nHuang Weller discovered that the ext4 filesystem implementation in the \nLinux kernel mishandled a needs-flushing-before-commit list. A local \nattacker could use this to expose sensitive information. (CVE-2017-7495)\n\nIt was discovered that an information leak existed in the set_mempolicy and \nmbind compat syscalls in the Linux kernel. A local attacker could use this \nto expose sensitive information (kernel memory). (CVE-2017-7616)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-08-28T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7914", "CVE-2017-7261", "CVE-2017-7273", "CVE-2017-7487", "CVE-2017-7495", "CVE-2017-7616"], "modified": "2017-08-28T00:00:00", "id": "USN-3406-1", "href": "https://ubuntu.com/security/notices/USN-3406-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:33:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-07-22T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-hwe USN-3361-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10208", "CVE-2017-7472", "CVE-2017-5576", "CVE-2016-9604", "CVE-2016-9191", "CVE-2017-7261", "CVE-2017-7895", "CVE-2017-2584", "CVE-2016-9084", "CVE-2017-7616", "CVE-2017-7889", "CVE-2017-6001", "CVE-2017-7618", "CVE-2017-7645", "CVE-2017-5970", "CVE-2017-7273", "CVE-2017-5551", "CVE-2017-2671", "CVE-2017-5550", "CVE-2017-6348", "CVE-2016-8636", "CVE-2017-2583", "CVE-2017-8924", "CVE-2017-6214", "CVE-2017-9150", "CVE-2015-1350", "CVE-2016-9083", "CVE-2017-6345", "CVE-2017-5669", "CVE-2017-5546", "CVE-2016-8405", "CVE-2017-8925", "CVE-2017-6346", "CVE-2017-2596", "CVE-2017-7187", "CVE-2017-2618", "CVE-2017-6347", "CVE-2017-5897", "CVE-2017-5549", "CVE-2016-9755"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843249", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843249", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3361_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for linux-hwe USN-3361-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843249\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-22 07:23:26 +0200 (Sat, 22 Jul 2017)\");\n script_cve_id(\"CVE-2015-1350\", \"CVE-2016-10208\", \"CVE-2016-8405\", \"CVE-2016-8636\",\n \"CVE-2016-9083\", \"CVE-2016-9084\", \"CVE-2016-9191\", \"CVE-2016-9604\",\n \"CVE-2016-9755\", \"CVE-2017-2583\", \"CVE-2017-2584\", \"CVE-2017-2596\",\n \"CVE-2017-2618\", \"CVE-2017-2671\", \"CVE-2017-5546\", \"CVE-2017-5549\",\n \"CVE-2017-5550\", \"CVE-2017-5551\", \"CVE-2017-5576\", \"CVE-2017-5669\",\n \"CVE-2017-5897\", \"CVE-2017-5970\", \"CVE-2017-6001\", \"CVE-2017-6214\",\n \"CVE-2017-6345\", \"CVE-2017-6346\", \"CVE-2017-6347\", \"CVE-2017-6348\",\n \"CVE-2017-7187\", \"CVE-2017-7261\", \"CVE-2017-7273\", \"CVE-2017-7472\",\n \"CVE-2017-7616\", \"CVE-2017-7618\", \"CVE-2017-7645\", \"CVE-2017-7889\",\n \"CVE-2017-7895\", \"CVE-2017-8924\", \"CVE-2017-8925\", \"CVE-2017-9150\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-hwe USN-3361-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-hwe'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3358-1 fixed vulnerabilities in the\n Linux kernel for Ubuntu 17.04. This update provides the corresponding updates\n for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu\n 16.04 LTS. Please note that this update changes the Linux HWE kernel to the 4.10\n based kernel from Ubuntu 17.04, superseding the 4.8 based HWE kernel from Ubuntu\n 16.10. Ben Harris discovered that the Linux kernel would strip extended\n privilege attributes of files when performing a failed unprivileged system call.\n A local attacker could use this to cause a denial of service. (CVE-2015-1350)\n Ralf Spenneberg discovered that the ext4 implementation in the Linux kernel did\n not properly validate meta block groups. An attacker with physical access could\n use this to specially craft an ext4 image that causes a denial of service\n (system crash). (CVE-2016-10208) Peter Pi discovered that the colormap handling\n for frame buffer devices in the Linux kernel contained an integer overflow. A\n local attacker could use this to disclose sensitive information (kernel memory).\n (CVE-2016-8405) It was discovered that an integer overflow existed in the\n InfiniBand RDMA over ethernet (RXE) transport implementation in the Linux\n kernel. A local attacker could use this to cause a denial of service (system\n crash) or possibly execute arbitrary code. (CVE-2016-8636) Vlad Tsyrklevich\n discovered an integer overflow vulnerability in the VFIO PCI driver for the\n Linux kernel. A local attacker with access to a vfio PCI device file could use\n this to cause a denial of service (system crash) or possibly execute arbitrary\n code. (CVE-2016-9083, CVE-2016-9084) CAI Qian discovered that the sysctl\n implementation in the Linux kernel did not properly perform reference counting\n in some situations. An unprivileged attacker could use this to cause a denial of\n service (system hang). (CVE-2016-9191) It was discovered that the keyring\n implementation in the Linux kernel in some situations did not prevent special\n internal keyrings from being joined by userspace keyrings. A privileged local\n attacker could use this to bypass module verification. (CVE-2016-9604) Dmitry\n Vyukov, Andrey Konovalov, Florian Westphal, and Eric Dumazet discovered that the\n netfiler subsystem in the Linux kernel mishandled IPv6 packet reassembly. A\n local user could use this to cause a denial of service (system crash) or\n possibly execute arbitrary code. (CVE-2016-9755) Andy Lutomirski and Willy\n Tarreau discovered that the KVM implementation in the Linux kernel did not\n properly emulate instructions on the SS segment register. A local attacker in a\n guest virtual machine could ... Description truncated, for more information\n please check the Reference URL\");\n script_tag(name:\"affected\", value:\"linux-hwe on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3361-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3361-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.10.0-27-generic\", ver:\"4.10.0-27.30~16.04.2\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.10.0-27-generic-lpae\", ver:\"4.10.0-27.30~16.04.2\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.10.0-27-lowlatency\", ver:\"4.10.0-27.30~16.04.2\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-hwe-16.04\", ver:\"4.10.0.27.30\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae-hwe-16.04\", ver:\"4.10.0.27.30\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency-hwe-16.04\", ver:\"4.10.0.27.30\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:57:34", "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or have other\nimpacts.\n\nCVE-2016-6786 / CVE-2016-6787It was discovered that the performance events subsystem does not\nproperly manage locks during certain migrations, allowing a local\nattacker to escalate privileges. This can be mitigated by\ndisabling unprivileged use of performance events:\nsysctl kernel.perf_event_paranoid=3CVE-2016-8405 \nPeter Pi of Trend Micro discovered that the frame buffer video\nsubsystem does not properly check bounds while copying color maps to\nuserspace, causing a heap buffer out-of-bounds read, leading to\ninformation disclosure.\n\nCVE-2016-9191 \nCAI Qian discovered that reference counting is not properly handled\nwithin proc_sys_readdir in the sysctl implementation, allowing a\nlocal denial of service (system hang) or possibly privilege\nescalation.\n\nCVE-2017-2583 \nXiaohan Zhang reported that KVM for amd64 does not correctly\nemulate loading of a null stack selector. This can be used by a\nuser in a guest VM for denial of service (on an Intel CPU) or to\nescalate privileges within the VM (on an AMD CPU).\n\nCVE-2017-2584 \nDmitry Vyukov reported that KVM for x86 does not correctly emulate\nmemory access by the SGDT and SIDT instructions, which can result\nin a use-after-free and information leak.\n\nCVE-2017-2596 \nDmitry Vyukov reported that KVM leaks page references when\nemulating a VMON for a nested hypervisor. This can be used by a\nprivileged user in a guest VM for denial of service or possibly\nto gain privileges in the host.\n\nCVE-2017-2618 \nIt was discovered that an off-by-one in the handling of SELinux\nattributes in /proc/pid/attr could result in local denial of\nservice.\n\nCVE-2017-5549 \nIt was discovered that the KLSI KL5KUSB105 serial USB device\ndriver could log the contents of uninitialised kernel memory,\nresulting in an information leak.\n\nCVE-2017-5551 \nJan Kara found that changing the POSIX ACL of a file on tmpfs never\ncleared its set-group-ID flag, which should be done if the user\nchanging it is not a member of the group-owner. In some cases, this\nwould allow the user-owner of an executable to gain the privileges\nof the group-owner.\n\nCVE-2017-5897 \nAndrey Konovalov discovered an out-of-bounds read flaw in the\nip6gre_err function in the IPv6 networking code.\n\nCVE-2017-5970 \nAndrey Konovalov discovered a denial-of-service flaw in the IPv4\nnetworking code. This can be triggered by a local or remote\nattacker if a local UDP or raw socket has the IP_RETOPTS option\nenabled.\n\nCVE-2017-6001Di Shen discovered a race condition between concurrent calls to\nthe performance events subsystem, allowing a local attacker to\nescalate privileges. This flaw exists because of an incomplete fix\nof CVE-2016-6786.\nThis can be mitigated by disabling unprivileged use of performance\nevents: sysctl kernel.perf_event_paranoid=3CVE-2017-6074Andrey Konovalov discovered a use-after-free vulnerability in the\nDCCP networking code, which could result in denial of service or\nlocal privilege escalation. On systems that do not already have\nthe dccp module loaded, this can be mitigated by disabling it:\necho>> /etc/modprobe.d/disable-dccp.conf install dccp false", "cvss3": {}, "published": "2017-02-22T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3791-1 (linux - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6787", "CVE-2016-9191", "CVE-2017-2584", "CVE-2017-6074", "CVE-2017-6001", "CVE-2017-5970", "CVE-2017-5551", "CVE-2017-2583", "CVE-2016-8405", "CVE-2017-2596", "CVE-2016-6786", "CVE-2017-2618", "CVE-2017-5897", "CVE-2017-5549"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703791", "href": "http://plugins.openvas.org/nasl.php?oid=703791", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3791.nasl 6607 2017-07-07 12:04:25Z cfischer $\n# Auto-generated from advisory DSA 3791-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703791);\n script_version(\"$Revision: 6607 $\");\n script_cve_id(\"CVE-2016-6786\", \"CVE-2016-6787\", \"CVE-2016-8405\", \"CVE-2016-9191\", \"CVE-2017-2583\", \"CVE-2017-2584\", \"CVE-2017-2596\", \"CVE-2017-2618\", \"CVE-2017-5549\", \"CVE-2017-5551\", \"CVE-2017-5897\", \"CVE-2017-5970\", \"CVE-2017-6001\", \"CVE-2017-6074\");\n script_name(\"Debian Security Advisory DSA 3791-1 (linux - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:04:25 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2017-02-22 00:00:00 +0100 (Wed, 22 Feb 2017)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2017/dsa-3791.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"linux on Debian Linux\");\n script_tag(name: \"insight\", value: \"The Linux kernel is the core of the Linux operating system.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), these problems have been fixed in\nversion 3.16.39-1+deb8u1.\n\nWe recommend that you upgrade your linux packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or have other\nimpacts.\n\nCVE-2016-6786 / CVE-2016-6787It was discovered that the performance events subsystem does not\nproperly manage locks during certain migrations, allowing a local\nattacker to escalate privileges. This can be mitigated by\ndisabling unprivileged use of performance events:\nsysctl kernel.perf_event_paranoid=3CVE-2016-8405 \nPeter Pi of Trend Micro discovered that the frame buffer video\nsubsystem does not properly check bounds while copying color maps to\nuserspace, causing a heap buffer out-of-bounds read, leading to\ninformation disclosure.\n\nCVE-2016-9191 \nCAI Qian discovered that reference counting is not properly handled\nwithin proc_sys_readdir in the sysctl implementation, allowing a\nlocal denial of service (system hang) or possibly privilege\nescalation.\n\nCVE-2017-2583 \nXiaohan Zhang reported that KVM for amd64 does not correctly\nemulate loading of a null stack selector. This can be used by a\nuser in a guest VM for denial of service (on an Intel CPU) or to\nescalate privileges within the VM (on an AMD CPU).\n\nCVE-2017-2584 \nDmitry Vyukov reported that KVM for x86 does not correctly emulate\nmemory access by the SGDT and SIDT instructions, which can result\nin a use-after-free and information leak.\n\nCVE-2017-2596 \nDmitry Vyukov reported that KVM leaks page references when\nemulating a VMON for a nested hypervisor. This can be used by a\nprivileged user in a guest VM for denial of service or possibly\nto gain privileges in the host.\n\nCVE-2017-2618 \nIt was discovered that an off-by-one in the handling of SELinux\nattributes in /proc/pid/attr could result in local denial of\nservice.\n\nCVE-2017-5549 \nIt was discovered that the KLSI KL5KUSB105 serial USB device\ndriver could log the contents of uninitialised kernel memory,\nresulting in an information leak.\n\nCVE-2017-5551 \nJan Kara found that changing the POSIX ACL of a file on tmpfs never\ncleared its set-group-ID flag, which should be done if the user\nchanging it is not a member of the group-owner. In some cases, this\nwould allow the user-owner of an executable to gain the privileges\nof the group-owner.\n\nCVE-2017-5897 \nAndrey Konovalov discovered an out-of-bounds read flaw in the\nip6gre_err function in the IPv6 networking code.\n\nCVE-2017-5970 \nAndrey Konovalov discovered a denial-of-service flaw in the IPv4\nnetworking code. This can be triggered by a local or remote\nattacker if a local UDP or raw socket has the IP_RETOPTS option\nenabled.\n\nCVE-2017-6001Di Shen discovered a race condition between concurrent calls to\nthe performance events subsystem, allowing a local attacker to\nescalate privileges. This flaw exists because of an incomplete fix\nof CVE-2016-6786.\nThis can be mitigated by disabling unprivileged use of performance\nevents: sysctl kernel.perf_event_paranoid=3CVE-2017-6074Andrey Konovalov discovered a use-after-free vulnerability in the\nDCCP networking code, which could result in denial of service or\nlocal privilege escalation. On systems that do not already have\nthe dccp module loaded, this can be mitigated by disabling it:\necho>> /etc/modprobe.d/disable-dccp.conf install dccp false\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-arm\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-s390\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-x86\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-doc-3.16\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-4kc-malta\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-586\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-5kc-malta\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-686-pae\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-amd64\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-arm64\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armel\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armhf\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-i386\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mips\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mipsel\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-powerpc\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-ppc64el\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-s390x\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-amd64\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-arm64\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp-lpae\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-common\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-ixp4xx\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-kirkwood\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2e\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2f\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-3\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-octeon\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-orion5x\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc-smp\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64le\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r4k-ip22\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r5k-ip32\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-s390x\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-versatile\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-4kc-malta\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-5kc-malta\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mips\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mipsel\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-loongson-2f\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-octeon\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r4k-ip22\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-cobalt\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-ip32\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1-bcm91250a\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-4kc-malta\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-586\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-5kc-malta\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae-dbg\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64-dbg\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64-dbg\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp-lpae\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-ixp4xx\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-kirkwood\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2e\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2f\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-3\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-octeon\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-orion5x\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc-smp\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64le\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r4k-ip22\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r5k-ip32\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x-dbg\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-versatile\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-4kc-malta\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-5kc-malta\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-loongson-2f\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-octeon\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r4k-ip22\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-cobalt\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-ip32\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1-bcm91250a\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1a-bcm91480b\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-manual-3.16\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-source-3.16\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-support-3.16.0-4\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-4-amd64\", ver:\"3.16.39-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:34:36", "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or have other\nimpacts.\n\nCVE-2016-6786 / CVE-2016-6787It was discovered that the performance events subsystem does not\nproperly manage locks during certain migrations, allowing a local\nattacker to escalate privileges. This can be mitigated by\ndisabling unprivileged use of performance events:\nsysctl kernel.perf_event_paranoid=3CVE-2016-8405\nPeter Pi of Trend Micro discovered that the frame buffer video\nsubsystem does not properly check bounds while copying color maps to\nuserspace, causing a heap buffer out-of-bounds read, leading to\ninformation disclosure.\n\nCVE-2016-9191\nCAI Qian discovered that reference counting is not properly handled\nwithin proc_sys_readdir in the sysctl implementation, allowing a\nlocal denial of service (system hang) or possibly privilege\nescalation.\n\nDescription truncated. Please see the references for more information.", "cvss3": {}, "published": "2017-02-22T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3791-1 (linux - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6787", "CVE-2016-9191", "CVE-2017-2584", "CVE-2017-6074", "CVE-2017-6001", "CVE-2017-5970", "CVE-2017-5551", "CVE-2017-2583", "CVE-2016-8405", "CVE-2017-2596", "CVE-2016-6786", "CVE-2017-2618", "CVE-2017-5897", "CVE-2017-5549"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703791", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703791", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3791.nasl 14280 2019-03-18 14:50:45Z cfischer $\n# Auto-generated from advisory DSA 3791-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703791\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2016-6786\", \"CVE-2016-6787\", \"CVE-2016-8405\", \"CVE-2016-9191\", \"CVE-2017-2583\", \"CVE-2017-2584\", \"CVE-2017-2596\", \"CVE-2017-2618\", \"CVE-2017-5549\", \"CVE-2017-5551\", \"CVE-2017-5897\", \"CVE-2017-5970\", \"CVE-2017-6001\", \"CVE-2017-6074\");\n script_name(\"Debian Security Advisory DSA 3791-1 (linux - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-02-22 00:00:00 +0100 (Wed, 22 Feb 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3791.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"linux on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie), these problems have been fixed in\nversion 3.16.39-1+deb8u1.\n\nWe recommend that you upgrade your linux packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or have other\nimpacts.\n\nCVE-2016-6786 / CVE-2016-6787It was discovered that the performance events subsystem does not\nproperly manage locks during certain migrations, allowing a local\nattacker to escalate privileges. This can be mitigated by\ndisabling unprivileged use of performance events:\nsysctl kernel.perf_event_paranoid=3CVE-2016-8405\nPeter Pi of Trend Micro discovered that the frame buffer video\nsubsystem does not properly check bounds while copying color maps to\nuserspace, causing a heap buffer out-of-bounds read, leading to\ninformation disclosure.\n\nCVE-2016-9191\nCAI Qian discovered that reference counting is not properly handled\nwithin proc_sys_readdir in the sysctl implementation, allowing a\nlocal denial of service (system hang) or possibly privilege\nescalation.\n\nDescription truncated. Please see the references for more information.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-arm\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-s390\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-x86\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-doc-3.16\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-4kc-malta\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-586\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-5kc-malta\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-686-pae\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-amd64\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-arm64\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armel\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armhf\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-i386\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mips\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mipsel\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-powerpc\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-ppc64el\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-s390x\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-amd64\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-arm64\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp-lpae\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-common\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-ixp4xx\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-kirkwood\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2e\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2f\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-3\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-octeon\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-orion5x\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc-smp\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64le\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r4k-ip22\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r5k-ip32\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-s390x\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-versatile\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-4kc-malta\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-5kc-malta\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mips\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mipsel\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-loongson-2f\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-octeon\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r4k-ip22\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-cobalt\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-ip32\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1-bcm91250a\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-4kc-malta\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-586\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-5kc-malta\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae-dbg\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64-dbg\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64-dbg\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp-lpae\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-ixp4xx\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-kirkwood\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2e\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2f\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-3\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-octeon\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-orion5x\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc-smp\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64le\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r4k-ip22\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r5k-ip32\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x-dbg\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-versatile\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-4kc-malta\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-5kc-malta\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-loongson-2f\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-octeon\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r4k-ip22\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-cobalt\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-ip32\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1-bcm91250a\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1a-bcm91480b\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-manual-3.16\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-source-3.16\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-support-3.16.0-4\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-4-amd64\", ver:\"3.16.39-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:04", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-04-25T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-3265-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5970", "CVE-2017-6348", "CVE-2017-6214", "CVE-2017-7374", "CVE-2017-6345", "CVE-2017-5669", "CVE-2017-5986", "CVE-2017-6346", "CVE-2017-6347", "CVE-2017-5897"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843139", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843139", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-3265-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843139\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-25 06:32:55 +0200 (Tue, 25 Apr 2017)\");\n script_cve_id(\"CVE-2017-7374\", \"CVE-2017-5897\", \"CVE-2017-5970\", \"CVE-2017-5669\",\n \"CVE-2017-5986\", \"CVE-2017-6214\", \"CVE-2017-6345\", \"CVE-2017-6346\",\n \"CVE-2017-6347\", \"CVE-2017-6348\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3265-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that a use-after-free\nflaw existed in the filesystem encryption subsystem in the Linux kernel. A local\nattacker could use this to cause a denial of service (system crash).\n(CVE-2017-7374)\n\nAndrey Konovalov discovered an out-of-bounds access in the IPv6 Generic\nRouting Encapsulation (GRE) tunneling implementation in the Linux kernel.\nAn attacker could use this to possibly expose sensitive information.\n(CVE-2017-5897)\n\nAndrey Konovalov discovered that the IPv4 implementation in the Linux\nkernel did not properly handle invalid IP options in some situations. An\nattacker could use this to cause a denial of service or possibly execute\narbitrary code. (CVE-2017-5970)\n\nGareth Evans discovered that the shm IPC subsystem in the Linux kernel did\nnot properly restrict mapping page zero. A local privileged attacker could\nuse this to execute arbitrary code. (CVE-2017-5669)\n\nAlexander Popov discovered that a race condition existed in the Stream\nControl Transmission Protocol (SCTP) implementation in the Linux kernel. A\nlocal attacker could use this to cause a denial of service (system crash).\n(CVE-2017-5986)\n\nDmitry Vyukov discovered that the Linux kernel did not properly handle TCP\npackets with the URG flag. A remote attacker could use this to cause a\ndenial of service. (CVE-2017-6214)\n\nAndrey Konovalov discovered that the LLC subsystem in the Linux kernel did\nnot properly set up a destructor in certain situations. A local attacker\ncould use this to cause a denial of service (system crash). (CVE-2017-6345)\n\nIt was discovered that a race condition existed in the AF_PACKET handling\ncode in the Linux kernel. A local attacker could use this to cause a denial\nof service (system crash) or possibly execute arbitrary code.\n(CVE-2017-6346)\n\nAndrey Konovalov discovered that the IP layer in the Linux kernel made\nimproper assumptions about internal data layout when performing checksums.\nA local attacker could use this to cause a denial of service (system crash)\nor possibly execute arbitrary code. (CVE-2017-6347)\n\nDmitry Vyukov discovered race conditions in the Infrared (IrDA) subsystem\nin the Linux kernel. A local attacker could use this to cause a denial of\nservice (deadlock). (CVE-2017-6348)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3265-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3265-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1012-gke\", ver:\"4.4.0-1012.12\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1016-aws\", ver:\"4.4.0-1016.25\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1054-raspi2\", ver:\"4.4.0-1054.61\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1057-snapdragon\", ver:\"4.4.0-1057.61\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-75-generic\", ver:\"4.4.0-75.96\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-75-generic-lpae\", ver:\"4.4.0-75.96\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-75-lowlatency\", ver:\"4.4.0-75.96\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-75-powerpc-e500mc\", ver:\"4.4.0-75.96\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-75-powerpc-smp\", ver:\"4.4.0-75.96\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-75-powerpc64-smp\", ver:\"4.4.0-75.96\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"4.4.0.1016.19\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.4.0.75.81\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.4.0.75.81\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-gke\", ver:\"4.4.0.1012.14\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.4.0.75.81\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"4.4.0.75.81\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"4.4.0.75.81\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"4.4.0.75.81\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.4.0.1054.55\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-snapdragon\", ver:\"4.4.0.1057.50\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-06-08T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-xenial USN-3312-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7472", "CVE-2016-9604", "CVE-2017-7895", "CVE-2016-9084", "CVE-2016-7917", "CVE-2017-7889", "CVE-2017-6001", "CVE-2017-7618", "CVE-2017-7645", "CVE-2016-8632", "CVE-2017-0605", "CVE-2017-2671", "CVE-2016-9083", "CVE-2016-7913", "CVE-2017-2596"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843199", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843199", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-xenial USN-3312-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843199\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-08 06:03:28 +0200 (Thu, 08 Jun 2017)\");\n script_cve_id(\"CVE-2016-7917\", \"CVE-2016-8632\", \"CVE-2016-9604\", \"CVE-2017-0605\",\n \"CVE-2017-2596\", \"CVE-2017-2671\", \"CVE-2017-6001\", \"CVE-2017-7472\",\n \"CVE-2017-7645\", \"CVE-2017-7889\", \"CVE-2017-7895\", \"CVE-2016-7913\",\n \"CVE-2016-9084\", \"CVE-2017-7618\", \"CVE-2016-9083\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-xenial USN-3312-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-xenial'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3312-1 fixed vulnerabilities in the\n Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding\n updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for\n Ubuntu 14.04 LTS. It was discovered that the netfilter netlink implementation in\n the Linux kernel did not properly validate batch messages. A local attacker with\n the CAP_NET_ADMIN capability could use this to expose sensitive information or\n cause a denial of service. (CVE-2016-7917) Qian Zhang discovered a heap-based\n buffer overflow in the tipc_msg_build() function in the Linux kernel. A local\n attacker could use to cause a denial of service (system crash) or possibly\n execute arbitrary code with administrative privileges. (CVE-2016-8632) It was\n discovered that the keyring implementation in the Linux kernel in some\n situations did not prevent special internal keyrings from being joined by\n userspace keyrings. A privileged local attacker could use this to bypass module\n verification. (CVE-2016-9604) It was discovered that a buffer overflow existed\n in the trace subsystem in the Linux kernel. A privileged local attacker could\n use this to execute arbitrary code. (CVE-2017-0605) Dmitry Vyukov discovered\n that KVM implementation in the Linux kernel improperly emulated the VMXON\n instruction. A local attacker in a guest OS could use this to cause a denial of\n service (memory consumption) in the host OS. (CVE-2017-2596) Daniel Jiang\n discovered that a race condition existed in the ipv4 ping socket implementation\n in the Linux kernel. A local privileged attacker could use this to cause a\n denial of service (system crash). (CVE-2017-2671) Di Shen discovered that a race\n condition existed in the perf subsystem of the Linux kernel. A local attacker\n could use this to cause a denial of service or possibly gain administrative\n privileges. (CVE-2017-6001) Eric Biggers discovered a memory leak in the keyring\n implementation in the Linux kernel. A local attacker could use this to cause a\n denial of service (memory consumption). (CVE-2017-7472) Sabrina Dubroca\n discovered that the asynchronous cryptographic hash (ahash) implementation in\n the Linux kernel did not properly handle a full request queue. A local attacker\n could use this to cause a denial of service (infinite recursion).\n (CVE-2017-7618) Tuomas Haanp&#228 &#228 and Ari Kauppi discovered that the NFSv2\n and NFSv3 server implementations in the Linux kernel did not properly handle\n certain long RPC replies. A remote attacker could use this to cause a denial of\n service (system crash). (CVE-2017-7645) Tommi Rantala and Brad Spengler\n discovered that the memory ... Description truncated, for more information\n please check the Reference URL\");\n script_tag(name:\"affected\", value:\"linux-lts-xenial on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3312-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3312-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-79-generic\", ver:\"4.4.0-79.100~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-79-generic-lpae\", ver:\"4.4.0-79.100~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-79-lowlatency\", ver:\"4.4.0-79.100~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-79-powerpc-e500mc\", ver:\"4.4.0-79.100~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-79-powerpc-smp\", ver:\"4.4.0-79.100~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-79-powerpc64-emb\", ver:\"4.4.0-79.100~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-79-powerpc64-smp\", ver:\"4.4.0-79.100~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae-lts-xenial\", ver:\"4.4.0.79.64\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lts-xenial\", ver:\"4.4.0.79.64\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency-lts-xenial\", ver:\"4.4.0.79.64\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc-lts-xenial\", ver:\"4.4.0.79.64\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp-lts-xenial\", ver:\"4.4.0.79.64\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb-lts-xenial\", ver:\"4.4.0.79.64\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp-lts-xenial\", ver:\"4.4.0.79.64\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:01", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-06-08T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-3312-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7472", "CVE-2016-9604", "CVE-2017-7895", "CVE-2016-9084", "CVE-2016-7917", "CVE-2017-7889", "CVE-2017-6001", "CVE-2017-7618", "CVE-2017-7645", "CVE-2016-8632", "CVE-2017-0605", "CVE-2017-2671", "CVE-2016-9083", "CVE-2016-7913", "CVE-2017-2596"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843200", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843200", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-3312-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843200\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-08 06:04:01 +0200 (Thu, 08 Jun 2017)\");\n script_cve_id(\"CVE-2016-7917\", \"CVE-2016-8632\", \"CVE-2016-9604\", \"CVE-2017-0605\",\n \"CVE-2017-2596\", \"CVE-2017-2671\", \"CVE-2017-6001\", \"CVE-2017-7472\",\n \"CVE-2017-7618\", \"CVE-2016-9083\", \"CVE-2016-9084\", \"CVE-2016-7913\",\n \"CVE-2017-7645\", \"CVE-2017-7889\", \"CVE-2017-7895\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3312-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the netfilter netlink\n implementation in the Linux kernel did not properly validate batch messages. A\n local attacker with the CAP_NET_ADMIN capability could use this to expose\n sensitive information or cause a denial of service. (CVE-2016-7917) Qian Zhang\n discovered a heap-based buffer overflow in the tipc_msg_build() function in the\n Linux kernel. A local attacker could use to cause a denial of service (system\n crash) or possibly execute arbitrary code with administrative privileges.\n (CVE-2016-8632) It was discovered that the keyring implementation in the Linux\n kernel in some situations did not prevent special internal keyrings from being\n joined by userspace keyrings. A privileged local attacker could use this to\n bypass module verification. (CVE-2016-9604) It was discovered that a buffer\n overflow existed in the trace subsystem in the Linux kernel. A privileged local\n attacker could use this to execute arbitrary code. (CVE-2017-0605) Dmitry Vyukov\n discovered that KVM implementation in the Linux kernel improperly emulated the\n VMXON instruction. A local attacker in a guest OS could use this to cause a\n denial of service (memory consumption) in the host OS. (CVE-2017-2596) Daniel\n Jiang discovered that a race condition existed in the ipv4 ping socket\n implementation in the Linux kernel. A local privileged attacker could use this\n to cause a denial of service (system crash). (CVE-2017-2671) Di Shen discovered\n that a race condition existed in the perf subsystem of the Linux kernel. A local\n attacker could use this to cause a denial of service or possibly gain\n administrative privileges. (CVE-2017-6001) Eric Biggers discovered a memory leak\n in the keyring implementation in the Linux kernel. A local attacker could use\n this to cause a denial of service (memory consumption). (CVE-2017-7472) Sabrina\n Dubroca discovered that the asynchronous cryptographic hash (ahash)\n implementation in the Linux kernel did not properly handle a full request queue.\n A local attacker could use this to cause a denial of service (infinite\n recursion). (CVE-2017-7618) Tuomas Haanp&#228 &#228 and Ari Kauppi discovered\n that the NFSv2 and NFSv3 server implementations in the Linux kernel did not\n properly handle certain long RPC replies. A remote attacker could use this to\n cause a denial of service (system crash). (CVE-2017-7645) Tommi Rantala and Brad\n Spengler discovered that the memory manager in the Linux kernel did not properly\n enforce the CONFIG_STRICT_DEVMEM protection mechanism. A local attacker with\n access to /dev/mem could use this to expose sensitive information or possibly\n execute arbitrary code. ... Description truncated, for more information please\n check the Reference URL\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3312-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3312-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1014-gke\", ver:\"4.4.0-1014.14\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1018-aws\", ver:\"4.4.0-1018.27\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1057-raspi2\", ver:\"4.4.0-1057.64\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1059-snapdragon\", ver:\"4.4.0-1059.63\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-79-generic\", ver:\"4.4.0-79.100\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-79-generic-lpae\", ver:\"4.4.0-79.100\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-79-lowlatency\", ver:\"4.4.0-79.100\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-79-powerpc-e500mc\", ver:\"4.4.0-79.100\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-79-powerpc-smp\", ver:\"4.4.0-79.100\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-79-powerpc64-smp\", ver:\"4.4.0-79.100\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"4.4.0.1018.21\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.4.0.79.85\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.4.0.79.85\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-gke\", ver:\"4.4.0.1014.16\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.4.0.79.85\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"4.4.0.79.85\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"4.4.0.79.85\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"4.4.0.79.85\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"4.4.0.79.85\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.4.0.1057.58\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-snapdragon\", ver:\"4.4.0.1059.52\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-virtual\", ver:\"4.4.0.79.85\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:19", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-04-25T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-xenial USN-3265-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5970", "CVE-2017-6348", "CVE-2017-6214", "CVE-2017-7374", "CVE-2017-6345", "CVE-2017-5669", "CVE-2017-5986", "CVE-2017-6346", "CVE-2017-6347", "CVE-2017-5897"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843140", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843140", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-xenial USN-3265-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843140\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-25 06:33:18 +0200 (Tue, 25 Apr 2017)\");\n script_cve_id(\"CVE-2017-7374\", \"CVE-2017-5897\", \"CVE-2017-5970\", \"CVE-2017-5669\",\n \"CVE-2017-5986\", \"CVE-2017-6214\", \"CVE-2017-6345\", \"CVE-2017-6346\",\n \"CVE-2017-6347\", \"CVE-2017-6348\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-xenial USN-3265-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-xenial'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3265-1 fixed vulnerabilities in the\nLinux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates\nfor the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu\n14.04 LTS.\n\nIt was discovered that a use-after-free flaw existed in the filesystem\nencryption subsystem in the Linux kernel. A local attacker could use this\nto cause a denial of service (system crash). (CVE-2017-7374)\n\nAndrey Konovalov discovered an out-of-bounds access in the IPv6 Generic\nRouting Encapsulation (GRE) tunneling implementation in the Linux kernel.\nAn attacker could use this to possibly expose sensitive information.\n(CVE-2017-5897)\n\nAndrey Konovalov discovered that the IPv4 implementation in the Linux\nkernel did not properly handle invalid IP options in some situations. An\nattacker could use this to cause a denial of service or possibly execute\narbitrary code. (CVE-2017-5970)\n\nGareth Evans discovered that the shm IPC subsystem in the Linux kernel did\nnot properly restrict mapping page zero. A local privileged attacker could\nuse this to execute arbitrary code. (CVE-2017-5669)\n\nAlexander Popov discovered that a race condition existed in the Stream\nControl Transmission Protocol (SCTP) implementation in the Linux kernel. A\nlocal attacker could use this to cause a denial of service (system crash).\n(CVE-2017-5986)\n\nDmitry Vyukov discovered that the Linux kernel did not properly handle TCP\npackets with the URG flag. A remote attacker could use this to cause a\ndenial of service. (CVE-2017-6214)\n\nAndrey Konovalov discovered that the LLC subsystem in the Linux kernel did\nnot properly set up a destructor in certain situations. A local attacker\ncould use this to cause a denial of service (system crash). (CVE-2017-6345)\n\nIt was discovered that a race condition existed in the AF_PACKET handling\ncode in the Linux kernel. A local attacker could use this to cause a denial\nof service (system crash) or possibly execute arbitrary code.\n(CVE-2017-6346)\n\nAndrey Konovalov discovered that the IP layer in the Linux kernel made\nimproper assumptions about internal data layout when performing checksums.\nA local attacker could use this to cause a denial of service (system crash)\nor possibly execute arbitrary code. (CVE-2017-6347)\n\nDmitry Vyukov discovered race conditions in the Infrared (IrDA) subsystem\nin the Linux kernel. A local attacker could use this to cause a denial of\nservice (deadlock). (CVE-2017-6348)\");\n script_tag(name:\"affected\", value:\"linux-lts-xenial on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3265-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3265-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-75-generic\", ver:\"4.4.0-75.96~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-75-generic-lpae\", ver:\"4.4.0-75.96~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-75-lowlatency\", ver:\"4.4.0-75.96~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-75-powerpc-e500mc\", ver:\"4.4.0-75.96~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-75-powerpc-smp\", ver:\"4.4.0-75.96~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-75-powerpc64-smp\", ver:\"4.4.0-75.96~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae-lts-xenial\", ver:\"4.4.0.75.62\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lts-xenial\", ver:\"4.4.0.75.62\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency-lts-xenial\", ver:\"4.4.0.75.62\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc-lts-xenial\", ver:\"4.4.0.75.62\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp-lts-xenial\", ver:\"4.4.0.75.62\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp-lts-xenial\", ver:\"4.4.0.75.62\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:27:08", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-04-02T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2017:0906-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10208", "CVE-2017-7184", "CVE-2017-2584", "CVE-2016-10200", "CVE-2017-2636", "CVE-2017-6348", "CVE-2017-2583", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-5669", "CVE-2017-5986", "CVE-2017-6346", "CVE-2017-2596", "CVE-2017-6353", "CVE-2016-2117", "CVE-2017-6347"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851529", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851529", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851529\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-04-02 06:31:35 +0200 (Sun, 02 Apr 2017)\");\n script_cve_id(\"CVE-2016-10200\", \"CVE-2016-10208\", \"CVE-2016-2117\", \"CVE-2017-2583\",\n \"CVE-2017-2584\", \"CVE-2017-2596\", \"CVE-2017-2636\", \"CVE-2017-5669\",\n \"CVE-2017-6214\", \"CVE-2017-6345\", \"CVE-2017-6346\", \"CVE-2017-6347\",\n \"CVE-2017-6348\", \"CVE-2017-6353\", \"CVE-2017-7184\", \"CVE-2017-5986\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2017:0906-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Still left to do:\n\n - Check CVE descriptions. They need to be written in the past tense. They\n are processed automatically, THERE CAN BE ERRORS IN THERE!\n\n - Remove version numbers from the CVE descriptions\n\n - Check the capitalization of the subsystems, then sort again\n\n - For each CVE: Check the corresponding bug if everything is okay\n\n - If you remove CVEs or bugs: Do not forget to change the meta information\n\n - Determine which of the bugs after the CVE lines is the right one\n\n ======================================================================\n\n The openSUSE Leap 42.1 kernel was updated to 4.1.39 to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel\n did not restrict the address calculated by a certain rounding operation,\n which allowed local users to map page zero, and consequently bypass a\n protection mechanism that exists for the mmap system call, by making\n crafted shmget and shmat system calls in a privileged context\n (bnc#1026914).\n\n - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the\n Linux kernel improperly manages lock dropping, which allowed local users\n to cause a denial of service (deadlock) via crafted operations on IrDA\n devices (bnc#1027178).\n\n - CVE-2017-7184: The xfrm_replay_verify_len function in\n net/xfrm/xfrm_user.c in the Linux kernel did not validate certain size\n data after an XFRM_MSG_NEWAE update, which allowed local users to obtain\n root privileges or cause a denial of service (heap-based out-of-bounds\n access) by leveraging the CAP_NET_ADMIN capability, as demonstrated\n during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10\n linux-image-* package 4.8.0.41.52 (bnc#1030573).\n\n - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in\n the Linux kernel allowed local users to gain privileges or cause a\n denial of service (use-after-free) by making multiple bind system calls\n without properly ascertaining whether a socket has the SOCK_ZAPPED\n status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c\n (bnc#1028415).\n\n - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux\n kernel allowed local users to gain privileges or cause a denial of\n service (double free) by setting the HDLC line discipline (bnc#1027565).\n\n - CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that\n a certain destructor exists in required circumstances, which allowed\n local users to cause a denial ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"Kernel on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:0906-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build\", rpm:\"kernel-obs-build~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build-debugsource\", rpm:\"kernel-obs-build-debugsource~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa\", rpm:\"kernel-obs-qa~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base-debuginfo\", rpm:\"kernel-ec2-base-debuginfo~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debuginfo\", rpm:\"kernel-ec2-debuginfo~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debugsource\", rpm:\"kernel-ec2-debugsource~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv\", rpm:\"kernel-pv~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-base\", rpm:\"kernel-pv-base~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-base-debuginfo\", rpm:\"kernel-pv-base-debuginfo~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-debuginfo\", rpm:\"kernel-pv-debuginfo~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-debugsource\", rpm:\"kernel-pv-debugsource~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-devel\", rpm:\"kernel-pv-devel~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base-debuginfo\", rpm:\"kernel-xen-base-debuginfo~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~4.1.39~53.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-html\", rpm:\"kernel-docs-html~4.1.39~53.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-pdf\", rpm:\"kernel-docs-pdf~4.1.39~53.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base-debuginfo\", rpm:\"kernel-pae-base-debuginfo~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debuginfo\", rpm:\"kernel-pae-debuginfo~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debugsource\", rpm:\"kernel-pae-debugsource~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~4.1.39~53.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:18", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-07-21T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-3359-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5576", "CVE-2017-7895", "CVE-2017-1000380", "CVE-2017-7346", "CVE-2017-5551", "CVE-2014-9900", "CVE-2017-8924", "CVE-2017-9150", "CVE-2017-8925", "CVE-2017-9605", "CVE-2016-9755"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843247", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843247", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3359_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for linux USN-3359-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843247\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-21 07:18:04 +0200 (Fri, 21 Jul 2017)\");\n script_cve_id(\"CVE-2014-9900\", \"CVE-2016-9755\", \"CVE-2017-1000380\", \"CVE-2017-5551\",\n \"CVE-2017-5576\", \"CVE-2017-7346\", \"CVE-2017-7895\", \"CVE-2017-8924\",\n \"CVE-2017-8925\", \"CVE-2017-9150\", \"CVE-2017-9605\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3359-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the Linux kernel did\n not properly initialize a Wake- on-Lan data structure. A local attacker could\n use this to expose sensitive information (kernel memory). (CVE-2014-9900) Dmitry\n Vyukov, Andrey Konovalov, Florian Westphal, and Eric Dumazet discovered that the\n netfiler subsystem in the Linux kernel mishandled IPv6 packet reassembly. A\n local user could use this to cause a denial of service (system crash) or\n possibly execute arbitrary code. (CVE-2016-9755) Alexander Potapenko discovered\n a race condition in the Advanced Linux Sound Architecture (ALSA) subsystem in\n the Linux kernel. A local attacker could use this to expose sensitive\n information (kernel memory). (CVE-2017-1000380) It was discovered that the Linux\n kernel did not clear the setgid bit during a setxattr call on a tmpfs\n filesystem. A local attacker could use this to gain elevated group privileges.\n (CVE-2017-5551) Murray McAllister discovered that an integer overflow existed in\n the VideoCore DRM driver of the Linux kernel. A local attacker could use this to\n cause a denial of service (system crash) or possibly execute arbitrary code.\n (CVE-2017-5576) Li Qiang discovered that the DRM driver for VMware Virtual GPUs\n in the Linux kernel did not properly validate some ioctl arguments. A local\n attacker could use this to cause a denial of service (system crash).\n (CVE-2017-7346) Tuomas Haanp&#228 &#228 and Ari Kauppi discovered that the NFSv2\n and NFSv3 server implementations in the Linux kernel did not properly check for\n the end of buffer. A remote attacker could use this to craft requests that cause\n a denial of service (system crash) or possibly execute arbitrary code.\n (CVE-2017-7895) It was discovered that an integer underflow existed in the\n Edgeport USB Serial Converter device driver of the Linux kernel. An attacker\n with physical access could use this to expose sensitive information (kernel\n memory). (CVE-2017-8924) It was discovered that the USB ZyXEL omni.net LCD PLUS\n driver in the Linux kernel did not properly perform reference counting. A local\n attacker could use this to cause a denial of service (tty exhaustion).\n (CVE-2017-8925) Jann Horn discovered that bpf in Linux kernel does not restrict\n the output of the print_bpf_insn function. A local attacker could use this to\n obtain sensitive address information. (CVE-2017-9150) Murray McAllister\n discovered that the DRM driver for VMware Virtual GPUs in the Linux kernel did\n not properly initialize memory. A local attacker could use this to expose\n sensitive information (kernel memory). (CVE-2017-9605)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 16.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3359-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3359-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.10\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.8.0-1043-raspi2\", ver:\"4.8.0-1043.47\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.8.0-59-generic\", ver:\"4.8.0-59.64\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.8.0-59-generic-lpae\", ver:\"4.8.0-59.64\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.8.0-59-lowlatency\", ver:\"4.8.0-59.64\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.8.0-59-powerpc-e500mc\", ver:\"4.8.0-59.64\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.8.0-59-powerpc-smp\", ver:\"4.8.0-59.64\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.8.0-59-powerpc64-emb\", ver:\"4.8.0-59.64\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.8.0.59.72\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.8.0.59.72\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.8.0.59.72\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"4.8.0.59.72\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"4.8.0.59.72\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"4.8.0.59.72\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.8.0.1043.47\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:34:10", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2017-1056)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-6074", "CVE-2017-6001", "CVE-2017-6348", "CVE-2017-6214", "CVE-2017-5669"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171056", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171056", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1056\");\n script_version(\"2020-01-23T10:46:47+0000\");\n script_cve_id(\"CVE-2017-5669\", \"CVE-2017-6001\", \"CVE-2017-6074\", \"CVE-2017-6214\", \"CVE-2017-6348\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:46:47 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:46:47 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2017-1056)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1056\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1056\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2017-1056 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system. (CVE-2017-6074)\n\nThe tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag.(CVE-2017-6214)\n\nThe do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address calculated by a certain rounding operation, which allows local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context.(CVE-2017-5669)\n\nThe hashbin_delete function in net/irda/irqueue.c in the Linux kernel before 4.9.13 improperly manages lock dropping, which allows local users to cause a denial of service (deadlock) via crafted operations on IrDA devices.(CVE-2017-6348)\n\nRace condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a software group into a hardware context.(CVE-2017-6001)\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~327.44.58.28\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~327.44.58.28\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~327.44.58.28\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~327.44.58.28\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~327.44.58.28\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~327.44.58.28\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~327.44.58.28\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~327.44.58.28\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~327.44.58.28\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:34", "description": "Check the version of kernel", "cvss3": {}, "published": "2017-06-30T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2017:1615 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7895", "CVE-2017-7645", "CVE-2017-2583", "CVE-2017-6214", "CVE-2017-7477"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882747", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882747", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2017:1615 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882747\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-30 05:12:15 +0200 (Fri, 30 Jun 2017)\");\n script_cve_id(\"CVE-2017-2583\", \"CVE-2017-6214\", \"CVE-2017-7477\", \"CVE-2017-7645\", \"CVE-2017-7895\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for kernel CESA-2017:1615 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of kernel\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux\nkernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n * A flaw was found in the way Linux kernel allocates heap memory to build\nthe scattergather list from a fragment list(skb_shinfo(skb)- frag_list) in\nthe socket buffer(skb_buff). The heap overflow occurred if 'MAX_SKB_FRAGS +\n1' parameter and 'NETIF_F_FRAGLIST' feature were used together. A\nremote user or process could use this flaw to potentially escalate their\nprivilege on a system. (CVE-2017-7477, Important)\n\n * The NFS2/3 RPC client could send long arguments to the NFS server. These\nencoded arguments are stored in an array of memory pages, and accessed\nusing pointer variables. Arbitrarily long arguments could make these\npointers point outside the array and cause an out-of-bounds memory access.\nA remote user or program could use this flaw to crash the kernel (denial of\nservice). (CVE-2017-7645, Important)\n\n * The NFSv2 and NFSv3 server implementations in the Linux kernel through\n4.10.13 lacked certain checks for the end of a buffer. A remote attacker\ncould trigger a pointer-arithmetic error or possibly cause other\nunspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and\nfs/nfsd/nfsxdr.c. (CVE-2017-7895, Important)\n\n * The Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM)\nsupport was vulnerable to an incorrect segment selector(SS) value error.\nThe error could occur while loading values into the SS register in long\nmode. A user or process inside a guest could use this flaw to crash the\nguest, resulting in DoS or potentially escalate their privileges inside the\nguest. (CVE-2017-2583, Moderate)\n\n * A flaw was found in the Linux kernel's handling of packets with the URG\nflag. Applications using the splice() and tcp_splice_read() functionality\ncould allow a remote attacker to force the kernel to enter a condition in\nwhich it could loop indefinitely. (CVE-2017-6214, Moderate)\n\nRed Hat would like to thank Ari Kauppi for reporting CVE-2017-7895 and\nXiaohan Zhang (Huawei Inc.) for reporting CVE-2017-2583.\n\nBug Fix(es):\n\n * Previously, the reserved-pages counter (HugePages_Rsvd) was bigger than\nthe total-pages counter (HugePages_Total) in the /proc/meminfo file, and\nHugePages_Rsvd underflowed. With this update, the HugeTLB feature of the\nLinux kernel has been fixed, and HugePages_Rsvd underflow no longer occurs.\n(BZ#1445184)\n\n * If a directory on a NFS client was modified while being listed, the NFS\nclient could restart the directory listing multiple times. Consequently,\nthe performance of listing the directory was sub-optimal. With this update,\nthe restarting of the di ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"kernel on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:1615\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-June/022489.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~514.26.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~514.26.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~514.26.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~514.26.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~514.26.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~514.26.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~514.26.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~514.26.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~514.26.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~514.26.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~514.26.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~514.26.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:05", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-06-29T00:00:00", "type": "openvas", "title": "RedHat Update for kernel RHSA-2017:1615-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7895", "CVE-2017-7645", "CVE-2017-2583", "CVE-2017-6214", "CVE-2017-7477"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871838", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871838", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2017:1615-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871838\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-29 05:10:09 +0200 (Thu, 29 Jun 2017)\");\n script_cve_id(\"CVE-2017-2583\", \"CVE-2017-6214\", \"CVE-2017-7477\", \"CVE-2017-7645\",\n \"CVE-2017-7895\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for kernel RHSA-2017:1615-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux\n kernel, the core of any Linux operating system. Security Fix(es): * A flaw was\n found in the way Linux kernel allocates heap memory to build the scattergather\n list from a fragment list(skb_shinfo(skb)- frag_list) in the socket\n buffer(skb_buff). The heap overflow occurred if 'MAX_SKB_FRAGS + 1' parameter\n and 'NETIF_F_FRAGLIST' feature were used together. A remote user or process\n could use this flaw to potentially escalate their privilege on a system.\n (CVE-2017-7477, Important) * The NFS2/3 RPC client could send long arguments to\n the NFS server. These encoded arguments are stored in an array of memory pages,\n and accessed using pointer variables. Arbitrarily long arguments could make\n these pointers point outside the array and cause an out-of-bounds memory access.\n A remote user or program could use this flaw to crash the kernel (denial of\n service). (CVE-2017-7645, Important) * The NFSv2 and NFSv3 server\n implementations in the Linux kernel through 4.10.13 lacked certain checks for\n the end of a buffer. A remote attacker could trigger a pointer-arithmetic error\n or possibly cause other unspecified impacts using crafted requests related to\n fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important) * The Linux\n kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support was\n vulnerable to an incorrect segment selector(SS) value error. The error could\n occur while loading values into the SS register in long mode. A user or process\n inside a guest could use this flaw to crash the guest, resulting in DoS or\n potentially escalate their privileges inside the guest. (CVE-2017-2583,\n Moderate) * A flaw was found in the Linux kernel's handling of packets with the\n URG flag. Applications using the splice() and tcp_splice_read() functionality\n could allow a remote attacker to force the kernel to enter a condition in which\n it could loop indefinitely. (CVE-2017-6214, Moderate) Red Hat would like to\n thank Ari Kauppi for reporting CVE-2017-7895 and Xiaohan Zhang (Huawei Inc.) for\n reporting CVE-2017-2583. Bug Fix(es): * Previously, the reserved-pages counter\n (HugePages_Rsvd) was bigger than the total-pages counter (HugePages_Total) in\n the /proc/meminfo file, and HugePages_Rsvd underflowed. With this update, the\n HugeTLB feature of the Linux kernel has been fixed, and HugePages_Rsvd underflow\n no longer occurs. (BZ#1445184) * If a directory on a NFS client was modified\n while being listed, the NFS client could restart the directory listing multiple\n times. Consequently, the performance of listing the directory was sub-optimal.\n With this up ... Description truncated, for more information please check the\n Reference URL\");\n script_tag(name:\"affected\", value:\"kernel on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:1615-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-June/msg00060.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-debuginfo\", rpm:\"kernel-tools-debuginfo~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf-debuginfo\", rpm:\"python-perf-debuginfo~3.10.0~514.26.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:32:51", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1502)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18255", "CVE-2017-7261", "CVE-2017-2584", "CVE-2017-6074", "CVE-2017-6001", "CVE-2017-5970", "CVE-2017-2636", "CVE-2017-5551", "CVE-2017-2671", "CVE-2017-7294", "CVE-2017-6348", "CVE-2017-6214", "CVE-2017-18270", "CVE-2017-7308", "CVE-2017-5669", "CVE-2017-6951", "CVE-2017-2647", "CVE-2017-5986", "CVE-2017-2596", "CVE-2017-6353", "CVE-2017-18344", "CVE-2017-7187"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191502", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191502", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1502\");\n script_version(\"2020-01-23T11:58:09+0000\");\n script_cve_id(\"CVE-2017-18255\", \"CVE-2017-18270\", \"CVE-2017-18344\", \"CVE-2017-2584\", \"CVE-2017-2596\", \"CVE-2017-2636\", \"CVE-2017-2647\", \"CVE-2017-2671\", \"CVE-2017-5551\", \"CVE-2017-5669\", \"CVE-2017-5970\", \"CVE-2017-5986\", \"CVE-2017-6001\", \"CVE-2017-6074\", \"CVE-2017-6214\", \"CVE-2017-6348\", \"CVE-2017-6353\", \"CVE-2017-6951\", \"CVE-2017-7187\", \"CVE-2017-7261\", \"CVE-2017-7294\", \"CVE-2017-7308\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:58:09 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:58:09 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1502)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1502\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1502\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1502 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The perf_cpu_time_max_percent_handler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calculation.(CVE-2017-18255)\n\nIn the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service.(CVE-2017-18270)\n\nThe timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel doesn't properly validate the sigevent-sigev_notify field, which leads to out-of-bounds access in the show_timer function.(CVE-2017-18344)\n\narch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt.(CVE-2017-2584)\n\nLinux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization(nVMX) feature enabled(nested=1), is vulnerable to host memory leakage issue. It could occur while emulating VMXON instruction in 'handle_vmon'. An L1 guest user could use this flaw to leak host memory potentially resulting in DoS.(CVE-2017-2596)\n\nA race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system.(CVE-2017-2636)\n\nA flaw was found that can be triggered in keyring_search_iterator in keyring.c if type-match is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges.(CVE-2017-2647)\n\nA race condition leading to a NULL pointer dereference was found in the Linux kernel's Link Layer Control implementation. A local attacker with access to ping sockets could use this flaw to crash the system.(CVE-2017-2671)\n\nA vulnerability was found in the Linux kernel in 'tmpfs' file system. When file permissions are modified via 'chmod' and the user is not in the owning group or capable of CAP_FSETID, the setgid bit is cleared in inode_change_ok(). Setting a POSIX ACL via 'setxattr' sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in a similar way, this allows to bypass the check in 'chmod'.(CVE-2017-5551)\n\nThe do_shmat function in ipc/shm.c in the Linux kernel, through 4.9.12, does not restrict the address calculated by a c ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-09T19:32:03", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-19T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-3422-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7472", "CVE-2016-9604", "CVE-2016-7097", "CVE-2016-9754", "CVE-2016-9191", "CVE-2016-8650", "CVE-2016-9084", "CVE-2017-5970", "CVE-2016-10200", "CVE-2016-9178", "CVE-2017-1000251", "CVE-2017-6214", "CVE-2016-9083", "CVE-2017-7541", "CVE-2017-6951", "CVE-2017-6346", "CVE-2017-7187", "CVE-2016-10044"], "modified": "2020-06-08T00:00:00", "id": "OPENVAS:1361412562310843312", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843312", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-3422-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843312\");\n script_version(\"2020-06-08T06:52:36+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-08 06:52:36 +0000 (Mon, 08 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-19 07:43:00 +0200 (Tue, 19 Sep 2017)\");\n script_cve_id(\"CVE-2017-1000251\", \"CVE-2016-10044\", \"CVE-2016-10200\", \"CVE-2016-7097\",\n \"CVE-2016-8650\", \"CVE-2016-9083\", \"CVE-2016-9084\", \"CVE-2016-9178\",\n \"CVE-2016-9191\", \"CVE-2016-9604\", \"CVE-2016-9754\", \"CVE-2017-5970\",\n \"CVE-2017-6214\", \"CVE-2017-6346\", \"CVE-2017-6951\", \"CVE-2017-7187\",\n \"CVE-2017-7472\", \"CVE-2017-7541\");\n script_tag(name:\"cvss_base\", value:\"7.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3422-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that a buffer overflow\n existed in the Bluetooth stack of the Linux kernel when handling L2CAP\n configuration responses. A physically proximate attacker could use this to cause\n a denial of service (system crash). (CVE-2017-1000251) It was discovered that\n the asynchronous I/O (aio) subsystem of the Linux kernel did not properly set\n permissions on aio memory mappings in some situations. An attacker could use\n this to more easily exploit other vulnerabilities. (CVE-2016-10044) Baozeng Ding\n and Andrey Konovalov discovered a race condition in the L2TPv3 IP Encapsulation\n implementation in the Linux kernel. A local attacker could use this to cause a\n denial of service (system crash) or possibly execute arbitrary code.\n (CVE-2016-10200) Andreas Gruenbacher and Jan Kara discovered that the filesystem\n implementation in the Linux kernel did not clear the setgid bit during a\n setxattr call. A local attacker could use this to possibly elevate group\n privileges. (CVE-2016-7097) Sergej Schumilo, Ralf Spenneberg, and Hendrik\n Schwartke discovered that the key management subsystem in the Linux kernel did\n not properly allocate memory in some situations. A local attacker could use this\n to cause a denial of service (system crash). (CVE-2016-8650) Vlad Tsyrklevich\n discovered an integer overflow vulnerability in the VFIO PCI driver for the\n Linux kernel. A local attacker with access to a vfio PCI device file could use\n this to cause a denial of service (system crash) or possibly execute arbitrary\n code. (CVE-2016-9083, CVE-2016-9084) It was discovered that an information leak\n existed in __get_user_asm_ex() in the Linux kernel. A local attacker could use\n this to expose sensitive information. (CVE-2016-9178) CAI Qian discovered that\n the sysctl implementation in the Linux kernel did not properly perform reference\n counting in some situations. An unprivileged attacker could use this to cause a\n denial of service (system hang). (CVE-2016-9191) It was discovered that the\n keyring implementation in the Linux kernel in some situations did not prevent\n special internal keyrings from being joined by userspace keyrings. A privileged\n local attacker could use this to bypass module verification. (CVE-2016-9604) It\n was discovered that an integer overflow existed in the trace subsystem of the\n Linux kernel. A local privileged attacker could use this to cause a denial of\n service (system crash). (CVE-2016-9754) Andrey Konovalov discovered that the\n IPv4 implementation in the Linux kernel did not properly handle invalid IP\n options in some situations. An attacker could use this to cause a denial of\n service or possibly ex ... Description truncated, for more information please\n check the Reference URL\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3422-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3422-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-132-generic\", ver:\"3.13.0-132.181\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-132-generic-lpae\", ver:\"3.13.0-132.181\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-132-lowlatency\", ver:\"3.13.0-132.181\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-132-powerpc-e500\", ver:\"3.13.0-132.181\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-132-powerpc-e500mc\", ver:\"3.13.0-132.181\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-132-powerpc-smp\", ver:\"3.13.0-132.181\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-132-powerpc64-emb\", ver:\"3.13.0-132.181\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-132-powerpc64-smp\", ver:\"3.13.0-132.181\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"3.13.0.132.141\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"3.13.0.132.141\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"3.13.0.132.141\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500\", ver:\"3.13.0.132.141\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"3.13.0.132.141\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"3.13.0.132.141\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"3.13.0.132.141\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"3.13.0.132.141\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:21", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-05-17T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-3293-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7261", "CVE-2017-7616", "CVE-2017-7294", "CVE-2017-2596", "CVE-2017-7477", "CVE-2017-7187"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843165", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843165", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-3293-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843165\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-05-17 06:52:48 +0200 (Wed, 17 May 2017)\");\n script_cve_id(\"CVE-2017-2596\", \"CVE-2017-7187\", \"CVE-2017-7261\", \"CVE-2017-7294\",\n \"CVE-2017-7477\", \"CVE-2017-7616\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3293-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Dmitry Vyukov discovered that KVM\n implementation in the Linux kernel improperly emulated the VMXON instruction. A\n local attacker in a guest OS could use this to cause a denial of service (memory\n consumption) in the host OS. (CVE-2017-2596) Dmitry Vyukov discovered that the\n generic SCSI (sg) subsystem in the Linux kernel contained a stack-based buffer\n overflow. A local attacker with access to an sg device could use this to cause a\n denial of service (system crash) or possibly execute arbitrary code.\n (CVE-2017-7187) It was discovered that a NULL pointer dereference existed in the\n Direct Rendering Manager (DRM) driver for VMWare devices in the Linux kernel. A\n local attacker could use this to cause a denial of service (system crash).\n (CVE-2017-7261) Li Qiang discovered that an integer overflow vulnerability\n existed in the Direct Rendering Manager (DRM) driver for VMWare devices in the\n Linux kernel. A local attacker could use this to cause a denial of service\n (system crash) or possibly execute arbitrary code. (CVE-2017-7294) Jason\n Donenfeld discovered a heap overflow in the MACsec module in the Linux kernel.\n An attacker could use this to cause a denial of service (system crash) or\n possibly execute arbitrary code. (CVE-2017-7477) It was discovered that an\n information leak existed in the set_mempolicy and mbind compat syscalls in the\n Linux kernel. A local attacker could use this to expose sensitive information\n (kernel memory). (CVE-2017-7616)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 17.04\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3293-1\");\n script_xref(name:\"URL\", value:\"https://www.ubuntu.com/usn/usn-3293-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU17\\.04\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.10.0-1005-raspi2\", ver:\"4.10.0-1005.7\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.10.0-21-generic\", ver:\"4.10.0-21.23\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.10.0-21-generic-lpae\", ver:\"4.10.0-21.23\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.10.0-21-lowlatency\", ver:\"4.10.0-21.23\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.10.0.21.23\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.10.0.21.23\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.10.0.21.23\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.10.0.1005.7\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-29T20:11:02", "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or have other\nimpacts.\n\nCVE-2016-2188\n\nRalf Spenneberg of OpenSource Security reported that the iowarrior\ndevice driver did not sufficiently validate USB descriptors. This\nallowed a physically present user with a specially designed USB\ndevice to cause a denial of service (crash).\n\nCVE-2016-9604\n\nIt was discovered that the keyring subsystem allowed a process to\nset a special internal keyring as its session keyring. The\nsecurity impact in this version of the kernel is unknown.\n\nDescription truncated. Please see the references for more information.\n\nFor Debian 7 ", "cvss3": {}, "published": "2018-01-17T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for linux (DLA-922-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7472", "CVE-2016-9604", "CVE-2017-7261", "CVE-2017-7184", "CVE-2017-7616", "CVE-2017-7618", "CVE-2017-5967", "CVE-2017-5970", "CVE-2017-7273", "CVE-2016-10200", "CVE-2017-2671", "CVE-2017-7294", "CVE-2017-7308", "CVE-2017-6951", "CVE-2017-2647", "CVE-2016-2188"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310890922", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310890922", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.890922\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2016-10200\", \"CVE-2016-2188\", \"CVE-2016-9604\", \"CVE-2017-2647\", \"CVE-2017-2671\", \"CVE-2017-5967\", \"CVE-2017-5970\", \"CVE-2017-6951\", \"CVE-2017-7184\", \"CVE-2017-7261\", \"CVE-2017-7273\", \"CVE-2017-7294\", \"CVE-2017-7308\", \"CVE-2017-7472\", \"CVE-2017-7616\", \"CVE-2017-7618\");\n script_name(\"Debian LTS: Security Advisory for linux (DLA-922-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-17 00:00:00 +0100 (Wed, 17 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/04/msg00041.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"linux on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n3.2.88-1. This version also includes bug fixes from upstream version\n3.2.88, and fixes some older security issues in the keyring, packet\nsocket and cryptographic hash subsystems that do not have CVE IDs.\n\nFor Debian 8 'Jessie', most of these problems have been fixed in\nversion 3.16.43-1 which will be part of the next point release.\n\nWe recommend that you upgrade your linux packages.\");\n\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or have other\nimpacts.\n\nCVE-2016-2188\n\nRalf Spenneberg of OpenSource Security reported that the iowarrior\ndevice driver did not sufficiently validate USB descriptors. This\nallowed a physically present user with a specially designed USB\ndevice to cause a denial of service (crash).\n\nCVE-2016-9604\n\nIt was discovered that the keyring subsystem allowed a process to\nset a special internal keyring as its session keyring. The\nsecurity impact in this version of the kernel is unknown.\n\nDescription truncated. Please see the references for more information.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n3.2.88-1. This version also includes bug fixes from upstream version\n3.2.88, and fixes some older security issues in the keyring, packet\nsocket and cryptographic hash subsystems that do not have CVE IDs.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"linux-doc-3.2\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-486\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-686-pae\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-amd64\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-armel\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-armhf\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-i386\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-amd64\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common-rt\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-iop32x\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-ixp4xx\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-kirkwood\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mv78xx0\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mx5\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-omap\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-orion5x\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-rt-686-pae\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-rt-amd64\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-versatile\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-vexpress\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-486\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-686-pae\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-all\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-all-amd64\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-all-armel\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-all-armhf\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-all-i386\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-amd64\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-common\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-common-rt\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-iop32x\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-ixp4xx\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-kirkwood\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-mv78xx0\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-mx5\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-omap\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-orion5x\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-rt-686-pae\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-rt-amd64\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-versatile\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-vexpress\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-486\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-686-pae\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-686-pae-dbg\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-amd64\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-amd64-dbg\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-iop32x\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-ixp4xx\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-kirkwood\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mv78xx0\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mx5\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-omap\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-orion5x\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-686-pae\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-686-pae-dbg\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-amd64\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-amd64-dbg\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-versatile\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-vexpress\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-486\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-686-pae\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-686-pae-dbg\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-amd64\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-amd64-dbg\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-iop32x\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-ixp4xx\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-kirkwood\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-mv78xx0\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-mx5\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-omap\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-orion5x\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-rt-686-pae\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-rt-686-pae-dbg\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-rt-amd64\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-rt-amd64-dbg\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-versatile\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-vexpress\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-manual-3.2\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-source-3.2\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-3.2.0-4\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-3.2.0-5\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-4-686-pae\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-4-amd64\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-5-686-pae\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-5-amd64\", ver:\"3.2.88-1\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:13", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-06-08T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-3314-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7472", "CVE-2016-9604", "CVE-2017-7895", "CVE-2017-7277", "CVE-2017-7889", "CVE-2017-8063", "CVE-2017-7618", "CVE-2017-7645", "CVE-2017-7979", "CVE-2017-0605", "CVE-2017-2671", "CVE-2017-8067", "CVE-2017-8064"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843198", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843198", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-3314-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843198\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-08 06:02:59 +0200 (Thu, 08 Jun 2017)\");\n script_cve_id(\"CVE-2016-9604\", \"CVE-2017-0605\", \"CVE-2017-2671\", \"CVE-2017-7277\",\n \"CVE-2017-7472\", \"CVE-2017-7618\", \"CVE-2017-7645\", \"CVE-2017-7889\",\n \"CVE-2017-7895\", \"CVE-2017-7979\", \"CVE-2017-8063\", \"CVE-2017-8064\",\n \"CVE-2017-8067\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3314-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the keyring\n implementation in the Linux kernel in some situations did not prevent special\n internal keyrings from being joined by userspace keyrings. A privileged local\n attacker could use this to bypass module verification. (CVE-2016-9604) It was\n discovered that a buffer overflow existed in the trace subsystem in the Linux\n kernel. A privileged local attacker could use this to execute arbitrary code.\n (CVE-2017-0605) Daniel Jiang discovered that a race condition existed in the\n ipv4 ping socket implementation in the Linux kernel. A local privileged attacker\n could use this to cause a denial of service (system crash). (CVE-2017-2671)\n JongHwan Kim discovered an out-of-bounds read in the TCP stack of the Linux\n kernel. A local attacker could use this to cause a denial of service (system\n crash) or leak sensitive information. (CVE-2017-7277) Eric Biggers discovered a\n memory leak in the keyring implementation in the Linux kernel. A local attacker\n could use this to cause a denial of service (memory consumption).\n (CVE-2017-7472) Sabrina Dubroca discovered that the asynchronous cryptographic\n hash (ahash) implementation in the Linux kernel did not properly handle a full\n request queue. A local attacker could use this to cause a denial of service\n (infinite recursion). (CVE-2017-7618) Tuomas Haanp&#228 &#228 and Ari Kauppi\n discovered that the NFSv2 and NFSv3 server implementations in the Linux kernel\n did not properly handle certain long RPC replies. A remote attacker could use\n this to cause a denial of service (system crash). (CVE-2017-7645) Tommi Rantala\n and Brad Spengler discovered that the memory manager in the Linux kernel did not\n properly enforce the CONFIG_STRICT_DEVMEM protection mechanism. A local attacker\n with access to /dev/mem could use this to expose sensitive information or\n possibly execute arbitrary code. (CVE-2017-7889) Tuomas Haanp&#228 &#228 and Ari\n Kauppi discovered that the NFSv2 and NFSv3 server implementations in the Linux\n kernel did not properly check for the end of buffer. A remote attacker could use\n this to craft requests that cause a denial of service (system crash) or possibly\n execute arbitrary code. (CVE-2017-7895) Fabian Gr&#252 nbichler discovered that\n the Packet action API implementation in the Linux kernel improperly handled\n uninitialized data. A local attacker could use this to cause a denial of service\n (system crash) or possibly execute arbitrary code. (CVE-2017-7979) It was\n discovered that the Conexant USB driver in the Linux kernel improperly handled\n memory in some configurations. A local attacker could use this to cause a denial\n of service (sy ... Description truncated, for more information please check the\n Reference URL\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 17.04\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3314-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3314-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU17\\.04\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.10.0-1006-raspi2\", ver:\"4.10.0-1006.8\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.10.0-22-generic\", ver:\"4.10.0-22.24\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.10.0-22-generic-lpae\", ver:\"4.10.0-22.24\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.10.0-22-lowlatency\", ver:\"4.10.0-22.24\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.10.0.22.24\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.10.0.22.24\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.10.0.22.24\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.10.0.1006.8\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:26:52", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-05-09T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2017:1215-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7261", "CVE-2017-7616", "CVE-2017-7618", "CVE-2017-2671", "CVE-2017-7294", "CVE-2017-7308", "CVE-2016-10318", "CVE-2017-7187"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851548", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851548", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851548\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-05-09 06:50:14 +0200 (Tue, 09 May 2017)\");\n script_cve_id(\"CVE-2016-10318\", \"CVE-2017-2671\", \"CVE-2017-7187\", \"CVE-2017-7261\",\n \"CVE-2017-7294\", \"CVE-2017-7308\", \"CVE-2017-7616\", \"CVE-2017-7618\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2017:1215-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The openSUSE Leap 42.1 kernel was\n updated to receive various security and bugfixes.\n\n\n The following security bugs were fixed:\n\n - CVE-2017-7618: crypto/ahash.c in the Linux kernel allowed attackers to\n cause a denial of service (API operation calling its own callback, and\n infinite recursion) by triggering EBUSY on a full queue (bnc#1033340).\n\n - CVE-2016-10318: A missing authorization check in the\n fscrypt_process_policy function in fs/crypto/policy.c in the ext4 and\n f2fs filesystem encryption support in the Linux kernel allowed a user to\n assign an encryption policy to a directory owned by a different user,\n potentially creating a denial of service (bnc#1032435).\n\n - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind\n compat syscalls in mm/mempolicy.c in the Linux kernel allowed local\n users to obtain sensitive information from uninitialized stack data by\n triggering failure of a certain bitmap operation (bnc#1033336).\n\n - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in\n the Linux kernel did not properly validate certain block-size data,\n which allowed local users to cause a denial of service (overflow) or\n possibly have unspecified other impact via crafted system calls\n (bnc#1031579).\n\n - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux\n kernel is too late in obtaining a certain lock and consequently cannot\n ensure that disconnect function calls are safe, which allowed local\n users to cause a denial of service (panic) by leveraging access to the\n protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003).\n\n - CVE-2017-7294: The vmw_surface_define_ioctl function in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not\n validate addition of certain levels data, which allowed local users to\n trigger an integer overflow and out-of-bounds write, and cause a denial\n of service (system hang or crash) or possibly gain privileges, via a\n crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440).\n\n - CVE-2017-7261: The vmw_surface_define_ioctl function in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not\n check for a zero value of certain levels data, which allowed local users\n to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and\n possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device\n (bnc#1031052).\n\n - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux\n kernel allowed local users to cause a denial of service (stack-based\n buffer overflow) or possibly have unspecified other impact via a lar ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"Linux Kernel on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:1215-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base-debuginfo\", rpm:\"kernel-ec2-base-debuginfo~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debuginfo\", rpm:\"kernel-ec2-debuginfo~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debugsource\", rpm:\"kernel-ec2-debugsource~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv\", rpm:\"kernel-pv~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-base\", rpm:\"kernel-pv-base~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-base-debuginfo\", rpm:\"kernel-pv-base-debuginfo~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-debuginfo\", rpm:\"kernel-pv-debuginfo~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-debugsource\", rpm:\"kernel-pv-debugsource~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-devel\", rpm:\"kernel-pv-devel~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base-debuginfo\", rpm:\"kernel-xen-base-debuginfo~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build\", rpm:\"kernel-obs-build~4.1.39~56.3\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build-debugsource\", rpm:\"kernel-obs-build-debugsource~4.1.39~56.3\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa\", rpm:\"kernel-obs-qa~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~4.1.39~56.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-html\", rpm:\"kernel-docs-html~4.1.39~56.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-pdf\", rpm:\"kernel-docs-pdf~4.1.39~56.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base-debuginfo\", rpm:\"kernel-pae-base-debuginfo~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debuginfo\", rpm:\"kernel-pae-debuginfo~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debugsource\", rpm:\"kernel-pae-debugsource~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~4.1.39~56.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-07-24T12:57:49", "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or have other\nimpacts.\n\nCVE-2016-9588 \nJim Mattson discovered that the KVM implementation for Intel x86\nprocessors does not properly handle #BP and #OF exceptions in an\nL2 (nested) virtual machine. A local attacker in an L2 guest VM\ncan take advantage of this flaw to cause a denial of service for\nthe L1 guest VM.\n\nCVE-2017-2636Alexander Popov discovered a race condition flaw in the n_hdlc\nline discipline that can lead to a double free. A local\nunprivileged user can take advantage of this flaw for privilege\nescalation. On systems that do not already have the n_hdlc module\nloaded, this can be mitigated by disabling it:\necho>> /etc/modprobe.d/disable-n_hdlc.conf install n_hdlc falseCVE-2017-5669 \nGareth Evans reported that privileged users can map memory at\naddress 0 through the shmat() system call. This could make it\neasier to exploit other kernel security vulnerabilities via a\nset-UID program.\n\nCVE-2017-5986Alexander Popov reported a race condition in the SCTP\nimplementation that can be used by local users to cause a\ndenial-of-service (crash). The initial fix for this was incorrect\nand introduced further security issues ( CVE-2017-6353). This update includes a later fix that\navoids those. On systems that do not already have the sctp\nmodule loaded, this can be mitigated by disabling it:\necho>> /etc/modprobe.d/disable-sctp.conf install sctp falseCVE-2017-6214 \nDmitry Vyukov reported a bug in the TCP implementation", "cvss3": {}, "published": "2017-03-08T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3804-1 (linux - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2636", "CVE-2017-6348", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-5669", "CVE-2017-5986", "CVE-2017-6346", "CVE-2016-9588", "CVE-2017-6353"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703804", "href": "http://plugins.openvas.org/nasl.php?oid=703804", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3804.nasl 6607 2017-07-07 12:04:25Z cfischer $\n# Auto-generated from advisory DSA 3804-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703804);\n script_version(\"$Revision: 6607 $\");\n script_cve_id(\"CVE-2016-9588\", \"CVE-2017-2636\", \"CVE-2017-5669\", \"CVE-2017-5986\", \"CVE-2017-6214\", \"CVE-2017-6345\", \"CVE-2017-6346\", \"CVE-2017-6348\", \"CVE-2017-6353\");\n script_name(\"Debian Security Advisory DSA 3804-1 (linux - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:04:25 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2017-03-08 00:00:00 +0100 (Wed, 08 Mar 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2017/dsa-3804.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"linux on Debian Linux\");\n script_tag(name: \"insight\", value: \"The Linux kernel is the core of the Linux operating system.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), these problems have been fixed in\nversion 3.16.39-1+deb8u2.\n\nWe recommend that you upgrade your linux packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or have other\nimpacts.\n\nCVE-2016-9588 \nJim Mattson discovered that the KVM implementation for Intel x86\nprocessors does not properly handle #BP and #OF exceptions in an\nL2 (nested) virtual machine. A local attacker in an L2 guest VM\ncan take advantage of this flaw to cause a denial of service for\nthe L1 guest VM.\n\nCVE-2017-2636Alexander Popov discovered a race condition flaw in the n_hdlc\nline discipline that can lead to a double free. A local\nunprivileged user can take advantage of this flaw for privilege\nescalation. On systems that do not already have the n_hdlc module\nloaded, this can be mitigated by disabling it:\necho>> /etc/modprobe.d/disable-n_hdlc.conf install n_hdlc falseCVE-2017-5669 \nGareth Evans reported that privileged users can map memory at\naddress 0 through the shmat() system call. This could make it\neasier to exploit other kernel security vulnerabilities via a\nset-UID program.\n\nCVE-2017-5986Alexander Popov reported a race condition in the SCTP\nimplementation that can be used by local users to cause a\ndenial-of-service (crash). The initial fix for this was incorrect\nand introduced further security issues ( CVE-2017-6353). This update includes a later fix that\navoids those. On systems that do not already have the sctp\nmodule loaded, this can be mitigated by disabling it:\necho>> /etc/modprobe.d/disable-sctp.conf install sctp falseCVE-2017-6214 \nDmitry Vyukov reported a bug in the TCP implementation's handling\nof urgent data in the splice() system call. This can be used by a\nremote attacker for denial-of-service (hang) against applications\nthat read from TCP sockets with splice().\n\nCVE-2017-6345Andrey Konovalov reported that the LLC type 2 implementation\nincorrectly assigns socket buffer ownership. This can be used\nby a local user to cause a denial-of-service (crash). On systems\nthat do not already have the llc2 module loaded, this can be\nmitigated by disabling it:\necho>> /etc/modprobe.d/disable-llc2.conf install llc2 falseCVE-2017-6346 \nDmitry Vyukov reported a race condition in the raw packet (af_packet)\nfanout feature. Local users with the CAP_NET_RAW capability (in any\nuser namespace) can use this for denial-of-service and possibly for\nprivilege escalation.\n\nCVE-2017-6348 \nDmitry Vyukov reported that the general queue implementation in\nthe IrDA subsystem does not properly manage multiple locks,\npossibly allowing local users to cause a denial-of-service\n(deadlock) via crafted operations on IrDA devices.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-arm\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-s390\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-x86\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-doc-3.16\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-4kc-malta\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-586\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-5kc-malta\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-686-pae\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-amd64\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-arm64\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armel\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armhf\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-i386\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mips\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mipsel\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-powerpc\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-ppc64el\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-s390x\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-amd64\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-arm64\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp-lpae\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-common\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-ixp4xx\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-kirkwood\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2e\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2f\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-3\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-octeon\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-orion5x\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc-smp\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64le\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r4k-ip22\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r5k-ip32\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-s390x\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-versatile\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-4kc-malta\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-5kc-malta\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mips\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mipsel\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-loongson-2f\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-octeon\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r4k-ip22\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-cobalt\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-ip32\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1-bcm91250a\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-4kc-malta\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-586\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-5kc-malta\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae-dbg\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64-dbg\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64-dbg\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp-lpae\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-ixp4xx\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-kirkwood\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2e\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2f\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-3\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-octeon\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-orion5x\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc-smp\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64le\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r4k-ip22\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r5k-ip32\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x-dbg\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-versatile\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-4kc-malta\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-5kc-malta\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-loongson-2f\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-octeon\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r4k-ip22\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-cobalt\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-ip32\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1-bcm91250a\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1a-bcm91480b\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-manual-3.16\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-source-3.16\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-support-3.16.0-4\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-4-amd64\", ver:\"3.16.39-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-01-29T20:12:22", "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or have other\nimpacts.\n\nCVE-2016-9588\n\nJim Mattson discovered that the KVM implementation for Intel x86\nprocessors does not properly handle #BP and #OF exceptions in an\nL2 (nested) virtual machine. A local attacker in an L2 guest VM\ncan take advantage of this flaw to cause a denial of service for\nthe L1 guest VM.\n\nCVE-2017-2636\n\nAlexander Popov discovered a race condition flaw in the n_hdlc\nline discipline that can lead to a double free. A local\nunprivileged user can take advantage of this flaw for privilege\nescalation. On systems that do not already have the n_hdlc module\nloaded, this can be mitigated by disabling it:\necho >> /etc/modprobe.d/disable-n_hdlc.conf install n_hdlc false\n\nCVE-2017-5669\n\nGareth Evans reported that privileged users can map memory at\naddress 0 through the shmat() system call. This could make it\neasier to exploit other kernel security vulnerabilities via a\nset-UID program.\n\nCVE-2017-5986\n\nAlexander Popov reported a race condition in the SCTP\nimplementation that can be used by local users to cause a\ndenial-of-service (crash). The initial fix for this was incorrect\nand introduced further security issues (CVE-2017-6353). This\nupdate includes a later fix that avoids those. On systems that do\nnot already have the sctp module loaded, this can be mitigated by\ndisabling it:\necho >> /etc/modprobe.d/disable-sctp.conf install sctp false\n\nCVE-2017-6214\n\nDmitry Vyukov reported a bug in the TCP implementation", "cvss3": {}, "published": "2018-01-12T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for linux (DLA-849-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2636", "CVE-2017-6348", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-5669", "CVE-2017-5986", "CVE-2017-6346", "CVE-2016-9588", "CVE-2017-6353"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310890849", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310890849", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.890849\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2016-9588\", \"CVE-2017-2636\", \"CVE-2017-5669\", \"CVE-2017-5986\", \"CVE-2017-6214\", \"CVE-2017-6345\", \"CVE-2017-6346\", \"CVE-2017-6348\", \"CVE-2017-6353\");\n script_name(\"Debian LTS: Security Advisory for linux (DLA-849-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-12 00:00:00 +0100 (Fri, 12 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/03/msg00007.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"linux on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n3.2.86-1.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n3.16.39-1+deb8u2.\n\nWe recommend that you upgrade your linux packages.\");\n\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or have other\nimpacts.\n\nCVE-2016-9588\n\nJim Mattson discovered that the KVM implementation for Intel x86\nprocessors does not properly handle #BP and #OF exceptions in an\nL2 (nested) virtual machine. A local attacker in an L2 guest VM\ncan take advantage of this flaw to cause a denial of service for\nthe L1 guest VM.\n\nCVE-2017-2636\n\nAlexander Popov discovered a race condition flaw in the n_hdlc\nline discipline that can lead to a double free. A local\nunprivileged user can take advantage of this flaw for privilege\nescalation. On systems that do not already have the n_hdlc module\nloaded, this can be mitigated by disabling it:\necho >> /etc/modprobe.d/disable-n_hdlc.conf install n_hdlc false\n\nCVE-2017-5669\n\nGareth Evans reported that privileged users can map memory at\naddress 0 through the shmat() system call. This could make it\neasier to exploit other kernel security vulnerabilities via a\nset-UID program.\n\nCVE-2017-5986\n\nAlexander Popov reported a race condition in the SCTP\nimplementation that can be used by local users to cause a\ndenial-of-service (crash). The initial fix for this was incorrect\nand introduced further security issues (CVE-2017-6353). This\nupdate includes a later fix that avoids those. On systems that do\nnot already have the sctp module loaded, this can be mitigated by\ndisabling it:\necho >> /etc/modprobe.d/disable-sctp.conf install sctp false\n\nCVE-2017-6214\n\nDmitry Vyukov reported a bug in the TCP implementation's handling\nof urgent data in the splice() system call. This can be used by a\nremote attacker for denial-of-service (hang) against applications\nthat read from TCP sockets with splice().\n\nCVE-2017-6345\n\nAndrey Konovalov reported that the LLC type 2 implementation\nincorrectly assigns socket buffer ownership. This might be usable\nby a local user to cause a denial-of-service (memory corruption or\ncrash) or privilege escalation. On systems that do not already have\nthe llc2 module loaded, this can be mitigated by disabling it:\necho >> /etc/modprobe.d/disable-llc2.conf install llc2 false\n\nCVE-2017-6346\n\nDmitry Vyukov reported a race condition in the raw packet (af_packet)\nfanout feature. Local users with the CAP_NET_RAW capability (in any\nuser namespace) can use this for denial-of-service and possibly for\nprivilege escalation.\n\nCVE-2017-6348\n\nDmitry Vyukov reported that the general queue implementation in\nthe IrDA subsystem does not properly manage multiple locks,\npossibly allowing local users to cause a denial-of-service\n(deadlock) via crafted operations on IrDA devices.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n3.2.86-1.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"linux-doc-3.2\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-486\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-686-pae\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-amd64\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-armel\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-armhf\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-i386\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-amd64\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common-rt\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-iop32x\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-ixp4xx\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-kirkwood\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mv78xx0\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mx5\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-omap\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-orion5x\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-rt-686-pae\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-rt-amd64\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-versatile\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-vexpress\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-486\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-686-pae\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-all\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-all-amd64\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-all-armel\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-all-armhf\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-all-i386\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-amd64\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-common\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-common-rt\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-iop32x\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-ixp4xx\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-kirkwood\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-mv78xx0\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-mx5\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-omap\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-orion5x\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-rt-686-pae\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-rt-amd64\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-versatile\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-vexpress\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-486\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-686-pae\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-686-pae-dbg\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-amd64\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-amd64-dbg\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-iop32x\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-ixp4xx\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-kirkwood\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mv78xx0\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mx5\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-omap\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-orion5x\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-686-pae\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-686-pae-dbg\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-amd64\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-amd64-dbg\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-versatile\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-vexpress\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-486\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-686-pae\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-686-pae-dbg\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-amd64\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-amd64-dbg\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-iop32x\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-ixp4xx\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-kirkwood\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-mv78xx0\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-mx5\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-omap\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-orion5x\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-rt-686-pae\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-rt-686-pae-dbg\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-rt-amd64\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-rt-amd64-dbg\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-versatile\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-vexpress\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-manual-3.2\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-source-3.2\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-3.2.0-4\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-3.2.0-5\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-4-686-pae\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-4-amd64\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-5-686-pae\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-5-amd64\", ver:\"3.2.86-1\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:26", "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or have other\nimpacts.\n\nCVE-2016-9588\nJim Mattson discovered that the KVM implementation for Intel x86\nprocessors does not properly handle #BP and #OF exceptions in an\nL2 (nested) virtual machine. A local attacker in an L2 guest VM\ncan take advantage of this flaw to cause a denial of service for\nthe L1 guest VM.\n\nCVE-2017-2636Alexander Popov discovered a race condition flaw in the n_hdlc\nline discipline that can lead to a double free. A local\nunprivileged user can take advantage of this flaw for privilege\nescalation. On systems that do not already have the n_hdlc module\nloaded, this can be mitigated by disabling it:\necho>> /etc/modprobe.d/disable-n_hdlc.conf install n_hdlc falseCVE-2017-5669\nGareth Evans reported that privileged users can map memory at\naddress 0 through the shmat() system call. This could make it\neasier to exploit other kernel security vulnerabilities via a\nset-UID program.\n\nCVE-2017-5986Alexander Popov reported a race condition in the SCTP\nimplementation that can be used by local users to cause a\ndenial-of-service (crash). The initial fix for this was incorrect\nand introduced further security issues ( CVE-2017-6353). This update includes a later fix that\navoids those. On systems that do not already have the sctp\nmodule loaded, this can be mitigated by disabling it:\necho>> /etc/modprobe.d/disable-sctp.conf install sctp falseCVE-2017-6214\nDmitry Vyukov reported a bug in the TCP implementation", "cvss3": {}, "published": "2017-03-08T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3804-1 (linux - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2636", "CVE-2017-6348", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-5669", "CVE-2017-5986", "CVE-2017-6346", "CVE-2016-9588", "CVE-2017-6353"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703804", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703804", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3804.nasl 14280 2019-03-18 14:50:45Z cfischer $\n# Auto-generated from advisory DSA 3804-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703804\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2016-9588\", \"CVE-2017-2636\", \"CVE-2017-5669\", \"CVE-2017-5986\", \"CVE-2017-6214\", \"CVE-2017-6345\", \"CVE-2017-6346\", \"CVE-2017-6348\", \"CVE-2017-6353\");\n script_name(\"Debian Security Advisory DSA 3804-1 (linux - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-08 00:00:00 +0100 (Wed, 08 Mar 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3804.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"linux on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie), these problems have been fixed in\nversion 3.16.39-1+deb8u2.\n\nWe recommend that you upgrade your linux packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or have other\nimpacts.\n\nCVE-2016-9588\nJim Mattson discovered that the KVM implementation for Intel x86\nprocessors does not properly handle #BP and #OF exceptions in an\nL2 (nested) virtual machine. A local attacker in an L2 guest VM\ncan take advantage of this flaw to cause a denial of service for\nthe L1 guest VM.\n\nCVE-2017-2636Alexander Popov discovered a race condition flaw in the n_hdlc\nline discipline that can lead to a double free. A local\nunprivileged user can take advantage of this flaw for privilege\nescalation. On systems that do not already have the n_hdlc module\nloaded, this can be mitigated by disabling it:\necho>> /etc/modprobe.d/disable-n_hdlc.conf install n_hdlc falseCVE-2017-5669\nGareth Evans reported that privileged users can map memory at\naddress 0 through the shmat() system call. This could make it\neasier to exploit other kernel security vulnerabilities via a\nset-UID program.\n\nCVE-2017-5986Alexander Popov reported a race condition in the SCTP\nimplementation that can be used by local users to cause a\ndenial-of-service (crash). The initial fix for this was incorrect\nand introduced further security issues ( CVE-2017-6353). This update includes a later fix that\navoids those. On systems that do not already have the sctp\nmodule loaded, this can be mitigated by disabling it:\necho>> /etc/modprobe.d/disable-sctp.conf install sctp falseCVE-2017-6214\nDmitry Vyukov reported a bug in the TCP implementation's handling\nof urgent data in the splice() system call. This can be used by a\nremote attacker for denial-of-service (hang) against applications\nthat read from TCP sockets with splice().\n\nCVE-2017-6345Andrey Konovalov reported that the LLC type 2 implementation\nincorrectly assigns socket buffer ownership. This can be used\nby a local user to cause a denial-of-service (crash). On systems\nthat do not already have the llc2 module loaded, this can be\nmitigated by disabling it:\necho>> /etc/modprobe.d/disable-llc2.conf install llc2 falseCVE-2017-6346\nDmitry Vyukov reported a race condition in the raw packet (af_packet)\nfanout feature. Local users with the CAP_NET_RAW capability (in any\nuser namespace) can use this for denial-of-service and possibly for\nprivilege escalation.\n\nCVE-2017-6348\nDmitry Vyukov reported that the general queue implementation in\nthe IrDA subsystem does not properly manage multiple locks,\npossibly allowing local users to cause a denial-of-service\n(deadlock) via crafted operations on IrDA devices.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-arm\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-s390\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-x86\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-doc-3.16\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-4kc-malta\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-586\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-5kc-malta\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-686-pae\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-amd64\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-arm64\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armel\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armhf\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-i386\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mips\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mipsel\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-powerpc\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-ppc64el\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-s390x\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-amd64\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-arm64\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp-lpae\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-common\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-ixp4xx\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-kirkwood\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2e\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2f\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-3\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-octeon\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-orion5x\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc-smp\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64le\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r4k-ip22\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r5k-ip32\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-s390x\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-versatile\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-4kc-malta\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-5kc-malta\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mips\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mipsel\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-loongson-2f\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-octeon\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r4k-ip22\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-cobalt\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-ip32\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1-bcm91250a\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-4kc-malta\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-586\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-5kc-malta\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae-dbg\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64-dbg\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64-dbg\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp-lpae\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-ixp4xx\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-kirkwood\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2e\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2f\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-3\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-octeon\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-orion5x\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc-smp\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64le\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r4k-ip22\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r5k-ip32\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x-dbg\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-versatile\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-4kc-malta\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-5kc-malta\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-loongson-2f\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-octeon\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r4k-ip22\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-cobalt\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-ip32\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1-bcm91250a\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1a-bcm91480b\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-manual-3.16\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-source-3.16\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-support-3.16.0-4\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-4-amd64\", ver:\"3.16.39-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:28", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-05-18T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-xenial USN-3291-3", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7261", "CVE-2017-7616", "CVE-2017-7294", "CVE-2017-7187"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843176", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843176", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-xenial USN-3291-3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843176\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-05-18 06:50:26 +0200 (Thu, 18 May 2017)\");\n script_cve_id(\"CVE-2017-7187\", \"CVE-2017-7261\", \"CVE-2017-7294\", \"CVE-2017-7616\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-xenial USN-3291-3\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-xenial'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3291-1 fixed vulnerabilities in the\n Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding\n updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for\n Ubuntu 14.04 LTS. Dmitry Vyukov discovered that the generic SCSI (sg) subsystem\n in the Linux kernel contained a stack-based buffer overflow. A local attacker\n with access to an sg device could use this to cause a denial of service (system\n crash) or possibly execute arbitrary code. (CVE-2017-7187) It was discovered\n that a NULL pointer dereference existed in the Direct Rendering Manager (DRM)\n driver for VMWare devices in the Linux kernel. A local attacker could use this\n to cause a denial of service (system crash). (CVE-2017-7261) Li Qiang discovered\n that an integer overflow vulnerability existed in the Direct Rendering Manager\n (DRM) driver for VMWare devices in the Linux kernel. A local attacker could use\n this to cause a denial of service (system crash) or possibly execute arbitrary\n code. (CVE-2017-7294) It was discovered that an information leak existed in the\n set_mempolicy and mbind compat syscalls in the Linux kernel. A local attacker\n could use this to expose sensitive information (kernel memory).\n (CVE-2017-7616)\");\n script_tag(name:\"affected\", value:\"linux-lts-xenial on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3291-3\");\n script_xref(name:\"URL\", value:\"https://www.ubuntu.com/usn/usn-3291-3\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-78-generic\", ver:\"4.4.0-78.99~14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-78-generic-lpae\", ver:\"4.4.0-78.99~14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-78-lowlatency\", ver:\"4.4.0-78.99~14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-78-powerpc-e500mc\", ver:\"4.4.0-78.99~14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-78-powerpc-smp\", ver:\"4.4.0-78.99~14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-78-powerpc64-emb\", ver:\"4.4.0-78.99~14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-78-powerpc64-smp\", ver:\"4.4.0-78.99~14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae-lts-xenial\", ver:\"4.4.0.78.63\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lts-xenial\", ver:\"4.4.0.78.63\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency-lts-xenial\", ver:\"4.4.0.78.63\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc-lts-xenial\", ver:\"4.4.0.78.63\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp-lts-xenial\", ver:\"4.4.0.78.63\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb-lts-xenial\", ver:\"4.4.0.78.63\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp-lts-xenial\", ver:\"4.4.0.78.63\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-02T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2016-96d276367e", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9084", "CVE-2016-9083"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310810170", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810170", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2016-96d276367e\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810170\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-02 14:03:08 +0100 (Fri, 02 Dec 2016)\");\n script_cve_id(\"CVE-2016-9084\", \"CVE-2016-9083\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2016-96d276367e\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-96d276367e\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKA5JXYKGE7LLWYWZARS2W4HUYXDWIV7\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.8.6~201.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:55", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-05-17T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-3291-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7261", "CVE-2017-7616", "CVE-2017-7294", "CVE-2017-7187"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843164", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843164", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-3291-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843164\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-05-17 06:52:38 +0200 (Wed, 17 May 2017)\");\n script_cve_id(\"CVE-2017-7187\", \"CVE-2017-7261\", \"CVE-2017-7294\", \"CVE-2017-7616\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3291-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Dmitry Vyukov discovered that the generic\n SCSI (sg) subsystem in the Linux kernel contained a stack-based buffer overflow.\n A local attacker with access to an sg device could use this to cause a denial of\n service (system crash) or possibly execute arbitrary code. (CVE-2017-7187) It\n was discovered that a NULL pointer dereference existed in the Direct Rendering\n Manager (DRM) driver for VMWare devices in the Linux kernel. A local attacker\n could use this to cause a denial of service (system crash). (CVE-2017-7261) Li\n Qiang discovered that an integer overflow vulnerability existed in the Direct\n Rendering Manager (DRM) driver for VMWare devices in the Linux kernel. A local\n attacker could use this to cause a denial of service (system crash) or possibly\n execute arbitrary code. (CVE-2017-7294) It was discovered that an information\n leak existed in the set_mempolicy and mbind compat syscalls in the Linux kernel.\n A local attacker could use this to expose sensitive information (kernel memory).\n (CVE-2017-7616)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3291-1\");\n script_xref(name:\"URL\", value:\"https://www.ubuntu.com/usn/usn-3291-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-78-generic\", ver:\"4.4.0-78.99\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-78-generic-lpae\", ver:\"4.4.0-78.99\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-78-lowlatency\", ver:\"4.4.0-78.99\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-78-powerpc-e500mc\", ver:\"4.4.0-78.99\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-78-powerpc-smp\", ver:\"4.4.0-78.99\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-78-powerpc64-emb\", ver:\"4.4.0-78.99\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-78-powerpc64-smp\", ver:\"4.4.0-78.99\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.4.0.78.84\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.4.0.78.84\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.4.0.78.84\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"4.4.0.78.84\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"4.4.0.78.84\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"4.4.0.78.84\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"4.4.0.78.84\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:19", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-05-18T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-aws USN-3291-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7261", "CVE-2017-7616", "CVE-2017-7294", "CVE-2017-7187"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843175", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843175", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-aws USN-3291-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843175\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-05-18 06:50:16 +0200 (Thu, 18 May 2017)\");\n script_cve_id(\"CVE-2017-7187\", \"CVE-2017-7261\", \"CVE-2017-7294\", \"CVE-2017-7616\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-aws USN-3291-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-aws'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3291-1 fixed vulnerabilities in the\n generic Linux kernel. This update provides the corresponding updates for the\n Linux kernel built for specific processors and cloud environments. Dmitry Vyukov\n discovered that the generic SCSI (sg) subsystem in the Linux kernel contained a\n stack-based buffer overflow. A local attacker with access to an sg device could\n use this to cause a denial of service (system crash) or possibly execute\n arbitrary code. (CVE-2017-7187) It was discovered that a NULL pointer\n dereference existed in the Direct Rendering Manager (DRM) driver for VMWare\n devices in the Linux kernel. A local attacker could use this to cause a denial\n of service (system crash). (CVE-2017-7261) Li Qiang discovered that an integer\n overflow vulnerability existed in the Direct Rendering Manager (DRM) driver for\n VMWare devices in the Linux kernel. A local attacker could use this to cause a\n denial of service (system crash) or possibly execute arbitrary code.\n (CVE-2017-7294) It was discovered that an information leak existed in the\n set_mempolicy and mbind compat syscalls in the Linux kernel. A local attacker\n could use this to expose sensitive information (kernel memory).\n (CVE-2017-7616)\");\n script_tag(name:\"affected\", value:\"linux-aws on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3291-2\");\n script_xref(name:\"URL\", value:\"https://www.ubuntu.com/usn/usn-3291-2\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1013-gke\", ver:\"4.4.0-1013.13\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1017-aws\", ver:\"4.4.0-1017.26\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1055-raspi2\", ver:\"4.4.0-1055.62\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1058-snapdragon\", ver:\"4.4.0-1058.62\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"4.4.0.1017.20\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-gke\", ver:\"4.4.0.1013.15\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.4.0.1055.56\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-snapdragon\", ver:\"4.4.0.1058.51\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:28:45", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-04-02T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2017:0907-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9191", "CVE-2017-7184", "CVE-2016-10200", "CVE-2017-2636", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-5986", "CVE-2017-6346", "CVE-2017-2596", "CVE-2017-6353", "CVE-2016-2117", "CVE-2017-6347"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851530", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851530", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851530\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-04-02 06:32:15 +0200 (Sun, 02 Apr 2017)\");\n script_cve_id(\"CVE-2016-10200\", \"CVE-2016-2117\", \"CVE-2016-9191\", \"CVE-2017-2596\",\n \"CVE-2017-2636\", \"CVE-2017-6214\", \"CVE-2017-6345\", \"CVE-2017-6346\",\n \"CVE-2017-6347\", \"CVE-2017-6353\", \"CVE-2017-7184\", \"CVE-2017-5986\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2017:0907-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The openSUSE Leap 42.2 kernel was updated to 4.4.56 fix various security\n issues and bugs.\n\n The following security bugs were fixed:\n\n - CVE-2017-7184: The xfrm_replay_verify_len function in\n net/xfrm/xfrm_user.c in the Linux kernel did not validate certain size\n data after an XFRM_MSG_NEWAE update, which allowed local users to obtain\n root privileges or cause a denial of service (heap-based out-of-bounds\n access) by leveraging the CAP_NET_ADMIN capability, as demonstrated\n during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10\n linux-image-* package 4.8.0.41.52 (bnc#1030573).\n\n - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in\n the Linux kernel allowed local users to gain privileges or cause a\n denial of service (use-after-free) by making multiple bind system calls\n without properly ascertaining whether a socket has the SOCK_ZAPPED\n status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c\n (bnc#1028415).\n\n - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux\n kernel allowed local users to gain privileges or cause a denial of\n service (double free) by setting the HDLC line discipline (bnc#1027565).\n\n - CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that\n a certain destructor exists in required circumstances, which allowed\n local users to cause a denial of service (BUG_ON) or possibly have\n unspecified other impact via crafted system calls (bnc#1027190).\n\n - CVE-2017-6346: Race condition in net/packet/af_packet.c in the Linux\n kernel allowed local users to cause a denial of service (use-after-free)\n or possibly have unspecified other impact via a multithreaded\n application that made PACKET_FANOUT setsockopt system calls\n (bnc#1027189).\n\n - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly\n restrict association peel-off operations during certain wait states,\n which allowed local users to cause a denial of service (invalid unlock\n and double free) via a multithreaded application. NOTE: this\n vulnerability exists because of an incorrect fix for CVE-2017-5986\n (bnc#1025235).\n\n - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the\n Linux kernel allowed remote attackers to cause a denial of service\n (infinite loop and soft lockup) via vectors involving a TCP packet with\n the URG flag (bnc#1026722).\n\n - CVE-2016-2117: The atl2_probe function in\n drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel incorrectly\n enables scatter/gather I/O, which allowed remote attackers to obtain\n sensitive information from kernel memory by reading packet ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"Kernel on openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:0907-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.4.57~18.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~4.4.57~18.3.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-html\", rpm:\"kernel-docs-html~4.4.57~18.3.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-pdf\", rpm:\"kernel-docs-pdf~4.4.57~18.3.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~4.4.57~18.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~4.4.57~18.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~4.4.57~18.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~4.4.57~18.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~4.4.57~18.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~4.4.57~18.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~4.4.57~18.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~4.4.57~18.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~4.4.57~18.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~4.4.57~18.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~4.4.57~18.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~4.4.57~18.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~4.4.57~18.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~4.4.57~18.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~4.4.57~18.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~4.4.57~18.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build\", rpm:\"kernel-obs-build~4.4.57~18.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build-debugsource\", rpm:\"kernel-obs-build-debugsource~4.4.57~18.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa\", rpm:\"kernel-obs-qa~4.4.57~18.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~4.4.57~18.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~4.4.57~18.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base\", rpm:\"kernel-vanilla-base~4.4.57~18.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base-debuginfo\", rpm:\"kernel-vanilla-base-debuginfo~4.4.57~18.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~4.4.57~18.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~4.4.57~18.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~4.4.57~18.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:38", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-05-05T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2017-0aa0f69e0c", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9604", "CVE-2017-7889", "CVE-2017-7645", "CVE-2017-7477"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872640", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872640", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2017-0aa0f69e0c\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872640\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-05-05 07:02:54 +0200 (Fri, 05 May 2017)\");\n script_cve_id(\"CVE-2016-9604\", \"CVE-2017-7477\", \"CVE-2017-7889\", \"CVE-2017-7645\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2017-0aa0f69e0c\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-0aa0f69e0c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4HRXASJPX4MDGSPS2ODUWTIAC2EV7RN\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.10.13~100.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:26", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-02-22T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-3208-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9191", "CVE-2017-2584", "CVE-2017-6074", "CVE-2016-10088", "CVE-2017-2583", "CVE-2016-9588", "CVE-2017-5549"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843061", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843061", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-3208-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843061\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-02-22 15:14:45 +0100 (Wed, 22 Feb 2017)\");\n script_cve_id(\"CVE-2016-10088\", \"CVE-2016-9191\", \"CVE-2016-9588\", \"CVE-2017-2583\",\n \"CVE-2017-2584\", \"CVE-2017-5549\", \"CVE-2017-6074\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3208-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the generic SCSI block layer in the Linux kernel did\nnot properly restrict write operations in certain situations. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly gain administrative privileges. (CVE-2016-10088)\n\nCAI Qian discovered that the sysctl implementation in the Linux kernel did\nnot properly perform reference counting in some situations. An unprivileged\nattacker could use this to cause a denial of service (system hang).\n(CVE-2016-9191)\n\nJim Mattson discovered that the KVM implementation in the Linux kernel\nmismanages the #BP and #OF exceptions. A local attacker in a guest virtual\nmachine could use this to cause a denial of service (guest OS crash).\n(CVE-2016-9588)\n\nAndy Lutomirski and Willy Tarreau discovered that the KVM implementation in\nthe Linux kernel did not properly emulate instructions on the SS segment\nregister. A local attacker in a guest virtual machine could use this to\ncause a denial of service (guest OS crash) or possibly gain administrative\nprivileges in the guest OS. (CVE-2017-2583)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux kernel\nimproperly emulated certain instructions. A local attacker could use this\nto obtain sensitive information (kernel memory). (CVE-2017-2584)\n\nIt was discovered that the KLSI KL5KUSB105 serial-to-USB device driver in\nthe Linux kernel did not properly initialize memory related to logging. A\nlocal attacker could use this to expose sensitive information (kernel\nmemory). (CVE-2017-5549)\n\nAndrey Konovalov discovered a use-after-free vulnerability in the DCCP\nimplementation in the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash) or possibly gain administrative\nprivileges. (CVE-2017-6074)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3208-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3208-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1048-snapdragon\", ver:\"4.4.0-1048.52\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-64-generic\", ver:\"4.4.0-64.85\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-64-generic-lpae\", ver:\"4.4.0-64.85\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-64-lowlatency\", ver:\"4.4.0-64.85\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-64-powerpc-e500mc\", ver:\"4.4.0-64.85\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-64-powerpc-smp\", ver:\"4.4.0-64.85\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-64-powerpc64-emb\", ver:\"4.4.0-64.85\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-64-powerpc64-smp\", ver:\"4.4.0-64.85\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.4.0.64.68\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.4.0.64.68\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.4.0.64.68\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"4.4.0.64.68\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"4.4.0.64.68\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"4.4.0.64.68\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"4.4.0.64.68\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-snapdragon\", ver:\"4.4.0.1048.40\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-02-22T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-xenial USN-3208-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9191", "CVE-2017-2584", "CVE-2017-6074", "CVE-2016-10088", "CVE-2017-2583", "CVE-2016-9588", "CVE-2017-5549"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843062", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843062", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-xenial USN-3208-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843062\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-02-22 15:14:53 +0100 (Wed, 22 Feb 2017)\");\n script_cve_id(\"CVE-2016-10088\", \"CVE-2016-9191\", \"CVE-2016-9588\", \"CVE-2017-2583\",\n \"CVE-2017-2584\", \"CVE-2017-5549\", \"CVE-2017-6074\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-xenial USN-3208-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-xenial'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3208-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu\n14.04 LTS.\n\nIt was discovered that the generic SCSI block layer in the Linux kernel did\nnot properly restrict write operations in certain situations. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly gain administrative privileges. (CVE-2016-10088)\n\nCAI Qian discovered that the sysctl implementation in the Linux kernel did\nnot properly perform reference counting in some situations. An unprivileged\nattacker could use this to cause a denial of service (system hang).\n(CVE-2016-9191)\n\nJim Mattson discovered that the KVM implementation in the Linux kernel\nmismanages the #BP and #OF exceptions. A local attacker in a guest virtual\nmachine could use this to cause a denial of service (guest OS crash).\n(CVE-2016-9588)\n\nAndy Lutomirski and Willy Tarreau discovered that the KVM implementation in\nthe Linux kernel did not properly emulate instructions on the SS segment\nregister. A local attacker in a guest virtual machine could use this to\ncause a denial of service (guest OS crash) or possibly gain administrative\nprivileges in the guest OS. (CVE-2017-2583)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux kernel\nimproperly emulated certain instructions. A local attacker could use this\nto obtain sensitive information (kernel memory). (CVE-2017-2584)\n\nIt was discovered that the KLSI KL5KUSB105 serial-to-USB device driver in\nthe Linux kernel did not properly initialize memory related to logging. A\nlocal attacker could use this to expose sensitive information (kernel\nmemory). (CVE-2017-5549)\n\nAndrey Konovalov discovered a use-after-free vulnerability in the DCCP\nimplementation in the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash) or possibly gain administrative\nprivileges. (CVE-2017-6074)\");\n script_tag(name:\"affected\", value:\"linux-lts-xenial on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3208-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3208-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-64-generic\", ver:\"4.4.0-64.85~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-64-generic-lpae\", ver:\"4.4.0-64.85~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-64-lowlatency\", ver:\"4.4.0-64.85~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-64-powerpc-e500mc\", ver:\"4.4.0-64.85~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-64-powerpc-smp\", ver:\"4.4.0-64.85~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-64-powerpc64-emb\", ver:\"4.4.0-64.85~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-64-powerpc64-smp\", ver:\"4.4.0-64.85~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae-lts-xenial\", ver:\"4.4.0.64.50\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lts-xenial\", ver:\"4.4.0.64.50\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency-lts-xenial\", ver:\"4.4.0.64.50\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc-lts-xenial\", ver:\"4.4.0.64.50\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp-lts-xenial\", ver:\"4.4.0.64.50\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb-lts-xenial\", ver:\"4.4.0.64.50\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp-lts-xenial\", ver:\"4.4.0.64.50\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:12", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-03-16T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-3234-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10208", "CVE-2017-5551"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843096", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843096", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-3234-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843096\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-16 09:11:33 +0100 (Thu, 16 Mar 2017)\");\n script_cve_id(\"CVE-2016-10208\", \"CVE-2017-5551\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3234-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Ralf Spenneberg discovered that the ext4\n implementation in the Linux kernel did not properly validate meta block groups.\n An attacker with physical access could use this to specially craft an ext4 image\n that causes a denial of service (system crash). (CVE-2016-10208) It was\n discovered that the Linux kernel did not clear the setgid bit during a setxattr\n call on a tmpfs filesystem. A local attacker could use this to gain elevated\n group privileges. (CVE-2017-5551)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3234-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3234-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1006-gke\", ver:\"4.4.0-1006.6\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1009-aws\", ver:\"4.4.0-1009.18\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1048-raspi2\", ver:\"4.4.0-1048.55\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1051-snapdragon\", ver:\"4.4.0-1051.55\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-67-generic\", ver:\"4.4.0-67.88\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-67-generic-lpae\", ver:\"4.4.0-67.88\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-67-lowlatency\", ver:\"4.4.0-67.88\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-67-powerpc-e500mc\", ver:\"4.4.0-67.88\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-67-powerpc-smp\", ver:\"4.4.0-67.88\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-67-powerpc64-emb\", ver:\"4.4.0-67.88\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-67-powerpc64-smp\", ver:\"4.4.0-67.88\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"4.4.0.1009.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.4.0.67.72\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.4.0.67.72\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-gke\", ver:\"4.4.0.1006.7\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.4.0.67.72\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"4.4.0.67.72\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"4.4.0.67.72\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"4.4.0.67.72\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"4.4.0.67.72\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.4.0.1048.48\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-snapdragon\", ver:\"4.4.0.1051.44\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-31T18:26:51", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-05-02T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2017:1140-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7261", "CVE-2017-7616", "CVE-2017-7618", "CVE-2017-2671", "CVE-2017-7294", "CVE-2017-7374", "CVE-2016-4997", "CVE-2017-7308", "CVE-2017-7187", "CVE-2016-4998"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851544", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851544", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851544\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-05-02 06:44:02 +0200 (Tue, 02 May 2017)\");\n script_cve_id(\"CVE-2016-4997\", \"CVE-2016-4998\", \"CVE-2017-2671\", \"CVE-2017-7187\",\n \"CVE-2017-7261\", \"CVE-2017-7294\", \"CVE-2017-7308\", \"CVE-2017-7374\",\n \"CVE-2017-7616\", \"CVE-2017-7618\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2017:1140-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The openSUSE Leap 42.2 kernel was updated to 4.4.62 to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-7618: crypto/ahash.c in the Linux kernel allowed attackers to\n cause a denial of service (API operation calling its own callback, and\n infinite recursion) by triggering EBUSY on a full queue (bnc#1033340).\n\n - CVE-2016-4997: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE\n setsockopt implementations in the netfilter subsystem in the Linux\n kernel allowed local users to gain privileges or cause a denial of\n service (memory corruption) by leveraging in-container root access to\n provide a crafted offset value that triggers an unintended decrement\n (bnc#986362).\n\n - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the\n netfilter subsystem in the Linux kernel allowed local users to cause a\n denial of service (out-of-bounds read) or possibly obtain sensitive\n information from kernel heap memory by leveraging in-container root\n access to provide a crafted offset value that leads to crossing a\n ruleset blob boundary (bnc#986365).\n\n - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind\n compat syscalls in mm/mempolicy.c in the Linux kernel allowed local\n users to obtain sensitive information from uninitialized stack data by\n triggering failure of a certain bitmap operation (bnc#1033336).\n\n - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux\n kernel was too late in obtaining a certain lock and consequently cannot\n ensure that disconnect function calls are safe, which allowed local\n users to cause a denial of service (panic) by leveraging access to the\n protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003).\n\n - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in\n the Linux kernel did not properly validate certain block-size data,\n which allowed local users to cause a denial of service (overflow) or\n possibly have unspecified other impact via crafted system calls\n (bnc#1031579).\n\n - CVE-2017-7294: The vmw_surface_define_ioctl function in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not\n validate addition of certain levels data, which allowed local users to\n trigger an integer overflow and out-of-bounds write, and cause a denial\n of service (system hang or crash) or possibly gain privileges, via a\n crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440).\n\n - CVE-2017-7261: The vmw_surface_define_ioctl function in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not\n check for a ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"the on openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:1140-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~4.4.62~18.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~4.4.62~18.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~4.4.62~18.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~4.4.62~18.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~4.4.62~18.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~4.4.62~18.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~4.4.62~18.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~4.4.62~18.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~4.4.62~18.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~4.4.62~18.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~4.4.62~18.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~4.4.62~18.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~4.4.62~18.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build\", rpm:\"kernel-obs-build~4.4.62~18.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build-debugsource\", rpm:\"kernel-obs-build-debugsource~4.4.62~18.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa\", rpm:\"kernel-obs-qa~4.4.62~18.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~4.4.62~18.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~4.4.62~18.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base\", rpm:\"kernel-vanilla-base~4.4.62~18.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base-debuginfo\", rpm:\"kernel-vanilla-base-debuginfo~4.4.62~18.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~4.4.62~18.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~4.4.62~18.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~4.4.62~18.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.4.62~18.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~4.4.62~18.6.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-html\", rpm:\"kernel-docs-html~4.4.62~18.6.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-pdf\", rpm:\"kernel-docs-pdf~4.4.62~18.6.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~4.4.62~18.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~4.4.62~18.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~4.4.62~18.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:39", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-03-16T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-xenial USN-3234-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10208", "CVE-2017-5551"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843095", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843095", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-xenial USN-3234-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843095\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-16 09:11:31 +0100 (Thu, 16 Mar 2017)\");\n script_cve_id(\"CVE-2016-10208\", \"CVE-2017-5551\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-xenial USN-3234-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-xenial'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3234-1 fixed vulnerabilities in the\n Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding\n updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for\n Ubuntu 14.04 LTS. Ralf Spenneberg discovered that the ext4 implementation in the\n Linux kernel did not properly validate meta block groups. An attacker with\n physical access could use this to specially craft an ext4 image that causes a\n denial of service (system crash). (CVE-2016-10208) It was discovered that the\n Linux kernel did not clear the setgid bit during a setxattr call on a tmpfs\n filesystem. A local attacker could use this to gain elevated group privileges.\n (CVE-2017-5551)\");\n script_tag(name:\"affected\", value:\"linux-lts-xenial on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3234-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3234-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-67-generic\", ver:\"4.4.0-67.88~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-67-generic-lpae\", ver:\"4.4.0-67.88~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-67-lowlatency\", ver:\"4.4.0-67.88~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-67-powerpc-e500mc\", ver:\"4.4.0-67.88~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-67-powerpc-smp\", ver:\"4.4.0-67.88~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-67-powerpc64-emb\", ver:\"4.4.0-67.88~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-67-powerpc64-smp\", ver:\"4.4.0-67.88~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae-lts-xenial\", ver:\"4.4.0.67.54\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lts-xenial\", ver:\"4.4.0.67.54\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency-lts-xenial\", ver:\"4.4.0.67.54\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc-lts-xenial\", ver:\"4.4.0.67.54\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp-lts-xenial\", ver:\"4.4.0.67.54\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb-lts-xenial\", ver:\"4.4.0.67.54\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp-lts-xenial\", ver:\"4.4.0.67.54\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:13", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-05-03T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2017-7462231059", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7889", "CVE-2017-7645"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872626", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872626", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2017-7462231059\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872626\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-05-03 14:19:09 +0530 (Wed, 03 May 2017)\");\n script_cve_id(\"CVE-2017-7645\", \"CVE-2017-7889\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2017-7462231059\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-7462231059\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YP54QEPJY6DEDY5X6BYDY7C4LWJCSKYW\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.10.12~200.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-27T18:35:43", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2017-1057)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-6074", "CVE-2017-2636", "CVE-2017-6348", "CVE-2017-6214", "CVE-2017-5669"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171057", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171057", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1057\");\n script_version(\"2020-01-23T10:46:52+0000\");\n script_cve_id(\"CVE-2017-2636\", \"CVE-2017-5669\", \"CVE-2017-6074\", \"CVE-2017-6214\", \"CVE-2017-6348\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:46:52 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:46:52 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2017-1057)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1057\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1057\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2017-1057 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system. (CVE-2017-6074)\n\nThe tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag.(CVE-2017-6214)\n\nThe do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address calculated by a certain rounding operation, which allows local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context.(CVE-2017-5669)\n\nThe hashbin_delete function in net/irda/irqueue.c in the Linux kernel before 4.9.13 improperly manages lock dropping, which allows local users to cause a denial of service (deadlock) via crafted operations on IrDA devices.(CVE-2017-6348)\n\nRace condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.(CVE-2017-2636)\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~229.48.1.121\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~229.48.1.121\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~229.48.1.121\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~229.48.1.121\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~229.48.1.121\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~229.48.1.121\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~229.48.1.121\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~229.48.1.121\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~229.48.1.121\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~229.48.1.121\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:32", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-04-15T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2017-502cf68d68", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2671", "CVE-2017-7187"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872568", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872568", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2017-502cf68d68\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872568\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-15 06:40:42 +0200 (Sat, 15 Apr 2017)\");\n script_cve_id(\"CVE-2017-7187\", \"CVE-2017-2671\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2017-502cf68d68\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-502cf68d68\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZRSWXMSQJ5VY4S7FASNM2E4PHLL27XT\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.10.9~100.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:19", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-04-15T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2017-3a9ec92dd6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2671", "CVE-2017-7187"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872569", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872569", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2017-3a9ec92dd6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872569\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-15 06:40:48 +0200 (Sat, 15 Apr 2017)\");\n script_cve_id(\"CVE-2017-7187\", \"CVE-2017-2671\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2017-3a9ec92dd6\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-3a9ec92dd6\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KXPD5OE3FS4YXJJBHEO364F22UBCDPGO\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.10.9~200.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:52", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-08-29T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-3406-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7261", "CVE-2017-7616", "CVE-2017-7273", "CVE-2017-7495", "CVE-2017-7487", "CVE-2016-7914"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843297", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843297", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3406_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for linux USN-3406-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843297\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-29 08:05:48 +0200 (Tue, 29 Aug 2017)\");\n script_cve_id(\"CVE-2016-7914\", \"CVE-2017-7261\", \"CVE-2017-7273\", \"CVE-2017-7487\",\n \"CVE-2017-7495\", \"CVE-2017-7616\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3406-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that an out of bounds read\n vulnerability existed in the associative array implementation in the Linux\n kernel. A local attacker could use this to cause a denial of service (system\n crash) or expose sensitive information. (CVE-2016-7914) It was discovered that a\n NULL pointer dereference existed in the Direct Rendering Manager (DRM) driver\n for VMWare devices in the Linux kernel. A local attacker could use this to cause\n a denial of service (system crash). (CVE-2017-7261) It was discovered that the\n USB Cypress HID drivers for the Linux kernel did not properly validate reported\n information from the device. An attacker with physical access could use this to\n expose sensitive information (kernel memory). (CVE-2017-7273) A reference count\n bug was discovered in the Linux kernel ipx protocol stack. A local attacker\n could exploit this flaw to cause a denial of service or possibly other\n unspecified problems. (CVE-2017-7487) Huang Weller discovered that the ext4\n filesystem implementation in the Linux kernel mishandled a\n needs-flushing-before-commit list. A local attacker could use this to expose\n sensitive information. (CVE-2017-7495) It was discovered that an information\n leak existed in the set_mempolicy and mbind compat syscalls in the Linux kernel.\n A local attacker could use this to expose sensitive information (kernel memory).\n (CVE-2017-7616)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3406-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3406-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-129-generic\", ver:\"3.13.0-129.178\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-129-generic-lpae\", ver:\"3.13.0-129.178\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-129-lowlatency\", ver:\"3.13.0-129.178\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-129-powerpc-e500\", ver:\"3.13.0-129.178\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-129-powerpc-e500mc\", ver:\"3.13.0-129.178\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-129-powerpc-smp\", ver:\"3.13.0-129.178\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-129-powerpc64-emb\", ver:\"3.13.0-129.178\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-129-powerpc64-smp\", ver:\"3.13.0-129.178\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"3.13.0.129.138\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"3.13.0.129.138\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"3.13.0.129.138\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500\", ver:\"3.13.0.129.138\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"3.13.0.129.138\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"3.13.0.129.138\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"3.13.0.129.138\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"3.13.0.129.138\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:04", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-04-18T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2017-8e7549fb91", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7616", "CVE-2017-7618", "CVE-2017-7308"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872575", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872575", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2017-8e7549fb91\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872575\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-18 06:41:46 +0200 (Tue, 18 Apr 2017)\");\n script_cve_id(\"CVE-2017-7308\", \"CVE-2017-7618\", \"CVE-2017-7616\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2017-8e7549fb91\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8e7549fb91\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFXHWDSMMZZ5UEWV267P453E5WGDK4VF\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.10.10~100.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:15", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-04-18T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2017-26c9ecd7a4", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7616", "CVE-2017-7618", "CVE-2017-7308"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872578", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872578", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2017-26c9ecd7a4\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872578\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-18 06:43:05 +0200 (Tue, 18 Apr 2017)\");\n script_cve_id(\"CVE-2017-7308\", \"CVE-2017-7618\", \"CVE-2017-7616\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2017-26c9ecd7a4\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-26c9ecd7a4\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XYQRSQGTECMJ65JCOZYPDSZW46U2CITV\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.10.10~200.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:54", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-03-03T00:00:00", "type": "openvas", "title": "RedHat Update for kernel RHSA-2017:0386-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8655", "CVE-2016-9084", "CVE-2016-8630", "CVE-2016-9083"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310871768", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871768", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2017:0386-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871768\");\n script_version(\"$Revision: 12380 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:03:48 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-03 05:49:38 +0100 (Fri, 03 Mar 2017)\");\n script_cve_id(\"CVE-2016-8630\", \"CVE-2016-8655\", \"CVE-2016-9083\", \"CVE-2016-9084\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for kernel RHSA-2017:0386-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux\nkernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n * Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM)\nsupport is vulnerable to a null pointer dereference flaw. It could occur on\nx86 platform, when emulating an undefined instruction. An attacker could\nuse this flaw to crash the host kernel resulting in DoS. (CVE-2016-8630,\nImportant)\n\n * A race condition issue leading to a use-after-free flaw was found in the\nway the raw packet sockets implementation in the Linux kernel networking\nsubsystem handled synchronization while creating the TPACKET_V3 ring\nbuffer. A local user able to open a raw packet socket (requires the\nCAP_NET_RAW capability) could use this flaw to elevate their privileges on\nthe system. (CVE-2016-8655, Important)\n\n * A flaw was discovered in the Linux kernel's implementation of VFIO. An\nattacker issuing an ioctl can create a situation where memory is corrupted\nand modify memory outside of the expected area. This may overwrite kernel\nmemory and subvert kernel execution. (CVE-2016-9083, Important)\n\n * The use of a kzalloc with an integer multiplication allowed an integer\noverflow condition to be reached in vfio_pci_intrs.c. This combined with\nCVE-2016-9083 may allow an attacker to craft an attack and use unallocated\nmemory, potentially crashing the machine. (CVE-2016-9084, Moderate)\n\nRed Hat would like to thank Philip Pettersson for reporting CVE-2016-8655.\n\nAdditional Changes:\n\nSpace precludes documenting all of the bug fixes and enhancements included\nin this advisory. To see the complete list of bug fixes and enhancements,\nrefer to the linked KnowledgeBase article.\");\n\n script_xref(name:\"URL\", value:\"https://access.redhat.com/articles/2940041\");\n\n script_tag(name:\"affected\", value:\"kernel on\n Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:0386-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-March/msg00008.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~514.10.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~514.10.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~514.10.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~514.10.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~3.10.0~514.10.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~514.10.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~514.10.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~514.10.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~514.10.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~514.10.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~514.10.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-debuginfo\", rpm:\"kernel-tools-debuginfo~3.10.0~514.10.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~514.10.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~514.10.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~3.10.0~514.10.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~514.10.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf-debuginfo\", rpm:\"python-perf-debuginfo~3.10.0~514.10.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-02T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2016-ee3a114958", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9084", "CVE-2016-8630", "CVE-2016-9083", "CVE-2016-8645"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310810159", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810159", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2016-ee3a114958\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810159\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-02 14:03:10 +0100 (Fri, 02 Dec 2016)\");\n script_cve_id(\"CVE-2016-8645\", \"CVE-2016-8630\", \"CVE-2016-9084\", \"CVE-2016-9083\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2016-ee3a114958\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-ee3a114958\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERTN3R5LEVJDD6AMU5EPH27E3YQ3CJ35\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.8.8~100.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-12-08T14:56:15", "description": "It was discovered that the netfilter netlink implementation in the Linux kernel did not properly validate batch messages. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information or cause a denial of service. (CVE-2016-7917)\n\nQian Zhang discovered a heap-based buffer overflow in the tipc_msg_build() function in the Linux kernel. A local attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-8632)\n\nIt was discovered that the keyring implementation in the Linux kernel in some situations did not prevent special internal keyrings from being joined by userspace keyrings. A privileged local attacker could use this to bypass module verification. (CVE-2016-9604)\n\nDmitry Vyukov discovered that KVM implementation in the Linux kernel improperly emulated the VMXON instruction. A local attacker in a guest OS could use this to cause a denial of service (memory consumption) in the host OS. (CVE-2017-2596)\n\nDaniel Jiang discovered that a race condition existed in the ipv4 ping socket implementation in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash).\n(CVE-2017-2671)\n\nDi Shen discovered that a race condition existed in the perf subsystem of the Linux kernel. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. (CVE-2017-6001)\n\nEric Biggers discovered a memory leak in the keyring implementation in the Linux kernel. A local attacker could use this to cause a denial of service (memory consumption). (CVE-2017-7472)\n\nSabrina Dubroca discovered that the asynchronous cryptographic hash (ahash) implementation in the Linux kernel did not properly handle a full request queue. A local attacker could use this to cause a denial of service (infinite recursion). (CVE-2017-7618)\n\nTuomas Haanpaa and Ari Kauppi discovered that the NFSv2 and NFSv3 server implementations in the Linux kernel did not properly handle certain long RPC replies. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-7645)\n\nTommi Rantala and Brad Spengler discovered that the memory manager in the Linux kernel did not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism. A local attacker with access to /dev/mem could use this to expose sensitive information or possibly execute arbitrary code. (CVE-2017-7889)\n\nTuomas Haanpaa and Ari Kauppi discovered that the NFSv2 and NFSv3 server implementations in the Linux kernel did not properly check for the end of buffer. A remote attacker could use this to craft requests that cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7895)\n\nIt was discovered that a use-after-free vulnerability existed in the device driver for XCeive xc2028/xc3028 tuners in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-7913)\n\nVlad Tsyrklevich discovered an integer overflow vulnerability in the VFIO PCI driver for the Linux kernel. A local attacker with access to a vfio PCI device file could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-9083, CVE-2016-9084).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-07T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3312-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7913", "CVE-2016-7917", "CVE-2016-8632", "CVE-2016-9083", "CVE-2016-9084", "CVE-2016-9604", "CVE-2017-2596", "CVE-2017-2671", "CVE-2017-6001", "CVE-2017-7472", "CVE-2017-7618", "CVE-2017-7645", "CVE-2017-7889", "CVE-2017-7895"], "modified": "2023-10-20T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1014-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1018-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1057-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1059-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-powerpc-e500mc", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-powerpc-smp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-powerpc64-emb", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-powerpc64-smp", "cpe:/o:canonical:ubuntu_linux:16.04:-:lts"], "id": "UBUNTU_USN-3312-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100664", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3312-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100664);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2016-7913\",\n \"CVE-2016-7917\",\n \"CVE-2016-8632\",\n \"CVE-2016-9083\",\n \"CVE-2016-9084\",\n \"CVE-2016-9604\",\n \"CVE-2017-2596\",\n \"CVE-2017-2671\",\n \"CVE-2017-6001\",\n \"CVE-2017-7472\",\n \"CVE-2017-7618\",\n \"CVE-2017-7645\",\n \"CVE-2017-7889\",\n \"CVE-2017-7895\"\n );\n script_xref(name:\"USN\", value:\"3312-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3312-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"It was discovered that the netfilter netlink implementation in the\nLinux kernel did not properly validate batch messages. A local\nattacker with the CAP_NET_ADMIN capability could use this to expose\nsensitive information or cause a denial of service. (CVE-2016-7917)\n\nQian Zhang discovered a heap-based buffer overflow in the\ntipc_msg_build() function in the Linux kernel. A local attacker could\nuse to cause a denial of service (system crash) or possibly execute\narbitrary code with administrative privileges. (CVE-2016-8632)\n\nIt was discovered that the keyring implementation in the Linux kernel\nin some situations did not prevent special internal keyrings from\nbeing joined by userspace keyrings. A privileged local attacker could\nuse this to bypass module verification. (CVE-2016-9604)\n\nDmitry Vyukov discovered that KVM implementation in the Linux kernel\nimproperly emulated the VMXON instruction. A local attacker in a guest\nOS could use this to cause a denial of service (memory consumption) in\nthe host OS. (CVE-2017-2596)\n\nDaniel Jiang discovered that a race condition existed in the ipv4 ping\nsocket implementation in the Linux kernel. A local privileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2017-2671)\n\nDi Shen discovered that a race condition existed in the perf subsystem\nof the Linux kernel. A local attacker could use this to cause a denial\nof service or possibly gain administrative privileges. (CVE-2017-6001)\n\nEric Biggers discovered a memory leak in the keyring implementation in\nthe Linux kernel. A local attacker could use this to cause a denial of\nservice (memory consumption). (CVE-2017-7472)\n\nSabrina Dubroca discovered that the asynchronous cryptographic hash\n(ahash) implementation in the Linux kernel did not properly handle a\nfull request queue. A local attacker could use this to cause a denial\nof service (infinite recursion). (CVE-2017-7618)\n\nTuomas Haanpaa and Ari Kauppi discovered that the NFSv2 and NFSv3\nserver implementations in the Linux kernel did not properly handle\ncertain long RPC replies. A remote attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-7645)\n\nTommi Rantala and Brad Spengler discovered that the memory manager in\nthe Linux kernel did not properly enforce the CONFIG_STRICT_DEVMEM\nprotection mechanism. A local attacker with access to /dev/mem could\nuse this to expose sensitive information or possibly execute arbitrary\ncode. (CVE-2017-7889)\n\nTuomas Haanpaa and Ari Kauppi discovered that the NFSv2 and NFSv3\nserver implementations in the Linux kernel did not properly check for\nthe end of buffer. A remote attacker could use this to craft requests\nthat cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2017-7895)\n\nIt was discovered that a use-after-free vulnerability existed in the\ndevice driver for XCeive xc2028/xc3028 tuners in the Linux kernel. A\nlocal attacker could use this to cause a denial of service (system\ncrash) or possibly execute arbitrary code. (CVE-2016-7913)\n\nVlad Tsyrklevich discovered an integer overflow vulnerability in the\nVFIO PCI driver for the Linux kernel. A local attacker with access to\na vfio PCI device file could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2016-9083,\nCVE-2016-9084).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-3312-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7895\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1014-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1018-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1057-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1059-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-powerpc-e500mc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-powerpc-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-powerpc64-emb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-powerpc64-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '16.04': {\n '4.4.0': {\n 'generic': '4.4.0-79',\n 'generic-lpae': '4.4.0-79',\n 'lowlatency': '4.4.0-79',\n 'powerpc-e500mc': '4.4.0-79',\n 'powerpc-smp': '4.4.0-79',\n 'powerpc64-emb': '4.4.0-79',\n 'powerpc64-smp': '4.4.0-79',\n 'gke': '4.4.0-1014',\n 'aws': '4.4.0-1018',\n 'raspi2': '4.4.0-1057',\n 'snapdragon': '4.4.0-1059'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-3312-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2016-7913', 'CVE-2016-7917', 'CVE-2016-8632', 'CVE-2016-9083', 'CVE-2016-9084', 'CVE-2016-9604', 'CVE-2017-2596', 'CVE-2017-2671', 'CVE-2017-6001', 'CVE-2017-7472', 'CVE-2017-7618', 'CVE-2017-7645', 'CVE-2017-7889', 'CVE-2017-7895');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-3312-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:56:50", "description": "USN-3312-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.\n\nIt was discovered that the netfilter netlink implementation in the Linux kernel did not properly validate batch messages. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information or cause a denial of service. (CVE-2016-7917)\n\nQian Zhang discovered a heap-based buffer overflow in the tipc_msg_build() function in the Linux kernel. A local attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-8632)\n\nIt was discovered that the keyring implementation in the Linux kernel in some situations did not prevent special internal keyrings from being joined by userspace keyrings. A privileged local attacker could use this to bypass module verification. (CVE-2016-9604)\n\nDmitry Vyukov discovered that KVM implementation in the Linux kernel improperly emulated the VMXON instruction. A local attacker in a guest OS could use this to cause a denial of service (memory consumption) in the host OS. (CVE-2017-2596)\n\nDaniel Jiang discovered that a race condition existed in the ipv4 ping socket implementation in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash).\n(CVE-2017-2671)\n\nDi Shen discovered that a race condition existed in the perf subsystem of the Linux kernel. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. (CVE-2017-6001)\n\nEric Biggers discovered a memory leak in the keyring implementation in the Linux kernel. A local attacker could use this to cause a denial of service (memory consumption). (CVE-2017-7472)\n\nSabrina Dubroca discovered that the asynchronous cryptographic hash (ahash) implementation in the Linux kernel did not properly handle a full request queue. A local attacker could use this to cause a denial of service (infinite recursion). (CVE-2017-7618)\n\nTuomas Haanpaa and Ari Kauppi discovered that the NFSv2 and NFSv3 server implementations in the Linux kernel did not properly handle certain long RPC replies. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-7645)\n\nTommi Rantala and Brad Spengler discovered that the memory manager in the Linux kernel did not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism. A local attacker with access to /dev/mem could use this to expose sensitive information or possibly execute arbitrary code. (CVE-2017-7889)\n\nTuomas Haanpaa and Ari Kauppi discovered that the NFSv2 and NFSv3 server implementations in the Linux kernel did not properly check for the end of buffer. A remote attacker could use this to craft requests that cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7895)\n\nIt was discovered that a use-after-free vulnerability existed in the device driver for XCeive xc2028/xc3028 tuners in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-7913)\n\nVlad Tsyrklevich discovered an integer overflow vulnerability in the VFIO PCI driver for the Linux kernel. A local attacker with access to a vfio PCI device file could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-9083, CVE-2016-9084).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-07T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3312-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7913", "CVE-2016-7917", "CVE-2016-8632", "CVE-2016-9083", "CVE-2016-9084", "CVE-2016-9604", "CVE-2017-2596", "CVE-2017-2671", "CVE-2017-6001", "CVE-2017-7472", "CVE-2017-7618", "CVE-2017-7645", "CVE-2017-7889", "CVE-2017-7895"], "modified": "2023-10-20T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-powerpc-e500mc", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-powerpc-smp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-powerpc64-emb", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-powerpc64-smp", "cpe:/o:canonical:ubuntu_linux:14.04:-:lts"], "id": "UBUNTU_USN-3312-2.NASL", "href": "https://www.tenable.com/plugins/nessus/100665", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3312-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100665);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2016-7913\",\n \"CVE-2016-7917\",\n \"CVE-2016-8632\",\n \"CVE-2016-9083\",\n \"CVE-2016-9084\",\n \"CVE-2016-9604\",\n \"CVE-2017-2596\",\n \"CVE-2017-2671\",\n \"CVE-2017-6001\",\n \"CVE-2017-7472\",\n \"CVE-2017-7618\",\n \"CVE-2017-7645\",\n \"CVE-2017-7889\",\n \"CVE-2017-7895\"\n );\n script_xref(name:\"USN\", value:\"3312-2\");\n\n script_name(english:\"Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3312-2)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"USN-3312-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu\n14.04 LTS.\n\nIt was discovered that the netfilter netlink implementation in the\nLinux kernel did not properly validate batch messages. A local\nattacker with the CAP_NET_ADMIN capability could use this to expose\nsensitive information or cause a denial of service. (CVE-2016-7917)\n\nQian Zhang discovered a heap-based buffer overflow in the\ntipc_msg_build() function in the Linux kernel. A local attacker could\nuse to cause a denial of service (system crash) or possibly execute\narbitrary code with administrative privileges. (CVE-2016-8632)\n\nIt was discovered that the keyring implementation in the Linux kernel\nin some situations did not prevent special internal keyrings from\nbeing joined by userspace keyrings. A privileged local attacker could\nuse this to bypass module verification. (CVE-2016-9604)\n\nDmitry Vyukov discovered that KVM implementation in the Linux kernel\nimproperly emulated the VMXON instruction. A local attacker in a guest\nOS could use this to cause a denial of service (memory consumption) in\nthe host OS. (CVE-2017-2596)\n\nDaniel Jiang discovered that a race condition existed in the ipv4 ping\nsocket implementation in the Linux kernel. A local privileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2017-2671)\n\nDi Shen discovered that a race condition existed in the perf subsystem\nof the Linux kernel. A local attacker could use this to cause a denial\nof service or possibly gain administrative privileges. (CVE-2017-6001)\n\nEric Biggers discovered a memory leak in the keyring implementation in\nthe Linux kernel. A local attacker could use this to cause a denial of\nservice (memory consumption). (CVE-2017-7472)\n\nSabrina Dubroca discovered that the asynchronous cryptographic hash\n(ahash) implementation in the Linux kernel did not properly handle a\nfull request queue. A local attacker could use this to cause a denial\nof service (infinite recursion). (CVE-2017-7618)\n\nTuomas Haanpaa and Ari Kauppi discovered that the NFSv2 and NFSv3\nserver implementations in the Linux kernel did not properly handle\ncertain long RPC replies. A remote attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-7645)\n\nTommi Rantala and Brad Spengler discovered that the memory manager in\nthe Linux kernel did not properly enforce the CONFIG_STRICT_DEVMEM\nprotection mechanism. A local attacker with access to /dev/mem could\nuse this to expose sensitive information or possibly execute arbitrary\ncode. (CVE-2017-7889)\n\nTuomas Haanpaa and Ari Kauppi discovered that the NFSv2 and NFSv3\nserver implementations in the Linux kernel did not properly check for\nthe end of buffer. A remote attacker could use this to craft requests\nthat cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2017-7895)\n\nIt was discovered that a use-after-free vulnerability existed in the\ndevice driver for XCeive xc2028/xc3028 tuners in the Linux kernel. A\nlocal attacker could use this to cause a denial of service (system\ncrash) or possibly execute arbitrary code. (CVE-2016-7913)\n\nVlad Tsyrklevich discovered an integer overflow vulnerability in the\nVFIO PCI driver for the Linux kernel. A local attacker with access to\na vfio PCI device file could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2016-9083,\nCVE-2016-9084).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-3312-2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7895\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-powerpc-e500mc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-powerpc-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-powerpc64-emb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-powerpc64-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04:-:lts\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('14.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '14.04': {\n '4.4.0': {\n 'generic': '4.4.0-79',\n 'generic-lpae': '4.4.0-79',\n 'lowlatency': '4.4.0-79',\n 'powerpc-e500mc': '4.4.0-79',\n 'powerpc-smp': '4.4.0-79',\n 'powerpc64-emb': '4.4.0-79',\n 'powerpc64-smp': '4.4.0-79'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-3312-2');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2016-7913', 'CVE-2016-7917', 'CVE-2016-8632', 'CVE-2016-9083', 'CVE-2016-9084', 'CVE-2016-9604', 'CVE-2017-2596', 'CVE-2017-2671', 'CVE-2017-6001', 'CVE-2017-7472', 'CVE-2017-7618', 'CVE-2017-7645', 'CVE-2017-7889', 'CVE-2017-7895');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-3312-2');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:50:32", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or have other impacts.\n\n - CVE-2016-6786 / CVE-2016-6787 It was discovered that the performance events subsystem does not properly manage locks during certain migrations, allowing a local attacker to escalate privileges. This can be mitigated by disabling unprivileged use of performance events:sysctl kernel.perf_event_paranoid=3\n\n - CVE-2016-8405 Peter Pi of Trend Micro discovered that the frame buffer video subsystem does not properly check bounds while copying color maps to userspace, causing a heap buffer out-of-bounds read, leading to information disclosure.\n\n - CVE-2016-9191 CAI Qian discovered that reference counting is not properly handled within proc_sys_readdir in the sysctl implementation, allowing a local denial of service (system hang) or possibly privilege escalation.\n\n - CVE-2017-2583 Xiaohan Zhang reported that KVM for amd64 does not correctly emulate loading of a null stack selector. This can be used by a user in a guest VM for denial of service (on an Intel CPU) or to escalate privileges within the VM (on an AMD CPU).\n\n - CVE-2017-2584 Dmitry Vyukov reported that KVM for x86 does not correctly emulate memory access by the SGDT and SIDT instructions, which can result in a use-after-free and information leak.\n\n - CVE-2017-2596 Dmitry Vyukov reported that KVM leaks page references when emulating a VMON for a nested hypervisor. This can be used by a privileged user in a guest VM for denial of service or possibly to gain privileges in the host.\n\n - CVE-2017-2618 It was discovered that an off-by-one in the handling of SELinux attributes in /proc/pid/attr could result in local denial of service.\n\n - CVE-2017-5549 It was discovered that the KLSI KL5KUSB105 serial USB device driver could log the contents of uninitialised kernel memory, resulting in an information leak.\n\n - CVE-2017-5551 Jan Kara found that changing the POSIX ACL of a file on tmpfs never cleared its set-group-ID flag, which should be done if the user changing it is not a member of the group-owner. In some cases, this would allow the user-owner of an executable to gain the privileges of the group-owner.\n\n - CVE-2017-5897 Andrey Konovalov discovered an out-of-bounds read flaw in the ip6gre_err function in the IPv6 networking code.\n\n - CVE-2017-5970 Andrey Konovalov discovered a denial-of-service flaw in the IPv4 networking code. This can be triggered by a local or remote attacker if a local UDP or raw socket has the IP_RETOPTS option enabled.\n\n - CVE-2017-6001 Di Shen discovered a race condition between concurrent calls to the performance events subsystem, allowing a local attacker to escalate privileges. This flaw exists because of an incomplete fix of CVE-2016-6786. This can be mitigated by disabling unprivileged use of performance events: sysctl kernel.perf_event_paranoid=3\n\n - CVE-2017-6074 Andrey Konovalov discovered a use-after-free vulnerability in the DCCP networking code, which could result in denial of service or local privilege escalation. On systems that do not already have the dccp module loaded, this can be mitigated by disabling it:echo >> /etc/modprobe.d/disable-dccp.conf install dccp false", "cvss3": {}, "published": "2017-02-24T00:00:00", "type": "nessus", "title": "Debian DSA-3791-1 : linux - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6786", "CVE-2016-6787", "CVE-2016-8405", "CVE-2016-9191", "CVE-2017-2583", "CVE-2017-2584", "CVE-2017-2596", "CVE-2017-2618", "CVE-2017-5549", "CVE-2017-5551", "CVE-2017-5897", "CVE-2017-5970", "CVE-2017-6001", "CVE-2017-6074"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3791.NASL", "href": "https://www.tenable.com/plugins/nessus/97357", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3791. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97357);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-6786\", \"CVE-2016-6787\", \"CVE-2016-8405\", \"CVE-2016-9191\", \"CVE-2017-2583\", \"CVE-2017-2584\", \"CVE-2017-2596\", \"CVE-2017-2618\", \"CVE-2017-5549\", \"CVE-2017-5551\", \"CVE-2017-5897\", \"CVE-2017-5970\", \"CVE-2017-6001\", \"CVE-2017-6074\");\n script_xref(name:\"DSA\", value:\"3791\");\n\n script_name(english:\"Debian DSA-3791-1 : linux - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or have other\nimpacts.\n\n - CVE-2016-6786 / CVE-2016-6787\n It was discovered that the performance events subsystem\n does not properly manage locks during certain\n migrations, allowing a local attacker to escalate\n privileges. This can be mitigated by disabling\n unprivileged use of performance events:sysctl\n kernel.perf_event_paranoid=3\n\n - CVE-2016-8405\n Peter Pi of Trend Micro discovered that the frame buffer\n video subsystem does not properly check bounds while\n copying color maps to userspace, causing a heap buffer\n out-of-bounds read, leading to information disclosure.\n\n - CVE-2016-9191\n CAI Qian discovered that reference counting is not\n properly handled within proc_sys_readdir in the sysctl\n implementation, allowing a local denial of service\n (system hang) or possibly privilege escalation.\n\n - CVE-2017-2583\n Xiaohan Zhang reported that KVM for amd64 does not\n correctly emulate loading of a null stack selector. This\n can be used by a user in a guest VM for denial of\n service (on an Intel CPU) or to escalate privileges\n within the VM (on an AMD CPU).\n\n - CVE-2017-2584\n Dmitry Vyukov reported that KVM for x86 does not\n correctly emulate memory access by the SGDT and SIDT\n instructions, which can result in a use-after-free and\n information leak.\n\n - CVE-2017-2596\n Dmitry Vyukov reported that KVM leaks page references\n when emulating a VMON for a nested hypervisor. This can\n be used by a privileged user in a guest VM for denial of\n service or possibly to gain privileges in the host.\n\n - CVE-2017-2618\n It was discovered that an off-by-one in the handling of\n SELinux attributes in /proc/pid/attr could result in\n local denial of service.\n\n - CVE-2017-5549\n It was discovered that the KLSI KL5KUSB105 serial USB\n device driver could log the contents of uninitialised\n kernel memory, resulting in an information leak.\n\n - CVE-2017-5551\n Jan Kara found that changing the POSIX ACL of a file on\n tmpfs never cleared its set-group-ID flag, which should\n be done if the user changing it is not a member of the\n group-owner. In some cases, this would allow the\n user-owner of an executable to gain the privileges of\n the group-owner.\n\n - CVE-2017-5897\n Andrey Konovalov discovered an out-of-bounds read flaw\n in the ip6gre_err function in the IPv6 networking code.\n\n - CVE-2017-5970\n Andrey Konovalov discovered a denial-of-service flaw in\n the IPv4 networking code. This can be triggered by a\n local or remote attacker if a local UDP or raw socket\n has the IP_RETOPTS option enabled.\n\n - CVE-2017-6001\n Di Shen discovered a race condition between concurrent\n calls to the performance events subsystem, allowing a\n local attacker to escalate privileges. This flaw exists\n because of an incomplete fix of CVE-2016-6786. This can\n be mitigated by disabling unprivileged use of\n performance events: sysctl kernel.perf_event_paranoid=3\n\n - CVE-2017-6074\n Andrey Konovalov discovered a use-after-free\n vulnerability in the DCCP networking code, which could\n result in denial of service or local privilege\n escalation. On systems that do not already have the dccp\n module loaded, this can be mitigated by disabling\n it:echo >> /etc/modprobe.d/disable-dccp.conf install\n dccp false\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-6786\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-6787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-8405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-9191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-2583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-2584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-2596\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-2618\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-5549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-5551\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-5897\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-5970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-6001\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-6786\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-6074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3791\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 3.16.39-1+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-arm\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-x86\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.9-x86\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-doc-3.16\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-586\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-686-pae\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-amd64\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armel\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armhf\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-i386\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-amd64\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp-lpae\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-common\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-ixp4xx\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-kirkwood\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-orion5x\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-versatile\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-586\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae-dbg\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64-dbg\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp-lpae\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-ixp4xx\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-kirkwood\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-orion5x\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-versatile\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-libc-dev\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-manual-3.16\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-source-3.16\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-support-3.16.0-9\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-linux-system-3.16.0-9-amd64\", reference:\"3.16.39-1+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:53:50", "description": "It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7374)\n\nAndrey Konovalov discovered an out-of-bounds access in the IPv6 Generic Routing Encapsulation (GRE) tunneling implementation in the Linux kernel. An attacker could use this to possibly expose sensitive information. (CVE-2017-5897)\n\nAndrey Konovalov discovered that the IPv4 implementation in the Linux kernel did not properly handle invalid IP options in some situations.\nAn attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2017-5970)\n\nGareth Evans discovered that the shm IPC subsystem in the Linux kernel did not properly restrict mapping page zero. A local privileged attacker could use this to execute arbitrary code. (CVE-2017-5669)\n\nAlexander Popov discovered that a race condition existed in the Stream Control Transmission Protocol (SCTP) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-5986)\n\nDmitry Vyukov discovered that the Linux kernel did not properly handle TCP packets with the URG flag. A remote attacker could use this to cause a denial of service. (CVE-2017-6214)\n\nAndrey Konovalov discovered that the LLC subsytem in the Linux kernel did not properly set up a destructor in certain situations. A local attacker could use this to cause a denial of service (system crash).\n(CVE-2017-6345)\n\nIt was discovered that a race condition existed in the AF_PACKET handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-6346)\n\nAndrey Konovalov discovered that the IP layer in the Linux kernel made improper assumptions about internal data layout when performing checksums. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-6347)\n\nDmitry Vyukov discovered race conditions in the Infrared (IrDA) subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (deadlock). (CVE-2017-6348).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-04-25T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3265-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5669", "CVE-2017-5897", "CVE-2017-5970", "CVE-2017-5986", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-6346", "CVE-2017-6347", "CVE-2017-6348", "CVE-2017-7374"], "modified": "2023-10-23T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-powerpc-e500mc", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-powerpc-smp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-powerpc64-emb", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-powerpc64-smp", "cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1012-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1016-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1054-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1057-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-generic-lpae"], "id": "UBUNTU_USN-3265-1.NASL", "href": "https://www.tenable.com/plugins/nessus/99657", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3265-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99657);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/23\");\n\n script_cve_id(\n \"CVE-2017-5669\",\n \"CVE-2017-5897\",\n \"CVE-2017-5970\",\n \"CVE-2017-5986\",\n \"CVE-2017-6214\",\n \"CVE-2017-6345\",\n \"CVE-2017-6346\",\n \"CVE-2017-6347\",\n \"CVE-2017-6348\",\n \"CVE-2017-7374\"\n );\n script_xref(name:\"USN\", value:\"3265-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3265-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"It was discovered that a use-after-free flaw existed in the filesystem\nencryption subsystem in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash). (CVE-2017-7374)\n\nAndrey Konovalov discovered an out-of-bounds access in the IPv6\nGeneric Routing Encapsulation (GRE) tunneling implementation in the\nLinux kernel. An attacker could use this to possibly expose sensitive\ninformation. (CVE-2017-5897)\n\nAndrey Konovalov discovered that the IPv4 implementation in the Linux\nkernel did not properly handle invalid IP options in some situations.\nAn attacker could use this to cause a denial of service or possibly\nexecute arbitrary code. (CVE-2017-5970)\n\nGareth Evans discovered that the shm IPC subsystem in the Linux kernel\ndid not properly restrict mapping page zero. A local privileged\nattacker could use this to execute arbitrary code. (CVE-2017-5669)\n\nAlexander Popov discovered that a race condition existed in the Stream\nControl Transmission Protocol (SCTP) implementation in the Linux\nkernel. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2017-5986)\n\nDmitry Vyukov discovered that the Linux kernel did not properly handle\nTCP packets with the URG flag. A remote attacker could use this to\ncause a denial of service. (CVE-2017-6214)\n\nAndrey Konovalov discovered that the LLC subsytem in the Linux kernel\ndid not properly set up a destructor in certain situations. A local\nattacker could use this to cause a denial of service (system crash).\n(CVE-2017-6345)\n\nIt was discovered that a race condition existed in the AF_PACKET\nhandling code in the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2017-6346)\n\nAndrey Konovalov discovered that the IP layer in the Linux kernel made\nimproper assumptions about internal data layout when performing\nchecksums. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2017-6347)\n\nDmitry Vyukov discovered race conditions in the Infrared (IrDA)\nsubsystem in the Linux kernel. A local attacker could use this to\ncause a denial of service (deadlock). (CVE-2017-6348).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-3265-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5897\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1012-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1016-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1054-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1057-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-powerpc-e500mc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-powerpc-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-powerpc64-emb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-powerpc64-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '16.04': {\n '4.4.0': {\n 'generic': '4.4.0-75',\n 'generic-lpae': '4.4.0-75',\n 'lowlatency': '4.4.0-75',\n 'powerpc-e500mc': '4.4.0-75',\n 'powerpc-smp': '4.4.0-75',\n 'powerpc64-emb': '4.4.0-75',\n 'powerpc64-smp': '4.4.0-75',\n 'gke': '4.4.0-1012',\n 'aws': '4.4.0-1016',\n 'raspi2': '4.4.0-1054',\n 'snapdragon': '4.4.0-1057'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-3265-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2017-5669', 'CVE-2017-5897', 'CVE-2017-5970', 'CVE-2017-5986', 'CVE-2017-6214', 'CVE-2017-6345', 'CVE-2017-6346', 'CVE-2017-6347', 'CVE-2017-6348', 'CVE-2017-7374');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-3265-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:53:58", "description": "USN-3265-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.\n\nIt was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7374)\n\nAndrey Konovalov discovered an out-of-bounds access in the IPv6 Generic Routing Encapsulation (GRE) tunneling implementation in the Linux kernel. An attacker could use this to possibly expose sensitive information. (CVE-2017-5897)\n\nAndrey Konovalov discovered that the IPv4 implementation in the Linux kernel did not properly handle invalid IP options in some situations.\nAn attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2017-5970)\n\nGareth Evans discovered that the shm IPC subsystem in the Linux kernel did not properly restrict mapping page zero. A local privileged attacker could use this to execute arbitrary code. (CVE-2017-5669)\n\nAlexander Popov discovered that a race condition existed in the Stream Control Transmission Protocol (SCTP) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-5986)\n\nDmitry Vyukov discovered that the Linux kernel did not properly handle TCP packets with the URG flag. A remote attacker could use this to cause a denial of service. (CVE-2017-6214)\n\nAndrey Konovalov discovered that the LLC subsytem in the Linux kernel did not properly set up a destructor in certain situations. A local attacker could use this to cause a denial of service (system crash).\n(CVE-2017-6345)\n\nIt was discovered that a race condition existed in the AF_PACKET handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-6346)\n\nAndrey Konovalov discovered that the IP layer in the Linux kernel made improper assumptions about internal data layout when performing checksums. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-6347)\n\nDmitry Vyukov discovered race conditions in the Infrared (IrDA) subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (deadlock). (CVE-2017-6348).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-04-25T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3265-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5669", "CVE-2017-5897", "CVE-2017-5970", "CVE-2017-5986", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-6346", "CVE-2017-6347", "CVE-2017-6348", "CVE-2017-7374"], "modified": "2023-10-23T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-powerpc-e500mc", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-powerpc-smp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-powerpc64-emb", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-powerpc64-smp", "cpe:/o:canonical:ubuntu_linux:14.04:-:lts"], "id": "UBUNTU_USN-3265-2.NASL", "href": "https://www.tenable.com/plugins/nessus/99658", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3265-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99658);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/23\");\n\n script_cve_id(\n \"CVE-2017-5669\",\n \"CVE-2017-5897\",\n \"CVE-2017-5970\",\n \"CVE-2017-5986\",\n \"CVE-2017-6214\",\n \"CVE-2017-6345\",\n \"CVE-2017-6346\",\n \"CVE-2017-6347\",\n \"CVE-2017-6348\",\n \"CVE-2017-7374\"\n );\n script_xref(name:\"USN\", value:\"3265-2\");\n\n script_name(english:\"Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3265-2)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"USN-3265-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu\n14.04 LTS.\n\nIt was discovered that a use-after-free flaw existed in the filesystem\nencryption subsystem in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash). (CVE-2017-7374)\n\nAndrey Konovalov discovered an out-of-bounds access in the IPv6\nGeneric Routing Encapsulation (GRE) tunneling implementation in the\nLinux kernel. An attacker could use this to possibly expose sensitive\ninformation. (CVE-2017-5897)\n\nAndrey Konovalov discovered that the IPv4 implementation in the Linux\nkernel did not properly handle invalid IP options in some situations.\nAn attacker could use this to cause a denial of service or possibly\nexecute arbitrary code. (CVE-2017-5970)\n\nGareth Evans discovered that the shm IPC subsystem in the Linux kernel\ndid not properly restrict mapping page zero. A local privileged\nattacker could use this to execute arbitrary code. (CVE-2017-5669)\n\nAlexander Popov discovered that a race condition existed in the Stream\nControl Transmission Protocol (SCTP) implementation in the Linux\nkernel. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2017-5986)\n\nDmitry Vyukov discovered that the Linux kernel did not properly handle\nTCP packets with the URG flag. A remote attacker could use this to\ncause a denial of service. (CVE-2017-6214)\n\nAndrey Konovalov discovered that the LLC subsytem in the Linux kernel\ndid not properly set up a destructor in certain situations. A local\nattacker could use this to cause a denial of service (system crash).\n(CVE-2017-6345)\n\nIt was discovered that a race condition existed in the AF_PACKET\nhandling code in the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2017-6346)\n\nAndrey Konovalov discovered that the IP layer in the Linux kernel made\nimproper assumptions about internal data layout when performing\nchecksums. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2017-6347)\n\nDmitry Vyukov discovered race conditions in the Infrared (IrDA)\nsubsystem in the Linux kernel. A local attacker could use this to\ncause a denial of service (deadlock). (CVE-2017-6348).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-3265-2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5897\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-powerpc-e500mc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-powerpc-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-powerpc64-emb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-powerpc64-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04:-:lts\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('14.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '14.04': {\n '4.4.0': {\n 'generic': '4.4.0-75',\n 'generic-lpae': '4.4.0-75',\n 'lowlatency': '4.4.0-75',\n 'powerpc-e500mc': '4.4.0-75',\n 'powerpc-smp': '4.4.0-75',\n 'powerpc64-emb': '4.4.0-75',\n 'powerpc64-smp': '4.4.0-75'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-3265-2');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2017-5669', 'CVE-2017-5897', 'CVE-2017-5970', 'CVE-2017-5986', 'CVE-2017-6214', 'CVE-2017-6345', 'CVE-2017-6346', 'CVE-2017-6347', 'CVE-2017-6348', 'CVE-2017-7374');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-3265-2');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:53:38", "description": "The openSUSE Leap 42.1 kernel was updated to 4.1.39 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel did not restrict the address calculated by a certain rounding operation, which allowed local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context (bnc#1026914).\n\n - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the Linux kernel improperly manages lock dropping, which allowed local users to cause a denial of service (deadlock) via crafted operations on IrDA devices (bnc#1027178).\n\n - CVE-2017-7184: The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel did not validate certain size data after an XFRM_MSG_NEWAE update, which allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52 (bnc#1030573).\n\n - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c (bnc#1028415).\n\n - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bnc#1027565).\n\n - CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that a certain destructor exists in required circumstances, which allowed local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls (bnc#1027190).\n\n - CVE-2017-6346: Race condition in net/packet/af_packet.c in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that made PACKET_FANOUT setsockopt system calls (bnc#1027189).\n\n - CVE-2017-6347: The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel has incorrect expectations about skb data layout, which allowed local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission (bnc#1027179).\n\n - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986 (bnc#1025235).\n\n - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag (bnc#1026722).\n\n - CVE-2016-2117: The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel incorrectly enables scatter/gather I/O, which allowed remote attackers to obtain sensitive information from kernel memory by reading packet data (bnc#968697).\n\n - CVE-2016-10208: The ext4_fill_super function in fs/ext4/super.c in the Linux kernel did not properly validate meta block groups, which allowed physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image (bnc#1023377).\n\n - CVE-2017-2596: The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel improperly emulates the VMXON instruction, which allowed KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references (bnc#1022785).\n\n - CVE-2017-2583: The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel improperly emulates a 'MOV SS, NULL selector' instruction, which allowed guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application (bnc#1020602).\n\n - CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt (bnc#1019851).\n\nThe following non-security bugs were fixed :\n\n - Fix kABI breakage of musb struct in 4.1.39 (stable 4.1.39).\n\n - Revert 'ptrace: Capture the ptracer's creds not PT_PTRACE_CAP' (stable 4.1.39).\n\n - ext4: fix fencepost in s_first_meta_bg validation (bsc#1029986).\n\n - ext4: validate s_first_meta_bg at mount time (bsc#1023377).\n\n - kabi/severities: Ignore x86/kvm kABI changes for 4.1.39\n\n - l2tp: fix address test in __l2tp_ip6_bind_lookup() (bsc#1028415).\n\n - l2tp: fix lookup for sockets not bound to a device in l2tp_ip (bsc#1028415).\n\n - l2tp: fix racy socket lookup in l2tp_ip and l2tp_ip6 bind() (bsc#1028415).\n\n - l2tp: hold socket before dropping lock in l2tp_ip(, 6)_recv() (bsc#1028415).\n\n - l2tp: lock socket before checking flags in connect() (bsc#1028415).\n\n - mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp (bsc#1030118).", "cvss3": {}, "published": "2017-04-03T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2017-419)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10200", "CVE-2016-10208", "CVE-2016-2117", "CVE-2017-2583", "CVE-2017-2584", "CVE-2017-2596", "CVE-2017-2636", "CVE-2017-5669", "CVE-2017-5986", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-6346", "CVE-2017-6347", "CVE-2017-6348", "CVE-2017-6353", "CVE-2017-7184"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-pae-devel", "p-cpe:/a:novell:opensuse:kernel-pv", "p-cpe:/a:novell:opensuse:kernel-pv-base", "p-cpe:/a:novell:opensuse:kernel-pv-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pv-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pv-debugsource", "p-cpe:/a:novell:opensuse:kernel-pv-devel", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-xen-base", "p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debugsource", "p-cpe:/a:novell:opensuse:kernel-xen-devel", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-docs-pdf", "p-cpe:/a:novell:opensuse:kernel-ec2", "p-cpe:/a:novell:opensuse:kernel-ec2-base", "p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debugsource", "p-cpe:/a:novell:opensuse:kernel-ec2-devel", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:kernel-pae-base", "p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debugsource"], "id": "OPENSUSE-2017-419.NASL", "href": "https://www.tenable.com/plugins/nessus/99157", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-419.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99157);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-10200\", \"CVE-2016-10208\", \"CVE-2016-2117\", \"CVE-2017-2583\", \"CVE-2017-2584\", \"CVE-2017-2596\", \"CVE-2017-2636\", \"CVE-2017-5669\", \"CVE-2017-5986\", \"CVE-2017-6214\", \"CVE-2017-6345\", \"CVE-2017-6346\", \"CVE-2017-6347\", \"CVE-2017-6348\", \"CVE-2017-6353\", \"CVE-2017-7184\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2017-419)\");\n script_summary(english:\"Check for the openSUSE-2017-419 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 42.1 kernel was updated to 4.1.39 to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2017-5669: The do_shmat function in ipc/shm.c in the\n Linux kernel did not restrict the address calculated by\n a certain rounding operation, which allowed local users\n to map page zero, and consequently bypass a protection\n mechanism that exists for the mmap system call, by\n making crafted shmget and shmat system calls in a\n privileged context (bnc#1026914).\n\n - CVE-2017-6348: The hashbin_delete function in\n net/irda/irqueue.c in the Linux kernel improperly\n manages lock dropping, which allowed local users to\n cause a denial of service (deadlock) via crafted\n operations on IrDA devices (bnc#1027178).\n\n - CVE-2017-7184: The xfrm_replay_verify_len function in\n net/xfrm/xfrm_user.c in the Linux kernel did not\n validate certain size data after an XFRM_MSG_NEWAE\n update, which allowed local users to obtain root\n privileges or cause a denial of service (heap-based\n out-of-bounds access) by leveraging the CAP_NET_ADMIN\n capability, as demonstrated during a Pwn2Own competition\n at CanSecWest 2017 for the Ubuntu 16.10 linux-image-*\n package 4.8.0.41.52 (bnc#1030573).\n\n - CVE-2016-10200: Race condition in the L2TPv3 IP\n Encapsulation feature in the Linux kernel allowed local\n users to gain privileges or cause a denial of service\n (use-after-free) by making multiple bind system calls\n without properly ascertaining whether a socket has the\n SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and\n net/l2tp/l2tp_ip6.c (bnc#1028415).\n\n - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in\n the Linux kernel allowed local users to gain privileges\n or cause a denial of service (double free) by setting\n the HDLC line discipline (bnc#1027565).\n\n - CVE-2017-6345: The LLC subsystem in the Linux kernel did\n not ensure that a certain destructor exists in required\n circumstances, which allowed local users to cause a\n denial of service (BUG_ON) or possibly have unspecified\n other impact via crafted system calls (bnc#1027190).\n\n - CVE-2017-6346: Race condition in net/packet/af_packet.c\n in the Linux kernel allowed local users to cause a\n denial of service (use-after-free) or possibly have\n unspecified other impact via a multithreaded application\n that made PACKET_FANOUT setsockopt system calls\n (bnc#1027189).\n\n - CVE-2017-6347: The ip_cmsg_recv_checksum function in\n net/ipv4/ip_sockglue.c in the Linux kernel has incorrect\n expectations about skb data layout, which allowed local\n users to cause a denial of service (buffer over-read) or\n possibly have unspecified other impact via crafted\n system calls, as demonstrated by use of the MSG_MORE\n flag in conjunction with loopback UDP transmission\n (bnc#1027179).\n\n - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did\n not properly restrict association peel-off operations\n during certain wait states, which allowed local users to\n cause a denial of service (invalid unlock and double\n free) via a multithreaded application. NOTE: this\n vulnerability exists because of an incorrect fix for\n CVE-2017-5986 (bnc#1025235).\n\n - CVE-2017-6214: The tcp_splice_read function in\n net/ipv4/tcp.c in the Linux kernel allowed remote\n attackers to cause a denial of service (infinite loop\n and soft lockup) via vectors involving a TCP packet with\n the URG flag (bnc#1026722).\n\n - CVE-2016-2117: The atl2_probe function in\n drivers/net/ethernet/atheros/atlx/atl2.c in the Linux\n kernel incorrectly enables scatter/gather I/O, which\n allowed remote attackers to obtain sensitive information\n from kernel memory by reading packet data (bnc#968697).\n\n - CVE-2016-10208: The ext4_fill_super function in\n fs/ext4/super.c in the Linux kernel did not properly\n validate meta block groups, which allowed physically\n proximate attackers to cause a denial of service\n (out-of-bounds read and system crash) via a crafted ext4\n image (bnc#1023377).\n\n - CVE-2017-2596: The nested_vmx_check_vmptr function in\n arch/x86/kvm/vmx.c in the Linux kernel improperly\n emulates the VMXON instruction, which allowed KVM L1\n guest OS users to cause a denial of service (host OS\n memory consumption) by leveraging the mishandling of\n page references (bnc#1022785).\n\n - CVE-2017-2583: The load_segment_descriptor\n implementation in arch/x86/kvm/emulate.c in the Linux\n kernel improperly emulates a 'MOV SS, NULL selector'\n instruction, which allowed guest OS users to cause a\n denial of service (guest OS crash) or gain guest OS\n privileges via a crafted application (bnc#1020602).\n\n - CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux\n kernel allowed local users to obtain sensitive\n information from kernel memory or cause a denial of\n service (use-after-free) via a crafted application that\n leverages instruction emulation for fxrstor, fxsave,\n sgdt, and sidt (bnc#1019851).\n\nThe following non-security bugs were fixed :\n\n - Fix kABI breakage of musb struct in 4.1.39 (stable\n 4.1.39).\n\n - Revert 'ptrace: Capture the ptracer's creds not\n PT_PTRACE_CAP' (stable 4.1.39).\n\n - ext4: fix fencepost in s_first_meta_bg validation\n (bsc#1029986).\n\n - ext4: validate s_first_meta_bg at mount time\n (bsc#1023377).\n\n - kabi/severities: Ignore x86/kvm kABI changes for 4.1.39\n\n - l2tp: fix address test in __l2tp_ip6_bind_lookup()\n (bsc#1028415).\n\n - l2tp: fix lookup for sockets not bound to a device in\n l2tp_ip (bsc#1028415).\n\n - l2tp: fix racy socket lookup in l2tp_ip and l2tp_ip6\n bind() (bsc#1028415).\n\n - l2tp: hold socket before dropping lock in l2tp_ip(,\n 6)_recv() (bsc#1028415).\n\n - l2tp: lock socket before checking flags in connect()\n (bsc#1028415).\n\n - mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp\n (bsc#1030118).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1019851\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020602\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1022785\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1023377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1025235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1026722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1026914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1027066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1027178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1027179\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1027189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1027190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1027565\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1028415\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1029986\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1030118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1030573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=968697\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-base-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-base-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-debugsource-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-devel-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-devel-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-docs-html-4.1.39-53.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-docs-pdf-4.1.39-53.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-macros-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-build-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-build-debugsource-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-qa-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-source-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-source-vanilla-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-syms-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-base-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-base-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-debugsource-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-devel-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-devel-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-base-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-base-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-debugsource-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-devel-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-base-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-base-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-debugsource-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-devel-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-base-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-base-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-debugsource-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-devel-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-debugsource-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-devel-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-base-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-base-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-debugsource-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-devel-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debugsource-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-debugsource-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-devel-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-base-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-base-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-debugsource-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-devel-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debugsource-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-devel-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-4.1.39-53.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T16:03:42", "description": "It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2014-9900)\n\nDmitry Vyukov, Andrey Konovalov, Florian Westphal, and Eric Dumazet discovered that the netfiler subsystem in the Linux kernel mishandled IPv6 packet reassembly. A local user could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2016-9755)\n\nAlexander Potapenko discovered a race condition in the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-1000380)\n\nIt was discovered that the Linux kernel did not clear the setgid bit during a setxattr call on a tmpfs filesystem. A local attacker could use this to gain elevated group privileges. (CVE-2017-5551)\n\nMurray McAllister discovered that an integer overflow existed in the VideoCore DRM driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-5576)\n\nLi Qiang discovered that the DRM driver for VMware Virtual GPUs in the Linux kernel did not properly validate some ioctl arguments. A local attacker could use this to cause a denial of service (system crash).\n(CVE-2017-7346)\n\nTuomas Haanpaa and Ari Kauppi discovered that the NFSv2 and NFSv3 server implementations in the Linux kernel did not properly check for the end of buffer. A remote attacker could use this to craft requests that cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7895)\n\nIt was discovered that an integer underflow existed in the Edgeport USB Serial Converter device driver of the Linux kernel. An attacker with physical access could use this to expose sensitive information (kernel memory). (CVE-2017-8924)\n\nIt was discovered that the USB ZyXEL omni.net LCD PLUS driver in the Linux kernel did not properly perform reference counting. A local attacker could use this to cause a denial of service (tty exhaustion).\n(CVE-2017-8925)\n\nJann Horn discovered that bpf in Linux kernel does not restrict the output of the print_bpf_insn function. A local attacker could use this to obtain sensitive address information. (CVE-2017-9150)\n\nMurray McAllister discovered that the DRM driver for VMware Virtual GPUs in the Linux kernel did not properly initialize memory. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-9605).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-07-21T00:00:00", "type": "nessus", "title": "Ubuntu 16.10 : linux, linux-raspi2 vulnerabilities (USN-3359-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9900", "CVE-2016-9755", "CVE-2017-1000380", "CVE-2017-5551", "CVE-2017-5576", "CVE-2017-7346", "CVE-2017-7895", "CVE-2017-8924", "CVE-2017-8925", "CVE-2017-9150", "CVE-2017-9605"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "cpe:/o:canonical:ubuntu_linux:16.10"], "id": "UBUNTU_USN-3359-1.NASL", "href": "https://www.tenable.com/plugins/nessus/101894", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3359-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101894);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2014-9900\", \"CVE-2016-9755\", \"CVE-2017-1000380\", \"CVE-2017-5551\", \"CVE-2017-5576\", \"CVE-2017-7346\", \"CVE-2017-7895\", \"CVE-2017-8924\", \"CVE-2017-8925\", \"CVE-2017-9150\", \"CVE-2017-9605\");\n script_xref(name:\"USN\", value:\"3359-1\");\n\n script_name(english:\"Ubuntu 16.10 : linux, linux-raspi2 vulnerabilities (USN-3359-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the Linux kernel did not properly initialize a\nWake- on-Lan data structure. A local attacker could use this to expose\nsensitive information (kernel memory). (CVE-2014-9900)\n\nDmitry Vyukov, Andrey Konovalov, Florian Westphal, and Eric Dumazet\ndiscovered that the netfiler subsystem in the Linux kernel mishandled\nIPv6 packet reassembly. A local user could use this to cause a denial\nof service (system crash) or possibly execute arbitrary code.\n(CVE-2016-9755)\n\nAlexander Potapenko discovered a race condition in the Advanced Linux\nSound Architecture (ALSA) subsystem in the Linux kernel. A local\nattacker could use this to expose sensitive information (kernel\nmemory). (CVE-2017-1000380)\n\nIt was discovered that the Linux kernel did not clear the setgid bit\nduring a setxattr call on a tmpfs filesystem. A local attacker could\nuse this to gain elevated group privileges. (CVE-2017-5551)\n\nMurray McAllister discovered that an integer overflow existed in the\nVideoCore DRM driver of the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2017-5576)\n\nLi Qiang discovered that the DRM driver for VMware Virtual GPUs in the\nLinux kernel did not properly validate some ioctl arguments. A local\nattacker could use this to cause a denial of service (system crash).\n(CVE-2017-7346)\n\nTuomas Haanpaa and Ari Kauppi discovered that the NFSv2 and NFSv3\nserver implementations in the Linux kernel did not properly check for\nthe end of buffer. A remote attacker could use this to craft requests\nthat cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2017-7895)\n\nIt was discovered that an integer underflow existed in the Edgeport\nUSB Serial Converter device driver of the Linux kernel. An attacker\nwith physical access could use this to expose sensitive information\n(kernel memory). (CVE-2017-8924)\n\nIt was discovered that the USB ZyXEL omni.net LCD PLUS driver in the\nLinux kernel did not properly perform reference counting. A local\nattacker could use this to cause a denial of service (tty exhaustion).\n(CVE-2017-8925)\n\nJann Horn discovered that bpf in Linux kernel does not restrict the\noutput of the print_bpf_insn function. A local attacker could use this\nto obtain sensitive address information. (CVE-2017-9150)\n\nMurray McAllister discovered that the DRM driver for VMware Virtual\nGPUs in the Linux kernel did not properly initialize memory. A local\nattacker could use this to expose sensitive information (kernel\nmemory). (CVE-2017-9605).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3359-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-9900\", \"CVE-2016-9755\", \"CVE-2017-1000380\", \"CVE-2017-5551\", \"CVE-2017-5576\", \"CVE-2017-7346\", \"CVE-2017-7895\", \"CVE-2017-8924\", \"CVE-2017-8925\", \"CVE-2017-9150\", \"CVE-2017-9605\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3359-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-4.8.0-1043-raspi2\", pkgver:\"4.8.0-1043.47\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-4.8.0-59-generic\", pkgver:\"4.8.0-59.64\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-4.8.0-59-generic-lpae\", pkgver:\"4.8.0-59.64\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-4.8.0-59-lowlatency\", pkgver:\"4.8.0-59.64\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-generic\", pkgver:\"4.8.0.59.72\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.8.0.59.72\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.8.0.59.72\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-raspi2\", pkgver:\"4.8.0.1043.47\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.8-generic / linux-image-4.8-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:53:37", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system. (CVE-2017-6074)\n\n - The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag.(CVE-2017-6214)\n\n - The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address calculated by a certain rounding operation, which allows local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context.(CVE-2017-5669)\n\n - The hashbin_delete function in net/irda/irqueue.c in the Linux kernel before 4.9.13 improperly manages lock dropping, which allows local users to cause a denial of service (deadlock) via crafted operations on IrDA devices.(CVE-2017-6348)\n\n - Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a software group into a hardware context.(CVE-2017-6001)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-05-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : kernel (EulerOS-SA-2017-1056)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5669", "CVE-2017-6001", "CVE-2017-6074", "CVE-2017-6214", "CVE-2017-6348"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:huawei:euleros:2.0", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debug", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:kernel-debug-devel"], "id": "EULEROS_SA-2017-1056.NASL", "href": "https://www.tenable.com/plugins/nessus/99901", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99901);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-5669\",\n \"CVE-2017-6001\",\n \"CVE-2017-6074\",\n \"CVE-2017-6214\",\n \"CVE-2017-6348\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : kernel (EulerOS-SA-2017-1056)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A use-after-free flaw was found in the way the Linux\n kernel's Datagram Congestion Control Protocol (DCCP)\n implementation freed SKB (socket buffer) resources for\n a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO\n option is set on the socket. A local, unprivileged user\n could use this flaw to alter the kernel memory,\n allowing them to escalate their privileges on the\n system. (CVE-2017-6074)\n\n - The tcp_splice_read function in net/ipv4/tcp.c in the\n Linux kernel before 4.9.11 allows remote attackers to\n cause a denial of service (infinite loop and soft\n lockup) via vectors involving a TCP packet with the URG\n flag.(CVE-2017-6214)\n\n - The do_shmat function in ipc/shm.c in the Linux kernel\n through 4.9.12 does not restrict the address calculated\n by a certain rounding operation, which allows local\n users to map page zero, and consequently bypass a\n protection mechanism that exists for the mmap system\n call, by making crafted shmget and shmat system calls\n in a privileged context.(CVE-2017-5669)\n\n - The hashbin_delete function in net/irda/irqueue.c in\n the Linux kernel before 4.9.13 improperly manages lock\n dropping, which allows local users to cause a denial of\n service (deadlock) via crafted operations on IrDA\n devices.(CVE-2017-6348)\n\n - Race condition in kernel/events/core.c in the Linux\n kernel before 4.9.7 allows local users to gain\n privileges via a crafted application that makes\n concurrent perf_event_open system calls for moving a\n software group into a hardware context.(CVE-2017-6001)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1056\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?56132594\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-327.44.58.28\",\n \"kernel-debug-3.10.0-327.44.58.28\",\n \"kernel-debug-devel-3.10.0-327.44.58.28\",\n \"kernel-devel-3.10.0-327.44.58.28\",\n \"kernel-headers-3.10.0-327.44.58.28\",\n \"kernel-tools-3.10.0-327.44.58.28\",\n \"kernel-tools-libs-3.10.0-327.44.58.28\",\n \"perf-3.10.0-327.44.58.28\",\n \"python-perf-3.10.0-327.44.58.28\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T16:00:55", "description": "The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed :\n\n - CVE-2015-1350: The VFS subsystem in the Linux kernel provided an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939).\n\n - CVE-2016-2117: The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel incorrectly enabled scatter/gather I/O, which allowed remote attackers to obtain sensitive information from kernel memory by reading packet data (bnc#968697).\n\n - CVE-2016-3070: The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel improperly interacted with mm/migrate.c, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move (bnc#979215).\n\n - CVE-2016-5243: The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel did not properly copy a certain string, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#983212).\n\n - CVE-2016-7117: Use-after-free vulnerability in the\n __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bnc#1003077).\n\n - CVE-2016-9588: arch/x86/kvm/vmx.c in the Linux kernel mismanages the #BP and #OF exceptions, which allowed guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest (bnc#1015703).\n\n - CVE-2016-10044: The aio_mount function in fs/aio.c in the Linux kernel did not properly restrict execute access, which made it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call (bnc#1023992).\n\n - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c (bnc#1028415).\n\n - CVE-2016-10208: The ext4_fill_super function in fs/ext4/super.c in the Linux kernel did not properly validate meta block groups, which allowed physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image (bnc#1023377).\n\n - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux kernel is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allowed local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003).\n\n - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel did not restrict the address calculated by a certain rounding operation, which allowed local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context (bnc#1026914).\n\n - CVE-2017-5897: The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allowed remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access (bnc#1023762).\n\n - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bnc#1024938).\n\n - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel allowed local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state (bnc#1025235).\n\n - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allowed local users to obtain root privileges or cause a denial of service (double free) via an application that made an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024).\n\n - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag (bnc#1026722).\n\n - CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that a certain destructor exists in required circumstances, which allowed local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls (bnc#1027190).\n\n - CVE-2017-6346: Race condition in net/packet/af_packet.c in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that made PACKET_FANOUT setsockopt system calls (bnc#1027189).\n\n - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the Linux kernel improperly managed lock dropping, which allowed local users to cause a denial of service (deadlock) via crafted operations on IrDA devices (bnc#1027178).\n\n - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986 (bnc#1027066).\n\n - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function (bnc#1030213).\n\n - CVE-2017-7261: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not check for a zero value of certain levels data, which allowed local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031052).\n\n - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440).\n\n - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bnc#1031579).\n\n - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel allowed local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation (bnc#1033336).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-05-12T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2017:1247-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1350", "CVE-2016-10044", "CVE-2016-10200", "CVE-2016-10208", "CVE-2016-2117", "CVE-2016-3070", "CVE-2016-5243", "CVE-2016-7117", "CVE-2016-9588", "CVE-2017-2671", "CVE-2017-5669", "CVE-2017-5897", "CVE-2017-5970", "CVE-2017-5986", "CVE-2017-6074", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-6346", "CVE-2017-6348", "CVE-2017-6353", "CVE-2017-7187", "CVE-2017-7261", "CVE-2017-7294", "CVE-2017-7308", "CVE-2017-7616"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debugsource", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_72-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_72-xen", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-1247-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100150", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:1247-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100150);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-1350\", \"CVE-2016-10044\", \"CVE-2016-10200\", \"CVE-2016-10208\", \"CVE-2016-2117\", \"CVE-2016-3070\", \"CVE-2016-5243\", \"CVE-2016-7117\", \"CVE-2016-9588\", \"CVE-2017-2671\", \"CVE-2017-5669\", \"CVE-2017-5897\", \"CVE-2017-5970\", \"CVE-2017-5986\", \"CVE-2017-6074\", \"CVE-2017-6214\", \"CVE-2017-6345\", \"CVE-2017-6346\", \"CVE-2017-6348\", \"CVE-2017-6353\", \"CVE-2017-7187\", \"CVE-2017-7261\", \"CVE-2017-7294\", \"CVE-2017-7308\", \"CVE-2017-7616\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2017:1247-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive\nvarious security and bugfixes. The following security bugs were \nfixed :\n\n - CVE-2015-1350: The VFS subsystem in the Linux kernel\n provided an incomplete set of requirements for setattr\n operations that underspecifies removing extended\n privilege attributes, which allowed local users to cause\n a denial of service (capability stripping) via a failed\n invocation of a system call, as demonstrated by using\n chown to remove a capability from the ping or Wireshark\n dumpcap program (bnc#914939).\n\n - CVE-2016-2117: The atl2_probe function in\n drivers/net/ethernet/atheros/atlx/atl2.c in the Linux\n kernel incorrectly enabled scatter/gather I/O, which\n allowed remote attackers to obtain sensitive information\n from kernel memory by reading packet data (bnc#968697).\n\n - CVE-2016-3070: The trace_writeback_dirty_page\n implementation in include/trace/events/writeback.h in\n the Linux kernel improperly interacted with\n mm/migrate.c, which allowed local users to cause a\n denial of service (NULL pointer dereference and system\n crash) or possibly have unspecified other impact by\n triggering a certain page move (bnc#979215).\n\n - CVE-2016-5243: The tipc_nl_compat_link_dump function in\n net/tipc/netlink_compat.c in the Linux kernel did not\n properly copy a certain string, which allowed local\n users to obtain sensitive information from kernel stack\n memory by reading a Netlink message (bnc#983212).\n\n - CVE-2016-7117: Use-after-free vulnerability in the\n __sys_recvmmsg function in net/socket.c in the Linux\n kernel allowed remote attackers to execute arbitrary\n code via vectors involving a recvmmsg system call that\n is mishandled during error processing (bnc#1003077).\n\n - CVE-2016-9588: arch/x86/kvm/vmx.c in the Linux kernel\n mismanages the #BP and #OF exceptions, which allowed\n guest OS users to cause a denial of service (guest OS\n crash) by declining to handle an exception thrown by an\n L2 guest (bnc#1015703).\n\n - CVE-2016-10044: The aio_mount function in fs/aio.c in\n the Linux kernel did not properly restrict execute\n access, which made it easier for local users to bypass\n intended SELinux W^X policy restrictions, and\n consequently gain privileges, via an io_setup system\n call (bnc#1023992).\n\n - CVE-2016-10200: Race condition in the L2TPv3 IP\n Encapsulation feature in the Linux kernel allowed local\n users to gain privileges or cause a denial of service\n (use-after-free) by making multiple bind system calls\n without properly ascertaining whether a socket has the\n SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and\n net/l2tp/l2tp_ip6.c (bnc#1028415).\n\n - CVE-2016-10208: The ext4_fill_super function in\n fs/ext4/super.c in the Linux kernel did not properly\n validate meta block groups, which allowed physically\n proximate attackers to cause a denial of service\n (out-of-bounds read and system crash) via a crafted ext4\n image (bnc#1023377).\n\n - CVE-2017-2671: The ping_unhash function in\n net/ipv4/ping.c in the Linux kernel is too late in\n obtaining a certain lock and consequently cannot ensure\n that disconnect function calls are safe, which allowed\n local users to cause a denial of service (panic) by\n leveraging access to the protocol value of IPPROTO_ICMP\n in a socket system call (bnc#1031003).\n\n - CVE-2017-5669: The do_shmat function in ipc/shm.c in the\n Linux kernel did not restrict the address calculated by\n a certain rounding operation, which allowed local users\n to map page zero, and consequently bypass a protection\n mechanism that exists for the mmap system call, by\n making crafted shmget and shmat system calls in a\n privileged context (bnc#1026914).\n\n - CVE-2017-5897: The ip6gre_err function in\n net/ipv6/ip6_gre.c in the Linux kernel allowed remote\n attackers to have unspecified impact via vectors\n involving GRE flags in an IPv6 packet, which trigger an\n out-of-bounds access (bnc#1023762).\n\n - CVE-2017-5970: The ipv4_pktinfo_prepare function in\n net/ipv4/ip_sockglue.c in the Linux kernel allowed\n attackers to cause a denial of service (system crash)\n via (1) an application that made crafted system calls or\n possibly (2) IPv4 traffic with invalid IP options\n (bnc#1024938).\n\n - CVE-2017-5986: Race condition in the\n sctp_wait_for_sndbuf function in net/sctp/socket.c in\n the Linux kernel allowed local users to cause a denial\n of service (assertion failure and panic) via a\n multithreaded application that peels off an association\n in a certain buffer-full state (bnc#1025235).\n\n - CVE-2017-6074: The dccp_rcv_state_process function in\n net/dccp/input.c in the Linux kernel mishandled\n DCCP_PKT_REQUEST packet data structures in the LISTEN\n state, which allowed local users to obtain root\n privileges or cause a denial of service (double free)\n via an application that made an IPV6_RECVPKTINFO\n setsockopt system call (bnc#1026024).\n\n - CVE-2017-6214: The tcp_splice_read function in\n net/ipv4/tcp.c in the Linux kernel allowed remote\n attackers to cause a denial of service (infinite loop\n and soft lockup) via vectors involving a TCP packet with\n the URG flag (bnc#1026722).\n\n - CVE-2017-6345: The LLC subsystem in the Linux kernel did\n not ensure that a certain destructor exists in required\n circumstances, which allowed local users to cause a\n denial of service (BUG_ON) or possibly have unspecified\n other impact via crafted system calls (bnc#1027190).\n\n - CVE-2017-6346: Race condition in net/packet/af_packet.c\n in the Linux kernel allowed local users to cause a\n denial of service (use-after-free) or possibly have\n unspecified other impact via a multithreaded application\n that made PACKET_FANOUT setsockopt system calls\n (bnc#1027189).\n\n - CVE-2017-6348: The hashbin_delete function in\n net/irda/irqueue.c in the Linux kernel improperly\n managed lock dropping, which allowed local users to\n cause a denial of service (deadlock) via crafted\n operations on IrDA devices (bnc#1027178).\n\n - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did\n not properly restrict association peel-off operations\n during certain wait states, which allowed local users to\n cause a denial of service (invalid unlock and double\n free) via a multithreaded application. NOTE: this\n vulnerability exists because of an incorrect fix for\n CVE-2017-5986 (bnc#1027066).\n\n - CVE-2017-7187: The sg_ioctl function in\n drivers/scsi/sg.c in the Linux kernel allowed local\n users to cause a denial of service (stack-based buffer\n overflow) or possibly have unspecified other impact via\n a large command size in an SG_NEXT_CMD_LEN ioctl call,\n leading to out-of-bounds write access in the sg_write\n function (bnc#1030213).\n\n - CVE-2017-7261: The vmw_surface_define_ioctl function in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux\n kernel did not check for a zero value of certain levels\n data, which allowed local users to cause a denial of\n service (ZERO_SIZE_PTR dereference, and GPF and possibly\n panic) via a crafted ioctl call for a /dev/dri/renderD*\n device (bnc#1031052).\n\n - CVE-2017-7294: The vmw_surface_define_ioctl function in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux\n kernel did not validate addition of certain levels data,\n which allowed local users to trigger an integer overflow\n and out-of-bounds write, and cause a denial of service\n (system hang or crash) or possibly gain privileges, via\n a crafted ioctl call for a /dev/dri/renderD* device\n (bnc#1031440).\n\n - CVE-2017-7308: The packet_set_ring function in\n net/packet/af_packet.c in the Linux kernel did not\n properly validate certain block-size data, which allowed\n local users to cause a denial of service (overflow) or\n possibly have unspecified other impact via crafted\n system calls (bnc#1031579).\n\n - CVE-2017-7616: Incorrect error handling in the\n set_mempolicy and mbind compat syscalls in\n mm/mempolicy.c in the Linux kernel allowed local users\n to obtain sensitive information from uninitialized stack\n data by triggering failure of a certain bitmap operation\n (bnc#1033336).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015703\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023992\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1024938\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1025235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1026024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1026722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1026914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027149\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028415\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1029986\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030901\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032344\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033336\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=914939\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=954763\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968697\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979215\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983212\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989056\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1350/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10044/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10200/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10208/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2117/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3070/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5243/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7117/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9588/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2671/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5669/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5897/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5970/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5986/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6074/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6214/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6345/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6346/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6348/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6353/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7187/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7261/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7294/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7308/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7616/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20171247-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8f96323f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2017-749=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2017-749=1\n\nSUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch\nSUSE-SLE-Module-Public-Cloud-12-2017-749=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET packet_set_ring Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_72-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_72-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.61-52.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.12.61-52.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.12.61-52.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.61-52.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.61-52.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.61-52.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_61-52_72-default-1-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_61-52_72-xen-1-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-3.12.61-52.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-3.12.61-52.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-base-3.12.61-52.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-base-debuginfo-3.12.61-52.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-debuginfo-3.12.61-52.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-debugsource-3.12.61-52.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-devel-3.12.61-52.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-syms-3.12.61-52.72.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:56:03", "description": "The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.74 to receive various security and bugfixes. Notable new/improved features :\n\n - Improved support for Hyper-V\n\n - Support for the tcp_westwood TCP scheduling algorithm The following security bugs were fixed :\n\n - CVE-2017-8106: The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel allowed privileged KVM guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a single-context INVEPT instruction with a NULL EPT pointer (bsc#1035877).\n\n - CVE-2017-6951: The keyring_search_aux function in security/keys/keyring.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the 'dead' type. (bsc#1029850).\n\n - CVE-2017-2647: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c. (bsc#1030593)\n\n - CVE-2016-9604: This fixes handling of keyrings starting with '.' in KEYCTL_JOIN_SESSION_KEYRING, which could have allowed local users to manipulate privileged keyrings (bsc#1035576)\n\n - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel allowed local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation. (bnc#1033336).\n\n - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. (bsc#1034670).\n\n - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bnc#1031579)\n\n - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux kernel was too late in obtaining a certain lock and consequently could not ensure that disconnect function calls are safe, w